Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Credit card number stolen

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Credit card number stolen

Unread postby atlmsl » October 25th, 2011, 10:34 am

My computer had issues about a year and a half ago with pop ups and redirects. My credit card that I use for online purchases was used fraudulently twice within two months (with two separate card numbers) so I assumed it was my computer that had some issues. I got the issues taken care of and haven't had an issue since then until now. I've slowly started seeing a few popups and redirects at times and this morning I get a notice from my credit card company about another fraudulent charge to my card. I can't help but think I have some malware on my computer that is being used to hack my card. Here are my logs. Thanks:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Michael at 10:29:09 on 2011-10-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4058.2311 [GMT -4:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\SLsvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe
C:\windows\system32\agr64svc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\windows\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtblfs.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 213.109.65.67 213.109.72.102
TCP: Interfaces\{1B7F280B-A712-49B7-A4AB-65E4DA35C9D7} : DhcpNameServer = 213.109.65.67 213.109.72.102
TCP: Interfaces\{C8A4E0B7-ED71-435F-B567-0DA3C2B1CA2A} : DhcpNameServer = 4.2.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\windows\system32\DRIVERS\kl2.sys --> C:\windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\system32\DRIVERS\klim6.sys --> C:\windows\system32\DRIVERS\klim6.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe [?]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-11-2 365336]
R2 FontCache;Windows Font Cache Service;C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;C:\windows\system32\Hpservice.exe --> C:\windows\system32\Hpservice.exe [?]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\WINDOWS\SMINST\BLService.exe [2008-8-22 361808]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-8-22 193840]
R3 enecir;ENE CIR Receiver;C:\windows\system32\DRIVERS\enecir.sys --> C:\windows\system32\DRIVERS\enecir.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\windows\system32\drivers\IntcHdmi.sys --> C:\windows\system32\drivers\IntcHdmi.sys [?]
R3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\system32\DRIVERS\klmouflt.sys --> C:\windows\system32\DRIVERS\klmouflt.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\NETw5v64.sys --> C:\windows\system32\DRIVERS\NETw5v64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\b57nd60a.sys --> C:\windows\system32\DRIVERS\b57nd60a.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-5-1 89920]
.
=============== File Associations ===============
.
JSEFile=C:\windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-10-25 13:46:54 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8C9E4C2D-CD53-4BCB-A0CB-D4701068827B}\offreg.dll
2011-10-25 13:46:51 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8C9E4C2D-CD53-4BCB-A0CB-D4701068827B}\mpengine.dll
2011-10-15 23:09:57 -------- d-----w- C:\Program Files (x86)\Rosetta Stone
2011-10-15 23:09:13 -------- d-----w- C:\ProgramData\RosettaStoneLtdBackup
2011-10-15 22:52:42 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2011-10-15 22:50:50 -------- d-----w- C:\ProgramData\Rosetta Stone
.
==================== Find3M ====================
.
2011-10-15 15:47:32 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 13:56:50 2764288 ----a-w- C:\windows\System32\win32k.sys
2011-09-02 17:44:41 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-09-01 05:24:07 2309120 ----a-w- C:\windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-08-25 16:20:38 735744 ----a-w- C:\windows\System32\UIAutomationCore.dll
2011-08-25 16:19:32 847360 ----a-w- C:\windows\System32\oleaut32.dll
2011-08-25 16:19:32 332288 ----a-w- C:\windows\System32\oleacc.dll
2011-08-25 16:15:04 555520 ----a-w- C:\windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- C:\windows\SysWow64\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- C:\windows\SysWow64\oleacc.dll
2011-08-25 13:54:14 4096 ----a-w- C:\windows\System32\oleaccrc.dll
2011-08-25 13:31:01 4096 ----a-w- C:\windows\SysWow64\oleaccrc.dll
2011-07-29 16:08:29 375808 ----a-w- C:\windows\System32\psisdecd.dll
2011-07-29 16:08:27 289792 ----a-w- C:\windows\System32\psisrndr.ax
2011-07-29 16:06:52 73216 ----a-w- C:\windows\System32\MSDvbNP.ax
2011-07-29 16:06:42 100352 ----a-w- C:\windows\System32\Mpeg2Data.ax
2011-07-29 16:01:34 293376 ----a-w- C:\windows\SysWow64\psisdecd.dll
2011-07-29 16:01:33 217088 ----a-w- C:\windows\SysWow64\psisrndr.ax
2011-07-29 16:00:14 57856 ----a-w- C:\windows\SysWow64\MSDvbNP.ax
2011-07-29 16:00:05 69632 ----a-w- C:\windows\SysWow64\Mpeg2Data.ax
.
============= FINISH: 10:29:52.88 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/12/2008 8:32:27 PM
System Uptime: 10/25/2011 8:23:54 AM (2 hours ago)
.
Motherboard: Compal | | 30F7
Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 195.533 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.296 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP104: 9/23/2011 3:00:25 AM - Windows Update
RP105: 9/24/2011 8:04:38 AM - Windows Update
RP106: 9/24/2011 8:19:57 AM - Windows Update
RP107: 9/25/2011 3:00:19 AM - Windows Update
RP108: 9/26/2011 12:00:01 AM - Scheduled Checkpoint
RP109: 9/26/2011 3:00:10 AM - Windows Update
RP110: 9/27/2011 12:00:01 AM - Scheduled Checkpoint
RP111: 9/27/2011 7:35:27 PM - Windows Update
RP112: 9/28/2011 3:00:10 AM - Windows Update
RP113: 10/2/2011 9:29:34 AM - Windows Update
RP114: 10/5/2011 8:37:40 AM - Windows Update
RP115: 10/10/2011 10:32:57 AM - Windows Update
RP116: 10/12/2011 3:05:27 PM - Windows Update
RP117: 10/13/2011 3:00:19 AM - Windows Update
RP118: 10/15/2011 11:19:10 AM - Windows Update
RP119: 10/15/2011 6:50:05 PM - Installed Rosetta Stone V3.
RP120: 10/15/2011 7:08:57 PM - Installed Rosetta Stone Version 3
RP121: 10/20/2011 7:41:35 PM - Windows Update
RP122: 10/21/2011 6:15:08 PM - Windows Update
RP123: 10/24/2011 10:28:43 PM - Scheduled Checkpoint
RP124: 10/25/2011 9:46:34 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink YouCam
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP Quick Launch Buttons 6.40 D3
HP QuickPlay 3.7
HP Total Care Advisor
HP Update
HP User Guides 0101
HP Wireless Assistant
HPTCSSetup
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 7
JMicron JMB38X Flash Media Controller
Kaspersky Anti-Virus 2011
LabelPrint
LightScribe System Software 1.12.37.1
LightScribeTemplateLabeler
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Power2Go
PowerDirector
Rosetta Stone Version 3
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Outlook Social Connector (KB2583935)
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
10/24/2011 9:54:02 PM, Error: EventLog [6008] - The previous system shutdown at 9:52:26 PM on 10/24/2011 was unexpected.
10/24/2011 4:00:53 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0016EADB72D8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
10/21/2011 6:02:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
10/20/2011 10:56:05 PM, Error: EventLog [6008] - The previous system shutdown at 10:54:15 PM on 10/20/2011 was unexpected.
10/20/2011 10:14:51 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0016EADB72D8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
atlmsl
Regular Member
 
Posts: 40
Joined: August 25th, 2011, 6:12 pm
Advertisement
Register to Remove

Re: Credit card number stolen

Unread postby DFW » October 26th, 2011, 9:13 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post the required log/s in the forum and wait for help.

Hi and welcome..

I'm DFW and I am going to try and help you with your Malware problem. Please observe the following points and rules while we work:

  • The fixes are specific to your problem and should only be used for this issue on this machine!.
  • The clean up process can take time. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Some of the Logs we ask for can take some time to Analise, so please be patient
  • This may or may not, solve other issues you have with your machine.
    Note: No Reply Within 3 Days Will Result In Your Topic Being Closed.


Going over your Log, be back as soon as possible
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Credit card number stolen

Unread postby DFW » October 26th, 2011, 12:22 pm

Hi atlmsl


You said in your opening post that you had some issues before, and they were taken care of, could you tell me what the issues were, and
how they were taken care of.



Before we start:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer.
However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection,
and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.



Windows Visa Advice

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
When prompted by this with anything I ask you to do carry out please select the option Allow.





Download and Run MalwareBytes' Anti-Malware It is free for home use.
Please go here to the Download Location, click on Download in the Free column..
When the next page comes up, click on the Download Now button.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Click the browse folders button, then click on Desktop on the left as the location for the installer and click Save again. Close the dialog when the download is complete.
  • You should now have a desktop icon named mbam-setup.exe. (If the download was saved somewhere else, locate it and copy or move it to your desktop).
  • Right click it, choose Run as administrator and Continue
  • Let it install where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
  • If necessary, start Malwarebytes Anti-Malware again.
    (You can Decline any Offer for a Trial if you don't want the paid version)
  • Once the program has started up, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.






Download TDSSKiller.zip and extract it to your Desktop.
  • Right click on TDSSKiller.exe, choose Run as administrator to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT



Please post back

MalwareBytes Log
tdsskiller Log
and a description of the problems you had before.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Credit card number stolen

Unread postby atlmsl » October 27th, 2011, 11:50 am

I had a google redirect virus and some other redirect. It would just randomly take me away from a webpage to a spam site. I took the computer to the geek squad and they cleaned it up. That was this spring. It's been fine for the most part but now I get redirected to google-analytics.com all the time.
Here's the malwarebytes log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

10/27/2011 11:22:36 AM
mbam-log-2011-10-27 (11-22-36).txt

Scan type: Quick scan
Objects scanned: 174995
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


