Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Very Slow computer with browser redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Very Slow computer with browser redirects

Unread postby Orange » September 30th, 2010, 3:44 am

I have a laptop that is infected with several sorts of malware. I have run several programs on it before I came to this wonderful site. I have run Avira, Superantispyware, malwarebytes, and hostxperts.exe. The computer is very slow. It will connect to google.com but will not go to any antivirus sites. It has also seemed to stop going to regular sites too i.e. local news etc. I attempted to run hostxperts.exe to fix the host file issue but it would not allow me to write in C:Windows/system32/drivers/etc . So I looked on the internet and did it manually. And I don't think I did a very good job. initially there were many many lines of wierd websites but now it is just local host.
my hijack this log follows I hope you can help. Please let me know if I need to give you any other information.


Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:08:45 AM, on 9/30/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18943)

Boot mode: Normal



Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Windows\system32\cmd.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100911014004.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -update activex

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe



--

End of file - 10482 bytes
Orange
Active Member
 
Posts: 11
Joined: September 30th, 2010, 3:13 am
Advertisement
Register to Remove

Re: Very Slow computer with browser redirects

Unread postby deltalima » October 1st, 2010, 4:31 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Very Slow computer with browser redirects

Unread postby deltalima » October 1st, 2010, 4:51 pm

Hi Orange,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.

Next

  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Very Slow computer with browser redirects

Unread postby Orange » October 2nd, 2010, 2:47 am

OK, The Internet Explorer on this machine will google search but when you click a link it redirects. But It seems if I type the web address manually I can get to the site. So until I get this fixed, I think it is easier to download files to a thumb drive and transfer them back and forth between the two. Working on one and coming here on another. Here are the logs you asked for.

Uninstall List:

Ad-Aware

Ad-Aware

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe Flash Player 10 ActiveX

Adobe Reader 8.1.2

Antivirus 2010

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Avira AntiVir Personal - Free Antivirus

Banctec Service Agreement

Bonjour

Browser Address Error Redirector

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

Conexant HDA D330 MDC V.92 Modem

Dell DataSafe Online

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Touchpad

Dell Wireless WLAN Card

Digital Line Detect

EDocs

Google Desktop

Google Toolbar for Internet Explorer

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist 8.0.0.514

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel(R) Matrix Storage Manager

iPhone Configuration Utility

iTunes

Java(TM) 6 Update 5

Malwarebytes' Anti-Malware

McAfee SecurityCenter

MediaDirect

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Modem Diagnostic Tool

Music, Photos & Videos Launcher

NetWaiting

OGA Notifier 2.0.0048.0

OutlookAddinSetup

Product Documentation Launcher

QuickSet

QuickTime

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Safari

Spybot - Search & Destroy

SUPERAntiSpyware

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01




MGDiag.txt:
Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Status: Genuine

Validation Code: 0

Cached Online Validation Code: N/A, hr = 0xc004f012

Windows Product Key: *****-*****-4WD8X-M9WM7-CH4CG

Windows Product Key Hash: EkdqJZ28Y9zyrh7DU/lHNjTXlQY=

Windows Product ID: 89572-OEM-7332166-00096

Windows Product ID Type: 2

Windows License Type: OEM SLP

Windows OS version: 6.0.6001.2.00010300.1.0.002

ID: {9AE35D66-3465-4858-8273-D32E08628EBE}(1)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: N/A, hr = 0x80070002

Signed By: N/A, hr = 0x80070002

Product Name: Windows Vista (TM) Home Basic

Architecture: 0x00000000

Build lab: 6001.vistasp1_gdr.100608-0458

TTS Error:

Validation Diagnostic:

Resolution Status: N/A



Vista WgaER Data-->

ThreatID(s): N/A, hr = 0x80070002

Version: 6.0.6002.16398



Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002



OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: 2.0.48.0

OGAExec.exe Signed By: Microsoft

OGAAddin.dll Signed By: Microsoft



OGA Data-->

Office Status: 100 Genuine

Microsoft Office Professional Edition 2003 - 100 Genuine

OGA Version: Registered, 2.0.48.0

Signed By: Microsoft

Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005



Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Program Files\Internet Explorer\iexplore.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed



File Scan Data-->



Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{9AE35D66-3465-4858-8273-D32E08628EBE}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-CH4CG</PKey><PID>89572-OEM-7332166-00096</PID><PIDType>2</PIDType><SID>S-1-5-21-3457655546-903066992-3035659098</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 1525 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A11</Version><SMBIOSVersion major="2" minor="4"/><Date>20080310000000.000000+000</Date></BIOS><HWID>8A303507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>M08 </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>ABA9B4589044500</Val><Hash>+trQvLvBKOF70oOx2u/iiYsuop8=</Hash><Pid>73931-640-3717755-57255</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>



Spsys.log Content: 0x80070002



Licensing Data-->

Software licensing service version: 6.0.6001.18000

Name: Windows(TM) Vista, HomeBasic edition

Description: Windows Operating System - Vista, OEM_SLP channel

Activation ID: 199086aa-6cb8-4e5b-b698-f2be56f1e8ee

Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

Extended PID: 89572-00146-321-600096-02-1033-6001.0000-1792008

Installation ID: 005326987041638353929986331645879372046102181726496642

Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473

Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474

Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476

Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475

Partial Product Key: CH4CG

License Status: Licensed



Windows Activation Technologies-->

N/A



HWID Data-->

HWID Hash Current: PAAAAAEABgABAAIAAQABAAAAAwABAAEA6GFk9SKftsBszMCyCiVsPEaDEMIGpJT78vS6f2gfomqsVrIN



OEM Activation 1.0 Data-->

N/A



OEM Activation 2.0 Data-->

BIOS valid for OA 2.0: yes

Windows marker version: 0x20000

OEMID and OEMTableID Consistent: yes

BIOS Information:

ACPI Table Name OEMID Value OEMTableID Value

APIC DELL M08

FACP DELL M08

HPET DELL M08

BOOT DELL M08

MCFG DELL M08

SLIC DELL M08

OSFR DELL M08

SSDT PmRef Cpu0Cst

SSDT PmRef Cpu0Cst



CKScanner - Additional Security Risks - These are not necessarily bad

c:\users\mvaliquette\music\itunes\itunes music\hootie & the blowfish\cracked rear view\03 let her cry.m4a

c:\users\mvaliquette\music\itunes\itunes music\hootie & the blowfish\cracked rear view\04 only wanna be with you.m4a

scanner sequence 3.LB.11

----- EOF -----
Orange
Active Member
 
Posts: 11
Joined: September 30th, 2010, 3:13 am

Re: Very Slow computer with browser redirects

Unread postby deltalima » October 2nd, 2010, 12:12 pm

Hi Orange,

I think it is easier to download files to a thumb drive and transfer them back and forth between the two


That is fine, please check that word wrap is OFF in notepad on both computers as the extra blank lines in the logs make them difficult to follow.

Download DDS

Please download DDS by sUBs from one of the links below and save it to your desktop:

Image
Download DDS and save it to your desktop

Link1
Link2

Please disable any anti-malware program that will block scripts from running before running DDS.

  • Right-Click on dds.scr And select " Run as administrator "... and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now right-click on RKUnhookerLE.exe and select "Run As Administrator" to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • * This can take a while. Please be patient *.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of this log in you're next reply.
  • This log can be lengthy you may have to post it in separate replies.
  • Note: You may get the following warning - it is ok - just ignore it:
    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Very Slow computer with browser redirects

Unread postby Orange » October 3rd, 2010, 6:33 am

Here are the logs you requested.

DDS (Ver_10-03-17.01) - NTFSx86

Run by mvaliquette at 2:40:30.42 on Sun 10/03/2010

Internet Explorer: 8.0.6001.18943

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3573.2474 [GMT -5:00]



SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}



============== Running Processes ===============



C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\aestsrv.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\mvaliquette\Desktop\dds.scr



============== Pseudo HJT Report ===============



uStart Page = hxxp://www.google.com/ig/dell?hl=en&cli ... bd=5080617

uWindow Title = Internet Explorer provided by Dell

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&cli ... bd=5080617

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100930224523.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [ECenter] c:\dell\e-center\EULALauncher.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

mRun: [IgfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL



============= SERVICES / DRIVERS ===============



R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-29 64288]

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-11 386712]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-11 64304]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-11 164808]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-6-16 73728]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-29 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-29 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-29 60936]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-11 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-11 271480]

R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-11 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-11 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-11 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-11 141792]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-12 1153368]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-11 55840]

R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-16 111616]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-11 152992]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-11 52104]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-11 312904]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1356952]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-11 84264]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-16 30192]

S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]



=============== Created Last 30 ================



2010-10-02 06:25:51 0 d-----w- C:\MGADiagToolOutput

2010-09-30 03:11:23 0 d-----w- c:\users\mvaliq~1\appdata\roaming\Avira

2010-09-30 03:06:09 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-09-30 03:06:07 0 d-----w- c:\programdata\Avira

2010-09-30 03:06:07 0 d-----w- c:\program files\Avira

2010-09-29 22:23:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2010-09-29 19:44:43 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-09-29 17:28:25 0 d-----w- c:\program files\Trend Micro

2010-09-29 17:22:02 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-09-29 17:21:52 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-09-29 17:17:35 0 d-----w- c:\programdata\Lavasoft

2010-09-29 17:17:35 0 d-----w- c:\program files\Lavasoft

2010-09-29 16:59:30 0 dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-09-29 16:11:27 0 d-----w- c:\users\mvaliq~1\appdata\roaming\SUPERAntiSpyware.com

2010-09-29 16:11:27 0 d-----w- c:\programdata\SUPERAntiSpyware.com

2010-09-29 16:11:23 0 d-----w- c:\program files\SUPERAntiSpyware

2010-09-29 14:29:06 0 d-----w- c:\users\mvaliq~1\appdata\roaming\Malwarebytes

2010-09-29 14:28:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-29 14:28:57 0 d-----w- c:\programdata\Malwarebytes

2010-09-29 14:28:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-29 14:28:55 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-12 17:18:04 0 d-----w- c:\programdata\Spybot - Search & Destroy

2010-09-12 17:18:04 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-09-11 06:40:01 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2010-09-11 06:39:49 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2010-09-11 06:39:49 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2010-09-11 06:39:49 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2010-09-11 06:39:49 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2010-09-11 06:39:48 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2010-09-11 06:39:48 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys

2010-09-11 06:39:48 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2010-09-11 06:39:48 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2010-09-11 06:39:48 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys



==================== Find3M ====================



2010-09-11 06:40:56 51200 ----a-w- c:\windows\inf\infpub.dat

2010-09-11 06:40:56 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-09-11 06:40:55 86016 ----a-w- c:\windows\inf\infstor.dat

2008-06-27 22:20:26 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini

2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat



============= FINISH: 2:41:58.23 ===============
Orange
Active Member
 
Posts: 11
Joined: September 30th, 2010, 3:13 am

Re: Very Slow computer with browser redirects

Unread postby Orange » October 3rd, 2010, 6:34 am

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT



DDS (Ver_10-03-17.01)



Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume3

Install Date: 6/16/2008 4:04:40 PM

System Uptime: 10/3/2010 2:26:54 AM (0 hours ago)



Motherboard: Dell Inc. | | 0U990C

Processor: Intel(R) Celeron(R) CPU 550 @ 2.00GHz | Microprocessor | 1995/133mhz



==== Disk Partitions =========================



C: is FIXED (NTFS) - 137 GiB total, 77.799 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 6.203 GiB free.

E: is CDROM ()

F: is Removable



==== Disabled Device Manager Items =============



==== System Restore Points ===================





==== Installed Programs ======================



Ad-Aware

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe Flash Player 10 ActiveX

Adobe Reader 8.1.2

Adobe Reader 8.1.2 Security Update 1 (KB403742)

Antivirus 2010

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Avira AntiVir Personal - Free Antivirus

Banctec Service Agreement

Bonjour

Browser Address Error Redirector

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

Conexant HDA D330 MDC V.92 Modem

Dell DataSafe Online

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Touchpad

Dell Wireless WLAN Card

Digital Line Detect

EDocs

Google Desktop

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist 8.0.0.514

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel(R) Matrix Storage Manager

iPhone Configuration Utility

iTunes

Java(TM) 6 Update 5

Malwarebytes' Anti-Malware

McAfee SecurityCenter

MediaDirect

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

MobileMe Control Panel

Modem Diagnostic Tool

Music, Photos & Videos Launcher

NetWaiting

OGA Notifier 2.0.0048.0

OutlookAddinSetup

Product Documentation Launcher

QuickSet

QuickTime

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Safari

Spybot - Search & Destroy

SUPERAntiSpyware

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01



==== End Of File ===========================
Orange
Active Member
 
Posts: 11
Joined: September 30th, 2010, 3:13 am

Re: Very Slow computer with browser redirects

Unread postby Orange » October 3rd, 2010, 6:35 am

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows Vista

Version 6.0.6001 (Service Pack 1)

Number of processors #1

==============================================

>Drivers

==============================================

0x8FA0B000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6606848 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)

0x82240000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)

0x82240000 PnpManager 3903488 bytes

0x82240000 RAW 3903488 bytes

0x82240000 WMIxWDM 3903488 bytes

0x974C0000 Win32k 2105344 bytes

0x974C0000 C:\Windows\System32\win32k.sys 2105344 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x8BA09000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)

0x82A80000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)

0x90603000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)

0x8F8ED000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1056768 bytes (Broadcom Corp., Broadcom 802.11 Network Adapter wireless driver)

0x908D0000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)

0x804C5000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)

0xAE601000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0x8F800000 C:\Windows\System32\Drivers\dump_iaStor.sys 815104 bytes

0x82806000 C:\Windows\system32\drivers\iastor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)

0x90706000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)

0xA9439000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)

0x90058000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x8060D000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)

0x82A0F000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xA953F000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)

0x8040B000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)

0x82935000 C:\Windows\system32\drivers\mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)

0x90805000 C:\Windows\system32\drivers\stwrt.sys 348160 bytes (IDT, Inc., NDHF)

0x829AA000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)

0xADCBE000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)

0x9016E000 C:\Windows\system32\DRIVERS\yk60x86.sys 311296 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)

0x90B9C000 C:\Windows\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)

0x8073F000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x90A3E000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x80696000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)

0x80484000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)

0x90409000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)

0x9010F000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x9056A000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)

0x90AF9000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x82BB6000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)

0xADC46000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x8BB18000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x90525000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x8220D000 ACPI_HAL 208896 bytes

0x8220D000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x828F3000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x90A0C000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x805A5000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)

0x905A7000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x807B5000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)

0x82B8B000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x904E4000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)

0xA94F8000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)

0xADD28000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)

0x8BB68000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)

0x909D4000 C:\Windows\system32\drivers\mfewfpk.sys 159744 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)

0x806ED000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xADC97000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x905D4000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0x90B78000 C:\Windows\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)

0x90477000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x90B56000 C:\Windows\system32\DRIVERS\avipbb.sys 139264 bytes (Avira GmbH, Avira Driver for Security Enhancement)

0x90AD1000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)

0x8BBA0000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)

0x907C7000 C:\Windows\system32\drivers\IntcHdmi.sys 135168 bytes (Intel(R) Corporation, Intel(R) High Definition Audio HDMI)

0x9087D000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0xADC07000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xADC27000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0x828D5000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)

0xA95AC000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)

0x909B9000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0xA9409000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)

0x901D8000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)

0xA95C9000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x807E1000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xADC7F000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x90B3F000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0x90455000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xAE74E000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xAE72D000 C:\Windows\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)

0x90A86000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x907E8000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)

0xA9424000 C:\Windows\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)

0xA95E2000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x904BD000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0xAE778000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)

0x904A9000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x8BBD7000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)

0x805D3000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)

0x8BBEB000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)

0xA952C000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x90AB8000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0x9015C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0xAE764000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xAE78D000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0x8BB8F000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x90559000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x8046B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x82925000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)

0xA94E8000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x807A5000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)

0x901BA000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0x904D2000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)

0x8F8DE000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)

0x82992000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)

0x82A00000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)

0x8BB59000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0x80714000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)

0x9049A000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x8F9EF000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)

0x9014D000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x80730000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)

0x901CA000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0x97700000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)

0x90A9C000 C:\Windows\system32\DRIVERS\mfenlfk.sys 57344 bytes (McAfee, Inc., McAfee NDIS Light Filter Driver)

0x90AAA000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x908B9000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x80790000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0x90BE7000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)

0x907BA000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)

0x90518000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x900F7000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)

0x80689000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0xAE721000 C:\Windows\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)

0xAE6E9000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x90871000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x8FA00000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)

0xAE743000 C:\Windows\system32\drivers\mfebopk.sys 45056 bytes (McAfee, Inc., Buffer Overflow Protection Driver)

0x901F2000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)

0x908AE000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x9046C000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x9044A000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x8F8CA000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x90104000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0x80726000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)

0x90BF4000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x9050E000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0xA9522000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)

0x90B35000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0xAE6DF000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x8BBC1000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)

0x9085A000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0xAE79F000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0x829A1000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0x908C7000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0x976E0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x8F8D5000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x82BF4000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)

0x806DC000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x828CD000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)

0x8047C000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x8837A000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0x806E5000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x9089E000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x908A6000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8BB51000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0xAE6F5000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)

0x9086A000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x80789000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)

0x90863000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x8079E000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0x8BA00000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0x90AF3000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)

0x90ACB000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)

0x82BF0000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0xADD24000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)

0x80723000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0x904E2000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xAE776000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

!!!!!!!!!!!Hidden driver: 0x87561999 ?_empty_? 1639 bytes

==============================================

>Stealth

==============================================

0x82806000 WARNING: suspicious driver modification [iastor.sys::0x87561999]

0x01B20000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0x88D40020 ] PID: 3580, 28672 bytes

0x05BA0000 Hidden Image-->WLTRAY.EXE [ EPROCESS 0x87344190 ] PID: 1800, 3821568 bytes

0x01AF0000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0x88D40020 ] PID: 3580, 45056 bytes

0x01CC0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x87344190 ] PID: 1800, 507904 bytes

0x04650000 Hidden Image-->msvcm80.dll [ EPROCESS 0x89234B88 ] PID: 3404, 507904 bytes

0x01320000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x87344190 ] PID: 1800, 77824 bytes

0x02370000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x89234B88 ] PID: 3404, 77824 bytes

0x016C0000 Hidden Image-->sprtmessage.dll [ EPROCESS 0x88D40020 ] PID: 3580, 77824 bytes

==============================================

>Files

==============================================

!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7daa33ca1e20.bup

!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7daa33cad90.bup

!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7daa33cb2da0.bup

!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7daa33cb3b50.bup

!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7daa33cbd0.bup

!-->[Hidden] C:\Users\mvaliquette\AppData\Local\Microsoft\Windows\WER\ReportQueue\store.lock

!-->[Hidden] C:\Users\mvaliquette\AppData\Local\Temp\~DF2068.tmp::$DATA

!-->[Hidden] C:\Users\mvaliquette\AppData\Local\Temp\~DF37A4.tmp::$DATA

!-->[Hidden] C:\Users\mvaliquette\AppData\Local\Temp\~DF4D41.tmp::$DATA

!-->[Hidden] C:\Users\mvaliquette\AppData\Local\Temp\~DF5360.tmp::$DATA

!-->[Hidden] C:\Users\mvaliquette\AppData\Local\Temp\~DF9811.tmp::$DATA

!-->[Hidden] C:\Users\mvaliquette\AppData\Local\Temp\~DF9830.tmp::$DATA

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt::$DATA

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pointroll[1].txt::$DATA

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt::$DATA

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[2].txt::$DATA

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[2].txt::$DATA

==============================================

>Hooks

==============================================

ntkrnlpa.exe+0x000B4EEA, Type: Inline - RelativeJump 0x822F4EEA-->822F4EF1 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtMapViewOfSection, Type: Inline - RelativeJump 0x8246480E-->8296806C [mfehidk.sys]

ntkrnlpa.exe-->NtTerminateProcess, Type: Inline - RelativeJump 0x82422FBC-->82968096 [mfehidk.sys]

ntkrnlpa.exe-->NtUnmapViewOfSection, Type: Inline - RelativeJump 0x82464E65-->82968082 [mfehidk.sys]

ntkrnlpa.exe-->NtYieldExecution, Type: Inline - RelativeJump 0x822671C0-->82968058 [mfehidk.sys]

[1040]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]

[1040]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]

[1040]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]

[1040]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]

[1040]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]

[1040]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]

[1040]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]

[1040]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]

[1040]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]

[1040]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]

[1040]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]

[1040]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]

[1040]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]

[1040]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]

[1040]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]

[1040]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]

[1040]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]

[1040]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]

[1040]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]

[1040]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]

[1040]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]

[1040]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]

[1040]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]

[1040]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]

[1040]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]

[1040]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]

[1040]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]

[1040]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]

[1040]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]

[1040]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]

[1040]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]

[1040]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]

[1040]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]

[1172]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]

[1172]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]

[1172]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]

[1172]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]

[1172]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]

[1172]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]

[1172]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]

[1172]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]

[1172]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]

[1172]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]

[1172]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]

[1172]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]

[1172]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]

[1172]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]

[1172]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]

[1172]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]

[1172]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]

[1172]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]

[1172]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]

[1172]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]

[1172]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]

[1172]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]

[1172]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]

[1172]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]

[1172]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]

[1172]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]

[1172]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]

[1172]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]

[1172]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]

[1172]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]

[1172]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]

[1172]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]

[1172]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]

[1248]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]

[1248]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]

[1248]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]

[1248]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]

[1248]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]

[1248]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]

[1248]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]

[1248]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]

[1248]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]

[1248]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]

[1248]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]

[1248]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]

[1248]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]

[1248]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]

[1248]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]

[1248]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]

[1248]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]

[1248]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]

[1248]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]

[1248]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]

[1248]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]

[1248]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]

[1248]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]

[1248]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]

[1248]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]

[1248]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]

[1248]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]

[1248]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]

[1248]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]

[1248]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]

[1248]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]

[1248]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]

[1248]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]

[1284]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]

[1284]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]

[1284]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]

[1284]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]

[1284]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]

[1284]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]

[1284]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]

[1284]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]

[1284]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]

[1284]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]

[1284]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]

[1284]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]

[1284]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]

[1284]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]

[1284]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]

[1284]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]

[1284]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]

[1284]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]

[1284]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]

[1284]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]

[1284]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]

[1284]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]

[1284]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]

[1284]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]

[1284]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]

[1284]svchost.exe-->mswsock.dll+0x000024B9, Type: Inline - RelativeJump 0x757424B9-->00000000 [unknown_code_page]

[1284]svchost.exe-->mswsock.dll+0x00005604, Type: Inline - RelativeJump 0x75745604-->00000000 [unknown_code_page]

[1284]svchost.exe-->mswsock.dll+0x000057C5, Type: Inline - RelativeJump 0x757457C5-->00000000 [unknown_code_page]

[1284]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77C099E8-->00000000 [unknown_code_page]

[1284]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]

[1284]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]

[1284]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]

[1284]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x77C092A8-->00000000 [unknown_code_page]

[1284]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x77D20F5E-->00000000 [unknown_code_page]

[1284]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]

[1284]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]

[1284]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]

[1284]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]

[1284]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]

[1400]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]

[1400]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]

[1400]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]

[1400]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]

[1400]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]

[1400]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]

[1400]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]

[1400]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]

[1400]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]

[1400]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]

[1400]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]

[1400]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]

[1400]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]

[1400]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]

[1400]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]

[1400]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]

[1400]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]

[1400]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]

[1400]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]

[1400]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]

[1400]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]

[1400]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]

[1400]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]

[1400]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]

[1400]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]

[1400]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]

[1400]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]

[1400]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]

[1400]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]

[1400]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]

[1400]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]

[1400]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]

[1400]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]

[1432]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]

[1432]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]

[1432]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]

[1432]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]

[1432]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]

[1432]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]

[1432]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]

[1432]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]

[1432]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]

[1432]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]

[1432]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]

[1432]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]

[1432]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]

[1432]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]

[1432]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]

[1432]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]

[1432]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]

[1432]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]

[1432]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]

[1432]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]

[1432]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]

[1432]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]

[1432]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]

[1432]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]

[1432]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]

[1432]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]

[1432]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]

[1432]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]

[1432]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]

[1432]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]

[1432]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]

[1432]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]

[1432]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]

[1496]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]

[1496]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]

[1496]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]

[1496]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]

[1496]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]

[1496]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]

[1496]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]

[1496]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]

[1496]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]

[1496]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]

[1496]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]

[1496]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]

[1496]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]

[1496]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]

[1496]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]

[1496]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]

[1496]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]

[1496]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]

[1496]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]

[1496]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]

[1496]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]

[1496]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]

[1496]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]

[1496]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]

[1496]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]

[1496]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]

[1496]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]

[1496]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]

[1496]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]

[1496]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]

[1496]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]

[1496]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]

[1496]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]

[1544]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]

[1544]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]

[1544]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]

[1544]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]

[1544]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]

[1544]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]

[1544]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]

[1544]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]

[1544]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]

[1544]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]

[1544]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]

[1544]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]

[1544]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]

[1544]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]

[1544]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]

[1544]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]

[1544]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]

[1544]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]

[1544]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]

[1544]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]

[1544]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]

[1544]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]

[1544]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]

[1544]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]

[1544]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]

[1544]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]

[1544]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]

[1544]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]

[1544]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]

[1544]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]

[1544]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]

[1544]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]

[1620]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]

[1620]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]

[1620]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]

[1620]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]

[1620]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]

[1620]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]

[1620]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]

[1620]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]

[1620]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]

[1620]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]

[1620]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]

[1620]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]

[1620]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]

[1620]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]

[1620]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]

[1620]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]

[1620]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]

[1620]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]

[1620]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]

[1620]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]

[1620]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]

[1620]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]

[1620]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]

[1620]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]

[1620]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]

[1620]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]

[1620]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]

[1620]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]

[1620]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]

[1620]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]

[1620]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]

[1620]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]

[1620]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]

[2012]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]

[2012]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]

[2012]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]

[2012]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]

[2012]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]

[2012]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]

[2012]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]

[2012]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]

[2012]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]

[2012]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]

[2012]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]

[2012]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]

[2012]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]

[2012]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]

[2012]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]

[2012]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]

[2012]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]

[2012]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]

[2012]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]

[2012]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]

[2012]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]

[2012]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]

[2012]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]

[2012]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]

[2012]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]

[2012]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]

[2012]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]

[2012]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]

[2012]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]

[2012]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]

[2012]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]

[2012]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]

[2012]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]

[2340]McSvHost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [McProxy.dll]

[2340]McSvHost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [McProxy.dll]

[3104]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]

[3104]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]

[3104]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]

[3104]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]

[3104]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]

[3104]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]

[3104]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]

[3104]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]

[3104]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]

[3104]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]

[3104]explorer.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]

[3104]explorer.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]

[3104]explorer.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]

[3104]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]

[3104]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]

[3104]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]

[3104]explorer.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]

[3104]explorer.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]

[3104]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]

[3104]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]

[3104]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]

[3104]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]

[3104]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]

[3104]explorer.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]

[3104]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]

[3104]explorer.exe-->mswsock.dll+0x000024B9, Type: Inline - RelativeJump 0x757424B9-->00000000 [unknown_code_page]

[3104]explorer.exe-->mswsock.dll+0x00005604, Type: Inline - RelativeJump 0x75745604-->00000000 [unknown_code_page]

[3104]explorer.exe-->mswsock.dll+0x000057C5, Type: Inline - RelativeJump 0x757457C5-->00000000 [unknown_code_page]

[3104]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77C099E8-->00000000 [unknown_code_page]

[3104]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]

[3104]explorer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]

[3104]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]

[3104]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x77C092A8-->00000000 [unknown_code_page]

[3104]explorer.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]

[3104]explorer.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]

[3104]explorer.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]

[3104]explorer.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]

[3104]explorer.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]

[588]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]

[588]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]

[588]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]

[588]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]

[588]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]

[588]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]

[588]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]

[588]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]

[588]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]

[588]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]

[588]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]

[588]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]

[588]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]

[588]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]

[588]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]

[588]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]

[588]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]

[588]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]

[588]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]

[588]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]

[588]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]

[588]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]

[588]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]

[588]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]

[588]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]

[588]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]

[588]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]

[588]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]

[588]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]

[588]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]

[588]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]

[588]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]

[588]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]

[764]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]

[764]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]

[764]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]

[764]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]

[764]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]

[764]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]

[764]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]

[764]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]

[764]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]

[764]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]

[764]services.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]

[764]services.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]

[764]services.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]

[764]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]

[764]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]

[764]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]

[764]services.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]

[764]services.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]

[764]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]

[764]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]

[764]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]

[764]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]

[764]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]

[764]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]

[764]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]

[764]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]

[764]services.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]

[764]services.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]

[764]services.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]

[764]services.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]

[764]services.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]

[764]services.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]

[764]services.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]

[780]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]

[780]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]

[780]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]

[780]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]

[780]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]

[780]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]

[780]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]

[780]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]

[780]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]

[780]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]

[780]lsass.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]

[780]lsass.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]

[780]lsass.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]

[780]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]

[780]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]

[780]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]

[780]lsass.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]

[780]lsass.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]

[780]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]

[780]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]

[780]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]

[780]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]

[780]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]

[780]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]

[780]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]

[780]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]

[780]lsass.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]

[780]lsass.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]

[780]lsass.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]

[780]lsass.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]

[780]lsass.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]

[780]lsass.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]

[780]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]

[952]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]

[952]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]

[952]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]

[952]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]

[952]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]

[952]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]

[952]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]

[952]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]

[952]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]

[952]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]

[952]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]

[952]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]

[952]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]

[952]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]

[952]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]

[952]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]

[952]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]

[952]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]

[952]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]

[952]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]

[952]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]

[952]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]

[952]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]

[952]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]

[952]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]

[952]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]

[952]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]

[952]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]

[952]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]

[952]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]

[952]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]

[952]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]

[952]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]
Orange
Active Member
 
Posts: 11
Joined: September 30th, 2010, 3:13 am

Re: Very Slow computer with browser redirects

Unread postby Orange » October 3rd, 2010, 6:39 am

I am sorry deltalima, I have word wrap turned off in both notepad and gedit and there are no spaces between the lines until it posts in the thread. If there is some option I need to check here I am sorry I missed it. I can send them as attachments if that would be better for you.
Orange
Active Member
 
Posts: 11
Joined: September 30th, 2010, 3:13 am

Re: Very Slow computer with browser redirects

Unread postby deltalima » October 3rd, 2010, 6:47 am

Hi Orange,

You have multiple Ant-Spyware programs running, these will interfere with each other reducing their effectiveness and slowing down the computer. They will also interfere with the fixes that we will need to do.

Please uninstall Spybot - Search & Destroy and Ad-Aware then reboot.

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Right click the TDSSKiller icon on you're desktop and select Run as Administrator.then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Very Slow computer with browser redirects

Unread postby deltalima » October 3rd, 2010, 6:49 am

I have word wrap turned off in both notepad and gedit


OK, it looks like your posting from a Linux computer so we can live with the extra blank lines.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Very Slow computer with browser redirects

Unread postby Orange » October 3rd, 2010, 3:30 pm

should I unhook anything with the rootkit unhooker or did you just need the logs?
Orange
Active Member
 
Posts: 11
Joined: September 30th, 2010, 3:13 am

Re: Very Slow computer with browser redirects

Unread postby deltalima » October 3rd, 2010, 3:33 pm

should I unhook anything with the rootkit unhooker or did you just need the logs?


No, the log from RKU was fine, please run TDSSKiller as above and select Cure if an infection is found.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Very Slow computer with browser redirects

Unread postby Orange » October 3rd, 2010, 3:52 pm

2010/10/03 14:43:02.0435 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54

2010/10/03 14:43:02.0435 ================================================================================

2010/10/03 14:43:02.0435 SystemInfo:

2010/10/03 14:43:02.0435

2010/10/03 14:43:02.0435 OS Version: 6.0.6001 ServicePack: 1.0

2010/10/03 14:43:02.0435 Product type: Workstation

2010/10/03 14:43:02.0435 ComputerName: MVALIQUETTE-PC

2010/10/03 14:43:02.0435 UserName: mvaliquette

2010/10/03 14:43:02.0435 Windows directory: C:\Windows

2010/10/03 14:43:02.0435 System windows directory: C:\Windows

2010/10/03 14:43:02.0435 Processor architecture: Intel x86

2010/10/03 14:43:02.0435 Number of processors: 1

2010/10/03 14:43:02.0435 Page size: 0x1000

2010/10/03 14:43:02.0435 Boot type: Normal boot

2010/10/03 14:43:02.0435 ================================================================================

2010/10/03 14:43:03.0153 Initialize success

2010/10/03 14:43:08.0285 ================================================================================

2010/10/03 14:43:08.0285 Scan started

2010/10/03 14:43:08.0285 Mode: Manual;

2010/10/03 14:43:08.0285 ================================================================================

2010/10/03 14:43:08.0878 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

2010/10/03 14:43:08.0956 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

2010/10/03 14:43:09.0034 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

2010/10/03 14:43:09.0112 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

2010/10/03 14:43:09.0159 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

2010/10/03 14:43:09.0439 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys

2010/10/03 14:43:09.0517 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

2010/10/03 14:43:09.0611 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2010/10/03 14:43:09.0705 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

2010/10/03 14:43:09.0767 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

2010/10/03 14:43:09.0829 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

2010/10/03 14:43:09.0876 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

2010/10/03 14:43:09.0939 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

2010/10/03 14:43:10.0063 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys

2010/10/03 14:43:10.0219 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

2010/10/03 14:43:10.0313 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

2010/10/03 14:43:10.0407 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/10/03 14:43:10.0453 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

2010/10/03 14:43:10.0563 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\Windows\system32\DRIVERS\avgntflt.sys

2010/10/03 14:43:10.0703 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\Windows\system32\DRIVERS\avipbb.sys

2010/10/03 14:43:10.0984 BCM43XX (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys

2010/10/03 14:43:11.0218 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2010/10/03 14:43:11.0343 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

2010/10/03 14:43:11.0452 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2010/10/03 14:43:11.0545 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2010/10/03 14:43:11.0608 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2010/10/03 14:43:11.0701 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2010/10/03 14:43:11.0764 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2010/10/03 14:43:11.0826 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2010/10/03 14:43:11.0889 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2010/10/03 14:43:11.0967 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2010/10/03 14:43:12.0013 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/10/03 14:43:12.0091 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

2010/10/03 14:43:12.0216 cfwids (426ee59b25988bb3382fc0a3655deaa2) C:\Windows\system32\drivers\cfwids.sys

2010/10/03 14:43:12.0310 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

2010/10/03 14:43:12.0403 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

2010/10/03 14:43:12.0528 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/10/03 14:43:12.0575 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

2010/10/03 14:43:12.0637 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2010/10/03 14:43:12.0700 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

2010/10/03 14:43:12.0762 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

2010/10/03 14:43:12.0871 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys

2010/10/03 14:43:12.0981 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

2010/10/03 14:43:13.0105 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2010/10/03 14:43:13.0199 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

2010/10/03 14:43:13.0308 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys

2010/10/03 14:43:13.0386 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

2010/10/03 14:43:13.0480 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

2010/10/03 14:43:13.0573 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

2010/10/03 14:43:13.0651 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

2010/10/03 14:43:13.0776 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

2010/10/03 14:43:13.0823 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

2010/10/03 14:43:13.0917 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

2010/10/03 14:43:13.0995 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2010/10/03 14:43:14.0057 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2010/10/03 14:43:14.0104 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/10/03 14:43:14.0166 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

2010/10/03 14:43:14.0244 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2010/10/03 14:43:14.0291 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

2010/10/03 14:43:14.0353 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2010/10/03 14:43:14.0587 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/10/03 14:43:14.0650 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2010/10/03 14:43:14.0681 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2010/10/03 14:43:14.0743 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

2010/10/03 14:43:14.0821 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

2010/10/03 14:43:14.0946 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys

2010/10/03 14:43:15.0118 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

2010/10/03 14:43:15.0274 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys

2010/10/03 14:43:15.0352 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

2010/10/03 14:43:15.0445 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/10/03 14:43:15.0570 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys

2010/10/03 14:43:15.0633 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

2010/10/03 14:43:15.0773 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys

2010/10/03 14:43:15.0898 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2010/10/03 14:43:16.0007 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys

2010/10/03 14:43:16.0147 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys

2010/10/03 14:43:16.0194 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2010/10/03 14:43:16.0288 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/10/03 14:43:16.0381 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

2010/10/03 14:43:16.0444 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2010/10/03 14:43:16.0553 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2010/10/03 14:43:16.0600 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

2010/10/03 14:43:16.0678 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/10/03 14:43:16.0725 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2010/10/03 14:43:16.0771 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2010/10/03 14:43:16.0849 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/10/03 14:43:16.0927 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/10/03 14:43:17.0005 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

2010/10/03 14:43:17.0193 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2010/10/03 14:43:17.0349 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys

2010/10/03 14:43:17.0489 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/10/03 14:43:17.0583 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

2010/10/03 14:43:17.0629 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

2010/10/03 14:43:17.0707 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

2010/10/03 14:43:17.0770 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2010/10/03 14:43:17.0957 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2010/10/03 14:43:18.0019 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

2010/10/03 14:43:18.0113 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

2010/10/03 14:43:18.0238 mfeapfk (5bd0c401a8ee4a54f6176c0a10d595ae) C:\Windows\system32\drivers\mfeapfk.sys

2010/10/03 14:43:18.0378 mfeavfk (f3bb4dc61b4dc662bdc778cf1634fae1) C:\Windows\system32\drivers\mfeavfk.sys

2010/10/03 14:43:18.0519 mfebopk (b1498db38d129ed31650422fc8bab9c5) C:\Windows\system32\drivers\mfebopk.sys

2010/10/03 14:43:18.0659 mfefirek (51e9ccea45c78858a229afb6e682cf41) C:\Windows\system32\drivers\mfefirek.sys

2010/10/03 14:43:18.0831 mfehidk (32f7298664874715ce469a79078853c4) C:\Windows\system32\drivers\mfehidk.sys

2010/10/03 14:43:18.0940 mfenlfk (e920bfd5837aed4aef903cf1c7d3949e) C:\Windows\system32\DRIVERS\mfenlfk.sys

2010/10/03 14:43:19.0080 mferkdet (858337b64484cd80eee7d2eba5ac61bc) C:\Windows\system32\drivers\mferkdet.sys

2010/10/03 14:43:19.0252 mfewfpk (dcfbf068951fb4086c6aef99c6330516) C:\Windows\system32\drivers\mfewfpk.sys

2010/10/03 14:43:19.0361 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2010/10/03 14:43:19.0423 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2010/10/03 14:43:19.0470 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2010/10/03 14:43:19.0533 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2010/10/03 14:43:19.0595 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2010/10/03 14:43:19.0673 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

2010/10/03 14:43:19.0751 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2010/10/03 14:43:19.0813 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2010/10/03 14:43:19.0891 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

2010/10/03 14:43:19.0938 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/10/03 14:43:20.0001 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/10/03 14:43:20.0063 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/10/03 14:43:20.0110 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

2010/10/03 14:43:20.0172 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

2010/10/03 14:43:20.0266 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2010/10/03 14:43:20.0375 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2010/10/03 14:43:20.0484 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2010/10/03 14:43:20.0547 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/10/03 14:43:20.0593 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2010/10/03 14:43:20.0703 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

2010/10/03 14:43:20.0765 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/10/03 14:43:20.0827 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2010/10/03 14:43:20.0890 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

2010/10/03 14:43:20.0999 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

2010/10/03 14:43:21.0171 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys

2010/10/03 14:43:21.0358 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/10/03 14:43:21.0451 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/10/03 14:43:21.0561 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/10/03 14:43:21.0607 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2010/10/03 14:43:21.0701 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2010/10/03 14:43:21.0748 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

2010/10/03 14:43:21.0873 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2010/10/03 14:43:21.0935 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

2010/10/03 14:43:21.0997 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2010/10/03 14:43:22.0091 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

2010/10/03 14:43:22.0231 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2010/10/03 14:43:22.0278 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2010/10/03 14:43:22.0356 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

2010/10/03 14:43:22.0419 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

2010/10/03 14:43:22.0481 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

2010/10/03 14:43:22.0621 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/10/03 14:43:22.0715 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2010/10/03 14:43:22.0777 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

2010/10/03 14:43:22.0824 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2010/10/03 14:43:22.0887 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

2010/10/03 14:43:22.0980 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

2010/10/03 14:43:23.0058 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2010/10/03 14:43:23.0136 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2010/10/03 14:43:23.0323 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2010/10/03 14:43:23.0386 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

2010/10/03 14:43:23.0479 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

2010/10/03 14:43:23.0635 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys

2010/10/03 14:43:23.0854 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

2010/10/03 14:43:23.0963 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2010/10/03 14:43:24.0025 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2010/10/03 14:43:24.0213 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/10/03 14:43:24.0306 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2010/10/03 14:43:24.0384 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/10/03 14:43:24.0447 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/10/03 14:43:24.0478 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

2010/10/03 14:43:24.0525 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

2010/10/03 14:43:24.0587 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/10/03 14:43:24.0665 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

2010/10/03 14:43:24.0712 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2010/10/03 14:43:24.0790 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

2010/10/03 14:43:24.0930 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys

2010/10/03 14:43:25.0055 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys

2010/10/03 14:43:25.0133 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys

2010/10/03 14:43:25.0227 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2010/10/03 14:43:25.0367 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2010/10/03 14:43:25.0523 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2010/10/03 14:43:25.0632 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2010/10/03 14:43:25.0773 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

2010/10/03 14:43:25.0819 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/10/03 14:43:25.0913 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2010/10/03 14:43:25.0960 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2010/10/03 14:43:26.0022 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2010/10/03 14:43:26.0116 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

2010/10/03 14:43:26.0163 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

2010/10/03 14:43:26.0225 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

2010/10/03 14:43:26.0287 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2010/10/03 14:43:26.0365 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

2010/10/03 14:43:26.0443 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

2010/10/03 14:43:26.0506 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

2010/10/03 14:43:26.0599 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

2010/10/03 14:43:26.0677 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2010/10/03 14:43:26.0818 srv (9a0163e7fbe59da0591bb1ad77d92e63) C:\Windows\system32\DRIVERS\srv.sys

2010/10/03 14:43:26.0958 srv2 (c7da26d2c7d480b1dd38ca19cc90b821) C:\Windows\system32\DRIVERS\srv2.sys

2010/10/03 14:43:27.0114 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys

2010/10/03 14:43:27.0192 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2010/10/03 14:43:27.0317 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys

2010/10/03 14:43:27.0489 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2010/10/03 14:43:27.0551 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2010/10/03 14:43:27.0613 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2010/10/03 14:43:27.0676 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2010/10/03 14:43:27.0832 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys

2010/10/03 14:43:27.0957 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys

2010/10/03 14:43:28.0019 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

2010/10/03 14:43:28.0066 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2010/10/03 14:43:28.0128 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2010/10/03 14:43:28.0175 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

2010/10/03 14:43:28.0237 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

2010/10/03 14:43:28.0362 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/10/03 14:43:28.0456 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2010/10/03 14:43:28.0534 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

2010/10/03 14:43:28.0581 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

2010/10/03 14:43:28.0643 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

2010/10/03 14:43:28.0737 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

2010/10/03 14:43:28.0815 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

2010/10/03 14:43:28.0893 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2010/10/03 14:43:28.0986 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2010/10/03 14:43:29.0049 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2010/10/03 14:43:29.0142 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys

2010/10/03 14:43:29.0298 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/10/03 14:43:29.0407 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2010/10/03 14:43:29.0485 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

2010/10/03 14:43:29.0548 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

2010/10/03 14:43:29.0610 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2010/10/03 14:43:29.0657 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

2010/10/03 14:43:29.0735 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/10/03 14:43:29.0813 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/10/03 14:43:29.0891 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/10/03 14:43:29.0953 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2010/10/03 14:43:30.0016 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

2010/10/03 14:43:30.0094 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

2010/10/03 14:43:30.0156 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

2010/10/03 14:43:30.0234 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2010/10/03 14:43:30.0297 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

2010/10/03 14:43:30.0343 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

2010/10/03 14:43:30.0421 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

2010/10/03 14:43:30.0531 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2010/10/03 14:43:30.0577 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/03 14:43:30.0609 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/03 14:43:30.0687 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

2010/10/03 14:43:30.0749 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2010/10/03 14:43:30.0921 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2010/10/03 14:43:31.0170 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/10/03 14:43:31.0311 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

2010/10/03 14:43:31.0373 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/10/03 14:43:31.0482 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/10/03 14:43:31.0576 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

2010/10/03 14:43:31.0701 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys

2010/10/03 14:43:31.0919 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/10/03 14:43:31.0919 ================================================================================

2010/10/03 14:43:31.0919 Scan finished

2010/10/03 14:43:31.0919 ================================================================================

2010/10/03 14:43:31.0950 Detected object count: 1

2010/10/03 14:44:07.0253 \HardDisk0\MBR - will be cured after reboot

2010/10/03 14:44:07.0253 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

2010/10/03 14:44:23.0423 Deinitialize success
Orange
Active Member
 
Posts: 11
Joined: September 30th, 2010, 3:13 am

Re: Very Slow computer with browser redirects

Unread postby deltalima » October 3rd, 2010, 4:00 pm

Hi Orange,

Please reboot the computer.

Now run a quick scan with Malwarebytes and post the log in your next reply and let me know how the computer is running now (you should be able to post from the infected computer now).
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 55 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware