Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG keeps finding luhe sirefef.A


  • This topic is locked This topic is locked
9 replies to this topic

#1 Ernie694

Ernie694

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 12 November 2012 - 07:00 PM

Hello

for the last 2 days AVG 2013 free edition keeps finding several threats. the threats seem to pop up almost everytime i switch from one website to another. Primarily it has been Luhe Sirefef.A which most of the time AVG says it was able to remove yet it continues to tell me it has found it again. AVG has also found WIN64/patched.A several times and says it can not remove this one. I have tried a full scan with AVG and several other anti malware and antispyware programs and have not been able to resolve this problem. I have looked up the Luhe Sirefef.a on the internet and most sites are telling me it needs to be manually removed.

Any suggestions?

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 PM

Posted 12 November 2012 - 07:22 PM

Download tdss killer

http://support.kaspersky.com/downloads/utils/tdsskiller.exe



Right Click it Run as Admin . Click on Change parameters Select TDLFS file system

Hit the Scan button Post the LOG In your next reply

Do not change the default options on scan results


Update and do a quick scan with Malwarebytes remove all that it finds and reboot.
http://www.filehippo.com/download_malwarebytes_anti_malware/download/ecf14848530d11a2f09a94b92a69fcfa/

Post the log here,


Update do a quick scan with Superantispyware remove all this finds reboot.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
post the log here.


Run a scan with Eset.
http://www.eset.com/us/online-scanner/
Make sure remove found threats and scan archives is checked.
When the scan finish list found threats save to clipboard copy to notepad Post the log here.




Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:


Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.



Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Download Norman Malware Cleaner Run it Go to options then put a tick next to Enable rootkit cleaning. Hit the Full Scan>>>>>>>>Let it finish>>>>>>>>Go to the quarantine Tab>>>>>>> Tick the Select All>>>>>Then the Delete>>>>>>Quit
http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
A log will appear on your desktop post that here in your next reply.


REBoot after Norman.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:49 PM

Posted 12 November 2012 - 08:12 PM

You will also need to run this...
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 PM

Posted 12 November 2012 - 08:12 PM

Thanks Boopme :thumbup2:

#5 Ernie694

Ernie694
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 12 November 2012 - 08:53 PM

Do you want me to post all the logs on this thread or start a new one in the logs forum?

#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 PM

Posted 12 November 2012 - 09:00 PM

Please post all the logs here and we will determine if your machine is infected. :)

#7 Ernie694

Ernie694
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 13 November 2012 - 08:11 AM

Here are the logs you requested: :)

TDSS:

18:41:52.0403 5056 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:41:52.0886 5056 ============================================================
18:41:52.0886 5056 Current date / time: 2012/11/12 18:41:52.0886
18:41:52.0886 5056 SystemInfo:
18:41:52.0886 5056
18:41:52.0886 5056 OS Version: 6.1.7601 ServicePack: 1.0
18:41:52.0886 5056 Product type: Workstation
18:41:52.0886 5056 ComputerName: ADMIN-PC
18:41:52.0886 5056 UserName: admin
18:41:52.0886 5056 Windows directory: C:\windows
18:41:52.0886 5056 System windows directory: C:\windows
18:41:52.0886 5056 Running under WOW64
18:41:52.0886 5056 Processor architecture: Intel x64
18:41:52.0886 5056 Number of processors: 1
18:41:52.0886 5056 Page size: 0x1000
18:41:52.0886 5056 Boot type: Normal boot
18:41:52.0886 5056 ============================================================
18:41:55.0351 5056 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:41:55.0351 5056 ============================================================
18:41:55.0351 5056 \Device\Harddisk0\DR0:
18:41:55.0351 5056 MBR partitions:
18:41:55.0351 5056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BCF2800
18:41:55.0351 5056 ============================================================
18:41:55.0382 5056 C: <-> \Device\Harddisk0\DR0\Partition1
18:41:55.0382 5056 ============================================================
18:41:55.0382 5056 Initialize success
18:41:55.0382 5056 ============================================================
18:42:16.0910 2888 ============================================================
18:42:16.0910 2888 Scan started
18:42:16.0910 2888 Mode: Manual; TDLFS;
18:42:16.0910 2888 ============================================================
18:42:18.0876 2888 ================ Scan system memory ========================
18:42:18.0876 2888 System memory - ok
18:42:18.0876 2888 ================ Scan services =============================
18:42:19.0110 2888 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
18:42:19.0110 2888 1394ohci - ok
18:42:19.0250 2888 [ 3044D0F3FEB9FFE8BC953D8F34B5B504 ] A2DDA C:\Users\admin\Desktop\EmsisoftEmergencyKit\Run\a2ddax64.sys
18:42:19.0250 2888 A2DDA - ok
18:42:19.0313 2888 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
18:42:19.0313 2888 ACPI - ok
18:42:19.0391 2888 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
18:42:19.0391 2888 AcpiPmi - ok
18:42:19.0516 2888 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:42:19.0516 2888 AdobeFlashPlayerUpdateSvc - ok
18:42:19.0609 2888 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
18:42:19.0625 2888 adp94xx - ok
18:42:19.0640 2888 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
18:42:19.0656 2888 adpahci - ok
18:42:19.0672 2888 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
18:42:19.0672 2888 adpu320 - ok
18:42:19.0718 2888 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
18:42:19.0718 2888 AeLookupSvc - ok
18:42:19.0921 2888 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
18:42:19.0921 2888 AFD - ok
18:42:19.0984 2888 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
18:42:19.0984 2888 agp440 - ok
18:42:20.0030 2888 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
18:42:20.0030 2888 ALG - ok
18:42:20.0077 2888 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
18:42:20.0077 2888 aliide - ok
18:42:20.0124 2888 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
18:42:20.0124 2888 amdide - ok
18:42:20.0202 2888 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
18:42:20.0202 2888 AmdK8 - ok
18:42:20.0233 2888 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
18:42:20.0233 2888 AmdPPM - ok
18:42:20.0296 2888 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
18:42:20.0296 2888 amdsata - ok
18:42:20.0327 2888 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
18:42:20.0342 2888 amdsbs - ok
18:42:20.0374 2888 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
18:42:20.0374 2888 amdxata - ok
18:42:20.0436 2888 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
18:42:20.0436 2888 AppID - ok
18:42:20.0483 2888 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
18:42:20.0483 2888 AppIDSvc - ok
18:42:20.0545 2888 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
18:42:20.0545 2888 Appinfo - ok
18:42:20.0623 2888 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
18:42:20.0623 2888 arc - ok
18:42:20.0654 2888 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
18:42:20.0654 2888 arcsas - ok
18:42:20.0717 2888 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
18:42:20.0717 2888 AsyncMac - ok
18:42:20.0748 2888 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
18:42:20.0748 2888 atapi - ok
18:42:20.0826 2888 [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr C:\windows\system32\DRIVERS\athrx.sys
18:42:20.0857 2888 athr - ok
18:42:20.0935 2888 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
18:42:20.0935 2888 AudioEndpointBuilder - ok
18:42:20.0966 2888 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
18:42:20.0966 2888 AudioSrv - ok
18:42:21.0278 2888 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
18:42:21.0403 2888 AVGIDSAgent - ok
18:42:21.0481 2888 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdrivera.sys
18:42:21.0497 2888 AVGIDSDriver - ok
18:42:21.0544 2888 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\windows\system32\DRIVERS\avgidsha.sys
18:42:21.0544 2888 AVGIDSHA - ok
18:42:21.0590 2888 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\windows\system32\DRIVERS\avgldx64.sys
18:42:21.0606 2888 Avgldx64 - ok
18:42:21.0715 2888 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\windows\system32\DRIVERS\avgloga.sys
18:42:21.0715 2888 Avgloga - ok
18:42:21.0778 2888 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\windows\system32\DRIVERS\avgmfx64.sys
18:42:21.0793 2888 Avgmfx64 - ok
18:42:21.0996 2888 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\windows\system32\DRIVERS\avgrkx64.sys
18:42:21.0996 2888 Avgrkx64 - ok
18:42:22.0090 2888 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\windows\system32\DRIVERS\avgtdia.sys
18:42:22.0090 2888 Avgtdia - ok
18:42:22.0168 2888 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
18:42:22.0168 2888 avgwd - ok
18:42:22.0386 2888 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
18:42:22.0386 2888 AxInstSV - ok
18:42:22.0464 2888 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
18:42:22.0464 2888 b06bdrv - ok
18:42:22.0558 2888 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
18:42:22.0558 2888 b57nd60a - ok
18:42:22.0636 2888 [ D1BA00D7CB6C1FBF29DC8935D8525D22 ] bcm C:\windows\system32\DRIVERS\drxvi314_64.sys
18:42:22.0651 2888 bcm - ok
18:42:22.0667 2888 [ 5CCD19E7FA04DB87ADF171FA702A4169 ] bcmbusctr C:\windows\system32\DRIVERS\BcmBusCtr_64.sys
18:42:22.0667 2888 bcmbusctr - ok
18:42:22.0698 2888 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
18:42:22.0714 2888 BDESVC - ok
18:42:22.0714 2888 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
18:42:22.0729 2888 Beep - ok
18:42:22.0807 2888 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
18:42:22.0807 2888 blbdrive - ok
18:42:22.0838 2888 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
18:42:22.0838 2888 bowser - ok
18:42:22.0870 2888 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
18:42:22.0870 2888 BrFiltLo - ok
18:42:22.0885 2888 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
18:42:22.0885 2888 BrFiltUp - ok
18:42:22.0932 2888 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
18:42:22.0932 2888 Browser - ok
18:42:22.0963 2888 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
18:42:22.0963 2888 Brserid - ok
18:42:22.0979 2888 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
18:42:22.0979 2888 BrSerWdm - ok
18:42:22.0994 2888 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
18:42:22.0994 2888 BrUsbMdm - ok
18:42:23.0026 2888 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
18:42:23.0026 2888 BrUsbSer - ok
18:42:23.0041 2888 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
18:42:23.0041 2888 BTHMODEM - ok
18:42:23.0119 2888 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
18:42:23.0119 2888 bthserv - ok
18:42:23.0213 2888 [ 814BB11DDC981EA1FD6BA3110B61C875 ] CASprint C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe
18:42:23.0213 2888 CASprint - ok
18:42:23.0244 2888 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
18:42:23.0244 2888 cdfs - ok
18:42:23.0322 2888 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys
18:42:23.0322 2888 cdrom - ok
18:42:23.0400 2888 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
18:42:23.0400 2888 CertPropSvc - ok
18:42:23.0462 2888 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
18:42:23.0478 2888 circlass - ok
18:42:23.0509 2888 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
18:42:23.0509 2888 CLFS - ok
18:42:23.0587 2888 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:42:23.0603 2888 clr_optimization_v2.0.50727_32 - ok
18:42:23.0650 2888 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:42:23.0650 2888 clr_optimization_v2.0.50727_64 - ok
18:42:23.0821 2888 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:42:23.0821 2888 clr_optimization_v4.0.30319_32 - ok
18:42:23.0852 2888 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:42:23.0852 2888 clr_optimization_v4.0.30319_64 - ok
18:42:23.0930 2888 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
18:42:23.0930 2888 CmBatt - ok
18:42:23.0962 2888 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
18:42:23.0977 2888 cmdide - ok
18:42:24.0008 2888 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
18:42:24.0008 2888 CNG - ok
18:42:24.0102 2888 [ 7247A4D0875F5F28919E0787E11B7B57 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
18:42:24.0102 2888 CnxtHdAudService - ok
18:42:24.0164 2888 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
18:42:24.0164 2888 Compbatt - ok
18:42:24.0211 2888 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
18:42:24.0211 2888 CompositeBus - ok
18:42:24.0242 2888 COMSysApp - ok
18:42:24.0274 2888 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
18:42:24.0289 2888 crcdisk - ok
18:42:24.0352 2888 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
18:42:24.0352 2888 CryptSvc - ok
18:42:24.0398 2888 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
18:42:24.0414 2888 DcomLaunch - ok
18:42:24.0445 2888 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
18:42:24.0445 2888 defragsvc - ok
18:42:24.0492 2888 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
18:42:24.0492 2888 DfsC - ok
18:42:24.0554 2888 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
18:42:24.0554 2888 Dhcp - ok
18:42:24.0586 2888 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
18:42:24.0586 2888 discache - ok
18:42:24.0648 2888 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
18:42:24.0664 2888 Disk - ok
18:42:24.0726 2888 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
18:42:24.0726 2888 Dnscache - ok
18:42:24.0773 2888 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
18:42:24.0773 2888 dot3svc - ok
18:42:24.0820 2888 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
18:42:24.0820 2888 DPS - ok
18:42:24.0882 2888 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
18:42:24.0882 2888 drmkaud - ok
18:42:24.0929 2888 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
18:42:24.0960 2888 DXGKrnl - ok
18:42:25.0022 2888 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
18:42:25.0022 2888 EapHost - ok
18:42:25.0116 2888 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
18:42:25.0194 2888 ebdrv - ok
18:42:25.0241 2888 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
18:42:25.0241 2888 EFS - ok
18:42:25.0319 2888 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
18:42:25.0319 2888 ehRecvr - ok
18:42:25.0350 2888 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
18:42:25.0350 2888 ehSched - ok
18:42:25.0428 2888 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
18:42:25.0444 2888 elxstor - ok
18:42:25.0475 2888 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
18:42:25.0490 2888 ErrDev - ok
18:42:25.0568 2888 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
18:42:25.0568 2888 EventSystem - ok
18:42:25.0600 2888 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
18:42:25.0600 2888 exfat - ok
18:42:25.0631 2888 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
18:42:25.0631 2888 fastfat - ok
18:42:25.0709 2888 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
18:42:25.0724 2888 Fax - ok
18:42:25.0756 2888 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
18:42:25.0771 2888 fdc - ok
18:42:25.0834 2888 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
18:42:25.0834 2888 fdPHost - ok
18:42:25.0849 2888 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
18:42:25.0849 2888 FDResPub - ok
18:42:25.0865 2888 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
18:42:25.0865 2888 FileInfo - ok
18:42:25.0880 2888 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
18:42:25.0880 2888 Filetrace - ok
18:42:25.0912 2888 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
18:42:25.0927 2888 flpydisk - ok
18:42:25.0958 2888 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
18:42:25.0974 2888 FltMgr - ok
18:42:26.0021 2888 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
18:42:26.0052 2888 FontCache - ok
18:42:26.0130 2888 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:42:26.0130 2888 FontCache3.0.0.0 - ok
18:42:26.0161 2888 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
18:42:26.0161 2888 FsDepends - ok
18:42:26.0192 2888 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
18:42:26.0192 2888 Fs_Rec - ok
18:42:26.0270 2888 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
18:42:26.0270 2888 fvevol - ok
18:42:26.0317 2888 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
18:42:26.0317 2888 FwLnk - ok
18:42:26.0380 2888 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
18:42:26.0380 2888 gagp30kx - ok
18:42:26.0426 2888 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
18:42:26.0442 2888 gpsvc - ok
18:42:26.0536 2888 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:42:26.0536 2888 gupdate - ok
18:42:26.0582 2888 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:42:26.0582 2888 gupdatem - ok
18:42:26.0645 2888 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:42:26.0645 2888 gusvc - ok
18:42:26.0676 2888 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
18:42:26.0692 2888 hcw85cir - ok
18:42:26.0754 2888 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
18:42:26.0770 2888 HdAudAddService - ok
18:42:26.0832 2888 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
18:42:26.0848 2888 HDAudBus - ok
18:42:26.0879 2888 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
18:42:26.0879 2888 HidBatt - ok
18:42:26.0910 2888 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
18:42:26.0910 2888 HidBth - ok
18:42:26.0926 2888 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
18:42:26.0941 2888 HidIr - ok
18:42:26.0972 2888 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
18:42:26.0972 2888 hidserv - ok
18:42:27.0035 2888 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
18:42:27.0035 2888 HidUsb - ok
18:42:27.0082 2888 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
18:42:27.0097 2888 hkmsvc - ok
18:42:27.0128 2888 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
18:42:27.0144 2888 HomeGroupListener - ok
18:42:27.0160 2888 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
18:42:27.0175 2888 HomeGroupProvider - ok
18:42:27.0191 2888 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
18:42:27.0191 2888 HpSAMD - ok
18:42:27.0238 2888 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
18:42:27.0253 2888 HTTP - ok
18:42:27.0284 2888 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
18:42:27.0284 2888 hwpolicy - ok
18:42:27.0347 2888 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
18:42:27.0362 2888 i8042prt - ok
18:42:27.0440 2888 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
18:42:27.0440 2888 iaStor - ok
18:42:27.0518 2888 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
18:42:27.0534 2888 iaStorV - ok
18:42:27.0628 2888 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:42:27.0643 2888 idsvc - ok
18:42:27.0893 2888 [ 898AB5BFED7040D7AB07AF01885EB944 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
18:42:28.0142 2888 igfx - ok
18:42:28.0205 2888 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
18:42:28.0205 2888 iirsp - ok
18:42:28.0283 2888 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
18:42:28.0314 2888 IKEEXT - ok
18:42:28.0345 2888 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
18:42:28.0345 2888 intelide - ok
18:42:28.0392 2888 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
18:42:28.0392 2888 intelppm - ok
18:42:28.0423 2888 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
18:42:28.0439 2888 IPBusEnum - ok
18:42:28.0486 2888 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
18:42:28.0486 2888 IpFilterDriver - ok
18:42:28.0517 2888 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
18:42:28.0595 2888 IPMIDRV - ok
18:42:28.0657 2888 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
18:42:28.0657 2888 IPNAT - ok
18:42:28.0704 2888 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
18:42:28.0704 2888 IRENUM - ok
18:42:28.0735 2888 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
18:42:28.0735 2888 isapnp - ok
18:42:28.0766 2888 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
18:42:28.0766 2888 iScsiPrt - ok
18:42:28.0813 2888 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
18:42:28.0829 2888 kbdclass - ok
18:42:28.0876 2888 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
18:42:28.0876 2888 kbdhid - ok
18:42:28.0907 2888 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
18:42:28.0907 2888 KeyIso - ok
18:42:28.0938 2888 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
18:42:28.0954 2888 KSecDD - ok
18:42:28.0985 2888 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
18:42:28.0985 2888 KSecPkg - ok
18:42:29.0047 2888 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
18:42:29.0047 2888 ksthunk - ok
18:42:29.0110 2888 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
18:42:29.0125 2888 KtmRm - ok
18:42:29.0188 2888 [ 48686C29856F46443952A831424F8D6F ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
18:42:29.0188 2888 L1C - ok
18:42:29.0250 2888 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
18:42:29.0266 2888 LanmanServer - ok
18:42:29.0297 2888 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
18:42:29.0297 2888 LanmanWorkstation - ok
18:42:29.0375 2888 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
18:42:29.0375 2888 lltdio - ok
18:42:29.0437 2888 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
18:42:29.0437 2888 lltdsvc - ok
18:42:29.0468 2888 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
18:42:29.0468 2888 lmhosts - ok
18:42:29.0500 2888 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
18:42:29.0500 2888 LSI_FC - ok
18:42:29.0531 2888 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
18:42:29.0531 2888 LSI_SAS - ok
18:42:29.0562 2888 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
18:42:29.0562 2888 LSI_SAS2 - ok
18:42:29.0578 2888 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
18:42:29.0593 2888 LSI_SCSI - ok
18:42:29.0640 2888 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
18:42:29.0640 2888 luafv - ok
18:42:29.0687 2888 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
18:42:29.0687 2888 Mcx2Svc - ok
18:42:29.0702 2888 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
18:42:29.0702 2888 megasas - ok
18:42:29.0765 2888 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
18:42:29.0765 2888 MegaSR - ok
18:42:29.0796 2888 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
18:42:29.0796 2888 MMCSS - ok
18:42:29.0827 2888 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
18:42:29.0827 2888 Modem - ok
18:42:29.0874 2888 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
18:42:29.0874 2888 monitor - ok
18:42:29.0952 2888 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
18:42:29.0968 2888 mouclass - ok
18:42:29.0983 2888 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
18:42:29.0999 2888 mouhid - ok
18:42:30.0030 2888 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
18:42:30.0030 2888 mountmgr - ok
18:42:30.0077 2888 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
18:42:30.0092 2888 mpio - ok
18:42:30.0124 2888 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
18:42:30.0124 2888 mpsdrv - ok
18:42:30.0170 2888 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
18:42:30.0170 2888 MRxDAV - ok
18:42:30.0217 2888 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
18:42:30.0217 2888 mrxsmb - ok
18:42:30.0264 2888 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
18:42:30.0264 2888 mrxsmb10 - ok
18:42:30.0295 2888 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
18:42:30.0295 2888 mrxsmb20 - ok
18:42:30.0326 2888 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
18:42:30.0326 2888 msahci - ok
18:42:30.0358 2888 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
18:42:30.0358 2888 msdsm - ok
18:42:30.0373 2888 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
18:42:30.0373 2888 MSDTC - ok
18:42:30.0451 2888 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
18:42:30.0451 2888 Msfs - ok
18:42:30.0498 2888 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
18:42:30.0498 2888 mshidkmdf - ok
18:42:30.0529 2888 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
18:42:30.0529 2888 msisadrv - ok
18:42:30.0560 2888 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
18:42:30.0560 2888 MSiSCSI - ok
18:42:30.0576 2888 msiserver - ok
18:42:30.0638 2888 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
18:42:30.0638 2888 MSKSSRV - ok
18:42:30.0670 2888 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
18:42:30.0670 2888 MSPCLOCK - ok
18:42:30.0716 2888 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
18:42:30.0716 2888 MSPQM - ok
18:42:30.0826 2888 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
18:42:30.0826 2888 MsRPC - ok
18:42:30.0997 2888 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
18:42:30.0997 2888 mssmbios - ok
18:42:31.0075 2888 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
18:42:31.0075 2888 MSTEE - ok
18:42:31.0091 2888 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
18:42:31.0106 2888 MTConfig - ok
18:42:31.0122 2888 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
18:42:31.0122 2888 Mup - ok
18:42:31.0169 2888 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
18:42:31.0184 2888 napagent - ok
18:42:31.0247 2888 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
18:42:31.0247 2888 NativeWifiP - ok
18:42:31.0340 2888 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
18:42:31.0340 2888 NDIS - ok
18:42:31.0387 2888 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
18:42:31.0387 2888 NdisCap - ok
18:42:31.0450 2888 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
18:42:31.0450 2888 NdisTapi - ok
18:42:31.0481 2888 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
18:42:31.0481 2888 Ndisuio - ok
18:42:31.0528 2888 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
18:42:31.0528 2888 NdisWan - ok
18:42:31.0574 2888 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
18:42:31.0574 2888 NDProxy - ok
18:42:31.0637 2888 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
18:42:31.0637 2888 NetBIOS - ok
18:42:31.0684 2888 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
18:42:31.0699 2888 NetBT - ok
18:42:31.0715 2888 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
18:42:31.0715 2888 Netlogon - ok
18:42:31.0793 2888 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
18:42:31.0793 2888 Netman - ok
18:42:31.0824 2888 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
18:42:31.0824 2888 netprofm - ok
18:42:31.0855 2888 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:42:31.0855 2888 NetTcpPortSharing - ok
18:42:31.0933 2888 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
18:42:31.0933 2888 nfrd960 - ok
18:42:31.0996 2888 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
18:42:31.0996 2888 NlaSvc - ok
18:42:32.0011 2888 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
18:42:32.0027 2888 Npfs - ok
18:42:32.0058 2888 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
18:42:32.0058 2888 nsi - ok
18:42:32.0089 2888 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
18:42:32.0089 2888 nsiproxy - ok
18:42:32.0167 2888 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
18:42:32.0198 2888 Ntfs - ok
18:42:32.0214 2888 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
18:42:32.0214 2888 Null - ok
18:42:32.0261 2888 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
18:42:32.0261 2888 nvraid - ok
18:42:32.0308 2888 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
18:42:32.0308 2888 nvstor - ok
18:42:32.0401 2888 [ 7D4ED787E0D06677776339318DF25BDC ] NvtlService C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
18:42:32.0401 2888 NvtlService - ok
18:42:32.0448 2888 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
18:42:32.0448 2888 nv_agp - ok
18:42:32.0510 2888 [ F79633A8B7DB75CB5FAD53B02985A414 ] NWADI C:\windows\system32\DRIVERS\NWADIenum.sys
18:42:32.0510 2888 NWADI - ok
18:42:32.0620 2888 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:42:32.0635 2888 odserv - ok
18:42:32.0666 2888 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
18:42:32.0682 2888 ohci1394 - ok
18:42:32.0744 2888 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:42:32.0744 2888 ose - ok
18:42:32.0776 2888 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
18:42:32.0791 2888 p2pimsvc - ok
18:42:32.0916 2888 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
18:42:32.0932 2888 p2psvc - ok
18:42:32.0963 2888 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
18:42:32.0963 2888 Parport - ok
18:42:33.0010 2888 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
18:42:33.0010 2888 partmgr - ok
18:42:33.0025 2888 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
18:42:33.0041 2888 PcaSvc - ok
18:42:33.0072 2888 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
18:42:33.0072 2888 pci - ok
18:42:33.0134 2888 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
18:42:33.0134 2888 pciide - ok
18:42:33.0166 2888 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
18:42:33.0166 2888 pcmcia - ok
18:42:33.0259 2888 [ B5D3C24E4EA8E6D4850E83DAD8C510D4 ] PCTINDIS5X64 C:\windows\system32\PCTINDIS5X64.SYS
18:42:33.0275 2888 PCTINDIS5X64 - ok
18:42:33.0290 2888 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
18:42:33.0290 2888 pcw - ok
18:42:33.0322 2888 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
18:42:33.0337 2888 PEAUTH - ok
18:42:33.0415 2888 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
18:42:33.0415 2888 PerfHost - ok
18:42:33.0493 2888 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
18:42:33.0524 2888 pla - ok
18:42:33.0587 2888 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
18:42:33.0602 2888 PlugPlay - ok
18:42:33.0634 2888 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
18:42:33.0634 2888 PNRPAutoReg - ok
18:42:33.0665 2888 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
18:42:33.0665 2888 PNRPsvc - ok
18:42:33.0727 2888 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
18:42:33.0727 2888 PolicyAgent - ok
18:42:33.0805 2888 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
18:42:33.0821 2888 Power - ok
18:42:33.0868 2888 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
18:42:33.0883 2888 PptpMiniport - ok
18:42:33.0914 2888 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
18:42:33.0914 2888 Processor - ok
18:42:33.0961 2888 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
18:42:33.0961 2888 ProfSvc - ok
18:42:33.0992 2888 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
18:42:33.0992 2888 ProtectedStorage - ok
18:42:34.0070 2888 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
18:42:34.0070 2888 Psched - ok
18:42:34.0164 2888 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\windows\system32\DRIVERS\psi_mf.sys
18:42:34.0164 2888 PSI - ok
18:42:34.0226 2888 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
18:42:34.0258 2888 ql2300 - ok
18:42:34.0273 2888 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
18:42:34.0289 2888 ql40xx - ok
18:42:34.0320 2888 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
18:42:34.0336 2888 QWAVE - ok
18:42:34.0351 2888 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
18:42:34.0351 2888 QWAVEdrv - ok
18:42:34.0367 2888 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
18:42:34.0367 2888 RasAcd - ok
18:42:34.0429 2888 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
18:42:34.0429 2888 RasAgileVpn - ok
18:42:34.0460 2888 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
18:42:34.0460 2888 RasAuto - ok
18:42:34.0507 2888 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
18:42:34.0507 2888 Rasl2tp - ok
18:42:34.0570 2888 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
18:42:34.0570 2888 RasMan - ok
18:42:34.0601 2888 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
18:42:34.0601 2888 RasPppoe - ok
18:42:34.0648 2888 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
18:42:34.0663 2888 RasSstp - ok
18:42:34.0710 2888 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
18:42:34.0710 2888 rdbss - ok
18:42:34.0741 2888 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
18:42:34.0741 2888 rdpbus - ok
18:42:34.0772 2888 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
18:42:34.0772 2888 RDPCDD - ok
18:42:34.0850 2888 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
18:42:34.0850 2888 RDPENCDD - ok
18:42:34.0882 2888 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
18:42:34.0882 2888 RDPREFMP - ok
18:42:34.0913 2888 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
18:42:34.0928 2888 RDPWD - ok
18:42:35.0006 2888 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
18:42:35.0006 2888 rdyboost - ok
18:42:35.0069 2888 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
18:42:35.0069 2888 RemoteAccess - ok
18:42:35.0100 2888 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
18:42:35.0100 2888 RemoteRegistry - ok
18:42:35.0131 2888 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
18:42:35.0131 2888 RpcEptMapper - ok
18:42:35.0162 2888 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
18:42:35.0162 2888 RpcLocator - ok
18:42:35.0194 2888 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
18:42:35.0209 2888 RpcSs - ok
18:42:35.0256 2888 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
18:42:35.0256 2888 rspndr - ok
18:42:35.0318 2888 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
18:42:35.0318 2888 RSUSBSTOR - ok
18:42:35.0334 2888 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
18:42:35.0350 2888 SamSs - ok
18:42:35.0381 2888 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
18:42:35.0381 2888 sbp2port - ok
18:42:35.0412 2888 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
18:42:35.0412 2888 SCardSvr - ok
18:42:35.0443 2888 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
18:42:35.0443 2888 scfilter - ok
18:42:35.0506 2888 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
18:42:35.0552 2888 Schedule - ok
18:42:35.0584 2888 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
18:42:35.0584 2888 SCPolicySvc - ok
18:42:35.0615 2888 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
18:42:35.0630 2888 SDRSVC - ok
18:42:35.0693 2888 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
18:42:35.0693 2888 secdrv - ok
18:42:35.0724 2888 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
18:42:35.0724 2888 seclogon - ok
18:42:35.0849 2888 [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
18:42:35.0911 2888 Secunia PSI Agent - ok
18:42:35.0958 2888 [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
18:42:35.0958 2888 Secunia Update Agent - ok
18:42:35.0989 2888 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
18:42:35.0989 2888 SENS - ok
18:42:36.0005 2888 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
18:42:36.0005 2888 SensrSvc - ok
18:42:36.0036 2888 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
18:42:36.0052 2888 Serenum - ok
18:42:36.0098 2888 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
18:42:36.0098 2888 Serial - ok
18:42:36.0145 2888 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
18:42:36.0145 2888 sermouse - ok
18:42:36.0192 2888 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
18:42:36.0208 2888 SessionEnv - ok
18:42:36.0223 2888 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
18:42:36.0239 2888 sffdisk - ok
18:42:36.0254 2888 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
18:42:36.0270 2888 sffp_mmc - ok
18:42:36.0286 2888 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
18:42:36.0286 2888 sffp_sd - ok
18:42:36.0317 2888 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
18:42:36.0332 2888 sfloppy - ok
18:42:36.0364 2888 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
18:42:36.0379 2888 ShellHWDetection - ok
18:42:36.0410 2888 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
18:42:36.0410 2888 SiSRaid2 - ok
18:42:36.0457 2888 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
18:42:36.0457 2888 SiSRaid4 - ok
18:42:36.0504 2888 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
18:42:36.0504 2888 Smb - ok
18:42:36.0566 2888 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
18:42:36.0566 2888 SNMPTRAP - ok
18:42:36.0582 2888 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
18:42:36.0598 2888 spldr - ok
18:42:36.0629 2888 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
18:42:36.0644 2888 Spooler - ok
18:42:36.0754 2888 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
18:42:36.0785 2888 sppsvc - ok
18:42:36.0816 2888 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
18:42:36.0816 2888 sppuinotify - ok
18:42:36.0925 2888 [ BFF4D98AC361EFB0D85513F9629AFAF5 ] SprintRcAppSvc C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
18:42:36.0925 2888 SprintRcAppSvc - ok
18:42:36.0956 2888 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
18:42:36.0972 2888 srv - ok
18:42:37.0019 2888 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
18:42:37.0019 2888 srv2 - ok
18:42:37.0066 2888 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
18:42:37.0066 2888 srvnet - ok
18:42:37.0128 2888 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
18:42:37.0128 2888 SSDPSRV - ok
18:42:37.0175 2888 [ A4C4A1FEDFBED04B39EFAE9F1311ED5E ] ssfmonm C:\windows\system32\DRIVERS\ssfmonm.sys
18:42:37.0175 2888 ssfmonm - ok
18:42:37.0206 2888 [ 1CC88F50BD4E6FD6EAC5C5365CEB6583 ] ssidrv C:\windows\system32\DRIVERS\ssidrv.sys
18:42:37.0206 2888 ssidrv - ok
18:42:37.0222 2888 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
18:42:37.0222 2888 SstpSvc - ok
18:42:37.0253 2888 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
18:42:37.0253 2888 stexstor - ok
18:42:37.0331 2888 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
18:42:37.0331 2888 stisvc - ok
18:42:37.0424 2888 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
18:42:37.0424 2888 swenum - ok
18:42:37.0502 2888 [ 7E6FA3AD57467B3AF471C3E1041E350C ] swmsflt C:\windows\system32\DRIVERS\swmsflt.sys
18:42:37.0518 2888 swmsflt - ok
18:42:37.0549 2888 [ A8E9E76CC2F342F205273702969C84C9 ] swmx00 C:\windows\system32\DRIVERS\swmx00.sys
18:42:37.0549 2888 swmx00 - ok
18:42:37.0612 2888 [ B053610BB36D9BD1BFF7102727427600 ] SWNC5E00 C:\windows\system32\DRIVERS\SWNC5E00.sys
18:42:37.0612 2888 SWNC5E00 - ok
18:42:37.0658 2888 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
18:42:37.0674 2888 swprv - ok
18:42:37.0768 2888 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
18:42:37.0768 2888 SynTP - ok
18:42:37.0846 2888 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
18:42:37.0877 2888 SysMain - ok
18:42:37.0924 2888 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
18:42:37.0939 2888 TabletInputService - ok
18:42:37.0955 2888 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
18:42:37.0970 2888 TapiSrv - ok
18:42:38.0002 2888 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
18:42:38.0002 2888 TBS - ok
18:42:38.0080 2888 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
18:42:38.0111 2888 Tcpip - ok
18:42:38.0204 2888 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
18:42:38.0220 2888 TCPIP6 - ok
18:42:38.0267 2888 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
18:42:38.0267 2888 tcpipreg - ok
18:42:38.0329 2888 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
18:42:38.0329 2888 tdcmdpst - ok
18:42:38.0376 2888 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
18:42:38.0376 2888 TDPIPE - ok
18:42:38.0407 2888 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
18:42:38.0407 2888 TDTCP - ok
18:42:38.0454 2888 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
18:42:38.0454 2888 tdx - ok
18:42:38.0470 2888 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
18:42:38.0485 2888 TermDD - ok
18:42:38.0501 2888 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
18:42:38.0532 2888 TermService - ok
18:42:38.0548 2888 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
18:42:38.0563 2888 Themes - ok
18:42:38.0579 2888 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
18:42:38.0579 2888 THREADORDER - ok
18:42:38.0719 2888 [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
18:42:38.0719 2888 TMachInfo - ok
18:42:38.0766 2888 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
18:42:38.0766 2888 TODDSrv - ok
18:42:38.0969 2888 [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
18:42:38.0969 2888 TosCoSrv - ok
18:42:39.0062 2888 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
18:42:39.0062 2888 TOSHIBA HDD SSD Alert Service - ok
18:42:39.0094 2888 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
18:42:39.0094 2888 TrkWks - ok
18:42:39.0140 2888 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
18:42:39.0156 2888 TrustedInstaller - ok
18:42:39.0203 2888 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
18:42:39.0203 2888 tssecsrv - ok
18:42:39.0281 2888 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
18:42:39.0296 2888 TsUsbFlt - ok
18:42:39.0359 2888 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
18:42:39.0374 2888 tunnel - ok
18:42:39.0406 2888 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
18:42:39.0406 2888 TVALZ - ok
18:42:39.0437 2888 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
18:42:39.0437 2888 uagp35 - ok
18:42:39.0499 2888 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
18:42:39.0499 2888 udfs - ok
18:42:39.0577 2888 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
18:42:39.0577 2888 UI0Detect - ok
18:42:39.0624 2888 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
18:42:39.0624 2888 uliagpkx - ok
18:42:39.0686 2888 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
18:42:39.0686 2888 umbus - ok
18:42:39.0718 2888 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
18:42:39.0718 2888 UmPass - ok
18:42:39.0764 2888 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
18:42:39.0764 2888 upnphost - ok
18:42:39.0796 2888 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
18:42:39.0796 2888 usbccgp - ok
18:42:39.0842 2888 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
18:42:39.0842 2888 usbcir - ok
18:42:39.0874 2888 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
18:42:39.0874 2888 usbehci - ok
18:42:39.0936 2888 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
18:42:39.0936 2888 usbhub - ok
18:42:39.0967 2888 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
18:42:39.0967 2888 usbohci - ok
18:42:40.0030 2888 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
18:42:40.0030 2888 usbprint - ok
18:42:40.0061 2888 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
18:42:40.0076 2888 usbscan - ok
18:42:40.0092 2888 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
18:42:40.0092 2888 USBSTOR - ok
18:42:40.0123 2888 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
18:42:40.0139 2888 usbuhci - ok
18:42:40.0201 2888 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
18:42:40.0201 2888 usbvideo - ok
18:42:40.0248 2888 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
18:42:40.0248 2888 UxSms - ok
18:42:40.0264 2888 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
18:42:40.0279 2888 VaultSvc - ok
18:42:40.0342 2888 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
18:42:40.0342 2888 vdrvroot - ok
18:42:40.0388 2888 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
18:42:40.0388 2888 vds - ok
18:42:40.0420 2888 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
18:42:40.0435 2888 vga - ok
18:42:40.0451 2888 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
18:42:40.0451 2888 VgaSave - ok
18:42:40.0498 2888 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
18:42:40.0498 2888 vhdmp - ok
18:42:40.0529 2888 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
18:42:40.0544 2888 viaide - ok
18:42:40.0576 2888 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
18:42:40.0576 2888 volmgr - ok
18:42:40.0622 2888 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
18:42:40.0622 2888 volmgrx - ok
18:42:40.0654 2888 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
18:42:40.0654 2888 volsnap - ok
18:42:40.0716 2888 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
18:42:40.0732 2888 vsmraid - ok
18:42:40.0794 2888 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
18:42:40.0841 2888 VSS - ok
18:42:40.0872 2888 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
18:42:40.0872 2888 vwifibus - ok
18:42:40.0919 2888 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
18:42:40.0919 2888 vwififlt - ok
18:42:40.0966 2888 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
18:42:40.0966 2888 vwifimp - ok
18:42:41.0012 2888 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
18:42:41.0012 2888 W32Time - ok
18:42:41.0059 2888 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
18:42:41.0059 2888 WacomPen - ok
18:42:41.0184 2888 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
18:42:41.0184 2888 WANARP - ok
18:42:41.0293 2888 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
18:42:41.0293 2888 Wanarpv6 - ok
18:42:41.0621 2888 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
18:42:41.0746 2888 WatAdminSvc - ok
18:42:41.0839 2888 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
18:42:41.0870 2888 wbengine - ok
18:42:41.0933 2888 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
18:42:41.0933 2888 WbioSrvc - ok
18:42:41.0995 2888 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
18:42:41.0995 2888 wcncsvc - ok
18:42:42.0011 2888 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
18:42:42.0026 2888 WcsPlugInService - ok
18:42:42.0058 2888 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
18:42:42.0058 2888 Wd - ok
18:42:42.0104 2888 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
18:42:42.0104 2888 Wdf01000 - ok
18:42:42.0151 2888 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
18:42:42.0151 2888 WdiServiceHost - ok
18:42:42.0167 2888 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
18:42:42.0167 2888 WdiSystemHost - ok
18:42:42.0260 2888 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
18:42:42.0260 2888 WebClient - ok
18:42:42.0432 2888 [ BD1537FA5EA8E03D4B766D65C22D1073 ] WebrootSpySweeperService C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
18:42:42.0510 2888 WebrootSpySweeperService - ok
18:42:42.0572 2888 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
18:42:42.0572 2888 Wecsvc - ok
18:42:42.0604 2888 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
18:42:42.0604 2888 wercplsupport - ok
18:42:42.0650 2888 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
18:42:42.0666 2888 WerSvc - ok
18:42:42.0760 2888 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
18:42:42.0760 2888 WfpLwf - ok
18:42:42.0775 2888 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
18:42:42.0775 2888 WIMMount - ok
18:42:42.0791 2888 WinHttpAutoProxySvc - ok
18:42:42.0853 2888 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
18:42:42.0853 2888 Winmgmt - ok
18:42:42.0931 2888 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
18:42:42.0994 2888 WinRM - ok
18:42:43.0087 2888 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
18:42:43.0103 2888 Wlansvc - ok
18:42:43.0196 2888 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:42:43.0259 2888 wlidsvc - ok
18:42:43.0306 2888 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
18:42:43.0306 2888 WmiAcpi - ok
18:42:43.0337 2888 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
18:42:43.0352 2888 wmiApSrv - ok
18:42:43.0368 2888 WMPNetworkSvc - ok
18:42:43.0446 2888 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
18:42:43.0446 2888 WPCSvc - ok
18:42:43.0493 2888 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
18:42:43.0493 2888 WPDBusEnum - ok
18:42:43.0649 2888 [ F5DD32DF32F08917CCC63032BE5F75AA ] WRConsumerService C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
18:42:43.0742 2888 WRConsumerService - ok
18:42:43.0852 2888 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
18:42:43.0852 2888 ws2ifsl - ok
18:42:43.0867 2888 WSearch - ok
18:42:43.0914 2888 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
18:42:43.0914 2888 WudfPf - ok
18:42:43.0976 2888 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
18:42:43.0992 2888 WUDFRd - ok
18:42:44.0023 2888 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
18:42:44.0039 2888 wudfsvc - ok
18:42:44.0070 2888 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
18:42:44.0070 2888 WwanSvc - ok
18:42:44.0179 2888 ================ Scan global ===============================
18:42:44.0210 2888 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
18:42:44.0257 2888 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
18:42:44.0273 2888 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
18:42:44.0320 2888 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
18:42:44.0366 2888 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\windows\system32\services.exe
18:42:44.0382 2888 C:\windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
18:42:44.0382 2888 C:\windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
18:42:44.0382 2888 ================ Scan MBR ==================================
18:42:44.0398 2888 [ AF00FC1920E1CF861B39B90A4375EDF3 ] \Device\Harddisk0\DR0
18:42:45.0037 2888 \Device\Harddisk0\DR0 - ok
18:42:45.0037 2888 ================ Scan VBR ==================================
18:42:45.0084 2888 [ 12ED94B2A4568D7A52620F742AD8B077 ] \Device\Harddisk0\DR0\Partition1
18:42:45.0084 2888 \Device\Harddisk0\DR0\Partition1 - ok
18:42:45.0084 2888 ============================================================
18:42:45.0084 2888 Scan finished
18:42:45.0084 2888 ============================================================
18:42:45.0100 5100 Detected object count: 1
18:42:45.0100 5100 Actual detected object count: 1
18:43:01.0558 5100 C:\windows\system32\services.exe - copied to quarantine
18:43:02.0307 5100 C:\windows\installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\@ - copied to quarantine
18:43:02.0353 5100 C:\windows\installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\L\00000004.@ - copied to quarantine
18:43:02.0353 5100 C:\windows\installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\L\201d3dde - copied to quarantine
18:43:02.0369 5100 C:\windows\installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\00000004.@ - copied to quarantine
18:43:02.0369 5100 C:\windows\installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\00000008.@ - copied to quarantine
18:43:02.0385 5100 C:\windows\installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\000000cb.@ - copied to quarantine
18:45:25.0025 5100 Backup copy not found, trying to cure infected file..
18:45:25.0025 5100 C:\windows\system32\services.exe - Cure failed (FFFFFFFF)
18:45:25.0025 5100 C:\windows\system32\services.exe - processing error
18:45:25.0025 5100 C:\windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 912111207

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11/12/2012 7:01:59 PM
mbam-log-2012-11-12 (19-01-46).txt

Scan type: Quick scan
Objects scanned: 207118
Time elapsed: 9 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\000000cb.@ (Rootkit.0Access) -> No action taken.
c:\Windows\installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\80000032.@ (Rootkit.0Access) -> No action taken.
c:\Users\admin\local settings\application data\chromeupdate.crx (Trojan.Agent) -> No action taken.
c:\Users\admin\AppData\Local\chromeupdate.crx (Trojan.Agent) -> No action taken.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/12/2012 at 07:24 PM

Application Version : 5.6.1014

Core Rules Database Version : 9575
Trace Rules Database Version: 7387

Scan type : Quick Scan
Total Scan Time : 00:14:26

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 591
Memory threats detected : 0
Registry items scanned : 60592
Registry threats detected : 183
File items scanned : 13944
File threats detected : 195

Adware.Yontoo
(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
(x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
(x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
(x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32
(x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ProgID
(x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\Programmable
(x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\TypeLib
(x86) HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\VersionIndependentProgID
(x86) HKCR\YontooIEClient.Layers.1
(x86) HKCR\YontooIEClient.Layers.1\CLSID
(x86) HKCR\YontooIEClient.Layers
(x86) HKCR\YontooIEClient.Layers\CLSID
(x86) HKCR\YontooIEClient.Layers\CurVer
(x86) HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
(x86) HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0
(x86) HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0
(x86) HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32
(x86) HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\FLAGS
(x86) HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR
C:\PROGRAM FILES (X86)\YONTOO\YONTOOIECLIENT.DLL
(x86) HKU\S-1-5-21-2727664906-2687230135-1937888635-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
(x86) HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
(x86) HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
(x86) HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32
(x86) HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ProgID
(x86) HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\Programmable
(x86) HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\TypeLib
(x86) HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\VersionIndependentProgID
(x86) HKCR\YontooIEClient.Api.1
(x86) HKCR\YontooIEClient.Api.1\CLSID
(x86) HKCR\YontooIEClient.Api
(x86) HKCR\YontooIEClient.Api\CLSID
(x86) HKCR\YontooIEClient.Api\CurVer
(x86) HKU\S-1-5-21-2727664906-2687230135-1937888635-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
(x86) HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
(x86) HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ProxyStubClsid32
(x86) HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\TypeLib
(x86) HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\TypeLib#Version
(x86) HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
(x86) HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ProxyStubClsid32
(x86) HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\TypeLib
(x86) HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\TypeLib#Version

Adware.Tracking Cookie
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\CR39VWGM.txt [ /casalemedia.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\30M204C8.txt [ /revsci.net ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\G5M8D2K0.txt [ /adlegend.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\R38MPTLP.txt [ /legolas-media.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\CXTNVWNR.txt [ /advertising.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\ONH5326U.txt [ /amazon-adsystem.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\79XLW10B.txt [ /hpi.rotator.hadj7.adjuggler.net ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\QP49PVYM.txt [ /atdmt.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\8V53SUDC.txt [ /pointroll.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\E7DPCPG5.txt [ /click.webquickfind.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\TTRLK6S9.txt [ /adbrite.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\FJ052YZM.txt [ /media6degrees.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\NHNI5BFB.txt [ /doubleclick.net ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\T6WYHMJ4.txt [ /cdn.jemamedia.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\7O1MGVFN.txt [ /statcounter.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\49H11R5N.txt [ /interclick.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\WKUIWX0U.txt [ /clickbooth.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\1CBGO31E.txt [ /invitemedia.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\TOK7I70H.txt [ /at.atwola.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\LJD9Q2IY.txt [ /questionmarket.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\3DQI0VKF.txt [ /adserver.adtechus.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\ORAMAIG0.txt [ /ads.pubmatic.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\QSBGU91B.txt [ /collective-media.net ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\SS882PPZ.txt [ /ads.intergi.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\2DGW4XYD.txt [ /1sadx.net ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\I41FK0IU.txt [ /ad.mlnadvertising.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\CM9DO2JZ.txt [ /ad.360yield.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\2YPAY1Y1.txt [ /clicksor.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\X4LBGLRO.txt [ /server.cpmstar.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\I7KX2XS7.txt [ /ads.bridgetrack.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\MNZIWV2B.txt [ /imrworldwide.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\KBHA6Q5R.txt [ /yieldmanager.net ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\9SVBF4HD.txt [ /pro-market.net ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\5D9M9LIX.txt [ /serving-sys.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\EF68T7NU.txt [ /intermundomedia.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\FW5G2POF.txt [ /saymedia.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\J0S1RCDV.txt [ /avgtechnologies.112.2o7.net ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\GOPY5P3F.txt [ /mediaservices-d.openxenterprise.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\784TWSG5.txt [ /ads.undertone.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\D2YGUA8B.txt [ /www.burstnet.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\T02RJIRV.txt [ /adxpose.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\551JX009.txt [ /click.livesearchnow.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\OUALZVWP.txt [ /ru4.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\PREVPJ56.txt [ /crackle.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\X9PNAZGM.txt [ /fastclick.net ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\E9ESHV7E.txt [ /specificclick.net ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\DXRCTMN7.txt [ /ads.pointroll.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\IC3O1ETQ.txt [ /mediaplex.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\6YXW5DVK.txt [ /tribalfusion.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\5UL1BQRL.txt [ /network.realmedia.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\BJB0PXXD.txt [ /rotator.hadj7.adjuggler.net ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\OFWWD21I.txt [ /insightexpressai.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\WUCUOMB6.txt [ /realmedia.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\F0450LOE.txt [ /ads.lzjl.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\SPFGITT0.txt [ /zedo.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\3J7BUUDY.txt [ /ads.msv-inc.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\VPWXQJ3O.txt [ /apmebf.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\BEN715KO.txt [ /ad.yieldmanager.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\FL8R4M3K.txt [ /communityconnect.112.2o7.net ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\W62N5A75.txt [ /myroitracking.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\LOW728S9.txt [ /burstnet.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\P18VGZZ1.txt [ /adtech.de ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\P9TN6QFJ.txt [ /miva.cinomedia.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\B9RZEHCA.txt [ /lucidmedia.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\9B3ST569.txt [ /tacoda.at.atwola.com ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\ST37BFY3.txt [ /enhance.com ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2KNX0MIM.txt [ Cookie:admin@atdmt.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\W667KZ8O.txt [ Cookie:admin@casalemedia.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KKZ58E4C.txt [ Cookie:admin@revsci.net/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KLPQFY0S.txt [ Cookie:admin@ees.rotator.hadj1.adjuggler.net/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GCIWYH97.txt [ Cookie:admin@lfstmedia.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\43M1BRSN.txt [ Cookie:admin@www.googleadservices.com/pagead/conversion/1066419217/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9RX1F3HC.txt [ Cookie:admin@click2.scour.com/ads-clicktrack/click/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PBB22OLO.txt [ Cookie:admin@ox-d.secure-clicks.org/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GTOLT1F5.txt [ Cookie:admin@legolas-media.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\INB11MYB.txt [ Cookie:admin@click.searchwebresults.com/ads-clicktrack/click/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3FFR5MV7.txt [ Cookie:admin@advertising.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1AFM8SXG.txt [ Cookie:admin@amazon-adsystem.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\X52PO70L.txt [ Cookie:admin@www.madsextube.com/tube2/gallery/33171e0c/1118273/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\COGBGD9Q.txt [ Cookie:admin@pointroll.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IMDCCBAP.txt [ Cookie:admin@media6degrees.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\31DH6TGK.txt [ Cookie:admin@adbrite.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DA7RHPU9.txt [ Cookie:admin@247realmedia.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\L8RMEVOR.txt [ Cookie:admin@doubleclick.net/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WW7GH0BI.txt [ Cookie:admin@bridge.sf.admarketplace.net/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DSEUZHMV.txt [ Cookie:admin@www.cumporntube.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WL3CSCW1.txt [ Cookie:admin@invitemedia.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3IE5ZB33.txt [ Cookie:admin@adserver.adtechus.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PNNYGAL1.txt [ Cookie:admin@collective-media.net/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EFM4NXBE.txt [ Cookie:admin@ad.mlnadvertising.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MGCFZEUJ.txt [ Cookie:admin@adultfriendfinder.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5KB1FZ9K.txt [ Cookie:admin@server.cpmstar.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NXN86OMU.txt [ Cookie:admin@tracking.hostgator.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0CFD1GA8.txt [ Cookie:admin@yieldmanager.net/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JEKDB1B1.txt [ Cookie:admin@pappasgroup.rotator.hadj7.adjuggler.net/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RGS09M4E.txt [ Cookie:admin@ero-advertising.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6VP97FX6.txt [ Cookie:admin@ads.crakmedia.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TGALX8D9.txt [ Cookie:admin@adxpose.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ITXD011Q.txt [ Cookie:admin@ru4.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UPM8PJGY.txt [ Cookie:admin@www.madsextube.com/tags/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4DA6T8HP.txt [ Cookie:admin@www.burstbeacon.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LBR0PP6X.txt [ Cookie:admin@ads.pointroll.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TKSBQKMY.txt [ Cookie:admin@feed.validclick.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NSF10PS2.txt [ Cookie:admin@mediaplex.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8VQGODGQ.txt [ Cookie:admin@tribalfusion.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VN9DA41P.txt [ Cookie:admin@insightexpressai.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\V5HQDXFL.txt [ Cookie:admin@mshakers.rotator.hadj7.adjuggler.net/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TWXMW7C2.txt [ Cookie:admin@realmedia.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5VRX8OER.txt [ Cookie:admin@zedo.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\N8W8N3YA.txt [ Cookie:admin@c.atdmt.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3T0675CG.txt [ Cookie:admin@ad.yieldmanager.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BZEKQ28P.txt [ Cookie:admin@apmebf.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5XU4MU60.txt [ Cookie:admin@www.tubesexvideo.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q0CQOU9A.txt [ Cookie:admin@jeetyetmedia.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LHPPVLJB.txt [ Cookie:admin@media.adfrontiers.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8YA9S4VR.txt [ Cookie:admin@burstnet.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8966D1MJ.txt [ Cookie:admin@adtech.de/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\46KP0CLK.txt [ Cookie:admin@lucidmedia.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GU2TERH5.txt [ Cookie:admin@tacoda.at.atwola.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BIQXEKZ5.txt [ Cookie:admin@burstbeacon.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EZDYGRBA.txt [ Cookie:admin@tubesexvideo.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\03W1V3O7.txt [ Cookie:admin@atwola.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JKXC4KVO.txt [ Cookie:admin@steelhousemedia.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6Y30727Z.txt [ Cookie:admin@madsextube.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NAKPOE51.txt [ Cookie:admin@pornz69.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\K21LYI3A.txt [ Cookie:admin@dmtracker.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LBWEU9QU.txt [ Cookie:admin@click.searchnation.net/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CZ2EPAUX.txt [ Cookie:admin@kontera.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\W79VM1KM.txt [ Cookie:admin@enlinettrack.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7TDHWLSJ.txt [ Cookie:admin@clickbooth.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\14PUMSBV.txt [ Cookie:admin@www.pornz69.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9Q2K3UC3.txt [ Cookie:admin@at.atwola.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8EIAJGLL.txt [ Cookie:admin@admarketplace.net/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KRS642WY.txt [ Cookie:admin@dekalbcountyanimalservices.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DQTYH0E5.txt [ Cookie:admin@nextag.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YY7ZJVT0.txt [ Cookie:admin@serving-sys.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\33INQNVV.txt [ Cookie:admin@intermundomedia.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DMQPZHB7.txt [ Cookie:admin@78177.12780.0.yunofindit.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WQ13AIBF.txt [ Cookie:admin@click.livesearchnow.com/ads-clicktrack/click/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KRSVPSBQ.txt [ Cookie:admin@1636784406.1501.1.verifyclick.info/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PRCXUYTF.txt [ Cookie:admin@network.realmedia.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5V3MQXBO.txt [ Cookie:admin@www.madsextube.com/tube2/gallery/bdf1b980/258837/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7RCYVTGR.txt [ Cookie:admin@openx.jeetyetmedia.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\S8KA7KE0.txt [ Cookie:admin@bs.serving-sys.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1ETJVVOW.txt [ Cookie:admin@www.madsextube.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KEGP1VN7.txt [ Cookie:admin@www.nextag.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZX332L6F.txt [ Cookie:admin@click2.scour.com/ ]
C:\USERS\ADMIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\POANHIRI.txt [ Cookie:admin@click.livesearchnow.com/ ]
C:\USERS\ADMIN\Cookies\CR39VWGM.txt [ Cookie:admin@casalemedia.com/ ]
C:\USERS\ADMIN\Cookies\30M204C8.txt [ Cookie:admin@revsci.net/ ]
C:\USERS\ADMIN\Cookies\G5M8D2K0.txt [ Cookie:admin@adlegend.com/ ]
C:\USERS\ADMIN\Cookies\R38MPTLP.txt [ Cookie:admin@legolas-media.com/ ]
C:\USERS\ADMIN\Cookies\CXTNVWNR.txt [ Cookie:admin@advertising.com/ ]
C:\USERS\ADMIN\Cookies\ONH5326U.txt [ Cookie:admin@amazon-adsystem.com/ ]
C:\USERS\ADMIN\Cookies\8V53SUDC.txt [ Cookie:admin@pointroll.com/ ]
C:\USERS\ADMIN\Cookies\E7DPCPG5.txt [ Cookie:admin@click.webquickfind.com/ads-clicktrack/click/ ]
C:\USERS\ADMIN\Cookies\TTRLK6S9.txt [ Cookie:admin@adbrite.com/ ]
C:\USERS\ADMIN\Cookies\FJ052YZM.txt [ Cookie:admin@media6degrees.com/ ]
C:\USERS\ADMIN\Cookies\NHNI5BFB.txt [ Cookie:admin@doubleclick.net/ ]
C:\USERS\ADMIN\Cookies\T6WYHMJ4.txt [ Cookie:admin@cdn.jemamedia.com/ ]
C:\USERS\ADMIN\Cookies\WKUIWX0U.txt [ Cookie:admin@clickbooth.com/ ]
C:\USERS\ADMIN\Cookies\1CBGO31E.txt [ Cookie:admin@invitemedia.com/ ]
C:\USERS\ADMIN\Cookies\TOK7I70H.txt [ Cookie:admin@at.atwola.com/ ]
C:\USERS\ADMIN\Cookies\3DQI0VKF.txt [ Cookie:admin@adserver.adtechus.com/ ]
C:\USERS\ADMIN\Cookies\QSBGU91B.txt [ Cookie:admin@collective-media.net/ ]
C:\USERS\ADMIN\Cookies\2DGW4XYD.txt [ Cookie:admin@1sadx.net/ ]
C:\USERS\ADMIN\Cookies\I41FK0IU.txt [ Cookie:admin@ad.mlnadvertising.com/ ]
C:\USERS\ADMIN\Cookies\2YPAY1Y1.txt [ Cookie:admin@clicksor.com/ ]
C:\USERS\ADMIN\Cookies\X4LBGLRO.txt [ Cookie:admin@server.cpmstar.com/ ]
C:\USERS\ADMIN\Cookies\KBHA6Q5R.txt [ Cookie:admin@yieldmanager.net/ ]
C:\USERS\ADMIN\Cookies\5D9M9LIX.txt [ Cookie:admin@serving-sys.com/ ]
C:\USERS\ADMIN\Cookies\EF68T7NU.txt [ Cookie:admin@intermundomedia.com/ ]
C:\USERS\ADMIN\Cookies\FW5G2POF.txt [ Cookie:admin@saymedia.com/ ]
C:\USERS\ADMIN\Cookies\J0S1RCDV.txt [ Cookie:admin@avgtechnologies.112.2o7.net/ ]
C:\USERS\ADMIN\Cookies\T02RJIRV.txt [ Cookie:admin@adxpose.com/ ]
C:\USERS\ADMIN\Cookies\551JX009.txt [ Cookie:admin@click.livesearchnow.com/ads-clicktrack/click/ ]
C:\USERS\ADMIN\Cookies\OUALZVWP.txt [ Cookie:admin@ru4.com/ ]
C:\USERS\ADMIN\Cookies\PREVPJ56.txt [ Cookie:admin@crackle.com/ ]
C:\USERS\ADMIN\Cookies\DXRCTMN7.txt [ Cookie:admin@ads.pointroll.com/ ]
C:\USERS\ADMIN\Cookies\IC3O1ETQ.txt [ Cookie:admin@mediaplex.com/ ]
C:\USERS\ADMIN\Cookies\6YXW5DVK.txt [ Cookie:admin@tribalfusion.com/ ]
C:\USERS\ADMIN\Cookies\5UL1BQRL.txt [ Cookie:admin@network.realmedia.com/ ]
C:\USERS\ADMIN\Cookies\BJB0PXXD.txt [ Cookie:admin@rotator.hadj7.adjuggler.net/servlet/ajrotator/track/pt63551 ]
C:\USERS\ADMIN\Cookies\OFWWD21I.txt [ Cookie:admin@insightexpressai.com/ ]
C:\USERS\ADMIN\Cookies\WUCUOMB6.txt [ Cookie:admin@realmedia.com/ ]
C:\USERS\ADMIN\Cookies\SPFGITT0.txt [ Cookie:admin@zedo.com/ ]
C:\USERS\ADMIN\Cookies\VPWXQJ3O.txt [ Cookie:admin@apmebf.com/ ]
C:\USERS\ADMIN\Cookies\BEN715KO.txt [ Cookie:admin@ad.yieldmanager.com/ ]
C:\USERS\ADMIN\Cookies\FL8R4M3K.txt [ Cookie:admin@communityconnect.112.2o7.net/ ]
C:\USERS\ADMIN\Cookies\W62N5A75.txt [ Cookie:admin@myroitracking.com/ ]
C:\USERS\ADMIN\Cookies\LOW728S9.txt [ Cookie:admin@burstnet.com/ ]
C:\USERS\ADMIN\Cookies\P18VGZZ1.txt [ Cookie:admin@adtech.de/ ]
C:\USERS\ADMIN\Cookies\B9RZEHCA.txt [ Cookie:admin@lucidmedia.com/ ]
C:\USERS\ADMIN\Cookies\9B3ST569.txt [ Cookie:admin@tacoda.at.atwola.com/ ]

PUP.MyWebSearch/FunWebProducts
(x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
(x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
(x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib
(x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
(x64) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
(x64) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
(x64) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
(x64) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
(x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
(x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32
(x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib
(x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version
(x64) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
(x64) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
(x64) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
(x64) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
(x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
(x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32
(x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib
(x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version
(x64) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
(x64) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
(x64) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
(x64) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
(x64) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
(x64) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
(x64) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
(x64) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
(x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
(x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
(x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
(x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
(x64) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
(x64) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
(x64) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
(x64) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
(x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
(x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32
(x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib
(x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version
(x64) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
(x64) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
(x64) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
(x64) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
(x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
(x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
(x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib
(x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version
(x64) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
(x64) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
(x64) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
(x64) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
(x64) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
(x64) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
(x64) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
(x64) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
(x64) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
(x64) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
(x64) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
(x64) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
(x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
(x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
(x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib
(x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version
(x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
(x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32
(x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib
(x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version
(x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
(x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
(x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
(x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
(x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
(x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x64) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
(x64) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x64) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x64) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x64) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
(x64) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x64) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x64) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x64) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
(x64) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x64) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x64) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x64) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
(x64) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
(x64) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
(x64) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
(x64) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
(x64) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
(x64) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
(x64) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
(x64) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
(x64) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
(x64) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
(x64) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
(x64) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
(x64) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
(x64) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
(x64) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
(x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
(x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
(x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
(x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version
(x64) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
(x64) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
(x64) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
(x64) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
(x64) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
(x64) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
(x64) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
(x64) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib#Version
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
(x64) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
(x64) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
(x64) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
(x64) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
(x64) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
(x64) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
(x64) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
(x64) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
(x64) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
(x64) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
(x64) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
(x64) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
(x64) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
(x64) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
(x64) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
(x64) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version

C:\ProgramData\Microsoft\Windows\DRM\B5A8.tmp.dat a variant of Win32/Kryptik.AOHY trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\C903.tmp.dat a variant of Win32/Kryptik.AOHY trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.11.2012_18.20.42\zasubsys0000\zafs0000\tsk0001.dta Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.11.2012_18.20.42\zasubsys0000\zafs0000\tsk0002.dta Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.11.2012_18.20.42\zasubsys0001\zafs0000\tsk0001.dta Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.11.2012_18.20.42\zasubsys0001\zafs0000\tsk0002.dta Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.11.2012_18.20.42\zasubsys0002\zafs0000\tsk0001.dta Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.11.2012_18.20.42\zasubsys0002\zafs0000\tsk0002.dta Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.11.2012_18.20.42\zasubsys0002\zafs0000\tsk0004.dta Win64/Sirefef.AW trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.11.2012_18.20.42\zasubsys0002\zafs0000\tsk0006.dta a variant of Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.11.2012_18.20.42\zasubsys0003\zafs0000\tsk0001.dta Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.11.2012_18.20.42\zasubsys0003\zafs0000\tsk0002.dta Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.11.2012_18.20.42\zasubsys0003\zafs0000\tsk0004.dta Win64/Sirefef.AW trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.11.2012_18.29.09\zasubsys0000\file0000\tsk0000.dta Win64/Patched.A.Gen trojan deleted - quarantined
C:\TDSSKiller_Quarantine\12.11.2012_18.29.09\zasubsys0000\zafs0000\tsk0003.dta Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.11.2012_18.29.09\zasubsys0000\zafs0000\tsk0004.dta Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.11.2012_18.29.09\zasubsys0000\zafs0000\tsk0005.dta Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.11.2012_18.29.09\zasubsys0000\zafs0000\tsk0006.dta Win64/Sirefef.AW trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.11.2012_18.41.52\zasubsys0000\file0000\tsk0000.dta Win64/Patched.A.Gen trojan deleted - quarantined
C:\TDSSKiller_Quarantine\12.11.2012_18.41.52\zasubsys0000\zafs0000\tsk0003.dta Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.11.2012_18.41.52\zasubsys0000\zafs0000\tsk0004.dta Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.11.2012_18.41.52\zasubsys0000\zafs0000\tsk0005.dta Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7A2EO0S5\categories[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\admin\AppData\Local\Temp\539A.tmp a variant of Win32/Kryptik.AOHY trojan cleaned by deleting - quarantined
C:\Users\admin\AppData\Local\Temp\F63E.tmp a variant of Win32/Kryptik.AOHY trojan cleaned by deleting - quarantined
C:\Users\admin\AppData\Local\Temp\YontooSetup-S.exe multiple threats cleaned by deleting - quarantined
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bvay2c55.default\extensions\qasfxegsmy@qasfxegsmy.org.xpi JS/Redirector.NCI trojan deleted - quarantined
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bvay2c55.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application cleaned by deleting - quarantined
C:\Windows\Installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\00000004.@ Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\Windows\Installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\Windows\Installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\80000000.@ Win64/Sirefef.AW trojan cleaned by deleting - quarantined
C:\Windows\Installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\80000032.@ probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\80000064.@ a variant of Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\Windows\System32\sysprep\CRYPTSP.dll_ a variant of Win32/Kryptik.AOOP trojan cleaned by deleting - quarantined

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by admin (administrator) on 12-11-2012 at 21:47:40
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : admin-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.il.comcast.net.

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 06-26-B6-E7-3A-8B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 00-26-6C-5A-64-8B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.il.comcast.net.
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 00-26-B6-E7-3A-8B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e035:8ce2:4c2f:f857%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.112(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, November 12, 2012 7:28:55 PM
Lease Expires . . . . . . . . . . : Tuesday, November 13, 2012 9:30:43 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234890934
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-B5-C8-19-00-26-B6-E7-3A-8B
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.il.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D06E876B-AB7E-4268-B352-D8742DC76988}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3778E079-E619-4385-8DE1-25A93EEF86B0}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.225.104] with 32 bytes of data:
Reply from 74.125.225.104: bytes=32 time=16ms TTL=53
Reply from 74.125.225.104: bytes=32 time=59ms TTL=53

Ping statistics for 74.125.225.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 59ms, Average = 37ms

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=93ms TTL=49
Reply from 72.30.38.140: bytes=32 time=74ms TTL=49

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 74ms, Maximum = 93ms, Average = 83ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
19...06 26 b6 e7 3a 8b ......Microsoft Virtual WiFi Miniport Adapter
11...00 26 6c 5a 64 8b ......Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20)
10...00 26 b6 e7 3a 8b ......Atheros AR9285 Wireless Network Adapter
1...........................Software Loopback Interface 1
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.112 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.112 281
192.168.1.112 255.255.255.255 On-link 192.168.1.112 281
192.168.1.255 255.255.255.255 On-link 192.168.1.112 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.112 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.112 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 281 fe80::/64 On-link
10 281 fe80::e035:8ce2:4c2f:f857/128
On-link
1 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/12/2012 02:36:34 PM) (Source: Windows Backup) (User: )
Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005).

Error: (11/11/2012 06:57:53 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Installed AVG 2013). Additional information: 0x80070005.

Error: (11/05/2012 04:38:35 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: YontooIEClient.dll, version: 1.10.1.0, time stamp: 0x50259122
Exception code: 0xc0000005
Fault offset: 0x00008ff4
Faulting process id: 0x1064
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/28/2012 10:12:01 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ba8

Start Time: 01cdb5150ad5174a

Termination Time: 181

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 26cb38c6-211a-11e2-880c-00266c5a648b

Error: (10/17/2012 03:38:35 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: mshtml.dll, version: 8.0.7601.17940, time stamp: 0x5037b0d7
Exception code: 0xc0000005
Fault offset: 0x001be0bf
Faulting process id: 0xdc8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/15/2012 05:45:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: avgnsa.exe, version: 13.0.0.2732, time stamp: 0x506a2fd6
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e21213c
Exception code: 0xe06d7363
Fault offset: 0x000000000000cacd
Faulting process id: 0xf6c
Faulting application start time: 0xavgnsa.exe0
Faulting application path: avgnsa.exe1
Faulting module path: avgnsa.exe2
Report Id: avgnsa.exe3

Error: (09/22/2012 00:44:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x5004e5aa
Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x5004e5aa
Exception code: 0xc0000005
Fault offset: 0x00002d80
Faulting process id: 0x7f4
Faulting application start time: 0xDefaultTabSearch.exe0
Faulting application path: DefaultTabSearch.exe1
Faulting module path: DefaultTabSearch.exe2
Report Id: DefaultTabSearch.exe3

Error: (09/22/2012 10:18:17 AM) (Source: Application Error) (User: )
Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x5004e5aa
Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x5004e5aa
Exception code: 0xc0000005
Fault offset: 0x00002d80
Faulting process id: 0x558
Faulting application start time: 0xDefaultTabSearch.exe0
Faulting application path: DefaultTabSearch.exe1
Faulting module path: DefaultTabSearch.exe2
Report Id: DefaultTabSearch.exe3

Error: (09/22/2012 10:05:49 AM) (Source: Application Error) (User: )
Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x5004e5aa
Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x5004e5aa
Exception code: 0xc0000005
Fault offset: 0x00002d80
Faulting process id: 0x42c
Faulting application start time: 0xDefaultTabSearch.exe0
Faulting application path: DefaultTabSearch.exe1
Faulting module path: DefaultTabSearch.exe2
Report Id: DefaultTabSearch.exe3

Error: (09/22/2012 09:59:01 AM) (Source: Application Error) (User: )
Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x5004e5aa
Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x5004e5aa
Exception code: 0xc0000005
Fault offset: 0x00002d80
Faulting process id: 0x7b8
Faulting application start time: 0xDefaultTabSearch.exe0
Faulting application path: DefaultTabSearch.exe1
Faulting module path: DefaultTabSearch.exe2
Report Id: DefaultTabSearch.exe3


System errors:
=============
Error: (11/12/2012 09:30:39 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (11/12/2012 07:29:48 PM) (Source: ssidrv) (User: )
Description: NetMon failed to initialize callouts.

Error: (11/12/2012 07:29:08 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/12/2012 07:28:56 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/12/2012 07:28:55 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (11/12/2012 07:28:55 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (11/12/2012 07:28:51 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (11/12/2012 07:27:42 PM) (Source: ssidrv) (User: )
Description: NetMon is in invalid state.

Error: (11/12/2012 07:27:32 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/12/2012 07:05:59 PM) (Source: ssidrv) (User: )
Description: NetMon failed to initialize callouts.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.5.502.110)
Adobe Reader 9.5.2 (Version: 9.5.2)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.27)
Atheros Driver Installation Program (Version: 5.2)
AVG 2012 (Version: 12.0.2101)
AVG 2013 (Version: 13.0.2629)
AVG 2013 (Version: 13.0.2793)
AVG 2013 (Version: 2013.0.2793)
Best Buy Software Installer (Version: 2.3.0.1)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.111.0.64)
D3DX10 (Version: 15.4.2368.0902)
ESET Online Scanner v3
Google Chrome (Version: 23.0.1271.64)
Google Earth (Version: 6.2.2.6613)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
InstallVC90Support (Version: 1.01.0000)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2086)
Intel® Matrix Storage Manager
Java™ 6 Update 17 (Version: 6.0.170)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
Magellan Communicator (Version: 1.10.013)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 5.0 (x86 en-US) (Version: 5.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Picasa 3 (Version: 3.8)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30111)
Secunia PSI (3.0.0.3001) (Version: 3.0.0.3001)
Sprint SmartView (Version: 2.50.0094.0)
SUPERAntiSpyware (Version: 5.6.1014)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
TOSHIBA Application Installer (Version: 9.0.1.0)
TOSHIBA Assist (Version: 3.00.10)
TOSHIBA Bulletin Board (Version: 1.6.07.64)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA Hardware Setup (Version: 2.00.04)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
TOSHIBA Media Controller (Version: 1.0.80.3.64)
TOSHIBA Media Controller Plug-in (Version: 1.0.4.9)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.6.06.64)
TOSHIBA Service Station (Version: 2.1.40)
TOSHIBA Supervisor Password (Version: 2.00.03)
TOSHIBA Value Added Package (Version: 1.3.3.64)
ToshibaRegistration (Version: 1.0.4)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Webroot Software (Version: 7.0.4.127)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yontoo 1.10.02 (Version: 1.10.02)

**** End of log ****

Norman Malware Cleaner v2.06.01
Copyright © 1990 - 2012, Norman ASA.

Norman Scanner Engine Version: 7.00.12
nvcbin.def: Version: 7.00.1850, Date: 2012/11/12 07:40:57, Variants: 15355348
nvcmacro.def: Version: 0.00.00, Date: 1969/12/31 18:00:00, Variants: 0

Operating System: Windows 7 Service Pack 1 x64

Switches: /iagree /nomt

Scan started: 2012/11/12 22:14:48

Running pre-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 1s

Scanning running processes and process memory...

Number of objects found: 1261
Number of objects scanned: 1261
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 38s

Scanning system for FakeAV...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Running full scan...
C:\$Recycle.Bin\S-1-5-21-2727664906-2687230135-1937888635-1000\$d94fe6be4be34744ff3e600bb2adccfb\U\80000064.@: File infected with doslegacy/Troj_Generic.ELTYA
Delete file: C:\$Recycle.Bin\S-1-5-21-2727664906-2687230135-1937888635-1000\$d94fe6be4be34744ff3e600bb2adccfb\U\80000064.@
Cleaning successful
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\Data\CatInfo.dat: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\Data\settings.dat: Error opening file for read: 0x00000005
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\masters\masters.mst: Error opening file for read: 0x00000005
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\masters\other.dat: Error opening file for read: 0x00000005
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS01A70CFE-FD91-4EA6-B2CF-BD4322178B80.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS05F214D0-EB45-4C9D-BC4C-071E2A6164A2.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS081DCB0E-4902-4847-919C-8A98992CEB18.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS09EE2047-F738-461E-A154-9DE6C96A7D83.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS0AA95412-FD3B-4633-8556-44AB53546726.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS0E39C868-B6A3-4A84-AD3B-72E81DD3856D.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS13670C7E-9981-41CA-93C2-45920CC89A41.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS1428FC8C-C139-4799-99F3-183DD29F4A80.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS1AE1429F-9E51-4B96-8408-24687290387D.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS1C53A38B-903C-472C-8066-8E2AED4411CD.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS1FDA575D-6585-4C16-A807-B5B1A8DD3D60.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS235A0D49-5C6A-450A-A8C5-492451B808CE.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS247B3766-3FD3-4CF3-A68E-20450DBC535A.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS2585C0B2-5BEA-46FA-874C-C213594FD6F6.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS26D4ADCC-35FB-4582-9101-DAED339EEAF2.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS2A3E156F-2E51-4150-A42C-F8BE94E105E4.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS2A6F6437-97A3-4B86-BD5C-A516561E1C96.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS2AF3A063-3F99-4186-B0D0-A2111659AB4C.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS2EF5AE33-8655-4D7D-BF5B-865B3C85A585.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS2F1F08E3-881B-408E-86F1-E6B49DAF0984.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS30B721D6-56EE-49E2-BBAE-530C33CBA33A.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS33FD0F77-D547-4BF4-9229-2D1089A0C1AD.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS3A8176EC-0E2D-4DD9-A864-ED1A21D84989.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS3C69868B-335C-47FD-9718-CAE9157E6621.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS3CC9431B-F33F-48EF-8F9C-36084EAA1948.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS43855AEB-FDE3-47EE-9985-7D4F8F987B9D.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS43BC0873-325A-41CB-99ED-2184DF538122.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS4A1C5339-49C8-4B62-9DF0-F6FA9D1EEB25.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS4DA15E2C-E911-4E43-B3D4-BBDEC43D8901.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS546BAF70-5B1C-4328-9D29-F6824FF7D76F.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS559578F9-A4CD-4DCD-96C4-2481CA79E8BF.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS5A4B3F93-DE82-4513-AA40-5D289B420A1A.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS61608678-D323-4A40-B4CD-899328A2B5E7.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS63B69ECF-25B0-4F53-B611-9B09C501DD14.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS6571A813-7DFE-4FA7-A9AA-035310714BCA.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS65DB88D6-46DD-48AF-9D59-25BA8C461AE1.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS69AFF364-4607-4CA0-9458-C387EF8D2871.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS69D3CED3-FFEC-445A-B1F0-5463A1BBC9F6.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS6AFCF83E-E7D6-439F-8677-7999389D285D.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS6B45144F-F5B8-4280-8006-01DF62D8D279.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS6BECDA26-9AE0-4854-99B1-F75C94E3D7C1.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS711FDA6D-44D2-4E53-B06E-84F0A7094C52.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS716EB0F2-CA1A-426E-A12C-A4263EA6306D.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS718B46AB-65C3-4EDF-8B61-1A7418DBE9DC.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS7263847B-3BD5-4500-8DC9-5E7495191C20.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS728ADF6B-8CB8-4810-85F4-228763946514.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS73B728D0-3FC0-47EE-A381-9AFB913E6717.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS74CFBAB1-C303-47EF-9245-6E5B6CEF199E.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS7CC75F4C-C76A-4D42-BE3D-004C44283B5C.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS7D3081BC-0F69-4432-B003-0B1606C7334C.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS81827997-EE63-4E57-9771-155A353A5C8E.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS8202B695-8E6E-441F-8ABA-96595D664A25.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS84DD0C95-6EC0-413C-ABEF-78E5D1C8F135.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS85186800-2777-45AD-AEF6-EE06B8B3AF51.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS886C98F8-FE66-4466-8E14-90CFF0F10E09.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS8953236C-4D27-45E3-B3C7-FDD8EFD73442.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS89BA45BB-6EBB-4B4E-A8D3-87DAF8A3C5A1.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS8B08D72E-7CC9-46FF-A6CF-946E2937181A.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS8BE02CC8-0CA9-43F4-A617-276C1DDE9304.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS8C1CCB8A-16CB-47B8-9139-514598253D43.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS8DE23445-3600-4F15-9811-F7D99707B6BF.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS8FBE5195-FA63-409B-B2D2-CA1163389FB8.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS924B07F9-B96E-4A15-BDD5-8EC8100905A1.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS950D82B7-FD6C-4DCF-A280-32F48A0FA1DA.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS959CA1CB-8F8A-4500-9045-988BCB8878D4.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS98C3B3E8-CF51-48FD-9C79-5763FEFCBC4F.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMS9E690A04-2D80-4ABE-90CD-D03568FA2511.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSA28FFDCE-A6B0-4EC7-82D2-79136B9BF871.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSA614B293-592C-4915-B648-31E447157135.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSA6431E7F-294D-4D17-94BB-3E934D68864D.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSAA58C013-334A-42E4-B8DD-6190E78F5DDA.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSAC78C60F-EBE2-47EA-A330-177464FB337A.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSB084FBA8-AE07-47CC-A3EB-BBF2A9EA241E.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSB14E774D-EF68-4855-944B-F63809B01205.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSB23AD9F3-437E-470E-912A-AEA00673DCCB.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSB3BA2176-97E9-4E13-AE7D-6563B1A73812.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSB9187395-4452-4609-B879-75E42FFB779C.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSBAD54EB1-BE93-4C0F-A639-6015E0500D3C.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSBD135B85-D949-4028-9D3F-AD56B1012B58.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSBF1E5424-3615-4167-A7C2-815E182F0D7B.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSC40A56F0-55A1-4CF8-A158-4DD5426A2FE0.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSC66D4796-3D2A-4FF1-A38D-9C9827A8800C.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSC73842A9-9CB0-4C86-9E62-85EE08EF3DFA.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSC938377D-B1EF-4313-ACC8-812D1B120D02.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSC999B38C-10B6-46AD-9D3B-530D1763AD4A.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSCA83FED8-1C39-4283-A411-0FE67B5F9088.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSCB5BC54B-23E1-4B05-8B78-2CA5D5669EC5.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSCB6E11FC-FEDE-431F-A105-BFFE12B04859.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSCE224EB1-A653-4AAB-AD2E-C23D8D3406F3.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSCECFC329-86D2-4CF2-B90E-F7BDBD7D9C5C.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSCF59A945-D4F9-4846-9D67-1BD25572D6A1.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSD30503C7-9925-440C-9D05-ECC78632CBE8.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSD6BFD9F0-A357-43FD-A105-2CE344C8C10A.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSD844C4DA-9CD8-4823-B13B-CADB95C7EFCA.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSE41EC2A7-EE2B-4A4E-B928-20731431895C.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSE86B7AFB-8274-441A-A997-62F43216E90E.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSEFEB3A21-5D2F-40F8-AEB2-EBB3EB9D33C8.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSF2807A4A-7D27-44FE-94C8-5259AFDA2EBD.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSF44B17BC-46B1-4873-894A-93A976C29DE4.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSF727ED47-BD7E-41CE-8985-F52FFCF8FF4D.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSF7E5B5E8-AD84-47BD-9A27-D28C1B8109B0.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSFF688817-6917-440A-A962-2A74819A4751.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSFFE49FB4-4458-4378-B47E-EDEAFF7DBAF5.tmp: Error opening file for read: 0x00000020
C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\wrstemp\SSMSFFE80459-5114-43E9-BCDA-4B9FC3900161.tmp: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Error opening file for read: 0x00000020
C:\System Volume Information\Syscache.hve: Error opening file for read: 0x00000020
C:\System Volume Information\Syscache.hve.LOG1: Error opening file for read: 0x00000020
C:\System Volume Information\Syscache.hve.LOG2: Error opening file for read: 0x00000020
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{69BC282A-2D46-11E2-8844-00266C5A648B}.dat: Error opening file for read: 0x00000020
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{830465B1-2D46-11E2-8844-00266C5A648B}.dat: Error opening file for read: 0x00000020
C:\Users\admin\AppData\Local\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Users\admin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Error opening file for read: 0x00000020
C:\Users\admin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2: Error opening file for read: 0x00000020
C:\Users\admin\AppData\Local\Temp\~DF18BBC637429A0437.TMP: Error opening file for read: 0x00000020
C:\Users\admin\AppData\Local\Temp\~DF6E79CBAA9BF53C09.TMP: Error opening file for read: 0x00000020
C:\Users\admin\Desktop\aswMBR.exe: File infected with winpe/Rootkit.EODN
Delete file: C:\Users\admin\Desktop\aswMBR.exe
Cleaning successful
C:\Users\admin\ntuser.dat: Error opening file for read: 0x00000020
C:\Users\admin\ntuser.dat.LOG1: Error opening file for read: 0x00000020
C:\Users\admin\ntuser.dat.LOG2: Error opening file for read: 0x00000020
C:\Windows\assembly\GAC_32\Desktop.ini: Error opening file for read: 0x00000005
C:\Windows\assembly\GAC_64\Desktop.ini: Error opening file for read: 0x00000005
C:\Windows\Installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\00000004.@: File infected with doslegacy/ZAccess.JYW
Delete file: C:\Windows\Installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\00000004.@
Cleaning successful
C:\Windows\Installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\00000008.@: File infected with doslegacy/Suspicious_Gen4.AGIPS
Delete file: C:\Windows\Installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\00000008.@
Cleaning successful
C:\Windows\Installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\000000cb.@: File infected with doslegacy/Suspicious_Gen4.AMSOU
Delete file: C:\Windows\Installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\000000cb.@
Cleaning successful
C:\Windows\Installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\80000000.@: File infected with doslegacy/Troj_Generic.FCBWH
Delete file: C:\Windows\Installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\80000000.@
Cleaning successful
C:\Windows\Installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\80000032.@: File infected with winpe/Troj_Generic.FDARN
Delete file: C:\Windows\Installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\80000032.@
Cleaning successful
C:\Windows\Installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\80000064.@: File infected with doslegacy/Troj_Generic.FDGVK
Delete file: C:\Windows\Installer\{d94fe6be-4be3-4744-ff3e-600bb2adccfb}\U\80000064.@
Cleaning successful
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\ntuser.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\edb.log: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: Error opening file for read: 0x00000020
C:\Windows\System32\config\default: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\DEFAULT: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SAM: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SECURITY: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SOFTWARE: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SYSTEM: Error opening file for read: 0x00000020
C:\Windows\System32\config\sam: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\security: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\software: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\system: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl: Error opening file for read: 0x00000020
C:\Windows\System32\services.exe: File infected with doslegacy/ZAccess.KVF
Delete file: C:\Windows\System32\services.exe
Cleaning operation failed (Error code: 0x00000005)
Delete file on reboot: C:\Windows\System32\services.exe
Cleaning successful
C:\Windows\System32\SsiEfr.exe: Error opening file for read: 0x00000005
C:\Windows\SysWOW64\wrLZMA.dll: Error opening file for read: 0x00000005
E:\ADMIN-PC\Backup Set 2012-11-12 144812\Backup Files 2012-11-12 144812\Backup files 3.zip: Archive infected
E:\ADMIN-PC\Backup Set 2012-11-12 144812\Backup Files 2012-11-12 144812\Backup files 3.zip/C\Users\admin\Desktop\aswMBR.exe: File infected with winpe/Rootkit.EODN
Delete archive object: E:\ADMIN-PC\Backup Set 2012-11-12 144812\Backup Files 2012-11-12 144812\Backup files 3.zip\C\Users\admin\Desktop\aswMBR.exe
Cleaning successful

Number of files found: 145827
Number of archives unpacked: 3429
Number of objects found: 358908
Number of objects scanned: 358743
Number of objects not scanned: 165
Number of malicious objects found: 10
Number of malicious objects cleaned: 10
Number of malicious files found: 10
Number of malicious files cleaned: 10
Scanning time: 8h 2m 35s

Running post-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Results:
Total number of files found: 145827
Total number of archives unpacked: 3429
Total number of objects found: 360169
Total number of objects scanned: 360004
Total number of objects not scanned: 165
Total number of malicious objects found: 10
Total number of malicious objects cleaned: 10
Total number of malicious files found: 10
Total number of malicious files cleaned: 10
Total number of objects quarantined: 9
Total scanning time: 8h 3m 14s


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-12 12:58:09
-----------------------------
12:58:09.677 OS Version: Windows x64 6.1.7601 Service Pack 1
12:58:09.677 Number of processors: 1 586 0x170A
12:58:09.677 ComputerName: ADMIN-PC UserName: admin
12:58:12.344 Initialize success
13:01:20.964 AVAST engine defs: 12111200
13:01:47.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:01:47.391 Disk 0 Vendor: ST925031 0002 Size: 238475MB BusType: 3
13:01:47.391 Disk 0 MBR read successfully
13:01:47.406 Disk 0 MBR scan
13:01:47.406 Disk 0 Windows VISTA default MBR code
13:01:47.422 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
13:01:47.437 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 227813 MB offset 3074048
13:01:47.469 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9161 MB offset 469635072
13:01:47.515 Disk 0 scanning C:\windows\system32\drivers
13:02:00.245 Service scanning
13:02:41.351 Modules scanning
13:02:41.351 Disk 0 trace - called modules:
13:02:41.413 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:02:41.928 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80025f1760]
13:02:41.928 3 CLASSPNP.SYS[fffff880013bf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80024e3050]
13:02:47.326 AVAST engine scan C:\windows
13:02:49.338 AVAST engine scan C:\windows\system32
13:04:35.200 File: C:\windows\system32\services.exe **INFECTED** Win32:Sirefef-ZT [Trj]
13:05:16.353 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:05:19.754 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:07:06.801 AVAST engine scan C:\windows\system32\drivers
13:07:27.674 AVAST engine scan C:\Users\admin
13:07:53.430 Verifying
13:08:03.492 Disk 0 Windows 601 MBR fixed successfully
13:10:01.365 Disk 0 MBR has been saved successfully to "C:\Users\admin\Documents\MBR.dat"
13:10:01.365 The log file has been saved successfully to "C:\Users\admin\Documents\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-13 06:45:28
-----------------------------
06:45:28.749 OS Version: Windows x64 6.1.7601 Service Pack 1
06:45:28.749 Number of processors: 1 586 0x170A
06:45:28.764 ComputerName: ADMIN-PC UserName: admin
06:45:32.727 Initialize success
06:45:44.723 AVAST engine defs: 12111200
06:53:02.912 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
06:53:02.912 Disk 0 Vendor: ST925031 0002 Size: 238475MB BusType: 3
06:53:02.928 Disk 0 MBR read successfully
06:53:02.928 Disk 0 MBR scan
06:53:02.943 Disk 0 Windows 7 default MBR code
06:53:02.959 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
06:53:02.975 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 227813 MB offset 3074048
06:53:03.021 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9161 MB offset 469635072
06:53:03.084 Disk 0 scanning C:\windows\system32\drivers
06:53:23.863 Service scanning
06:53:58.932 Modules scanning
06:53:58.932 Disk 0 trace - called modules:
06:53:58.948 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
06:53:58.948 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002a2c060]
06:53:58.948 3 CLASSPNP.SYS[fffff88001a8143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80020da050]
06:54:00.523 AVAST engine scan C:\windows
06:54:02.629 AVAST engine scan C:\windows\system32
06:56:35.172 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
06:56:38.448 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
06:58:40.143 AVAST engine scan C:\windows\system32\drivers
06:58:56.726 AVAST engine scan C:\Users\admin
07:06:34.041 Disk 0 MBR has been saved successfully to "C:\Users\admin\Documents\MBR.dat"
07:06:34.259 The log file has been saved successfully to "C:\Users\admin\Documents\aswMBR.txt"

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:49 PM

Posted 13 November 2012 - 10:22 AM

Hello, two of the found infectionscould not be repaired with these tools. We need ou to start a new topic on Siref not removed.
We should get a deeper look. Please follow this Preparation Guide and post in a new topic.
If Gmer won't run,skip it.
Include a link back to this topic.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Ernie694

Ernie694
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 13 November 2012 - 12:09 PM

Thanks Boopme, have posted a new topic in the other forum with information requested. :)

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:49 PM

Posted 13 November 2012 - 04:58 PM

Your welcome!!

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 2 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users