And the tdss:
11:45:00.0625 5368 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
11:45:01.0124 5368 ============================================================
11:45:01.0124 5368 Current date / time: 2011/10/27 11:45:01.0124
11:45:01.0124 5368 SystemInfo:
11:45:01.0124 5368
11:45:01.0124 5368 OS Version: 6.0.6002 ServicePack: 2.0
11:45:01.0124 5368 Product type: Workstation
11:45:01.0124 5368 ComputerName: MICHAEL-PC
11:45:01.0124 5368 UserName: Michael
11:45:01.0124 5368 Windows directory: C:\windows
11:45:01.0124 5368 System windows directory: C:\windows
11:45:01.0124 5368 Running under WOW64
11:45:01.0124 5368 Processor architecture: Intel x64
11:45:01.0124 5368 Number of processors: 2
11:45:01.0124 5368 Page size: 0x1000
11:45:01.0124 5368 Boot type: Normal boot
11:45:01.0124 5368 ============================================================
11:45:02.0887 5368 Initialize success
11:45:10.0250 5960 ============================================================
11:45:10.0250 5960 Scan started
11:45:10.0250 5960 Mode: Manual;
11:45:10.0250 5960 ============================================================
11:45:12.0777 5960 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\windows\system32\DRIVERS\Accelerometer.sys
11:45:12.0793 5960 Accelerometer - ok
11:45:12.0886 5960 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\windows\system32\drivers\acpi.sys
11:45:12.0902 5960 ACPI - ok
11:45:13.0042 5960 adp94xx (f14215e37cf124104575073f782111d2) C:\windows\system32\drivers\adp94xx.sys
11:45:13.0073 5960 adp94xx - ok
11:45:13.0136 5960 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\windows\system32\drivers\adpahci.sys
11:45:13.0167 5960 adpahci - ok
11:45:13.0214 5960 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\windows\system32\drivers\adpu160m.sys
11:45:13.0229 5960 adpu160m - ok
11:45:13.0292 5960 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\windows\system32\drivers\adpu320.sys
11:45:13.0307 5960 adpu320 - ok
11:45:13.0448 5960 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\windows\system32\drivers\afd.sys
11:45:13.0463 5960 AFD - ok
11:45:13.0573 5960 AgereSoftModem (70e15cda25e151dfc60636ef73f5a7be) C:\windows\system32\DRIVERS\agrsm64.sys
11:45:13.0744 5960 AgereSoftModem - ok
11:45:13.0900 5960 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\windows\system32\drivers\agp440.sys
11:45:13.0900 5960 agp440 - ok
11:45:13.0963 5960 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\windows\system32\drivers\djsvs.sys
11:45:13.0978 5960 aic78xx - ok
11:45:14.0025 5960 aliide (157d0898d4b73f075ce9fa26b482df98) C:\windows\system32\drivers\aliide.sys
11:45:14.0025 5960 aliide - ok
11:45:14.0072 5960 amdide (970fa5059e61e30d25307b99903e991e) C:\windows\system32\drivers\amdide.sys
11:45:14.0087 5960 amdide - ok
11:45:14.0197 5960 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\windows\system32\drivers\amdk8.sys
11:45:14.0212 5960 AmdK8 - ok
11:45:14.0259 5960 ApfiltrService (69d882157e5e4d17d32e30182f945046) C:\windows\system32\DRIVERS\Apfiltr.sys
11:45:14.0275 5960 ApfiltrService - ok
11:45:14.0353 5960 arc (ba8417d4765f3988ff921f30f630e303) C:\windows\system32\drivers\arc.sys
11:45:14.0384 5960 arc - ok
11:45:14.0431 5960 arcsas (9d41c435619733b34cc16a511e644b11) C:\windows\system32\drivers\arcsas.sys
11:45:14.0431 5960 arcsas - ok
11:45:14.0524 5960 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\windows\system32\DRIVERS\asyncmac.sys
11:45:14.0540 5960 AsyncMac - ok
11:45:14.0618 5960 atapi (e68d9b3a3905619732f7fe039466a623) C:\windows\system32\drivers\atapi.sys
11:45:14.0618 5960 atapi - ok
11:45:14.0821 5960 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\windows\system32\DRIVERS\b57nd60a.sys
11:45:14.0836 5960 b57nd60a - ok
11:45:14.0899 5960 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\windows\system32\drivers\blbdrive.sys
11:45:14.0914 5960 blbdrive - ok
11:45:14.0961 5960 bowser (2348447a80920b2493a9b582a23e81e1) C:\windows\system32\DRIVERS\bowser.sys
11:45:14.0977 5960 bowser - ok
11:45:15.0039 5960 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\brfiltlo.sys
11:45:15.0055 5960 BrFiltLo - ok
11:45:15.0179 5960 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\brfiltup.sys
11:45:15.0195 5960 BrFiltUp - ok
11:45:15.0257 5960 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\windows\system32\drivers\brserid.sys
11:45:15.0289 5960 Brserid - ok
11:45:15.0320 5960 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\system32\drivers\brserwdm.sys
11:45:15.0335 5960 BrSerWdm - ok
11:45:15.0367 5960 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\system32\drivers\brusbmdm.sys
11:45:15.0367 5960 BrUsbMdm - ok
11:45:15.0413 5960 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\system32\drivers\brusbser.sys
11:45:15.0429 5960 BrUsbSer - ok
11:45:15.0507 5960 BthEnum (86f46c41f773da5a4a1d221c9201e3b8) C:\windows\system32\DRIVERS\BthEnum.sys
11:45:15.0523 5960 BthEnum - ok
11:45:15.0585 5960 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\windows\system32\drivers\bthmodem.sys
11:45:15.0601 5960 BTHMODEM - ok
11:45:15.0679 5960 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\windows\system32\DRIVERS\bthpan.sys
11:45:15.0725 5960 BthPan - ok
11:45:15.0819 5960 BTHPORT (e76f40c8dffd33b6f142de90d3cabb73) C:\windows\system32\Drivers\BTHport.sys
11:45:15.0835 5960 BTHPORT - ok
11:45:15.0913 5960 BTHUSB (cd52602d1884c6867269babcb67849c5) C:\windows\system32\Drivers\BTHUSB.sys
11:45:15.0928 5960 BTHUSB - ok
11:45:15.0975 5960 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\windows\system32\DRIVERS\cdfs.sys
11:45:15.0975 5960 cdfs - ok
11:45:16.0100 5960 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\windows\system32\DRIVERS\cdrom.sys
11:45:16.0115 5960 cdrom - ok
11:45:16.0240 5960 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\windows\system32\DRIVERS\circlass.sys
11:45:16.0256 5960 circlass - ok
11:45:16.0349 5960 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\windows\system32\CLFS.sys
11:45:16.0381 5960 CLFS - ok
11:45:16.0490 5960 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\windows\system32\DRIVERS\CmBatt.sys
11:45:16.0505 5960 CmBatt - ok
11:45:16.0552 5960 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\windows\system32\drivers\cmdide.sys
11:45:16.0568 5960 cmdide - ok
11:45:16.0677 5960 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\windows\system32\DRIVERS\compbatt.sys
11:45:16.0677 5960 Compbatt - ok
11:45:16.0708 5960 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\windows\system32\drivers\crcdisk.sys
11:45:16.0724 5960 crcdisk - ok
11:45:16.0833 5960 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\windows\system32\Drivers\dfsc.sys
11:45:16.0849 5960 DfsC - ok
11:45:17.0020 5960 disk (b0107e40ecdb5fa692ebf832f295d905) C:\windows\system32\drivers\disk.sys
11:45:17.0036 5960 disk - ok
11:45:17.0114 5960 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\windows\system32\drivers\drmkaud.sys
11:45:17.0129 5960 drmkaud - ok
11:45:17.0223 5960 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\windows\System32\drivers\dxgkrnl.sys
11:45:17.0270 5960 DXGKrnl - ok
11:45:17.0379 5960 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\windows\system32\DRIVERS\E1G6032E.sys
11:45:17.0410 5960 E1G60 - ok
11:45:17.0535 5960 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\windows\system32\drivers\ecache.sys
11:45:17.0551 5960 Ecache - ok
11:45:17.0613 5960 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\windows\system32\drivers\elxstor.sys
11:45:17.0660 5960 elxstor - ok
11:45:17.0800 5960 enecir (3a70dc8951b995c73a22b9a23210833e) C:\windows\system32\DRIVERS\enecir.sys
11:45:17.0800 5960 enecir - ok
11:45:17.0863 5960 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\windows\system32\drivers\errdev.sys
11:45:17.0863 5960 ErrDev - ok
11:45:17.0956 5960 exfat (486844f47b6636044a42454614ed4523) C:\windows\system32\drivers\exfat.sys
11:45:17.0972 5960 exfat - ok
11:45:18.0081 5960 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\windows\system32\drivers\fastfat.sys
11:45:18.0112 5960 fastfat - ok
11:45:18.0206 5960 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\windows\system32\DRIVERS\fdc.sys
11:45:18.0206 5960 fdc - ok
11:45:18.0284 5960 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\windows\system32\drivers\fileinfo.sys
11:45:18.0299 5960 FileInfo - ok
11:45:18.0362 5960 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\windows\system32\drivers\filetrace.sys
11:45:18.0377 5960 Filetrace - ok
11:45:18.0455 5960 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\windows\system32\DRIVERS\flpydisk.sys
11:45:18.0455 5960 flpydisk - ok
11:45:18.0549 5960 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\windows\system32\drivers\fltmgr.sys
11:45:18.0565 5960 FltMgr - ok
11:45:18.0627 5960 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\windows\system32\drivers\Fs_Rec.sys
11:45:18.0643 5960 Fs_Rec - ok
11:45:18.0752 5960 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\windows\system32\drivers\gagp30kx.sys
11:45:18.0752 5960 gagp30kx - ok
11:45:18.0845 5960 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\windows\system32\drivers\HdAudio.sys
11:45:18.0877 5960 HdAudAddService - ok
11:45:18.0939 5960 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\windows\system32\DRIVERS\HDAudBus.sys
11:45:18.0970 5960 HDAudBus - ok
11:45:19.0017 5960 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\windows\system32\drivers\hidbth.sys
11:45:19.0017 5960 HidBth - ok
11:45:19.0079 5960 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\windows\system32\DRIVERS\hidir.sys
11:45:19.0095 5960 HidIr - ok
11:45:19.0189 5960 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\windows\system32\DRIVERS\hidusb.sys
11:45:19.0204 5960 HidUsb - ok
11:45:19.0329 5960 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\windows\system32\drivers\hpcisss.sys
11:45:19.0345 5960 HpCISSs - ok
11:45:19.0469 5960 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\windows\system32\DRIVERS\hpdskflt.sys
11:45:19.0485 5960 hpdskflt - ok
11:45:19.0532 5960 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
11:45:19.0547 5960 HpqKbFiltr - ok
11:45:19.0688 5960 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\windows\system32\drivers\HTTP.sys
11:45:19.0719 5960 HTTP - ok
11:45:19.0813 5960 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\windows\system32\drivers\i2omp.sys
11:45:19.0828 5960 i2omp - ok
11:45:19.0875 5960 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\windows\system32\DRIVERS\i8042prt.sys
11:45:19.0875 5960 i8042prt - ok
11:45:19.0922 5960 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\windows\system32\drivers\iastorv.sys
11:45:19.0937 5960 iaStorV - ok
11:45:20.0312 5960 igfx (663e7364f650a915d415eeb2da98d86a) C:\windows\system32\DRIVERS\igdkmd64.sys
11:45:20.0530 5960 igfx - ok
11:45:20.0639 5960 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\windows\system32\drivers\iirsp.sys
11:45:20.0655 5960 iirsp - ok
11:45:20.0764 5960 IntcHdmiAddService (c7c9720a5b0fd2b974fc4f72e405204b) C:\windows\system32\drivers\IntcHdmi.sys
11:45:20.0780 5960 IntcHdmiAddService - ok
11:45:20.0842 5960 intelide (df797a12176f11b2d301c5b234bb200e) C:\windows\system32\drivers\intelide.sys
11:45:20.0842 5960 intelide - ok
11:45:20.0983 5960 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\windows\system32\DRIVERS\intelppm.sys
11:45:20.0998 5960 intelppm - ok
11:45:21.0154 5960 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\windows\system32\DRIVERS\ipfltdrv.sys
11:45:21.0154 5960 IpFilterDriver - ok
11:45:21.0201 5960 IpInIp - ok
11:45:21.0248 5960 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\windows\system32\drivers\ipmidrv.sys
11:45:21.0263 5960 IPMIDRV - ok
11:45:21.0295 5960 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\windows\system32\DRIVERS\ipnat.sys
11:45:21.0295 5960 IPNAT - ok
11:45:21.0326 5960 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\windows\system32\drivers\irenum.sys
11:45:21.0326 5960 IRENUM - ok
11:45:21.0466 5960 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\windows\system32\drivers\isapnp.sys
11:45:21.0466 5960 isapnp - ok
11:45:21.0544 5960 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\windows\system32\DRIVERS\msiscsi.sys
11:45:21.0560 5960 iScsiPrt - ok
11:45:21.0591 5960 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\windows\system32\drivers\iteatapi.sys
11:45:21.0607 5960 iteatapi - ok
11:45:21.0638 5960 iteraid (1281fe73b17664631d12f643cbea3f59) C:\windows\system32\drivers\iteraid.sys
11:45:21.0653 5960 iteraid - ok
11:45:21.0778 5960 JMCR (00495b8f39c7c1a9179e40c3bf2475df) C:\windows\system32\DRIVERS\jmcr.sys
11:45:21.0794 5960 JMCR - ok
11:45:21.0887 5960 kbdclass (423696f3ba6472dd17699209b933bc26) C:\windows\system32\DRIVERS\kbdclass.sys
11:45:21.0903 5960 kbdclass - ok
11:45:21.0965 5960 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\windows\system32\DRIVERS\kbdhid.sys
11:45:21.0981 5960 kbdhid - ok
11:45:22.0106 5960 KL1 (8d7120743a0973ceab548b475c9d4289) C:\windows\system32\DRIVERS\kl1.sys
11:45:22.0121 5960 KL1 - ok
11:45:22.0184 5960 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\windows\system32\DRIVERS\kl2.sys
11:45:22.0184 5960 kl2 - ok
11:45:22.0277 5960 KLIF (c1786c2f8de0f62e076f7ef8dea4e87a) C:\windows\system32\DRIVERS\klif.sys
11:45:22.0309 5960 KLIF - ok
11:45:22.0387 5960 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\windows\system32\DRIVERS\klim6.sys
11:45:22.0387 5960 KLIM6 - ok
11:45:22.0480 5960 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\windows\system32\DRIVERS\klmouflt.sys
11:45:22.0496 5960 klmouflt - ok
11:45:22.0574 5960 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\windows\system32\Drivers\ksecdd.sys
11:45:22.0605 5960 KSecDD - ok
11:45:22.0714 5960 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\windows\system32\drivers\ksthunk.sys
11:45:22.0714 5960 ksthunk - ok
11:45:23.0104 5960 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\windows\system32\DRIVERS\lltdio.sys
11:45:23.0104 5960 lltdio - ok
11:45:23.0198 5960 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\windows\system32\drivers\lsi_fc.sys
11:45:23.0213 5960 LSI_FC - ok
11:45:23.0245 5960 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\windows\system32\drivers\lsi_sas.sys
11:45:23.0260 5960 LSI_SAS - ok
11:45:23.0307 5960 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\windows\system32\drivers\lsi_scsi.sys
11:45:23.0323 5960 LSI_SCSI - ok
11:45:23.0447 5960 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\windows\system32\drivers\luafv.sys
11:45:23.0463 5960 luafv - ok
11:45:23.0510 5960 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\windows\system32\drivers\megasas.sys
11:45:23.0525 5960 megasas - ok
11:45:23.0666 5960 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\windows\system32\drivers\megasr.sys
11:45:23.0728 5960 MegaSR - ok
11:45:23.0791 5960 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\windows\system32\drivers\modem.sys
11:45:23.0806 5960 Modem - ok
11:45:23.0869 5960 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\windows\system32\DRIVERS\monitor.sys
11:45:23.0869 5960 monitor - ok
11:45:23.0947 5960 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\windows\system32\DRIVERS\mouclass.sys
11:45:23.0947 5960 mouclass - ok
11:45:24.0040 5960 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\windows\system32\DRIVERS\mouhid.sys
11:45:24.0056 5960 mouhid - ok
11:45:24.0087 5960 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\windows\system32\drivers\mountmgr.sys
11:45:24.0103 5960 MountMgr - ok
11:45:24.0149 5960 mpio (f8276eb8698142884498a528dfea8478) C:\windows\system32\drivers\mpio.sys
11:45:24.0165 5960 mpio - ok
11:45:24.0227 5960 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\windows\system32\drivers\mpsdrv.sys
11:45:24.0243 5960 mpsdrv - ok
11:45:24.0305 5960 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\windows\system32\drivers\mraid35x.sys
11:45:24.0321 5960 Mraid35x - ok
11:45:24.0415 5960 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\windows\system32\drivers\mrxdav.sys
11:45:24.0430 5960 MRxDAV - ok
11:45:24.0493 5960 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\windows\system32\DRIVERS\mrxsmb.sys
11:45:24.0493 5960 mrxsmb - ok
11:45:24.0555 5960 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\windows\system32\DRIVERS\mrxsmb10.sys
11:45:24.0571 5960 mrxsmb10 - ok
11:45:24.0633 5960 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\windows\system32\DRIVERS\mrxsmb20.sys
11:45:24.0649 5960 mrxsmb20 - ok
11:45:24.0695 5960 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\windows\system32\drivers\msahci.sys
11:45:24.0695 5960 msahci - ok
11:45:24.0742 5960 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\windows\system32\drivers\msdsm.sys
11:45:24.0742 5960 msdsm - ok
11:45:24.0883 5960 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\windows\system32\drivers\Msfs.sys
11:45:24.0883 5960 Msfs - ok
11:45:24.0961 5960 msisadrv (00ebc952961664780d43dca157e79b27) C:\windows\system32\drivers\msisadrv.sys
11:45:24.0961 5960 msisadrv - ok
11:45:25.0054 5960 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\windows\system32\drivers\MSKSSRV.sys
11:45:25.0070 5960 MSKSSRV - ok
11:45:25.0195 5960 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\windows\system32\drivers\MSPCLOCK.sys
11:45:25.0210 5960 MSPCLOCK - ok
11:45:25.0273 5960 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\windows\system32\drivers\MSPQM.sys
11:45:25.0273 5960 MSPQM - ok
11:45:25.0366 5960 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\windows\system32\drivers\MsRPC.sys
11:45:25.0382 5960 MsRPC - ok
11:45:25.0429 5960 mssmbios (855796e59df77ea93af46f20155bf55b) C:\windows\system32\DRIVERS\mssmbios.sys
11:45:25.0444 5960 mssmbios - ok
11:45:25.0538 5960 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\windows\system32\drivers\MSTEE.sys
11:45:25.0553 5960 MSTEE - ok
11:45:25.0569 5960 Mup (0cc49f78d8aca0877d885f149084e543) C:\windows\system32\Drivers\mup.sys
11:45:25.0585 5960 Mup - ok
11:45:25.0709 5960 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\windows\system32\DRIVERS\nwifi.sys
11:45:25.0709 5960 NativeWifiP - ok
11:45:25.0834 5960 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\windows\system32\drivers\ndis.sys
11:45:25.0865 5960 NDIS - ok
11:45:26.0006 5960 NdisTapi (64df698a425478e321981431ac171334) C:\windows\system32\DRIVERS\ndistapi.sys
11:45:26.0006 5960 NdisTapi - ok
11:45:26.0053 5960 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\windows\system32\DRIVERS\ndisuio.sys
11:45:26.0053 5960 Ndisuio - ok
11:45:26.0131 5960 NdisWan (f8158771905260982ce724076419ef19) C:\windows\system32\DRIVERS\ndiswan.sys
11:45:26.0162 5960 NdisWan - ok
11:45:26.0224 5960 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\windows\system32\drivers\NDProxy.sys
11:45:26.0240 5960 NDProxy - ok
11:45:26.0349 5960 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\windows\system32\DRIVERS\netbios.sys
11:45:26.0349 5960 NetBIOS - ok
11:45:26.0427 5960 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\windows\system32\DRIVERS\netbt.sys
11:45:26.0443 5960 netbt - ok
11:45:26.0708 5960 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\windows\system32\DRIVERS\NETw5v64.sys
11:45:26.0848 5960 NETw5v64 - ok
11:45:26.0895 5960 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\windows\system32\drivers\nfrd960.sys
11:45:26.0911 5960 nfrd960 - ok
11:45:27.0051 5960 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\windows\system32\drivers\Npfs.sys
11:45:27.0051 5960 Npfs - ok
11:45:27.0082 5960 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\windows\system32\drivers\nsiproxy.sys
11:45:27.0098 5960 nsiproxy - ok
11:45:27.0223 5960 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\windows\system32\drivers\Ntfs.sys
11:45:27.0269 5960 Ntfs - ok
11:45:27.0363 5960 Null (dd5d684975352b85b52e3fd5347c20cb) C:\windows\system32\drivers\Null.sys
11:45:27.0363 5960 Null - ok
11:45:27.0597 5960 nvlddmkm (b188b1bdc7624e8e42f53fa78cade2c6) C:\windows\system32\DRIVERS\nvlddmkm.sys
11:45:27.0893 5960 nvlddmkm - ok
11:45:28.0003 5960 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\windows\system32\drivers\nvraid.sys
11:45:28.0018 5960 nvraid - ok
11:45:28.0081 5960 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\windows\system32\drivers\nvstor.sys
11:45:28.0096 5960 nvstor - ok
11:45:28.0174 5960 nv_agp (19067ca93075ef4823e3938a686f532f) C:\windows\system32\drivers\nv_agp.sys
11:45:28.0190 5960 nv_agp - ok
11:45:28.0237 5960 NwlnkFlt - ok
11:45:28.0299 5960 NwlnkFwd - ok
11:45:28.0377 5960 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\windows\system32\drivers\ohci1394.sys
11:45:28.0393 5960 ohci1394 - ok
11:45:28.0502 5960 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\windows\system32\DRIVERS\parport.sys
11:45:28.0517 5960 Parport - ok
11:45:28.0642 5960 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\windows\system32\drivers\partmgr.sys
11:45:28.0658 5960 partmgr - ok
11:45:28.0705 5960 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\windows\system32\drivers\pci.sys
11:45:28.0736 5960 pci - ok
11:45:28.0767 5960 pciide (8d618c829034479985a9ed56106cc732) C:\windows\system32\drivers\pciide.sys
11:45:28.0783 5960 pciide - ok
11:45:28.0829 5960 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\windows\system32\drivers\pcmcia.sys
11:45:28.0845 5960 pcmcia - ok
11:45:28.0939 5960 PEAUTH (58865916f53592a61549b04941bfd80d) C:\windows\system32\drivers\peauth.sys
11:45:28.0954 5960 PEAUTH - ok
11:45:29.0110 5960 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\windows\system32\DRIVERS\raspptp.sys
11:45:29.0126 5960 PptpMiniport - ok
11:45:29.0173 5960 Processor (5080e59ecee0bc923f14018803aa7a01) C:\windows\system32\drivers\processr.sys
11:45:29.0173 5960 Processor - ok
11:45:29.0282 5960 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\windows\system32\DRIVERS\pacer.sys
11:45:29.0297 5960 PSched - ok
11:45:29.0391 5960 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\windows\system32\drivers\ql2300.sys
11:45:29.0453 5960 ql2300 - ok
11:45:29.0516 5960 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\windows\system32\drivers\ql40xx.sys
11:45:29.0516 5960 ql40xx - ok
11:45:29.0625 5960 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\windows\system32\drivers\qwavedrv.sys
11:45:29.0641 5960 QWAVEdrv - ok
11:45:29.0703 5960 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\windows\system32\DRIVERS\rasacd.sys
11:45:29.0703 5960 RasAcd - ok
11:45:29.0781 5960 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\windows\system32\DRIVERS\rasl2tp.sys
11:45:29.0797 5960 Rasl2tp - ok
11:45:29.0859 5960 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\windows\system32\DRIVERS\raspppoe.sys
11:45:29.0859 5960 RasPppoe - ok
11:45:29.0953 5960 RasSstp (c6a593b51f34c33e5474539544072527) C:\windows\system32\DRIVERS\rassstp.sys
11:45:29.0953 5960 RasSstp - ok
11:45:30.0031 5960 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\windows\system32\DRIVERS\rdbss.sys
11:45:30.0046 5960 rdbss - ok
11:45:30.0124 5960 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\windows\system32\DRIVERS\RDPCDD.sys
11:45:30.0124 5960 RDPCDD - ok
11:45:30.0249 5960 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\windows\system32\drivers\rdpdr.sys
11:45:30.0265 5960 rdpdr - ok
11:45:30.0296 5960 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\windows\system32\drivers\rdpencdd.sys
11:45:30.0296 5960 RDPENCDD - ok
11:45:30.0405 5960 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\windows\system32\drivers\RDPWD.sys
11:45:30.0421 5960 RDPWD - ok
11:45:30.0530 5960 RFCOMM (f228ce2f778503cecb2b27097b5b3139) C:\windows\system32\DRIVERS\rfcomm.sys
11:45:30.0530 5960 RFCOMM - ok
11:45:30.0577 5960 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\windows\system32\DRIVERS\rspndr.sys
11:45:30.0592 5960 rspndr - ok
11:45:30.0623 5960 RTL8169 (bf55641fc2f759281b9bf59d5daa8fde) C:\windows\system32\DRIVERS\Rtlh64.sys
11:45:30.0639 5960 RTL8169 - ok
11:45:30.0717 5960 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\windows\system32\drivers\sbp2port.sys
11:45:30.0733 5960 sbp2port - ok
11:45:30.0811 5960 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
11:45:30.0826 5960 secdrv - ok
11:45:30.0904 5960 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\windows\system32\DRIVERS\serenum.sys
11:45:30.0920 5960 Serenum - ok
11:45:30.0998 5960 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\windows\system32\DRIVERS\serial.sys
11:45:31.0013 5960 Serial - ok
11:45:31.0045 5960 sermouse (a842f04833684bceea7336211be478df) C:\windows\system32\drivers\sermouse.sys
11:45:31.0060 5960 sermouse - ok
11:45:31.0123 5960 sffdisk (14d4b4465193a87c127933978e8c4106) C:\windows\system32\drivers\sffdisk.sys
11:45:31.0138 5960 sffdisk - ok
11:45:31.0154 5960 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\windows\system32\drivers\sffp_mmc.sys
11:45:31.0169 5960 sffp_mmc - ok
11:45:31.0185 5960 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\windows\system32\drivers\sffp_sd.sys
11:45:31.0201 5960 sffp_sd - ok
11:45:31.0216 5960 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\windows\system32\drivers\sfloppy.sys
11:45:31.0216 5960 sfloppy - ok
11:45:31.0279 5960 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\windows\system32\drivers\sisraid2.sys
11:45:31.0279 5960 SiSRaid2 - ok
11:45:31.0419 5960 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\windows\system32\drivers\sisraid4.sys
11:45:31.0419 5960 SiSRaid4 - ok
11:45:31.0513 5960 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\windows\system32\DRIVERS\smb.sys
11:45:31.0528 5960 Smb - ok
11:45:31.0591 5960 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\windows\system32\drivers\spldr.sys
11:45:31.0591 5960 spldr - ok
11:45:31.0715 5960 srv (880a57fccb571ebd063d4dd50e93e46d) C:\windows\system32\DRIVERS\srv.sys
11:45:31.0747 5960 srv - ok
11:45:31.0856 5960 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\windows\system32\DRIVERS\srv2.sys
11:45:31.0856 5960 srv2 - ok
11:45:31.0918 5960 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\windows\system32\DRIVERS\srvnet.sys
11:45:31.0934 5960 srvnet - ok
11:45:32.0137 5960 STHDA (0c7bda7e9a329a071c080eb5210fe019) C:\windows\system32\DRIVERS\stwrt64.sys
11:45:32.0199 5960 STHDA - ok
11:45:32.0308 5960 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\windows\system32\DRIVERS\swenum.sys
11:45:32.0324 5960 swenum - ok
11:45:32.0386 5960 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\windows\system32\drivers\symc8xx.sys
11:45:32.0402 5960 Symc8xx - ok
11:45:32.0449 5960 Sym_hi (a909667976d3bccd1df813fed517d837) C:\windows\system32\drivers\sym_hi.sys
11:45:32.0449 5960 Sym_hi - ok
11:45:32.0495 5960 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\windows\system32\drivers\sym_u3.sys
11:45:32.0511 5960 Sym_u3 - ok
11:45:32.0636 5960 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\windows\system32\drivers\tcpip.sys
11:45:32.0776 5960 Tcpip - ok
11:45:32.0963 5960 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\windows\system32\DRIVERS\tcpip.sys
11:45:32.0979 5960 Tcpip6 - ok
11:45:33.0057 5960 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\windows\system32\drivers\tcpipreg.sys
11:45:33.0073 5960 tcpipreg - ok
11:45:33.0385 5960 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\windows\system32\drivers\tdpipe.sys
11:45:33.0385 5960 TDPIPE - ok
11:45:33.0541 5960 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\windows\system32\drivers\tdtcp.sys
11:45:33.0541 5960 TDTCP - ok
11:45:33.0681 5960 tdx (458919c8c42e398dc4802178d5ffee27) C:\windows\system32\DRIVERS\tdx.sys
11:45:33.0697 5960 tdx - ok
11:45:33.0790 5960 TermDD (8c19678d22649ec002ef2282eae92f98) C:\windows\system32\DRIVERS\termdd.sys
11:45:33.0806 5960 TermDD - ok
11:45:33.0915 5960 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\windows\system32\DRIVERS\tssecsrv.sys
11:45:33.0915 5960 tssecsrv - ok
11:45:33.0977 5960 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\windows\system32\DRIVERS\tunmp.sys
11:45:33.0993 5960 tunmp - ok
11:45:34.0055 5960 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\windows\system32\DRIVERS\tunnel.sys
11:45:34.0071 5960 tunnel - ok
11:45:34.0149 5960 uagp35 (fec266ef401966311744bd0f359f7f56) C:\windows\system32\drivers\uagp35.sys
11:45:34.0180 5960 uagp35 - ok
11:45:34.0258 5960 udfs (faf2640a2a76ed03d449e443194c4c34) C:\windows\system32\DRIVERS\udfs.sys
11:45:34.0274 5960 udfs - ok
11:45:34.0321 5960 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\windows\system32\drivers\uliagpkx.sys
11:45:34.0336 5960 uliagpkx - ok
11:45:34.0430 5960 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\windows\system32\drivers\uliahci.sys
11:45:34.0430 5960 uliahci - ok
11:45:34.0555 5960 UlSata (31707f09846056651ea2c37858f5ddb0) C:\windows\system32\drivers\ulsata.sys
11:45:34.0570 5960 UlSata - ok
11:45:34.0679 5960 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\windows\system32\drivers\ulsata2.sys
11:45:34.0695 5960 ulsata2 - ok
11:45:34.0757 5960 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\windows\system32\DRIVERS\umbus.sys
11:45:34.0757 5960 umbus - ok
11:45:34.0867 5960 usbccgp (07e3498fc60834219d2356293da0fecc) C:\windows\system32\DRIVERS\usbccgp.sys
11:45:34.0882 5960 usbccgp - ok
11:45:34.0976 5960 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\windows\system32\drivers\usbcir.sys
11:45:34.0991 5960 usbcir - ok
11:45:35.0054 5960 usbehci (827e44de934a736ea31e91d353eb126f) C:\windows\system32\DRIVERS\usbehci.sys
11:45:35.0069 5960 usbehci - ok
11:45:35.0116 5960 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\windows\system32\DRIVERS\usbhub.sys
11:45:35.0147 5960 usbhub - ok
11:45:35.0225 5960 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\windows\system32\drivers\usbohci.sys
11:45:35.0225 5960 usbohci - ok
11:45:35.0303 5960 usbprint (acfee697af477021bb3ec78c5431fed2) C:\windows\system32\drivers\usbprint.sys
11:45:35.0303 5960 usbprint - ok
11:45:35.0350 5960 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\windows\system32\DRIVERS\USBSTOR.SYS
11:45:35.0366 5960 USBSTOR - ok
11:45:35.0381 5960 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\windows\system32\DRIVERS\usbuhci.sys
11:45:35.0397 5960 usbuhci - ok
11:45:35.0413 5960 usbvideo (fc33099877790d51b0927b7039059855) C:\windows\system32\Drivers\usbvideo.sys
11:45:35.0444 5960 usbvideo - ok
11:45:35.0475 5960 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\windows\system32\DRIVERS\vgapnp.sys
11:45:35.0475 5960 vga - ok
11:45:35.0584 5960 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\windows\System32\drivers\vga.sys
11:45:35.0584 5960 VgaSave - ok
11:45:35.0662 5960 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\windows\system32\drivers\viaide.sys
11:45:35.0662 5960 viaide - ok
11:45:35.0756 5960 volmgr (2b7e885ed951519a12c450d24535dfca) C:\windows\system32\drivers\volmgr.sys
11:45:35.0771 5960 volmgr - ok
11:45:35.0881 5960 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\windows\system32\drivers\volmgrx.sys
11:45:35.0912 5960 volmgrx - ok
11:45:35.0959 5960 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\windows\system32\drivers\volsnap.sys
11:45:35.0990 5960 volsnap - ok
11:45:36.0052 5960 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\windows\system32\drivers\vsmraid.sys
11:45:36.0052 5960 vsmraid - ok
11:45:36.0146 5960 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\windows\system32\drivers\wacompen.sys
11:45:36.0161 5960 WacomPen - ok
11:45:36.0239 5960 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\windows\system32\DRIVERS\wanarp.sys
11:45:36.0255 5960 Wanarp - ok
11:45:36.0302 5960 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\windows\system32\DRIVERS\wanarp.sys
11:45:36.0302 5960 Wanarpv6 - ok
11:45:36.0349 5960 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\windows\system32\drivers\wd.sys
11:45:36.0364 5960 Wd - ok
11:45:36.0411 5960 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\windows\system32\drivers\Wdf01000.sys
11:45:36.0442 5960 Wdf01000 - ok
11:45:36.0598 5960 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\windows\system32\DRIVERS\wmiacpi.sys
11:45:36.0598 5960 WmiAcpi - ok
11:45:36.0661 5960 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\windows\system32\DRIVERS\wpdusb.sys
11:45:36.0676 5960 WpdUsb - ok
11:45:36.0739 5960 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\windows\system32\drivers\ws2ifsl.sys
11:45:36.0739 5960 ws2ifsl - ok
11:45:36.0817 5960 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\windows\system32\DRIVERS\WUDFRd.sys
11:45:36.0832 5960 WUDFRd - ok
11:45:36.0910 5960 MBR (0x1B8) (44a7c44eedfa37377ab19412a84052f7) \Device\Harddisk0\DR0
11:45:36.0941 5960 \Device\Harddisk0\DR0 - ok
11:45:36.0941 5960 Boot (0x1200) (0089c420653be68a7061e7aec04efa62) \Device\Harddisk0\DR0\Partition0
11:45:36.0941 5960 \Device\Harddisk0\DR0\Partition0 - ok
11:45:36.0957 5960 Boot (0x1200) (5f554c67224d17e4fc863f12726af868) \Device\Harddisk0\DR0\Partition1
11:45:36.0957 5960 \Device\Harddisk0\DR0\Partition1 - ok
11:45:36.0957 5960 ============================================================
11:45:36.0957 5960 Scan finished
11:45:36.0957 5960 ============================================================
11:45:36.0973 3116 Detected object count: 0
11:45:36.0973 3116 Actual detected object count: 0
11:49:27.0229 0896 ============================================================
11:49:27.0229 0896 Scan started
11:49:27.0229 0896 Mode: Manual;
11:49:27.0229 0896 ============================================================
11:49:27.0884 0896 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\windows\system32\DRIVERS\Accelerometer.sys
11:49:27.0884 0896 Accelerometer - ok
11:49:27.0946 0896 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\windows\system32\drivers\acpi.sys
11:49:27.0946 0896 ACPI - ok
11:49:27.0993 0896 adp94xx (f14215e37cf124104575073f782111d2) C:\windows\system32\drivers\adp94xx.sys
11:49:28.0009 0896 adp94xx - ok
11:49:28.0055 0896 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\windows\system32\drivers\adpahci.sys
11:49:28.0055 0896 adpahci - ok
11:49:28.0118 0896 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\windows\system32\drivers\adpu160m.sys
11:49:28.0118 0896 adpu160m - ok
11:49:28.0165 0896 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\windows\system32\drivers\adpu320.sys
11:49:28.0165 0896 adpu320 - ok
11:49:28.0243 0896 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\windows\system32\drivers\afd.sys
11:49:28.0258 0896 AFD - ok
11:49:28.0321 0896 AgereSoftModem (70e15cda25e151dfc60636ef73f5a7be) C:\windows\system32\DRIVERS\agrsm64.sys
11:49:28.0336 0896 AgereSoftModem - ok
11:49:28.0414 0896 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\windows\system32\drivers\agp440.sys
11:49:28.0414 0896 agp440 - ok
11:49:28.0461 0896 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\windows\system32\drivers\djsvs.sys
11:49:28.0461 0896 aic78xx - ok
11:49:28.0492 0896 aliide (157d0898d4b73f075ce9fa26b482df98) C:\windows\system32\drivers\aliide.sys
11:49:28.0492 0896 aliide - ok
11:49:28.0523 0896 amdide (970fa5059e61e30d25307b99903e991e) C:\windows\system32\drivers\amdide.sys
11:49:28.0523 0896 amdide - ok
11:49:28.0555 0896 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\windows\system32\drivers\amdk8.sys
11:49:28.0555 0896 AmdK8 - ok
11:49:28.0633 0896 ApfiltrService (69d882157e5e4d17d32e30182f945046) C:\windows\system32\DRIVERS\Apfiltr.sys
11:49:28.0633 0896 ApfiltrService - ok
11:49:28.0726 0896 arc (ba8417d4765f3988ff921f30f630e303) C:\windows\system32\drivers\arc.sys
11:49:28.0726 0896 arc - ok
11:49:28.0757 0896 arcsas (9d41c435619733b34cc16a511e644b11) C:\windows\system32\drivers\arcsas.sys
11:49:28.0757 0896 arcsas - ok
11:49:28.0789 0896 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\windows\system32\DRIVERS\asyncmac.sys
11:49:28.0789 0896 AsyncMac - ok
11:49:28.0820 0896 atapi (e68d9b3a3905619732f7fe039466a623) C:\windows\system32\drivers\atapi.sys
11:49:28.0820 0896 atapi - ok
11:49:28.0851 0896 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\windows\system32\DRIVERS\b57nd60a.sys
11:49:28.0851 0896 b57nd60a - ok
11:49:28.0898 0896 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\windows\system32\drivers\blbdrive.sys
11:49:28.0898 0896 blbdrive - ok
11:49:28.0929 0896 bowser (2348447a80920b2493a9b582a23e81e1) C:\windows\system32\DRIVERS\bowser.sys
11:49:28.0929 0896 bowser - ok
11:49:29.0023 0896 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\brfiltlo.sys
11:49:29.0023 0896 BrFiltLo - ok
11:49:29.0085 0896 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\brfiltup.sys
11:49:29.0085 0896 BrFiltUp - ok
11:49:29.0132 0896 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\windows\system32\drivers\brserid.sys
11:49:29.0132 0896 Brserid - ok
11:49:29.0163 0896 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\system32\drivers\brserwdm.sys
11:49:29.0163 0896 BrSerWdm - ok
11:49:29.0179 0896 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\system32\drivers\brusbmdm.sys
11:49:29.0179 0896 BrUsbMdm - ok
11:49:29.0194 0896 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\system32\drivers\brusbser.sys
11:49:29.0194 0896 BrUsbSer - ok
11:49:29.0210 0896 BthEnum (86f46c41f773da5a4a1d221c9201e3b8) C:\windows\system32\DRIVERS\BthEnum.sys
11:49:29.0210 0896 BthEnum - ok
11:49:29.0225 0896 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\windows\system32\drivers\bthmodem.sys
11:49:29.0225 0896 BTHMODEM - ok
11:49:29.0257 0896 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\windows\system32\DRIVERS\bthpan.sys
11:49:29.0257 0896 BthPan - ok
11:49:29.0303 0896 BTHPORT (e76f40c8dffd33b6f142de90d3cabb73) C:\windows\system32\Drivers\BTHport.sys
11:49:29.0303 0896 BTHPORT - ok
11:49:29.0381 0896 BTHUSB (cd52602d1884c6867269babcb67849c5) C:\windows\system32\Drivers\BTHUSB.sys
11:49:29.0381 0896 BTHUSB - ok
11:49:29.0413 0896 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\windows\system32\DRIVERS\cdfs.sys
11:49:29.0413 0896 cdfs - ok
11:49:29.0459 0896 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\windows\system32\DRIVERS\cdrom.sys
11:49:29.0459 0896 cdrom - ok
11:49:29.0522 0896 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\windows\system32\DRIVERS\circlass.sys
11:49:29.0522 0896 circlass - ok
11:49:29.0600 0896 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\windows\system32\CLFS.sys
11:49:29.0600 0896 CLFS - ok
11:49:29.0678 0896 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\windows\system32\DRIVERS\CmBatt.sys
11:49:29.0678 0896 CmBatt - ok
11:49:29.0709 0896 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\windows\system32\drivers\cmdide.sys
11:49:29.0709 0896 cmdide - ok
11:49:29.0740 0896 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\windows\system32\DRIVERS\compbatt.sys
11:49:29.0740 0896 Compbatt - ok
11:49:29.0756 0896 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\windows\system32\drivers\crcdisk.sys
11:49:29.0756 0896 crcdisk - ok
11:49:29.0803 0896 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\windows\system32\Drivers\dfsc.sys
11:49:29.0803 0896 DfsC - ok
11:49:29.0881 0896 disk (b0107e40ecdb5fa692ebf832f295d905) C:\windows\system32\drivers\disk.sys
11:49:29.0881 0896 disk - ok
11:49:29.0912 0896 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\windows\system32\drivers\drmkaud.sys
11:49:29.0912 0896 drmkaud - ok
11:49:29.0974 0896 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\windows\System32\drivers\dxgkrnl.sys
11:49:29.0974 0896 DXGKrnl - ok
11:49:30.0052 0896 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\windows\system32\DRIVERS\E1G6032E.sys
11:49:30.0052 0896 E1G60 - ok
11:49:30.0161 0896 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\windows\system32\drivers\ecache.sys
11:49:30.0161 0896 Ecache - ok
11:49:30.0208 0896 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\windows\system32\drivers\elxstor.sys
11:49:30.0208 0896 elxstor - ok
11:49:30.0271 0896 enecir (3a70dc8951b995c73a22b9a23210833e) C:\windows\system32\DRIVERS\enecir.sys
11:49:30.0271 0896 enecir - ok
11:49:30.0302 0896 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\windows\system32\drivers\errdev.sys
11:49:30.0302 0896 ErrDev - ok
11:49:30.0364 0896 exfat (486844f47b6636044a42454614ed4523) C:\windows\system32\drivers\exfat.sys
11:49:30.0364 0896 exfat - ok
11:49:30.0442 0896 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\windows\system32\drivers\fastfat.sys
11:49:30.0442 0896 fastfat - ok
11:49:30.0520 0896 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\windows\system32\DRIVERS\fdc.sys
11:49:30.0520 0896 fdc - ok
11:49:30.0567 0896 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\windows\system32\drivers\fileinfo.sys
11:49:30.0567 0896 FileInfo - ok
11:49:30.0583 0896 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\windows\system32\drivers\filetrace.sys
11:49:30.0583 0896 Filetrace - ok
11:49:30.0629 0896 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\windows\system32\DRIVERS\flpydisk.sys
11:49:30.0629 0896 flpydisk - ok
11:49:30.0692 0896 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\windows\system32\drivers\fltmgr.sys
11:49:30.0692 0896 FltMgr - ok
11:49:30.0785 0896 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\windows\system32\drivers\Fs_Rec.sys
11:49:30.0785 0896 Fs_Rec - ok
11:49:30.0832 0896 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\windows\system32\drivers\gagp30kx.sys
11:49:30.0832 0896 gagp30kx - ok
11:49:30.0895 0896 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\windows\system32\drivers\HdAudio.sys
11:49:30.0895 0896 HdAudAddService - ok
11:49:30.0957 0896 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\windows\system32\DRIVERS\HDAudBus.sys
11:49:30.0973 0896 HDAudBus - ok
11:49:31.0035 0896 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\windows\system32\drivers\hidbth.sys
11:49:31.0035 0896 HidBth - ok
11:49:31.0082 0896 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\windows\system32\DRIVERS\hidir.sys
11:49:31.0082 0896 HidIr - ok
11:49:31.0113 0896 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\windows\system32\DRIVERS\hidusb.sys
11:49:31.0113 0896 HidUsb - ok
11:49:31.0160 0896 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\windows\system32\drivers\hpcisss.sys
11:49:31.0160 0896 HpCISSs - ok
11:49:31.0191 0896 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\windows\system32\DRIVERS\hpdskflt.sys
11:49:31.0191 0896 hpdskflt - ok
11:49:31.0238 0896 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
11:49:31.0238 0896 HpqKbFiltr - ok
11:49:31.0331 0896 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\windows\system32\drivers\HTTP.sys
11:49:31.0347 0896 HTTP - ok
11:49:31.0425 0896 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\windows\system32\drivers\i2omp.sys
11:49:31.0425 0896 i2omp - ok
11:49:31.0456 0896 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\windows\system32\DRIVERS\i8042prt.sys
11:49:31.0456 0896 i8042prt - ok
11:49:31.0519 0896 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\windows\system32\drivers\iastorv.sys
11:49:31.0519 0896 iaStorV - ok
11:49:31.0784 0896 igfx (663e7364f650a915d415eeb2da98d86a) C:\windows\system32\DRIVERS\igdkmd64.sys
11:49:31.0831 0896 igfx - ok
11:49:31.0893 0896 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\windows\system32\drivers\iirsp.sys
11:49:31.0893 0896 iirsp - ok
11:49:31.0955 0896 IntcHdmiAddService (c7c9720a5b0fd2b974fc4f72e405204b) C:\windows\system32\drivers\IntcHdmi.sys
11:49:31.0955 0896 IntcHdmiAddService - ok
11:49:32.0002 0896 intelide (df797a12176f11b2d301c5b234bb200e) C:\windows\system32\drivers\intelide.sys
11:49:32.0002 0896 intelide - ok
11:49:32.0080 0896 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\windows\system32\DRIVERS\intelppm.sys
11:49:32.0080 0896 intelppm - ok
11:49:32.0143 0896 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\windows\system32\DRIVERS\ipfltdrv.sys
11:49:32.0143 0896 IpFilterDriver - ok
11:49:32.0189 0896 IpInIp - ok
11:49:32.0221 0896 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\windows\system32\drivers\ipmidrv.sys
11:49:32.0236 0896 IPMIDRV - ok
11:49:32.0267 0896 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\windows\system32\DRIVERS\ipnat.sys
11:49:32.0267 0896 IPNAT - ok
11:49:32.0314 0896 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\windows\system32\drivers\irenum.sys
11:49:32.0330 0896 IRENUM - ok
11:49:32.0361 0896 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\windows\system32\drivers\isapnp.sys
11:49:32.0361 0896 isapnp - ok
11:49:32.0423 0896 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\windows\system32\DRIVERS\msiscsi.sys
11:49:32.0423 0896 iScsiPrt - ok
11:49:32.0470 0896 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\windows\system32\drivers\iteatapi.sys
11:49:32.0470 0896 iteatapi - ok
11:49:32.0501 0896 iteraid (1281fe73b17664631d12f643cbea3f59) C:\windows\system32\drivers\iteraid.sys
11:49:32.0501 0896 iteraid - ok
11:49:32.0579 0896 JMCR (00495b8f39c7c1a9179e40c3bf2475df) C:\windows\system32\DRIVERS\jmcr.sys
11:49:32.0595 0896 JMCR - ok
11:49:32.0611 0896 kbdclass (423696f3ba6472dd17699209b933bc26) C:\windows\system32\DRIVERS\kbdclass.sys
11:49:32.0611 0896 kbdclass - ok
11:49:32.0673 0896 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\windows\system32\DRIVERS\kbdhid.sys
11:49:32.0673 0896 kbdhid - ok
11:49:32.0813 0896 KL1 (8d7120743a0973ceab548b475c9d4289) C:\windows\system32\DRIVERS\kl1.sys
11:49:32.0813 0896 KL1 - ok
11:49:32.0860 0896 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\windows\system32\DRIVERS\kl2.sys
11:49:32.0860 0896 kl2 - ok
11:49:32.0923 0896 KLIF (c1786c2f8de0f62e076f7ef8dea4e87a) C:\windows\system32\DRIVERS\klif.sys
11:49:32.0923 0896 KLIF - ok
11:49:32.0954 0896 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\windows\system32\DRIVERS\klim6.sys
11:49:32.0954 0896 KLIM6 - ok
11:49:33.0032 0896 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\windows\system32\DRIVERS\klmouflt.sys
11:49:33.0032 0896 klmouflt - ok
11:49:33.0110 0896 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\windows\system32\Drivers\ksecdd.sys
11:49:33.0125 0896 KSecDD - ok
11:49:33.0157 0896 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\windows\system32\drivers\ksthunk.sys
11:49:33.0157 0896 ksthunk - ok
11:49:33.0219 0896 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\windows\system32\DRIVERS\lltdio.sys
11:49:33.0219 0896 lltdio - ok
11:49:33.0297 0896 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\windows\system32\drivers\lsi_fc.sys
11:49:33.0297 0896 LSI_FC - ok
11:49:33.0391 0896 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\windows\system32\drivers\lsi_sas.sys
11:49:33.0391 0896 LSI_SAS - ok
11:49:33.0437 0896 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\windows\system32\drivers\lsi_scsi.sys
11:49:33.0437 0896 LSI_SCSI - ok
11:49:33.0484 0896 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\windows\system32\drivers\luafv.sys
11:49:33.0484 0896 luafv - ok
11:49:33.0531 0896 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\windows\system32\drivers\megasas.sys
11:49:33.0531 0896 megasas - ok
11:49:33.0593 0896 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\windows\system32\drivers\megasr.sys
11:49:33.0593 0896 MegaSR - ok
11:49:33.0656 0896 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\windows\system32\drivers\modem.sys
11:49:33.0656 0896 Modem - ok
11:49:33.0687 0896 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\windows\system32\DRIVERS\monitor.sys
11:49:33.0687 0896 monitor - ok
11:49:33.0718 0896 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\windows\system32\DRIVERS\mouclass.sys
11:49:33.0718 0896 mouclass - ok
11:49:33.0781 0896 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\windows\system32\DRIVERS\mouhid.sys
11:49:33.0781 0896 mouhid - ok
11:49:33.0827 0896 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\windows\system32\drivers\mountmgr.sys
11:49:33.0827 0896 MountMgr - ok
11:49:33.0890 0896 mpio (f8276eb8698142884498a528dfea8478) C:\windows\system32\drivers\mpio.sys
11:49:33.0890 0896 mpio - ok
11:49:33.0937 0896 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\windows\system32\drivers\mpsdrv.sys
11:49:33.0937 0896 mpsdrv - ok
11:49:33.0983 0896 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\windows\system32\drivers\mraid35x.sys
11:49:33.0983 0896 Mraid35x - ok
11:49:34.0061 0896 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\windows\system32\drivers\mrxdav.sys
11:49:34.0061 0896 MRxDAV - ok
11:49:34.0124 0896 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\windows\system32\DRIVERS\mrxsmb.sys
11:49:34.0124 0896 mrxsmb - ok
11:49:34.0186 0896 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\windows\system32\DRIVERS\mrxsmb10.sys
11:49:34.0186 0896 mrxsmb10 - ok
11:49:34.0217 0896 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\windows\system32\DRIVERS\mrxsmb20.sys
11:49:34.0217 0896 mrxsmb20 - ok
11:49:34.0280 0896 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\windows\system32\drivers\msahci.sys
11:49:34.0280 0896 msahci - ok
11:49:34.0327 0896 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\windows\system32\drivers\msdsm.sys
11:49:34.0342 0896 msdsm - ok
11:49:34.0405 0896 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\windows\system32\drivers\Msfs.sys
11:49:34.0405 0896 Msfs - ok
11:49:34.0436 0896 msisadrv (00ebc952961664780d43dca157e79b27) C:\windows\system32\drivers\msisadrv.sys
11:49:34.0436 0896 msisadrv - ok
11:49:34.0467 0896 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\windows\system32\drivers\MSKSSRV.sys
11:49:34.0467 0896 MSKSSRV - ok
11:49:34.0545 0896 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\windows\system32\drivers\MSPCLOCK.sys
11:49:34.0545 0896 MSPCLOCK - ok
11:49:34.0592 0896 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\windows\system32\drivers\MSPQM.sys
11:49:34.0592 0896 MSPQM - ok
11:49:34.0670 0896 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\windows\system32\drivers\MsRPC.sys
11:49:34.0670 0896 MsRPC - ok
11:49:34.0732 0896 mssmbios (855796e59df77ea93af46f20155bf55b) C:\windows\system32\DRIVERS\mssmbios.sys
11:49:34.0732 0896 mssmbios - ok
11:49:34.0779 0896 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\windows\system32\drivers\MSTEE.sys
11:49:34.0795 0896 MSTEE - ok
11:49:34.0810 0896 Mup (0cc49f78d8aca0877d885f149084e543) C:\windows\system32\Drivers\mup.sys
11:49:34.0810 0896 Mup - ok
11:49:34.0888 0896 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\windows\system32\DRIVERS\nwifi.sys
11:49:34.0888 0896 NativeWifiP - ok
11:49:34.0966 0896 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\windows\system32\drivers\ndis.sys
11:49:34.0982 0896 NDIS - ok
11:49:35.0029 0896 NdisTapi (64df698a425478e321981431ac171334) C:\windows\system32\DRIVERS\ndistapi.sys
11:49:35.0029 0896 NdisTapi - ok
11:49:35.0107 0896 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\windows\system32\DRIVERS\ndisuio.sys
11:49:35.0107 0896 Ndisuio - ok
11:49:35.0153 0896 NdisWan (f8158771905260982ce724076419ef19) C:\windows\system32\DRIVERS\ndiswan.sys
11:49:35.0153 0896 NdisWan - ok
11:49:35.0200 0896 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\windows\system32\drivers\NDProxy.sys
11:49:35.0200 0896 NDProxy - ok
11:49:35.0247 0896 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\windows\system32\DRIVERS\netbios.sys
11:49:35.0247 0896 NetBIOS - ok
11:49:35.0356 0896 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\windows\system32\DRIVERS\netbt.sys
11:49:35.0356 0896 netbt - ok
11:49:35.0543 0896 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\windows\system32\DRIVERS\NETw5v64.sys
11:49:35.0559 0896 NETw5v64 - ok
11:49:35.0590 0896 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\windows\system32\drivers\nfrd960.sys
11:49:35.0590 0896 nfrd960 - ok
11:49:35.0637 0896 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\windows\system32\drivers\Npfs.sys
11:49:35.0637 0896 Npfs - ok
11:49:35.0653 0896 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\windows\system32\drivers\nsiproxy.sys
11:49:35.0653 0896 nsiproxy - ok
11:49:35.0746 0896 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\windows\system32\drivers\Ntfs.sys
11:49:35.0746 0896 Ntfs - ok
11:49:35.0824 0896 Null (dd5d684975352b85b52e3fd5347c20cb) C:\windows\system32\drivers\Null.sys
11:49:35.0824 0896 Null - ok
11:49:35.0980 0896 nvlddmkm (b188b1bdc7624e8e42f53fa78cade2c6) C:\windows\system32\DRIVERS\nvlddmkm.sys
11:49:36.0027 0896 nvlddmkm - ok
11:49:36.0058 0896 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\windows\system32\drivers\nvraid.sys
11:49:36.0058 0896 nvraid - ok
11:49:36.0074 0896 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\windows\system32\drivers\nvstor.sys
11:49:36.0074 0896 nvstor - ok
11:49:36.0089 0896 nv_agp (19067ca93075ef4823e3938a686f532f) C:\windows\system32\drivers\nv_agp.sys
11:49:36.0089 0896 nv_agp - ok
11:49:36.0105 0896 NwlnkFlt - ok
11:49:36.0121 0896 NwlnkFwd - ok
11:49:36.0136 0896 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\windows\system32\drivers\ohci1394.sys
11:49:36.0136 0896 ohci1394 - ok
11:49:36.0183 0896 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\windows\system32\DRIVERS\parport.sys
11:49:36.0183 0896 Parport - ok
11:49:36.0230 0896 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\windows\system32\drivers\partmgr.sys
11:49:36.0230 0896 partmgr - ok
11:49:36.0308 0896 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\windows\system32\drivers\pci.sys
11:49:36.0308 0896 pci - ok
11:49:36.0370 0896 pciide (8d618c829034479985a9ed56106cc732) C:\windows\system32\drivers\pciide.sys
11:49:36.0370 0896 pciide - ok
11:49:36.0433 0896 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\windows\system32\drivers\pcmcia.sys
11:49:36.0433 0896 pcmcia - ok
11:49:36.0479 0896 PEAUTH (58865916f53592a61549b04941bfd80d) C:\windows\system32\drivers\peauth.sys
11:49:36.0479 0896 PEAUTH - ok
11:49:36.0589 0896 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\windows\system32\DRIVERS\raspptp.sys
11:49:36.0589 0896 PptpMiniport - ok
11:49:36.0635 0896 Processor (5080e59ecee0bc923f14018803aa7a01) C:\windows\system32\drivers\processr.sys
11:49:36.0651 0896 Processor - ok
11:49:36.0729 0896 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\windows\system32\DRIVERS\pacer.sys
11:49:36.0729 0896 PSched - ok
11:49:36.0823 0896 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\windows\system32\drivers\ql2300.sys
11:49:36.0823 0896 ql2300 - ok
11:49:36.0854 0896 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\windows\system32\drivers\ql40xx.sys
11:49:36.0854 0896 ql40xx - ok
11:49:36.0916 0896 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\windows\system32\drivers\qwavedrv.sys
11:49:36.0932 0896 QWAVEdrv - ok
11:49:36.0963 0896 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\windows\system32\DRIVERS\rasacd.sys
11:49:36.0979 0896 RasAcd - ok
11:49:37.0041 0896 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\windows\system32\DRIVERS\rasl2tp.sys
11:49:37.0041 0896 Rasl2tp - ok
11:49:37.0103 0896 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\windows\system32\DRIVERS\raspppoe.sys
11:49:37.0119 0896 RasPppoe - ok
11:49:37.0197 0896 RasSstp (c6a593b51f34c33e5474539544072527) C:\windows\system32\DRIVERS\rassstp.sys
11:49:37.0197 0896 RasSstp - ok
11:49:37.0275 0896 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\windows\system32\DRIVERS\rdbss.sys
11:49:37.0291 0896 rdbss - ok
11:49:37.0337 0896 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\windows\system32\DRIVERS\RDPCDD.sys
11:49:37.0337 0896 RDPCDD - ok
11:49:37.0400 0896 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\windows\system32\drivers\rdpdr.sys
11:49:37.0400 0896 rdpdr - ok
11:49:37.0447 0896 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\windows\system32\drivers\rdpencdd.sys
11:49:37.0447 0896 RDPENCDD - ok
11:49:37.0540 0896 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\windows\system32\drivers\RDPWD.sys
11:49:37.0540 0896 RDPWD - ok
11:49:37.0618 0896 RFCOMM (f228ce2f778503cecb2b27097b5b3139) C:\windows\system32\DRIVERS\rfcomm.sys
11:49:37.0618 0896 RFCOMM - ok
11:49:37.0665 0896 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\windows\system32\DRIVERS\rspndr.sys
11:49:37.0665 0896 rspndr - ok
11:49:37.0696 0896 RTL8169 (bf55641fc2f759281b9bf59d5daa8fde) C:\windows\system32\DRIVERS\Rtlh64.sys
11:49:37.0696 0896 RTL8169 - ok
11:49:37.0727 0896 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\windows\system32\drivers\sbp2port.sys
11:49:37.0727 0896 sbp2port - ok
11:49:37.0774 0896 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
11:49:37.0774 0896 secdrv - ok
11:49:37.0805 0896 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\windows\system32\DRIVERS\serenum.sys
11:49:37.0805 0896 Serenum - ok
11:49:37.0837 0896 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\windows\system32\DRIVERS\serial.sys
11:49:37.0837 0896 Serial - ok
11:49:37.0852 0896 sermouse (a842f04833684bceea7336211be478df) C:\windows\system32\drivers\sermouse.sys
11:49:37.0852 0896 sermouse - ok
11:49:37.0930 0896 sffdisk (14d4b4465193a87c127933978e8c4106) C:\windows\system32\drivers\sffdisk.sys
11:49:37.0930 0896 sffdisk - ok
11:49:37.0946 0896 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\windows\system32\drivers\sffp_mmc.sys
11:49:37.0946 0896 sffp_mmc - ok
11:49:37.0961 0896 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\windows\system32\drivers\sffp_sd.sys
11:49:37.0961 0896 sffp_sd - ok
11:49:37.0993 0896 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\windows\system32\drivers\sfloppy.sys
11:49:37.0993 0896 sfloppy - ok
11:49:38.0055 0896 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\windows\system32\drivers\sisraid2.sys
11:49:38.0055 0896 SiSRaid2 - ok
11:49:38.0086 0896 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\windows\system32\drivers\sisraid4.sys
11:49:38.0086 0896 SiSRaid4 - ok
11:49:38.0149 0896 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\windows\system32\DRIVERS\smb.sys
11:49:38.0149 0896 Smb - ok
11:49:38.0211 0896 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\windows\system32\drivers\spldr.sys
11:49:38.0211 0896 spldr - ok
11:49:38.0273 0896 srv (880a57fccb571ebd063d4dd50e93e46d) C:\windows\system32\DRIVERS\srv.sys
11:49:38.0273 0896 srv - ok
11:49:38.0351 0896 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\windows\system32\DRIVERS\srv2.sys
11:49:38.0351 0896 srv2 - ok
11:49:38.0398 0896 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\windows\system32\DRIVERS\srvnet.sys
11:49:38.0398 0896 srvnet - ok
11:49:38.0461 0896 STHDA (0c7bda7e9a329a071c080eb5210fe019) C:\windows\system32\DRIVERS\stwrt64.sys
11:49:38.0476 0896 STHDA - ok
11:49:38.0523 0896 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\windows\system32\DRIVERS\swenum.sys
11:49:38.0523 0896 swenum - ok
11:49:38.0570 0896 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\windows\system32\drivers\symc8xx.sys
11:49:38.0570 0896 Symc8xx - ok
11:49:38.0648 0896 Sym_hi (a909667976d3bccd1df813fed517d837) C:\windows\system32\drivers\sym_hi.sys
11:49:38.0648 0896 Sym_hi - ok
11:49:38.0679 0896 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\windows\system32\drivers\sym_u3.sys
11:49:38.0679 0896 Sym_u3 - ok
11:49:38.0773 0896 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\windows\system32\drivers\tcpip.sys
11:49:38.0773 0896 Tcpip - ok
11:49:38.0851 0896 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\windows\system32\DRIVERS\tcpip.sys
11:49:38.0851 0896 Tcpip6 - ok
11:49:38.0882 0896 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\windows\system32\drivers\tcpipreg.sys
11:49:38.0882 0896 tcpipreg - ok
11:49:38.0929 0896 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\windows\system32\drivers\tdpipe.sys
11:49:38.0929 0896 TDPIPE - ok
11:49:38.0944 0896 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\windows\system32\drivers\tdtcp.sys
11:49:38.0944 0896 TDTCP - ok
11:49:39.0007 0896 tdx (458919c8c42e398dc4802178d5ffee27) C:\windows\system32\DRIVERS\tdx.sys
11:49:39.0007 0896 tdx - ok
11:49:39.0085 0896 TermDD (8c19678d22649ec002ef2282eae92f98) C:\windows\system32\DRIVERS\termdd.sys
11:49:39.0085 0896 TermDD - ok
11:49:39.0147 0896 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\windows\system32\DRIVERS\tssecsrv.sys
11:49:39.0147 0896 tssecsrv - ok
11:49:39.0163 0896 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\windows\system32\DRIVERS\tunmp.sys
11:49:39.0163 0896 tunmp - ok
11:49:39.0178 0896 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\windows\system32\DRIVERS\tunnel.sys
11:49:39.0178 0896 tunnel - ok
11:49:39.0241 0896 uagp35 (fec266ef401966311744bd0f359f7f56) C:\windows\system32\drivers\uagp35.sys
11:49:39.0241 0896 uagp35 - ok
11:49:39.0287 0896 udfs (faf2640a2a76ed03d449e443194c4c34) C:\windows\system32\DRIVERS\udfs.sys
11:49:39.0287 0896 udfs - ok
11:49:39.0381 0896 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\windows\system32\drivers\uliagpkx.sys
11:49:39.0381 0896 uliagpkx - ok
11:49:39.0412 0896 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\windows\system32\drivers\uliahci.sys
11:49:39.0412 0896 uliahci - ok
11:49:39.0443 0896 UlSata (31707f09846056651ea2c37858f5ddb0) C:\windows\system32\drivers\ulsata.sys
11:49:39.0443 0896 UlSata - ok
11:49:39.0459 0896 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\windows\system32\drivers\ulsata2.sys
11:49:39.0475 0896 ulsata2 - ok
11:49:39.0490 0896 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\windows\system32\DRIVERS\umbus.sys
11:49:39.0490 0896 umbus - ok
11:49:39.0521 0896 usbccgp (07e3498fc60834219d2356293da0fecc) C:\windows\system32\DRIVERS\usbccgp.sys
11:49:39.0521 0896 usbccgp - ok
11:49:39.0568 0896 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\windows\system32\drivers\usbcir.sys
11:49:39.0584 0896 usbcir - ok
11:49:39.0615 0896 usbehci (827e44de934a736ea31e91d353eb126f) C:\windows\system32\DRIVERS\usbehci.sys
11:49:39.0615 0896 usbehci - ok
11:49:39.0677 0896 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\windows\system32\DRIVERS\usbhub.sys
11:49:39.0677 0896 usbhub - ok
11:49:39.0693 0896 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\windows\system32\drivers\usbohci.sys
11:49:39.0709 0896 usbohci - ok
11:49:39.0740 0896 usbprint (acfee697af477021bb3ec78c5431fed2) C:\windows\system32\drivers\usbprint.sys
11:49:39.0740 0896 usbprint - ok
11:49:39.0755 0896 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\windows\system32\DRIVERS\USBSTOR.SYS
11:49:39.0755 0896 USBSTOR - ok
11:49:39.0787 0896 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\windows\system32\DRIVERS\usbuhci.sys
11:49:39.0787 0896 usbuhci - ok
11:49:39.0818 0896 usbvideo (fc33099877790d51b0927b7039059855) C:\windows\system32\Drivers\usbvideo.sys
11:49:39.0818 0896 usbvideo - ok
11:49:39.0880 0896 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\windows\system32\DRIVERS\vgapnp.sys
11:49:39.0880 0896 vga - ok
11:49:39.0911 0896 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\windows\System32\drivers\vga.sys
11:49:39.0911 0896 VgaSave - ok
11:49:39.0911 0896 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\windows\system32\drivers\viaide.sys
11:49:39.0927 0896 viaide - ok
11:49:39.0958 0896 volmgr (2b7e885ed951519a12c450d24535dfca) C:\windows\system32\drivers\volmgr.sys
11:49:39.0958 0896 volmgr - ok
11:49:40.0052 0896 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\windows\system32\drivers\volmgrx.sys
11:49:40.0052 0896 volmgrx - ok
11:49:40.0099 0896 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\windows\system32\drivers\volsnap.sys
11:49:40.0099 0896 volsnap - ok
11:49:40.0130 0896 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\windows\system32\drivers\vsmraid.sys
11:49:40.0130 0896 vsmraid - ok
11:49:40.0145 0896 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\windows\system32\drivers\wacompen.sys
11:49:40.0145 0896 WacomPen - ok
11:49:40.0208 0896 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\windows\system32\DRIVERS\wanarp.sys
11:49:40.0208 0896 Wanarp - ok
11:49:40.0223 0896 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\windows\system32\DRIVERS\wanarp.sys
11:49:40.0223 0896 Wanarpv6 - ok
11:49:40.0270 0896 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\windows\system32\drivers\wd.sys
11:49:40.0270 0896 Wd - ok
11:49:40.0333 0896 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\windows\system32\drivers\Wdf01000.sys
11:49:40.0333 0896 Wdf01000 - ok
11:49:40.0411 0896 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\windows\system32\DRIVERS\wmiacpi.sys
11:49:40.0411 0896 WmiAcpi - ok
11:49:40.0457 0896 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\windows\system32\DRIVERS\wpdusb.sys
11:49:40.0473 0896 WpdUsb - ok
11:49:40.0535 0896 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\windows\system32\drivers\ws2ifsl.sys
11:49:40.0535 0896 ws2ifsl - ok
11:49:40.0598 0896 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\windows\system32\DRIVERS\WUDFRd.sys
11:49:40.0598 0896 WUDFRd - ok
11:49:40.0629 0896 MBR (0x1B8) (44a7c44eedfa37377ab19412a84052f7) \Device\Harddisk0\DR0
11:49:40.0660 0896 \Device\Harddisk0\DR0 - ok
11:49:40.0660 0896 Boot (0x1200) (0089c420653be68a7061e7aec04efa62) \Device\Harddisk0\DR0\Partition0
11:49:40.0676 0896 \Device\Harddisk0\DR0\Partition0 - ok
11:49:40.0676 0896 Boot (0x1200) (5f554c67224d17e4fc863f12726af868) \Device\Harddisk0\DR0\Partition1
11:49:40.0676 0896 \Device\Harddisk0\DR0\Partition1 - ok
11:49:40.0676 0896 ============================================================
11:49:40.0676 0896 Scan finished
11:49:40.0676 0896 ============================================================
11:49:40.0691 3448 Detected object count: 0
11:49:40.0691 3448 Actual detected object count: 0
atlmsl
Regular Member
 
Posts: 40
Joined: August 25th, 2011, 6:12 pm

Re: Credit card number stolen

Unread postby DFW » October 28th, 2011, 9:35 am

Hi atlmsl

Remove Programs
From Start, Control Panel, When the Control Panel window opens click on the Uninstall a program
Click each Entry below, choose Uninstall, and give permission to Continue:

Java(TM) 6 Update 7
Once java 7 update 7 is gone, close all windows.



Download OTL by OldTimer to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save).
  • Right click on OTL.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
  • Check the box marked Scan All Users and press the Run Scan button.
  • When the scan is complete, two text files will be saved to the Desktop and opened in Notepad:
    • OTL.txt <- this one will be maximized
    • and Extras.txt <-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTListIt.txt and Extras.txt in your reply


Please post back both logs
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Credit card number stolen

Unread postby atlmsl » October 30th, 2011, 1:50 pm

OTL Extras logfile created on: 10/30/2011 1:22:53 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michael\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 55.10% Memory free
8.12 Gb Paging File | 5.80 Gb Available in Paging File | 71.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.84 Gb Total Space | 195.31 Gb Free Space | 67.62% Space Free | Partition Type: NTFS
Drive D: | 9.25 Gb Total Space | 1.30 Gb Free Space | 14.01% Space Free | Partition Type: NTFS
Drive E: | 411.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\windows\System32\rundll32.exe" "C:\windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\windows\System32\rundll32.exe" "C:\windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 65 26 FE B3 60 6D CC 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6AA2F42F-B06E-4D17-AE69-E2694BD382A9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{E773FA9D-ACC5-49E1-86C6-65D259954D26}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E8078972-76B1-4F73-A252-F9BDF9A3B421}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F84777-9088-4C68-A614-0D50047FC560}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone v3\rosettastoneversion3.exe |
"{16968A3C-1667-454B-A4E8-41772AEF3262}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{22424B2E-4677-4CE5-9521-B7D649C1100C}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone v3\rosettastoneversion3.exe |
"{3B34EB19-E4D7-4E50-9CE5-2B8C0E7BF5C4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{44D99C8E-2E07-4930-8E87-9E3A9B12E01E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{82F50D8C-5813-4D39-A956-E4185C12106F}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{99A26AD2-2C4D-443E-BFB4-32B9201F9A87}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{9DA122E1-8AF5-44A7-9A87-C8DE3C49BB20}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{BAB1C114-F209-4ED6-8FDE-A5C5CE6A00ED}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{D089DD61-DD29-4EC4-A1D2-EC12FDC78AD0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D09DBC7B-DB48-4D6F-8712-CDE03B7A5518}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{EEA3EEE2-88C9-497F-A4E5-66B314A72F72}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{F44D2998-5726-4E06-9860-85AA023EC6E3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{22712FAD-DE04-4D50-82A6-3C7AC5D55AA2}" = HP User Guides 0101
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B1D348F4-C93C-429A-9C12-FE6AE11A4DF6}" = HP Help and Support
"{B7F77BC4-2045-4E65-B9E0-0DB490DCF542}" = HPTCSSetup
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/24/2011 8:17:41 AM | Computer Name = Michael-PC | Source = STacSV | ID = 268435455
Description =

Error - 9/25/2011 3:20:21 AM | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/28/2011 8:58:36 AM | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/5/2011 9:19:07 AM | Computer Name = Michael-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 14d0 Start Time: 01cc835c2edd59b0 Termination Time: 46

Error - 10/5/2011 9:55:26 PM | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2011 6:48:02 PM | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/13/2011 3:33:27 AM | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/15/2011 11:47:08 AM | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/20/2011 10:56:46 PM | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/24/2011 9:54:39 PM | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/2/2011 1:17:30 PM | Computer Name = Michael-PC | Source = HTTP | ID = 15016
Description =

Error - 9/2/2011 1:30:35 PM | Computer Name = Michael-PC | Source = HTTP | ID = 15016
Description =

Error - 9/2/2011 1:33:46 PM | Computer Name = Michael-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:31:00 PM on 9/2/2011 was unexpected.

Error - 9/2/2011 1:33:53 PM | Computer Name = Michael-PC | Source = HTTP | ID = 15016
Description =

Error - 9/2/2011 1:54:22 PM | Computer Name = Michael-PC | Source = HTTP | ID = 15016
Description =

Error - 9/2/2011 10:26:49 PM | Computer Name = Michael-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 0016EADB72D8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 9/3/2011 3:00:10 AM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 9/6/2011 3:33:33 PM | Computer Name = Michael-PC | Source = DCOM | ID = 10016
Description =

Error - 9/7/2011 3:18:18 AM | Computer Name = Michael-PC | Source = HTTP | ID = 15016
Description =

Error - 9/7/2011 9:01:50 AM | Computer Name = Michael-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0016EADB72D8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >




OTL logfile created on: 10/30/2011 1:22:46 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michael\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 55.10% Memory free
8.12 Gb Paging File | 5.80 Gb Available in Paging File | 71.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.84 Gb Total Space | 195.31 Gb Free Space | 67.62% Space Free | Partition Type: NTFS
Drive D: | 9.25 Gb Total Space | 1.30 Gb Free Space | 14.01% Space Free | Partition Type: NTFS
Drive E: | 411.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/30 13:21:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2011/10/15 11:47:32 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2008/04/25 19:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe


========== Modules (No Company Name) ==========

MOD - [2008/05/15 01:56:52 | 000,345,384 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2008/05/15 01:56:46 | 000,120,216 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2008/05/15 01:56:46 | 000,038,184 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2008/05/15 01:56:42 | 000,259,480 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapEngine.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/06/03 20:43:18 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/02/12 03:05:54 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\windows\SysNative\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 08:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/10/15 19:10:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/04/25 19:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/04/21 17:24:19 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2010/06/09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\windows\SysNative\DRIVERS\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\windows\SysNative\DRIVERS\kl1.sys -- (KL1)
DRV:64bit: - [2010/04/22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/03 20:43:18 | 000,486,400 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/11/21 22:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/11/17 15:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/07/17 12:38:16 | 000,143,248 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/06/12 01:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/06/04 00:55:16 | 000,129,536 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/04/14 17:05:42 | 000,161,792 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/31 19:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/01/23 20:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 22:47:27 | 000,214,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-614199513-1686933402-453439273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKU\S-1-5-21-614199513-1686933402-453439273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-614199513-1686933402-453439273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-614199513-1686933402-453439273-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/05/31 10:28:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2011/05/31 10:28:55 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-614199513-1686933402-453439273-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-614199513-1686933402-453439273-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.67 213.109.72.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B7F280B-A712-49B7-A4AB-65E4DA35C9D7}: DhcpNameServer = 213.109.65.67 213.109.72.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8A4E0B7-ED71-435F-B567-0DA3C2B1CA2A}: DhcpNameServer = 4.2.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\HPBronze.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\HPBronze.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/30 13:21:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011/10/27 11:20:49 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\tdsskiller
[2011/10/27 11:18:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2011/10/27 11:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/27 11:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/27 11:18:02 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/10/27 11:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/27 11:17:20 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Michael\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/25 10:28:47 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Michael\Desktop\dds.scr
[2011/10/15 19:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
[2011/10/15 19:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rosetta Stone
[2011/10/15 19:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\RosettaStoneLtdBackup
[2011/10/15 18:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/10/15 18:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2011/10/15 18:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2011/10/13 03:01:09 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2011/10/13 03:01:09 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2011/10/13 03:01:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2011/10/13 03:01:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2011/10/13 03:01:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2011/10/13 03:01:04 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2011/10/13 03:01:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2011/10/13 03:01:03 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2011/10/13 03:01:03 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2011/10/12 15:09:22 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2011/10/12 15:09:22 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UIAutomationCore.dll
[2011/10/12 15:09:22 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UIAutomationCore.dll
[2011/10/12 15:09:22 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleacc.dll
[2011/10/12 15:09:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\oleaccrc.dll
[2011/10/12 15:09:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaccrc.dll
[2011/10/12 15:09:12 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisdecd.dll
[2011/10/12 15:09:12 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisdecd.dll
[2011/10/12 15:09:12 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisrndr.ax
[2011/10/12 15:09:12 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisrndr.ax
[2011/10/12 15:09:12 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Mpeg2Data.ax
[2011/10/12 15:09:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSDvbNP.ax
[2011/10/12 15:09:12 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Mpeg2Data.ax
[2011/10/12 15:09:12 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSDvbNP.ax

========== Files - Modified Within 30 Days ==========

[2011/10/30 13:21:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011/10/30 13:08:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/27 11:19:42 | 001,545,338 | ---- | M] () -- C:\Users\Michael\Desktop\tdsskiller.zip
[2011/10/27 11:18:06 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/27 11:17:20 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Michael\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/25 14:09:14 | 000,003,216 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/25 14:09:14 | 000,003,216 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/25 10:28:47 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Michael\Desktop\dds.scr
[2011/10/24 22:00:22 | 000,703,388 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/10/24 22:00:22 | 000,604,502 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/10/24 22:00:22 | 000,104,170 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/10/24 21:54:40 | 000,000,290 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/10/24 21:53:58 | 4256,133,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/15 11:47:32 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/15 11:45:00 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2011/10/13 03:32:33 | 000,389,032 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/10/27 11:19:39 | 001,545,338 | ---- | C] () -- C:\Users\Michael\Desktop\tdsskiller.zip
[2011/10/27 11:18:06 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/20 16:14:15 | 000,003,584 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/19 22:40:44 | 000,000,164 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\wklnhst.dat
[2011/05/01 20:23:16 | 000,117,248 | ---- | C] () -- C:\windows\SysWow64\EhStorAuthn.dll
[2011/05/01 20:22:48 | 000,107,612 | ---- | C] () -- C:\windows\SysWow64\StructuredQuerySchema.bin
[2011/05/01 20:22:22 | 000,368,640 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2011/04/24 04:37:16 | 000,018,904 | ---- | C] () -- C:\windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/08/22 08:45:11 | 002,192,024 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2008/08/22 08:45:11 | 000,492,496 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2008/08/22 08:45:11 | 000,147,172 | ---- | C] () -- C:\windows\SysWow64\igfcg550.bin
[2008/08/22 08:04:36 | 000,000,012 | ---- | C] () -- C:\windows\bthservsdp.dat
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

< End of report >
atlmsl
Regular Member
 
Posts: 40
Joined: August 25th, 2011, 6:12 pm

Re: Credit card number stolen

Unread postby DFW » October 31st, 2011, 6:38 am

Hi atlmsl


Create a new System Restore point

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection > Creat.
  • Give this restore point a descriptive name and click Create.
  • Click Apply and OK.


We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [-HKEY_CLASSES_ROOT\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    
    :OTL
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.67 213.109.72.102
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B7F280B-A712-49B7-A4AB-65E4DA35C9D7}: DhcpNameServer = 213.109.65.67 213.109.72.102
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
    IE - HKU\S-1-5-21-614199513-1686933402-453439273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptyflash]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.



Run a ESET online scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Windows Vista or Windows 7 users, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Please post back with the

With a update on the computers performance after the above fix
Nod32 Scan results
OTL Log.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Credit card number stolen

Unread postby atlmsl » October 31st, 2011, 12:38 pm

Computer seems to be running fine right now. I'll keep messing with it and see how it runs. Here are the two logs:

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1B7F280B-A712-49B7-A4AB-65E4DA35C9D7}\\DhcpNameServer| /E : value set successfully!
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-614199513-1686933402-453439273-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Michael\Desktop\cmd.bat deleted successfully.
C:\Users\Michael\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Michael
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Michael
->Temp folder emptied: 36864 bytes
->Temporary Internet Files folder emptied: 292738849 bytes
->Java cache emptied: 43434 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 79042639 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 355.00 mb

File move failed. C:\windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 10312011_103546

Files\Folders moved on Reboot...
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\windows\temp\klsC5B2.tmp not found!
File move failed. C:\windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...





ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ed31c032b199b64e962cf542f427a76b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-31 04:23:43
# local_time=2011-10-31 12:23:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1280 16777215 100 0 16565081 16565081 0 0
# compatibility_mode=5892 16776573 100 56 0 156671255 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=282091
# found=0
# cleaned=0
# scan_time=5673
atlmsl
Regular Member
 
Posts: 40
Joined: August 25th, 2011, 6:12 pm

Re: Credit card number stolen

Unread postby atlmsl » October 31st, 2011, 2:07 pm

Okay I still am having issues with google searches and redirecting. Sometimes it's worse than others but when I click on the google result it opens a new tab with a spam site.
atlmsl
Regular Member
 
Posts: 40
Joined: August 25th, 2011, 6:12 pm

Re: Credit card number stolen

Unread postby DFW » October 31st, 2011, 2:54 pm

Hi atlmsl



Do you connect to the web though a DSL or Cable router??



Download and Run MalwareBytes' Anti-Malware It is free for home use.
Please go here to the Download Location, click on Download in the Free column..
When the next page comes up, click on the Download Now button.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Click the browse folders button, then click on Desktop on the left as the location for the installer and click Save again. Close the dialog when the download is complete.
  • You should now have a desktop icon named mbam-setup.exe. (If the download was saved somewhere else, locate it and copy or move it to your desktop).
  • Right click it, choose Run as administrator and Continue
  • Let it install where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
  • If necessary, start Malwarebytes Anti-Malware again.
    (You can Decline any Offer for a Trial if you don't want the paid version)
  • Once the program has started up, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.



Please download aswMBR and save it to your Desktop.

  • Right click aswMBR.exe and select " Run as administrator " to run it.
  • Click the Scan button.
  • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.



Update Adobe Reader
Older versions may have vulnerabilities that malware can use to infect your system.
Remove Adobe Reader 8.1.2
From Start, Control Panel, When the Control Panel window opens click on the Uninstall a program
Click on Adobe Reader 8.1.2, choose Uninstall, and give permission to Continue:
  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Go Here to download and install Adobe Reader X (10.1.1).
Right click it on the Adobe download, choose Run as administrator and Continue to install the newest version.


Reboot



Update Java:
Download the latest version of Java Runtime Environment (JRE) .
http://www.oracle.com/technetwork/java/ ... 13652.html
Check the box that says: "Accept License Agreement".
Go down to where it says Windows x86 Offline
Click the "Download" button to the right, and save to your desktop
Next
From Start, Control Panel, When the Control Panel window opens click on the Uninstall a program
Click on Java(TM) 6 Update 26, choose Uninstall, and give permission to Continue:
Reboot your computer once all Java components are removed.
Then Right click it on the Java download, choose Run as administrator and Continue to install the newest version.


Please post back

MalwareBytes Log
aswMBRLog
Answer to if you use a router
and confirm that the Java and Adobe update went well.

User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Credit card number stolen

Unread postby atlmsl » October 31st, 2011, 3:22 pm

I run through a cable router. Sometimes I worry the router has some issues too. When I had problems before I would be rerouted to spam sites all the time when I visited certain websites. When I took it to geek squad and connected to their system those same sites did not reroute me. I'll post back after I run the scans you requested.
atlmsl
Regular Member
 
Posts: 40
Joined: August 25th, 2011, 6:12 pm

Re: Credit card number stolen

Unread postby atlmsl » October 31st, 2011, 3:33 pm

I can't get malwarebytes to update. It says error every time I try update and it's 61 days out of update. Should I run it again anyway?
atlmsl
Regular Member
 
Posts: 40
Joined: August 25th, 2011, 6:12 pm

Re: Credit card number stolen

Unread postby DFW » October 31st, 2011, 3:41 pm

atlmsl wrote:I can't get malwarebytes to update. It says error every time I try update and it's 61 days out of update. Should I run it again anyway?



Leave the malwarebytes for now, we come back to it.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Credit card number stolen

Unread postby atlmsl » October 31st, 2011, 7:35 pm

Ok the aswMBR has made my computer restart twice. I hit scan and it brought up a blue screen and then restarted the computer without scanning. I tried it again and it did the same thing.
atlmsl
Regular Member
 
Posts: 40
Joined: August 25th, 2011, 6:12 pm

Re: Credit card number stolen

Unread postby DFW » November 1st, 2011, 6:52 am

Hi atlmsl


Leave aswMBR for now, we will try a different tool soon.



It does sound like your router may of been hijacked as well, It's going to need a full factory reset to sort it out.
A reset to factory default settings deletes the configuration profile settings, and you will need the Factory default password,
if you do not know the default password contact your IP, or check in the guide for it before you reset the router.

Using the router guide or information from your internet provider this is usally done by using a pen point or an unfolded paper clip to push the
recessed reset button on the back of the router, Push it in and keep it pressed in until the power LED and all the lights flash,
this will take about 10 seconds, and is dependent on the model, so please check before you begin

The Router will now restart.
using the default password log in and change the password.

This may stop all the redirects, please check and let me know.




Download and Run ComboFix (by sUBs)
Download ComboFix from one of the below links and save it to your Desktop.
Link 1
Link 2

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix.

  • You must run Combofix from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    For instructions on how to disable your security programs, please see this topic below
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Right click it, choose Run as administrator and Continueand follow the prompts.
    Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper



Post back with

Router information
Combofix Log

User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 382 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware