Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hijacked browser - Random words change to spam links

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

hijacked browser - Random words change to spam links

Unread postby pey321 » November 1st, 2011, 8:51 pm

Hi,

I have been dealing with a very "hard to remove" spy ware for a long time. I have been working with "SpyWareHammer" forum (spywarehammer.com) during last couple of months. They have not been able to remove the spyware completely after trying 6-7 different mall ware removal tools. I am not angry of them since spyware removal can be very hard sometimes, but I am upset since the spyware is not removed completely.

I became even more upset today when I received a phone call from my bank. They informed me that my credit card information has been stolen online and has been abused. They told me it can be a result of a SpyWare on your computer.

I am wondering if you can try anything new that the “spywarehammer” team has not already tried. May be you are more familiar with this case or have more information in this regard.

You can see my full thread with "SpyWareHammer" at the following link:

http://spywarehammer.com/simplemachines ... ic=11597.0

If you want I can send the full thread posts in PDF format as an attachment.




Here is the description of the spyware as I posted on "SpyWareHammer" :

“I have Windows 7 installed on my Dell laptop that I bought about 1 year ago
(Laptop came with Windows installed) . Additionally I have purchased and
installed McAfee anti virus.
Every thing was OK until about 2/3 weeks ago when I noticed that there are some
unusual hyper links in the web pages that I browse.

It looks like that there is a special spyware that selects random words in a
text that is displayed in a browser and changes them to a hyper link.

As an example there is a web page with the following word in it:

"... customer ..."

The word "customer" is changed to a hyperlink only when this web page is
displayed in a browser.

(IE, Mozilla, Chrome, all of them have the same problem)

When I browse the same page from my friends computer every think is fine and
text is displayed normally.


The HTML source of this web page is normal (The word "customer" is just a normal
text and there is no hyper link defined).

But after the page is displayed in a browser (and after a few seconds) the word
"customer" is changed to an underlined hyperlink.

It looks like that some sort of spyware scans the page and chooses random
words and changes them to hyper links.


The hyper links are links to webpages like:

hxxp://surveysforgifts.org/int/canada/? ... w=customer

or

hxxp://www.dealfind.com/subscribe?a=74d839c202a4


That are used for advertising purposes.”






Please let me know you can help me in this regard.



------------------------------------------------------------------------------------------------------------------

Here are the logs that you have requested:

DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by p at 20:03:31 on 2011-11-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2935.1682 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Utils\Mozilla Firefox\firefox.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Utils\Mozilla Firefox\plugin-container.exe
C:\Utils\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\splwow64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111010165509.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 64.71.255.198
TCP: Interfaces\{81D9875D-1B45-4FB4-BDF7-CAA4627FEAFF} : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{81D9875D-1B45-4FB4-BDF7-CAA4627FEAFF}\77962756C6563737D2C627 : DhcpNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111010165509.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\p\AppData\Roaming\Mozilla\Firefox\Profiles\aliulrth.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Utils\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-8 10408]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-1-9 89600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-9 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-24 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-24 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-24 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-24 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-9-24 199008]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-9-24 208272]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-9 689472]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cpextender;Check Point SSL Network Extender;C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [2006-6-12 303199]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-22 136176]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-22 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-11-01 23:52:41 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A9488600-11A4-4D34-B642-F07A9B5DE116}\offreg.dll
2011-11-01 23:52:39 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A9488600-11A4-4D34-B642-F07A9B5DE116}\mpengine.dll
2011-10-28 02:10:32 0 ----a-w- C:\Windows\SysWow64\shoD34A.tmp
2011-10-25 20:23:41 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-25 20:23:41 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-10-18 06:15:43 -------- d-----w- C:\Program Files (x86)\Source Insight 3
2011-10-16 01:19:31 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-16 01:19:27 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-16 01:19:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-16 01:19:26 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-16 01:19:25 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-16 01:19:01 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-10-14 23:30:56 -------- d-----w- C:\_OTL
2011-10-04 02:29:49 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-10-03 23:47:08 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2011-10-03 23:46:42 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-10-03 23:46:42 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
.
==================== Find3M ====================
.
2011-11-01 23:47:25 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2011-11-01 23:47:23 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-14 01:37:28 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2011-09-14 01:36:55 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-19 19:59:28 158832 ----a-w- C:\Windows\System32\mfevtps.exe
2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-08-15 14:00:06 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-08-15 14:00:06 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-08-15 14:00:06 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-08-15 14:00:06 642824 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-08-15 14:00:06 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-08-15 14:00:06 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-08-15 14:00:06 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-08-15 14:00:06 158584 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-08-15 14:00:06 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
.
============= FINISH: 20:04:45.64 ===============




Attach.txt:



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 18/01/2011 8:44:51 PM
System Uptime: 01/11/2011 7:46:57 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0WXY9J
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU 1 | 2394/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 175.275 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP93: 13/10/2011 7:29:22 PM - OTL Restore Point - 10/13/2011 7:29:19 PM
RP94: 15/10/2011 9:17:44 PM - Windows Update
RP95: 16/10/2011 12:58:02 AM - Windows Update
RP96: 21/10/2011 6:42:08 PM - Windows Update
RP97: 23/10/2011 12:19:27 AM - Removed WinZip 15.5
RP98: 25/10/2011 4:23:47 PM - Windows Update
RP99: 25/10/2011 10:55:12 PM - Windows Update
RP100: 27/10/2011 5:58:33 PM - Installed Java(TM) 6 Update 29
RP101: 01/11/2011 7:52:10 PM - Windows Update
.
==== Installed Programs ======================
.
Absolute Notifier
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Advanced Audio FX Engine
Check Point SSL Network Extender
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Consumer In-Home Service Agreement
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Driver Download Manager
Dell Getting Started Guide
Dell Webcam Central
ESET Online Scanner v3
Facetheme
Google Earth
Google Update Helper
HiJackThis
IDT Audio
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Live! Cam Avatar Creator
McAfee SecurityCenter
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Student 2010 - English
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 6.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
NX Client for Windows 3.3.0-6
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Roxio Burn
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Source Insight 3.5
Total Commander (Remove or Repair)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update Installer for WildTangent Games App
VLC media player 1.1.11
WildTangent Games
WildTangent Games App
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinSCP 4.2.7
.
==== Event Viewer Messages From Past Week ========
.
30/10/2011 9:32:15 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
01/11/2011 7:47:54 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
01/11/2011 7:47:17 PM, Error: Service Control Manager [7003] - The Check Point SSL Network Extender service depends the following service: VNA. This service might not be installed.
.
==== End Of File ===========================
pey321
Regular Member
 
Posts: 20
Joined: November 1st, 2011, 8:13 pm
Advertisement
Register to Remove

Re: hijacked browser - Random words change to spam links

Unread postby deltalima » November 4th, 2011, 4:25 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: hijacked browser - Random words change to spam links

Unread postby deltalima » November 4th, 2011, 4:42 pm

Hi pey321,

It looks like your helper at SpyWareHammer did a pretty thorough job, please be aware that we will be starting afresh and you may need to run many of the scans that you have already run.

It may well be that the only way to clean the computer in a timely manner is to re-install Windows.

Before we start, could you please let me know what the following programs are used for.

Code: Select all
Check Point SSL Network Extender
NX Client for Windows 3.3.0-6
Source Insight 3.5


Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: hijacked browser - Random words change to spam links

Unread postby pey321 » November 4th, 2011, 7:23 pm

I am not using:

Check Point SSL Network Extender
and
NX Client for Windows 3.3.0-6

any more. I think I used them before to be able to login to other computers remotely. But I am not using them now. If you want I can uninstall them.

Source Insight is a powerful editor for developing/editing/understanding the source code of any C/C++ program. The version that I have on my computer is a trial version. I am using this software on a regular basis and prefer to keep it.

Thanks
pey321
Regular Member
 
Posts: 20
Joined: November 1st, 2011, 8:13 pm

Re: hijacked browser - Random words change to spam links

Unread postby deltalima » November 4th, 2011, 7:28 pm

I think I used them before to be able to login to other computers remotely


Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: hijacked browser - Random words change to spam links

Unread postby pey321 » November 5th, 2011, 6:32 pm

I use this computer solely in home and never connect it to any business network.

I am interested in computer programming. Recently I have been reviewing the source code of a few open source programs using Source Insight. But I do this only for fun (and to become familiar with different programming techniques) and I don't make any money from it. If you think Source Insight can make trouble, I can uninstall it but I prefer to keep it.

Very occasionally I used to connect to an account that I have on Linux servers of my university (using NX client) to test running my course assignment on Linux, but I am not doing this any more.
pey321
Regular Member
 
Posts: 20
Joined: November 1st, 2011, 8:13 pm

Re: hijacked browser - Random words change to spam links

Unread postby deltalima » November 6th, 2011, 2:47 pm

Hi pey321,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.


Before we proceed, please uninstall Facetheme.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: hijacked browser - Random words change to spam links

Unread postby pey321 » November 7th, 2011, 9:05 am

Hi,

Sorry but I was attacked by another nasty Trojan last night ! I am not sure why I am having so many mall-ware problems in spite of having McAfee installed.

My first priority is to deal with this new issue now;

Last night I suddenly noticed that I have problem accessing the HDD when I was reading a web page ( unfortunately I don't remember the page now).
Lots of pop up menus opened indicating that the files are not readable and my HDD has problem. Suddenly I noticed that all the items on my desktop have been mysteriously disappeared ! and I can not see any files in C: drive (Only empty directories). Mean while a new Window opened with the title "System Restore" and automatically scanned my computer and reported that I have several HDD problems. Initially I thought that this is a valid system tool so I pressed the fix button. Some of the issues were fixed. In order to fix all the issues I had to purchase the full version of the software. The software redirected me to a website asking me to enter my credit card information to purchase the full version of software. But I realized that the website is fake (fake IE, it was designed in a very stupid way; the address bar reading "www.system-restore.com" was fake and was not editable)

Meanwhile I noticed that McAfee is trying to remove a Trojan called "FakeAlert!grd". It indicated that the Trojan is removed successfully but when I restarted the computer the above scenarios repeated (Lots of pop up menu indicating that the files are not readable, system error messages regarding HDD/RAM problem, McAfee trying to remove the same Trojan and there is absolutely no files on my C: drive, even the empty directories are gone this time. Then the fake system restore check and ...)

I was not able to open a FireFox or IE. I ran system tool (Windows 7.0) "drive scan" for C: drive, all the files were scanned before Windows start up and they were all OK but I was not able to see them !

Using the help button of the McAfee control center I opened a new page in FireFox (This is the only way that I can access internet now) and searched for the "FakeAlert!grd" and realized that all the HDD problems are created (or faked) by this Trojan. I downloaded "stinger.exe" that was recommended in a Forum and ran it but the problem still existed (Even though stinger removed the Trojan). Then tried the famous "Malwarebytes" in "Windows safe mode" with networking.

It looks like the "Malwarebytes" has successfully removed the Trojan but I still can not see any files (except the newly downloaded "stinger.exe" and "Malwarebytes") on my C: drive (I have only a C: drive). But the HDD error messages and the pop up menus and the fake "system restore" are gone.

I read somewhere that I have to use "unhide.exe" for the file problem. But the issue is that when I download it, FireFox copies it to the "Download folder" automatically and this folder is hidden and I can not access the downloaded program (As I mentioned, I cannot see any directories on my PC, only two files that I downloaded" and the "Malwarebytes" log file). The only successful download is when I can choose the directory to "save as" and I save it on C:\

I may be able to download it from another computer to a USB drive then copy it to my PC.
But I don't want go further before you give me some advise in this regard.

Sorry that I did all of this on my own. But I was very impatient last night to solve this issue asap and recover my files. If you want I can post the Malwarebyte log.

I appreciate if you help me recover the files and let me know what else I should do.

Thanks
pey321
Regular Member
 
Posts: 20
Joined: November 1st, 2011, 8:13 pm

Re: hijacked browser - Random words change to spam links

Unread postby deltalima » November 7th, 2011, 4:47 pm

Hi pey321,

Sorry that I did all of this on my own. But I was very impatient last night to solve this issue asap and recover my files.


Please do resist the temptation to fix the problem as it makes my job harder.

We need to run some scans now to see what changes the infection has made to your computer.

I may be able to download it from another computer to a USB drive then copy it to my PC.


You will need to download the following tools to a USB drive then copy to the infected computer.

Rkill

Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • A notepad windows will open, please post the contents in your next reply
  • This log can also be found at C:\rkill.log
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.


TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Right click the TDSSKiller icon on you're desktop and select: Run as Administrator then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.

Next, run a quick scan with Malwarebytes and post the log in your next reply.

Now download unhide.exe from here. Use the USB drive to copy to your desktop then double-click on the Unhide.exe icon on your desktop and allow the program to run.

Now download OTL as per my previous instructions via the USB drive then post the logs in your next reply and let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: hijacked browser - Random words change to spam links

Unread postby pey321 » November 7th, 2011, 9:23 pm

**** Please remove this post, since it is a duplication of the next post ****

Thank you for helping to recover the files.
Every thing looks OK except that a new suspicious behavior; I can not eject (safe remove) a USB drive after it is connected. There is a persistent message indicating that a program is still using it. Could it be a mall-ware trying to infect it?

rkill.log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/11/2011 at 17:31:45.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 07/11/2011 at 17:33:04.


TDSSKiller.2.6.16.0_07.11.2011_17.34.16_log:


17:34:16.0221 4808 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
17:34:17.0188 4808 ============================================================
17:34:17.0188 4808 Current date / time: 2011/11/07 17:34:17.0188
17:34:17.0188 4808 SystemInfo:
17:34:17.0188 4808
17:34:17.0188 4808 OS Version: 6.1.7601 ServicePack: 1.0
17:34:17.0188 4808 Product type: Workstation
17:34:17.0188 4808 ComputerName: PEYMAN-PC
17:34:17.0188 4808 UserName: p
17:34:17.0188 4808 Windows directory: C:\Windows
17:34:17.0188 4808 System windows directory: C:\Windows
17:34:17.0188 4808 Running under WOW64
17:34:17.0188 4808 Processor architecture: Intel x64
17:34:17.0188 4808 Number of processors: 4
17:34:17.0188 4808 Page size: 0x1000
17:34:17.0188 4808 Boot type: Normal boot
17:34:17.0188 4808 ============================================================
17:34:17.0953 4808 Initialize success
17:34:22.0149 3352 ============================================================
17:34:22.0149 3352 Scan started
17:34:22.0149 3352 Mode: Manual;
17:34:22.0149 3352 ============================================================
17:34:22.0617 3352 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:34:22.0695 3352 1394ohci - ok
17:34:22.0773 3352 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:34:22.0773 3352 ACPI - ok
17:34:22.0835 3352 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:34:22.0882 3352 AcpiPmi - ok
17:34:23.0069 3352 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:34:23.0101 3352 adp94xx - ok
17:34:23.0116 3352 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:34:23.0132 3352 adpahci - ok
17:34:23.0163 3352 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:34:23.0163 3352 adpu320 - ok
17:34:23.0319 3352 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
17:34:23.0381 3352 AFD - ok
17:34:23.0428 3352 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:34:23.0428 3352 agp440 - ok
17:34:23.0475 3352 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:34:23.0491 3352 aliide - ok
17:34:23.0506 3352 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:34:23.0506 3352 amdide - ok
17:34:23.0553 3352 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:34:23.0569 3352 AmdK8 - ok
17:34:23.0584 3352 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:34:23.0584 3352 AmdPPM - ok
17:34:23.0647 3352 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:34:23.0709 3352 amdsata - ok
17:34:23.0725 3352 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:34:23.0740 3352 amdsbs - ok
17:34:23.0771 3352 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:34:23.0818 3352 amdxata - ok
17:34:23.0896 3352 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:34:23.0943 3352 AppID - ok
17:34:23.0990 3352 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:34:23.0990 3352 arc - ok
17:34:24.0037 3352 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:34:24.0052 3352 arcsas - ok
17:34:24.0115 3352 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:34:24.0115 3352 AsyncMac - ok
17:34:24.0130 3352 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:34:24.0146 3352 atapi - ok
17:34:24.0177 3352 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:34:24.0193 3352 b06bdrv - ok
17:34:24.0208 3352 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:34:24.0224 3352 b57nd60a - ok
17:34:24.0286 3352 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
17:34:24.0333 3352 BCM42RLY - ok
17:34:24.0411 3352 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
17:34:24.0473 3352 BCM43XX - ok
17:34:24.0505 3352 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
17:34:24.0536 3352 BcmVWL - ok
17:34:24.0551 3352 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:34:24.0567 3352 Beep - ok
17:34:24.0583 3352 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:34:24.0598 3352 blbdrive - ok
17:34:24.0614 3352 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:34:24.0661 3352 bowser - ok
17:34:24.0676 3352 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:34:24.0676 3352 BrFiltLo - ok
17:34:24.0692 3352 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:34:24.0692 3352 BrFiltUp - ok
17:34:24.0707 3352 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:34:24.0723 3352 Brserid - ok
17:34:24.0739 3352 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:34:24.0739 3352 BrSerWdm - ok
17:34:24.0754 3352 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:34:24.0754 3352 BrUsbMdm - ok
17:34:24.0770 3352 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:34:24.0770 3352 BrUsbSer - ok
17:34:24.0817 3352 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
17:34:24.0817 3352 BthEnum - ok
17:34:24.0832 3352 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:34:24.0832 3352 BTHMODEM - ok
17:34:24.0879 3352 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:34:24.0879 3352 BthPan - ok
17:34:24.0957 3352 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
17:34:25.0004 3352 BTHPORT - ok
17:34:25.0066 3352 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
17:34:25.0113 3352 BTHUSB - ok
17:34:25.0160 3352 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
17:34:25.0222 3352 btusbflt - ok
17:34:25.0238 3352 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
17:34:25.0285 3352 btwaudio - ok
17:34:25.0316 3352 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
17:34:25.0347 3352 btwavdt - ok
17:34:25.0394 3352 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
17:34:25.0425 3352 btwl2cap - ok
17:34:25.0456 3352 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
17:34:25.0487 3352 btwrchid - ok
17:34:25.0519 3352 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:34:25.0519 3352 cdfs - ok
17:34:25.0565 3352 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:34:25.0597 3352 cdrom - ok
17:34:25.0628 3352 cfwids (75f91554e5fa6e962b880405fecc97a1) C:\Windows\system32\drivers\cfwids.sys
17:34:25.0690 3352 cfwids - ok
17:34:25.0706 3352 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:34:25.0706 3352 circlass - ok
17:34:25.0768 3352 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:34:25.0784 3352 CLFS - ok
17:34:25.0815 3352 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:34:25.0831 3352 CmBatt - ok
17:34:25.0877 3352 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:34:25.0877 3352 cmdide - ok
17:34:25.0909 3352 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
17:34:25.0971 3352 CNG - ok
17:34:25.0987 3352 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:34:25.0987 3352 Compbatt - ok
17:34:26.0033 3352 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:34:26.0080 3352 CompositeBus - ok
17:34:26.0127 3352 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:34:26.0127 3352 crcdisk - ok
17:34:26.0174 3352 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
17:34:26.0236 3352 CtClsFlt - ok
17:34:26.0283 3352 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:34:26.0330 3352 DfsC - ok
17:34:26.0345 3352 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:34:26.0345 3352 discache - ok
17:34:26.0361 3352 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:34:26.0361 3352 Disk - ok
17:34:26.0392 3352 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:34:26.0392 3352 drmkaud - ok
17:34:26.0455 3352 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:34:26.0517 3352 DXGKrnl - ok
17:34:26.0611 3352 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:34:26.0735 3352 ebdrv - ok
17:34:26.0767 3352 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:34:26.0782 3352 elxstor - ok
17:34:26.0829 3352 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:34:26.0829 3352 ErrDev - ok
17:34:26.0860 3352 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:34:26.0876 3352 exfat - ok
17:34:26.0907 3352 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:34:26.0907 3352 fastfat - ok
17:34:26.0923 3352 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:34:26.0923 3352 fdc - ok
17:34:26.0954 3352 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:34:26.0954 3352 FileInfo - ok
17:34:26.0969 3352 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:34:26.0985 3352 Filetrace - ok
17:34:26.0985 3352 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:34:27.0001 3352 flpydisk - ok
17:34:27.0032 3352 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:34:27.0063 3352 FltMgr - ok
17:34:27.0110 3352 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:34:27.0110 3352 FsDepends - ok
17:34:27.0141 3352 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:34:27.0141 3352 Fs_Rec - ok
17:34:27.0172 3352 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:34:27.0219 3352 fvevol - ok
17:34:27.0250 3352 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:34:27.0250 3352 gagp30kx - ok
17:34:27.0297 3352 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:34:27.0313 3352 hcw85cir - ok
17:34:27.0344 3352 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:34:27.0391 3352 HdAudAddService - ok
17:34:27.0422 3352 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:34:27.0422 3352 HDAudBus - ok
17:34:27.0469 3352 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
17:34:27.0531 3352 HECIx64 - ok
17:34:27.0531 3352 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:34:27.0547 3352 HidBatt - ok
17:34:27.0562 3352 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:34:27.0562 3352 HidBth - ok
17:34:27.0593 3352 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:34:27.0593 3352 HidIr - ok
17:34:27.0625 3352 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
17:34:27.0687 3352 HidUsb - ok
17:34:27.0734 3352 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:34:27.0765 3352 HpSAMD - ok
17:34:27.0796 3352 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:34:27.0843 3352 HTTP - ok
17:34:27.0874 3352 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:34:27.0905 3352 hwpolicy - ok
17:34:27.0952 3352 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:34:27.0968 3352 i8042prt - ok
17:34:27.0999 3352 iaStor (2064090c9faad92c090d77e50e735b2e) C:\Windows\system32\DRIVERS\iaStor.sys
17:34:27.0999 3352 iaStor - ok
17:34:28.0046 3352 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:34:28.0108 3352 iaStorV - ok
17:34:28.0327 3352 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:34:28.0607 3352 igfx - ok
17:34:28.0639 3352 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:34:28.0639 3352 iirsp - ok
17:34:28.0685 3352 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
17:34:28.0717 3352 Impcd - ok
17:34:28.0795 3352 IntcDAud (c6c1f19205da83c801be7c25f4e2ee07) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:34:28.0857 3352 IntcDAud - ok
17:34:28.0888 3352 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:34:28.0904 3352 intelide - ok
17:34:28.0935 3352 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:34:28.0935 3352 intelppm - ok
17:34:28.0982 3352 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:34:29.0044 3352 IpFilterDriver - ok
17:34:29.0091 3352 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:34:29.0122 3352 IPMIDRV - ok
17:34:29.0138 3352 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:34:29.0138 3352 IPNAT - ok
17:34:29.0169 3352 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:34:29.0169 3352 IRENUM - ok
17:34:29.0200 3352 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:34:29.0216 3352 isapnp - ok
17:34:29.0263 3352 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:34:29.0309 3352 iScsiPrt - ok
17:34:29.0372 3352 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:34:29.0372 3352 kbdclass - ok
17:34:29.0434 3352 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:34:29.0497 3352 kbdhid - ok
17:34:29.0512 3352 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
17:34:29.0543 3352 KSecDD - ok
17:34:29.0575 3352 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
17:34:29.0621 3352 KSecPkg - ok
17:34:29.0637 3352 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:34:29.0637 3352 ksthunk - ok
17:34:29.0668 3352 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:34:29.0668 3352 lltdio - ok
17:34:29.0699 3352 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:34:29.0715 3352 LSI_FC - ok
17:34:29.0731 3352 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:34:29.0731 3352 LSI_SAS - ok
17:34:29.0731 3352 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:34:29.0746 3352 LSI_SAS2 - ok
17:34:29.0746 3352 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:34:29.0762 3352 LSI_SCSI - ok
17:34:29.0793 3352 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:34:29.0793 3352 luafv - ok
17:34:29.0824 3352 MBAMProtector - ok
17:34:29.0887 3352 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:34:29.0887 3352 megasas - ok
17:34:29.0918 3352 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:34:29.0918 3352 MegaSR - ok
17:34:29.0965 3352 mfeapfk (eac376dd77ec9e95d38108a27c261dca) C:\Windows\system32\drivers\mfeapfk.sys
17:34:30.0011 3352 mfeapfk - ok
17:34:30.0058 3352 mfeavfk (f55f50b11d635658f346db0457bb2b79) C:\Windows\system32\drivers\mfeavfk.sys
17:34:30.0105 3352 mfeavfk - ok
17:34:30.0152 3352 mfeavfk01 - ok
17:34:30.0245 3352 mfefirek (33b8e35c5839a83d6700aab3e464553b) C:\Windows\system32\drivers\mfefirek.sys
17:34:30.0308 3352 mfefirek - ok
17:34:30.0355 3352 mfehidk (ada8c105c8f9a61284c75157c170585b) C:\Windows\system32\drivers\mfehidk.sys
17:34:30.0401 3352 mfehidk - ok
17:34:30.0448 3352 mfenlfk (c52ee6d1e1e5a69c989acc478051964e) C:\Windows\system32\DRIVERS\mfenlfk.sys
17:34:30.0479 3352 mfenlfk - ok
17:34:30.0526 3352 mferkdet (b000720e19ef733f938a6269d630f5dd) C:\Windows\system32\drivers\mferkdet.sys
17:34:30.0589 3352 mferkdet - ok
17:34:30.0620 3352 mfewfpk (62717ab68b38efee54678b85e19b0538) C:\Windows\system32\drivers\mfewfpk.sys
17:34:30.0667 3352 mfewfpk - ok
17:34:30.0682 3352 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:34:30.0682 3352 Modem - ok
17:34:30.0729 3352 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:34:30.0729 3352 monitor - ok
17:34:30.0776 3352 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
17:34:30.0791 3352 mouclass - ok
17:34:30.0807 3352 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:34:30.0823 3352 mouhid - ok
17:34:30.0854 3352 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:34:30.0901 3352 mountmgr - ok
17:34:30.0947 3352 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:34:31.0010 3352 mpio - ok
17:34:31.0057 3352 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:34:31.0072 3352 mpsdrv - ok
17:34:31.0119 3352 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:34:31.0166 3352 MRxDAV - ok
17:34:31.0228 3352 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:34:31.0275 3352 mrxsmb - ok
17:34:31.0306 3352 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:34:31.0353 3352 mrxsmb10 - ok
17:34:31.0384 3352 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:34:31.0415 3352 mrxsmb20 - ok
17:34:31.0447 3352 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:34:31.0478 3352 msahci - ok
17:34:31.0509 3352 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:34:31.0587 3352 msdsm - ok
17:34:31.0634 3352 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:34:31.0634 3352 Msfs - ok
17:34:31.0649 3352 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:34:31.0665 3352 mshidkmdf - ok
17:34:31.0681 3352 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:34:31.0681 3352 msisadrv - ok
17:34:31.0727 3352 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:34:31.0727 3352 MSKSSRV - ok
17:34:31.0759 3352 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:34:31.0759 3352 MSPCLOCK - ok
17:34:31.0774 3352 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:34:31.0774 3352 MSPQM - ok
17:34:31.0805 3352 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:34:31.0852 3352 MsRPC - ok
17:34:31.0868 3352 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:34:31.0868 3352 mssmbios - ok
17:34:31.0883 3352 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:34:31.0883 3352 MSTEE - ok
17:34:31.0883 3352 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:34:31.0899 3352 MTConfig - ok
17:34:31.0915 3352 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:34:31.0930 3352 Mup - ok
17:34:31.0961 3352 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:34:31.0977 3352 NativeWifiP - ok
17:34:32.0008 3352 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:34:32.0024 3352 NDIS - ok
17:34:32.0055 3352 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:34:32.0055 3352 NdisCap - ok
17:34:32.0086 3352 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:34:32.0086 3352 NdisTapi - ok
17:34:32.0133 3352 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:34:32.0180 3352 Ndisuio - ok
17:34:32.0227 3352 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:34:32.0289 3352 NdisWan - ok
17:34:32.0336 3352 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:34:32.0398 3352 NDProxy - ok
17:34:32.0429 3352 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:34:32.0429 3352 NetBIOS - ok
17:34:32.0445 3352 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:34:32.0476 3352 NetBT - ok
17:34:32.0507 3352 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:34:32.0507 3352 nfrd960 - ok
17:34:32.0539 3352 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:34:32.0539 3352 Npfs - ok
17:34:32.0554 3352 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:34:32.0554 3352 nsiproxy - ok
17:34:32.0617 3352 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:34:32.0788 3352 Ntfs - ok
17:34:32.0804 3352 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:34:32.0804 3352 Null - ok
17:34:32.0851 3352 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:34:32.0897 3352 nvraid - ok
17:34:32.0944 3352 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:34:32.0991 3352 nvstor - ok
17:34:33.0007 3352 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:34:33.0022 3352 nv_agp - ok
17:34:33.0053 3352 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:34:33.0069 3352 ohci1394 - ok
17:34:33.0131 3352 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:34:33.0131 3352 Parport - ok
17:34:33.0178 3352 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:34:33.0241 3352 partmgr - ok
17:34:33.0272 3352 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:34:33.0319 3352 pci - ok
17:34:33.0350 3352 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:34:33.0350 3352 pciide - ok
17:34:33.0381 3352 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:34:33.0381 3352 pcmcia - ok
17:34:33.0428 3352 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:34:33.0428 3352 pcw - ok
17:34:33.0459 3352 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:34:33.0475 3352 PEAUTH - ok
17:34:33.0553 3352 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:34:33.0615 3352 PptpMiniport - ok
17:34:33.0646 3352 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:34:33.0646 3352 Processor - ok
17:34:33.0709 3352 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:34:33.0709 3352 Psched - ok
17:34:33.0740 3352 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
17:34:33.0787 3352 PxHlpa64 - ok
17:34:33.0833 3352 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:34:33.0880 3352 ql2300 - ok
17:34:33.0880 3352 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:34:33.0896 3352 ql40xx - ok
17:34:33.0911 3352 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:34:33.0911 3352 QWAVEdrv - ok
17:34:33.0927 3352 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:34:33.0927 3352 RasAcd - ok
17:34:33.0974 3352 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:34:33.0974 3352 RasAgileVpn - ok
17:34:34.0036 3352 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:34:34.0099 3352 Rasl2tp - ok
17:34:34.0130 3352 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:34:34.0130 3352 RasPppoe - ok
17:34:34.0161 3352 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:34:34.0161 3352 RasSstp - ok
17:34:34.0192 3352 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:34:34.0239 3352 rdbss - ok
17:34:34.0270 3352 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:34:34.0270 3352 rdpbus - ok
17:34:34.0286 3352 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:34:34.0301 3352 RDPCDD - ok
17:34:34.0301 3352 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:34:34.0317 3352 RDPENCDD - ok
17:34:34.0317 3352 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:34:34.0333 3352 RDPREFMP - ok
17:34:34.0364 3352 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:34:34.0411 3352 RDPWD - ok
17:34:34.0411 3352 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:34:34.0457 3352 rdyboost - ok
17:34:34.0520 3352 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:34:34.0535 3352 RFCOMM - ok
17:34:34.0598 3352 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:34:34.0598 3352 rspndr - ok
17:34:34.0645 3352 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\Windows\system32\Drivers\RtsUStor.sys
17:34:34.0691 3352 RSUSBSTOR - ok
17:34:34.0738 3352 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:34:34.0816 3352 RTL8167 - ok
17:34:34.0863 3352 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:34:34.0910 3352 sbp2port - ok
17:34:34.0941 3352 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:34:34.0988 3352 scfilter - ok
17:34:35.0003 3352 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:34:35.0003 3352 secdrv - ok
17:34:35.0035 3352 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:34:35.0050 3352 Serenum - ok
17:34:35.0050 3352 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:34:35.0066 3352 Serial - ok
17:34:35.0081 3352 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:34:35.0097 3352 sermouse - ok
17:34:35.0144 3352 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:34:35.0159 3352 sffdisk - ok
17:34:35.0159 3352 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:34:35.0175 3352 sffp_mmc - ok
17:34:35.0191 3352 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:34:35.0237 3352 sffp_sd - ok
17:34:35.0237 3352 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:34:35.0253 3352 sfloppy - ok
17:34:35.0315 3352 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:34:35.0378 3352 Sftfs - ok
17:34:35.0440 3352 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:34:35.0487 3352 Sftplay - ok
17:34:35.0518 3352 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:34:35.0565 3352 Sftredir - ok
17:34:35.0581 3352 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:34:35.0627 3352 Sftvol - ok
17:34:35.0643 3352 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:34:35.0643 3352 SiSRaid2 - ok
17:34:35.0659 3352 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:34:35.0674 3352 SiSRaid4 - ok
17:34:35.0674 3352 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:34:35.0690 3352 Smb - ok
17:34:35.0721 3352 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:34:35.0721 3352 spldr - ok
17:34:35.0752 3352 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:34:35.0799 3352 srv - ok
17:34:35.0830 3352 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:34:35.0893 3352 srv2 - ok
17:34:35.0908 3352 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:34:35.0955 3352 srvnet - ok
17:34:35.0986 3352 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:34:35.0986 3352 stexstor - ok
17:34:36.0033 3352 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
17:34:36.0080 3352 STHDA - ok
17:34:36.0095 3352 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:34:36.0095 3352 swenum - ok
17:34:36.0142 3352 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys
17:34:36.0189 3352 SynTP - ok
17:34:36.0267 3352 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
17:34:36.0392 3352 Tcpip - ok
17:34:36.0423 3352 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
17:34:36.0439 3352 TCPIP6 - ok
17:34:36.0485 3352 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:34:36.0532 3352 tcpipreg - ok
17:34:36.0548 3352 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:34:36.0563 3352 TDPIPE - ok
17:34:36.0563 3352 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:34:36.0579 3352 TDTCP - ok
17:34:36.0610 3352 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:34:36.0657 3352 tdx - ok
17:34:36.0688 3352 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:34:36.0751 3352 TermDD - ok
17:34:36.0797 3352 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:34:36.0875 3352 tssecsrv - ok
17:34:36.0938 3352 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:34:37.0016 3352 TsUsbFlt - ok
17:34:37.0047 3352 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:34:37.0078 3352 tunnel - ok
17:34:37.0094 3352 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:34:37.0094 3352 uagp35 - ok
17:34:37.0156 3352 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:34:37.0219 3352 udfs - ok
17:34:37.0250 3352 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:34:37.0250 3352 uliagpkx - ok
17:34:37.0297 3352 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:34:37.0328 3352 umbus - ok
17:34:37.0359 3352 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:34:37.0359 3352 UmPass - ok
17:34:37.0390 3352 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:34:37.0453 3352 usbccgp - ok
17:34:37.0484 3352 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:34:37.0499 3352 usbcir - ok
17:34:37.0515 3352 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:34:37.0562 3352 usbehci - ok
17:34:37.0593 3352 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:34:37.0640 3352 usbhub - ok
17:34:37.0671 3352 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:34:37.0702 3352 usbohci - ok
17:34:37.0733 3352 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:34:37.0733 3352 usbprint - ok
17:34:37.0765 3352 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:34:37.0765 3352 USBSTOR - ok
17:34:37.0780 3352 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:34:37.0827 3352 usbuhci - ok
17:34:37.0843 3352 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
17:34:37.0889 3352 usbvideo - ok
17:34:37.0921 3352 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:34:37.0921 3352 vdrvroot - ok
17:34:37.0936 3352 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:34:37.0936 3352 vga - ok
17:34:37.0952 3352 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:34:37.0967 3352 VgaSave - ok
17:34:37.0999 3352 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:34:38.0045 3352 vhdmp - ok
17:34:38.0077 3352 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:34:38.0092 3352 viaide - ok
17:34:38.0123 3352 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:34:38.0186 3352 volmgr - ok
17:34:38.0217 3352 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:34:38.0264 3352 volmgrx - ok
17:34:38.0279 3352 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:34:38.0279 3352 volsnap - ok
17:34:38.0311 3352 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:34:38.0311 3352 vsmraid - ok
17:34:38.0342 3352 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:34:38.0342 3352 vwifibus - ok
17:34:38.0357 3352 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:34:38.0373 3352 vwififlt - ok
17:34:38.0404 3352 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:34:38.0404 3352 WacomPen - ok
17:34:38.0451 3352 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:34:38.0498 3352 WANARP - ok
17:34:38.0498 3352 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:34:38.0498 3352 Wanarpv6 - ok
17:34:38.0513 3352 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:34:38.0529 3352 Wd - ok
17:34:38.0545 3352 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:34:38.0576 3352 Wdf01000 - ok
17:34:38.0607 3352 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:34:38.0623 3352 WfpLwf - ok
17:34:38.0669 3352 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
17:34:38.0747 3352 WimFltr - ok
17:34:38.0763 3352 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:34:38.0763 3352 WIMMount - ok
17:34:38.0841 3352 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:34:38.0903 3352 WinUsb - ok
17:34:38.0950 3352 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:34:38.0950 3352 WmiAcpi - ok
17:34:38.0981 3352 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:34:38.0997 3352 ws2ifsl - ok
17:34:39.0059 3352 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:34:39.0075 3352 WudfPf - ok
17:34:39.0106 3352 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:34:39.0122 3352 WUDFRd - ok
17:34:39.0169 3352 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
17:34:39.0184 3352 yukonw7 - ok
17:34:39.0215 3352 MBR (0x1B8) (c3220eb08add62e3ed9f72a1f4e4b1bb) \Device\Harddisk0\DR0
17:34:39.0231 3352 \Device\Harddisk0\DR0 - ok
17:34:39.0231 3352 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
17:34:39.0247 3352 \Device\Harddisk1\DR1 - ok
17:34:39.0247 3352 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
17:34:39.0247 3352 \Device\Harddisk0\DR0\Partition0 - ok
17:34:39.0262 3352 Boot (0x1200) (42830d70bbef9b5ec0b23baae40fa686) \Device\Harddisk0\DR0\Partition1
17:34:39.0262 3352 \Device\Harddisk0\DR0\Partition1 - ok
17:34:39.0262 3352 Boot (0x1200) (1b09aa0da72ab2899522b19ae54b3077) \Device\Harddisk1\DR1\Partition0
17:34:39.0262 3352 \Device\Harddisk1\DR1\Partition0 - ok
17:34:39.0262 3352 ============================================================
17:34:39.0262 3352 Scan finished
17:34:39.0262 3352 ============================================================
17:34:39.0278 3100 Detected object count: 0
17:34:39.0278 3100 Actual detected object count: 0
17:34:47.0140 5180 Deinitialize success

Malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
http://www.malwarebytes.org

Database version: 8105

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

07/11/2011 5:39:30 PM
mbam-log-2011-11-07 (17-39-30).txt

Scan type: Quick scan
Objects scanned: 175212
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Last edited by pey321 on November 7th, 2011, 9:38 pm, edited 2 times in total.
pey321
Regular Member
 
Posts: 20
Joined: November 1st, 2011, 8:13 pm

Re: hijacked browser - Random words change to spam links

Unread postby pey321 » November 7th, 2011, 9:27 pm

Thank you very much for helping to recover the files !

Every thing looks OK except that there is a new suspicious behavior; I can not eject (safe remove) a USB drive after it is connected. There is a persistent message indicating that a program is still using it.
Could it be because of a mall-ware trying to infect it?

rkill.log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/11/2011 at 17:31:45.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 07/11/2011 at 17:33:04.


TDSSKiller.2.6.16.0_07.11.2011_17.34.16_log:



17:34:16.0221 4808 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
17:34:17.0188 4808 ============================================================
17:34:17.0188 4808 Current date / time: 2011/11/07 17:34:17.0188
17:34:17.0188 4808 SystemInfo:
17:34:17.0188 4808
17:34:17.0188 4808 OS Version: 6.1.7601 ServicePack: 1.0
17:34:17.0188 4808 Product type: Workstation
17:34:17.0188 4808 ComputerName: PEYMAN-PC
17:34:17.0188 4808 UserName: p
17:34:17.0188 4808 Windows directory: C:\Windows
17:34:17.0188 4808 System windows directory: C:\Windows
17:34:17.0188 4808 Running under WOW64
17:34:17.0188 4808 Processor architecture: Intel x64
17:34:17.0188 4808 Number of processors: 4
17:34:17.0188 4808 Page size: 0x1000
17:34:17.0188 4808 Boot type: Normal boot
17:34:17.0188 4808 ============================================================
17:34:17.0953 4808 Initialize success
17:34:22.0149 3352 ============================================================
17:34:22.0149 3352 Scan started
17:34:22.0149 3352 Mode: Manual;
17:34:22.0149 3352 ============================================================
17:34:22.0617 3352 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:34:22.0695 3352 1394ohci - ok
17:34:22.0773 3352 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:34:22.0773 3352 ACPI - ok
17:34:22.0835 3352 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:34:22.0882 3352 AcpiPmi - ok
17:34:23.0069 3352 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:34:23.0101 3352 adp94xx - ok
17:34:23.0116 3352 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:34:23.0132 3352 adpahci - ok
17:34:23.0163 3352 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:34:23.0163 3352 adpu320 - ok
17:34:23.0319 3352 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
17:34:23.0381 3352 AFD - ok
17:34:23.0428 3352 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:34:23.0428 3352 agp440 - ok
17:34:23.0475 3352 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:34:23.0491 3352 aliide - ok
17:34:23.0506 3352 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:34:23.0506 3352 amdide - ok
17:34:23.0553 3352 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:34:23.0569 3352 AmdK8 - ok
17:34:23.0584 3352 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:34:23.0584 3352 AmdPPM - ok
17:34:23.0647 3352 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:34:23.0709 3352 amdsata - ok
17:34:23.0725 3352 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:34:23.0740 3352 amdsbs - ok
17:34:23.0771 3352 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:34:23.0818 3352 amdxata - ok
17:34:23.0896 3352 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:34:23.0943 3352 AppID - ok
17:34:23.0990 3352 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:34:23.0990 3352 arc - ok
17:34:24.0037 3352 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:34:24.0052 3352 arcsas - ok
17:34:24.0115 3352 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:34:24.0115 3352 AsyncMac - ok
17:34:24.0130 3352 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:34:24.0146 3352 atapi - ok
17:34:24.0177 3352 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:34:24.0193 3352 b06bdrv - ok
17:34:24.0208 3352 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:34:24.0224 3352 b57nd60a - ok
17:34:24.0286 3352 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
17:34:24.0333 3352 BCM42RLY - ok
17:34:24.0411 3352 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
17:34:24.0473 3352 BCM43XX - ok
17:34:24.0505 3352 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
17:34:24.0536 3352 BcmVWL - ok
17:34:24.0551 3352 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:34:24.0567 3352 Beep - ok
17:34:24.0583 3352 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:34:24.0598 3352 blbdrive - ok
17:34:24.0614 3352 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:34:24.0661 3352 bowser - ok
17:34:24.0676 3352 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:34:24.0676 3352 BrFiltLo - ok
17:34:24.0692 3352 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:34:24.0692 3352 BrFiltUp - ok
17:34:24.0707 3352 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:34:24.0723 3352 Brserid - ok
17:34:24.0739 3352 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:34:24.0739 3352 BrSerWdm - ok
17:34:24.0754 3352 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:34:24.0754 3352 BrUsbMdm - ok
17:34:24.0770 3352 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:34:24.0770 3352 BrUsbSer - ok
17:34:24.0817 3352 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
17:34:24.0817 3352 BthEnum - ok
17:34:24.0832 3352 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:34:24.0832 3352 BTHMODEM - ok
17:34:24.0879 3352 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:34:24.0879 3352 BthPan - ok
17:34:24.0957 3352 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
17:34:25.0004 3352 BTHPORT - ok
17:34:25.0066 3352 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
17:34:25.0113 3352 BTHUSB - ok
17:34:25.0160 3352 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
17:34:25.0222 3352 btusbflt - ok
17:34:25.0238 3352 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
17:34:25.0285 3352 btwaudio - ok
17:34:25.0316 3352 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
17:34:25.0347 3352 btwavdt - ok
17:34:25.0394 3352 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
17:34:25.0425 3352 btwl2cap - ok
17:34:25.0456 3352 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
17:34:25.0487 3352 btwrchid - ok
17:34:25.0519 3352 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:34:25.0519 3352 cdfs - ok
17:34:25.0565 3352 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:34:25.0597 3352 cdrom - ok
17:34:25.0628 3352 cfwids (75f91554e5fa6e962b880405fecc97a1) C:\Windows\system32\drivers\cfwids.sys
17:34:25.0690 3352 cfwids - ok
17:34:25.0706 3352 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:34:25.0706 3352 circlass - ok
17:34:25.0768 3352 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:34:25.0784 3352 CLFS - ok
17:34:25.0815 3352 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:34:25.0831 3352 CmBatt - ok
17:34:25.0877 3352 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:34:25.0877 3352 cmdide - ok
17:34:25.0909 3352 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
17:34:25.0971 3352 CNG - ok
17:34:25.0987 3352 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:34:25.0987 3352 Compbatt - ok
17:34:26.0033 3352 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:34:26.0080 3352 CompositeBus - ok
17:34:26.0127 3352 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:34:26.0127 3352 crcdisk - ok
17:34:26.0174 3352 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
17:34:26.0236 3352 CtClsFlt - ok
17:34:26.0283 3352 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:34:26.0330 3352 DfsC - ok
17:34:26.0345 3352 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:34:26.0345 3352 discache - ok
17:34:26.0361 3352 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:34:26.0361 3352 Disk - ok
17:34:26.0392 3352 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:34:26.0392 3352 drmkaud - ok
17:34:26.0455 3352 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:34:26.0517 3352 DXGKrnl - ok
17:34:26.0611 3352 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:34:26.0735 3352 ebdrv - ok
17:34:26.0767 3352 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:34:26.0782 3352 elxstor - ok
17:34:26.0829 3352 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:34:26.0829 3352 ErrDev - ok
17:34:26.0860 3352 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:34:26.0876 3352 exfat - ok
17:34:26.0907 3352 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:34:26.0907 3352 fastfat - ok
17:34:26.0923 3352 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:34:26.0923 3352 fdc - ok
17:34:26.0954 3352 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:34:26.0954 3352 FileInfo - ok
17:34:26.0969 3352 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:34:26.0985 3352 Filetrace - ok
17:34:26.0985 3352 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:34:27.0001 3352 flpydisk - ok
17:34:27.0032 3352 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:34:27.0063 3352 FltMgr - ok
17:34:27.0110 3352 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:34:27.0110 3352 FsDepends - ok
17:34:27.0141 3352 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:34:27.0141 3352 Fs_Rec - ok
17:34:27.0172 3352 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:34:27.0219 3352 fvevol - ok
17:34:27.0250 3352 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:34:27.0250 3352 gagp30kx - ok
17:34:27.0297 3352 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:34:27.0313 3352 hcw85cir - ok
17:34:27.0344 3352 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:34:27.0391 3352 HdAudAddService - ok
17:34:27.0422 3352 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:34:27.0422 3352 HDAudBus - ok
17:34:27.0469 3352 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
17:34:27.0531 3352 HECIx64 - ok
17:34:27.0531 3352 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:34:27.0547 3352 HidBatt - ok
17:34:27.0562 3352 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:34:27.0562 3352 HidBth - ok
17:34:27.0593 3352 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:34:27.0593 3352 HidIr - ok
17:34:27.0625 3352 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
17:34:27.0687 3352 HidUsb - ok
17:34:27.0734 3352 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:34:27.0765 3352 HpSAMD - ok
17:34:27.0796 3352 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:34:27.0843 3352 HTTP - ok
17:34:27.0874 3352 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:34:27.0905 3352 hwpolicy - ok
17:34:27.0952 3352 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:34:27.0968 3352 i8042prt - ok
17:34:27.0999 3352 iaStor (2064090c9faad92c090d77e50e735b2e) C:\Windows\system32\DRIVERS\iaStor.sys
17:34:27.0999 3352 iaStor - ok
17:34:28.0046 3352 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:34:28.0108 3352 iaStorV - ok
17:34:28.0327 3352 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:34:28.0607 3352 igfx - ok
17:34:28.0639 3352 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:34:28.0639 3352 iirsp - ok
17:34:28.0685 3352 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
17:34:28.0717 3352 Impcd - ok
17:34:28.0795 3352 IntcDAud (c6c1f19205da83c801be7c25f4e2ee07) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:34:28.0857 3352 IntcDAud - ok
17:34:28.0888 3352 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:34:28.0904 3352 intelide - ok
17:34:28.0935 3352 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:34:28.0935 3352 intelppm - ok
17:34:28.0982 3352 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:34:29.0044 3352 IpFilterDriver - ok
17:34:29.0091 3352 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:34:29.0122 3352 IPMIDRV - ok
17:34:29.0138 3352 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:34:29.0138 3352 IPNAT - ok
17:34:29.0169 3352 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:34:29.0169 3352 IRENUM - ok
17:34:29.0200 3352 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:34:29.0216 3352 isapnp - ok
17:34:29.0263 3352 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:34:29.0309 3352 iScsiPrt - ok
17:34:29.0372 3352 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:34:29.0372 3352 kbdclass - ok
17:34:29.0434 3352 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:34:29.0497 3352 kbdhid - ok
17:34:29.0512 3352 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
17:34:29.0543 3352 KSecDD - ok
17:34:29.0575 3352 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
17:34:29.0621 3352 KSecPkg - ok
17:34:29.0637 3352 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:34:29.0637 3352 ksthunk - ok
17:34:29.0668 3352 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:34:29.0668 3352 lltdio - ok
17:34:29.0699 3352 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:34:29.0715 3352 LSI_FC - ok
17:34:29.0731 3352 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:34:29.0731 3352 LSI_SAS - ok
17:34:29.0731 3352 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:34:29.0746 3352 LSI_SAS2 - ok
17:34:29.0746 3352 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:34:29.0762 3352 LSI_SCSI - ok
17:34:29.0793 3352 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:34:29.0793 3352 luafv - ok
17:34:29.0824 3352 MBAMProtector - ok
17:34:29.0887 3352 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:34:29.0887 3352 megasas - ok
17:34:29.0918 3352 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:34:29.0918 3352 MegaSR - ok
17:34:29.0965 3352 mfeapfk (eac376dd77ec9e95d38108a27c261dca) C:\Windows\system32\drivers\mfeapfk.sys
17:34:30.0011 3352 mfeapfk - ok
17:34:30.0058 3352 mfeavfk (f55f50b11d635658f346db0457bb2b79) C:\Windows\system32\drivers\mfeavfk.sys
17:34:30.0105 3352 mfeavfk - ok
17:34:30.0152 3352 mfeavfk01 - ok
17:34:30.0245 3352 mfefirek (33b8e35c5839a83d6700aab3e464553b) C:\Windows\system32\drivers\mfefirek.sys
17:34:30.0308 3352 mfefirek - ok
17:34:30.0355 3352 mfehidk (ada8c105c8f9a61284c75157c170585b) C:\Windows\system32\drivers\mfehidk.sys
17:34:30.0401 3352 mfehidk - ok
17:34:30.0448 3352 mfenlfk (c52ee6d1e1e5a69c989acc478051964e) C:\Windows\system32\DRIVERS\mfenlfk.sys
17:34:30.0479 3352 mfenlfk - ok
17:34:30.0526 3352 mferkdet (b000720e19ef733f938a6269d630f5dd) C:\Windows\system32\drivers\mferkdet.sys
17:34:30.0589 3352 mferkdet - ok
17:34:30.0620 3352 mfewfpk (62717ab68b38efee54678b85e19b0538) C:\Windows\system32\drivers\mfewfpk.sys
17:34:30.0667 3352 mfewfpk - ok
17:34:30.0682 3352 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:34:30.0682 3352 Modem - ok
17:34:30.0729 3352 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:34:30.0729 3352 monitor - ok
17:34:30.0776 3352 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
17:34:30.0791 3352 mouclass - ok
17:34:30.0807 3352 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:34:30.0823 3352 mouhid - ok
17:34:30.0854 3352 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:34:30.0901 3352 mountmgr - ok
17:34:30.0947 3352 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:34:31.0010 3352 mpio - ok
17:34:31.0057 3352 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:34:31.0072 3352 mpsdrv - ok
17:34:31.0119 3352 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:34:31.0166 3352 MRxDAV - ok
17:34:31.0228 3352 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:34:31.0275 3352 mrxsmb - ok
17:34:31.0306 3352 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:34:31.0353 3352 mrxsmb10 - ok
17:34:31.0384 3352 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:34:31.0415 3352 mrxsmb20 - ok
17:34:31.0447 3352 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:34:31.0478 3352 msahci - ok
17:34:31.0509 3352 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:34:31.0587 3352 msdsm - ok
17:34:31.0634 3352 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:34:31.0634 3352 Msfs - ok
17:34:31.0649 3352 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:34:31.0665 3352 mshidkmdf - ok
17:34:31.0681 3352 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:34:31.0681 3352 msisadrv - ok
17:34:31.0727 3352 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:34:31.0727 3352 MSKSSRV - ok
17:34:31.0759 3352 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:34:31.0759 3352 MSPCLOCK - ok
17:34:31.0774 3352 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:34:31.0774 3352 MSPQM - ok
17:34:31.0805 3352 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:34:31.0852 3352 MsRPC - ok
17:34:31.0868 3352 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:34:31.0868 3352 mssmbios - ok
17:34:31.0883 3352 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:34:31.0883 3352 MSTEE - ok
17:34:31.0883 3352 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:34:31.0899 3352 MTConfig - ok
17:34:31.0915 3352 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:34:31.0930 3352 Mup - ok
17:34:31.0961 3352 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:34:31.0977 3352 NativeWifiP - ok
17:34:32.0008 3352 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:34:32.0024 3352 NDIS - ok
17:34:32.0055 3352 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:34:32.0055 3352 NdisCap - ok
17:34:32.0086 3352 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:34:32.0086 3352 NdisTapi - ok
17:34:32.0133 3352 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:34:32.0180 3352 Ndisuio - ok
17:34:32.0227 3352 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:34:32.0289 3352 NdisWan - ok
17:34:32.0336 3352 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:34:32.0398 3352 NDProxy - ok
17:34:32.0429 3352 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:34:32.0429 3352 NetBIOS - ok
17:34:32.0445 3352 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:34:32.0476 3352 NetBT - ok
17:34:32.0507 3352 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:34:32.0507 3352 nfrd960 - ok
17:34:32.0539 3352 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:34:32.0539 3352 Npfs - ok
17:34:32.0554 3352 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:34:32.0554 3352 nsiproxy - ok
17:34:32.0617 3352 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:34:32.0788 3352 Ntfs - ok
17:34:32.0804 3352 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:34:32.0804 3352 Null - ok
17:34:32.0851 3352 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:34:32.0897 3352 nvraid - ok
17:34:32.0944 3352 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:34:32.0991 3352 nvstor - ok
17:34:33.0007 3352 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:34:33.0022 3352 nv_agp - ok
17:34:33.0053 3352 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:34:33.0069 3352 ohci1394 - ok
17:34:33.0131 3352 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:34:33.0131 3352 Parport - ok
17:34:33.0178 3352 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:34:33.0241 3352 partmgr - ok
17:34:33.0272 3352 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:34:33.0319 3352 pci - ok
17:34:33.0350 3352 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:34:33.0350 3352 pciide - ok
17:34:33.0381 3352 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:34:33.0381 3352 pcmcia - ok
17:34:33.0428 3352 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:34:33.0428 3352 pcw - ok
17:34:33.0459 3352 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:34:33.0475 3352 PEAUTH - ok
17:34:33.0553 3352 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:34:33.0615 3352 PptpMiniport - ok
17:34:33.0646 3352 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:34:33.0646 3352 Processor - ok
17:34:33.0709 3352 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:34:33.0709 3352 Psched - ok
17:34:33.0740 3352 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
17:34:33.0787 3352 PxHlpa64 - ok
17:34:33.0833 3352 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:34:33.0880 3352 ql2300 - ok
17:34:33.0880 3352 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:34:33.0896 3352 ql40xx - ok
17:34:33.0911 3352 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:34:33.0911 3352 QWAVEdrv - ok
17:34:33.0927 3352 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:34:33.0927 3352 RasAcd - ok
17:34:33.0974 3352 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:34:33.0974 3352 RasAgileVpn - ok
17:34:34.0036 3352 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:34:34.0099 3352 Rasl2tp - ok
17:34:34.0130 3352 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:34:34.0130 3352 RasPppoe - ok
17:34:34.0161 3352 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:34:34.0161 3352 RasSstp - ok
17:34:34.0192 3352 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:34:34.0239 3352 rdbss - ok
17:34:34.0270 3352 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:34:34.0270 3352 rdpbus - ok
17:34:34.0286 3352 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:34:34.0301 3352 RDPCDD - ok
17:34:34.0301 3352 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:34:34.0317 3352 RDPENCDD - ok
17:34:34.0317 3352 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:34:34.0333 3352 RDPREFMP - ok
17:34:34.0364 3352 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:34:34.0411 3352 RDPWD - ok
17:34:34.0411 3352 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:34:34.0457 3352 rdyboost - ok
17:34:34.0520 3352 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:34:34.0535 3352 RFCOMM - ok
17:34:34.0598 3352 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:34:34.0598 3352 rspndr - ok
17:34:34.0645 3352 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\Windows\system32\Drivers\RtsUStor.sys
17:34:34.0691 3352 RSUSBSTOR - ok
17:34:34.0738 3352 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:34:34.0816 3352 RTL8167 - ok
17:34:34.0863 3352 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:34:34.0910 3352 sbp2port - ok
17:34:34.0941 3352 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:34:34.0988 3352 scfilter - ok
17:34:35.0003 3352 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:34:35.0003 3352 secdrv - ok
17:34:35.0035 3352 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:34:35.0050 3352 Serenum - ok
17:34:35.0050 3352 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:34:35.0066 3352 Serial - ok
17:34:35.0081 3352 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:34:35.0097 3352 sermouse - ok
17:34:35.0144 3352 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:34:35.0159 3352 sffdisk - ok
17:34:35.0159 3352 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:34:35.0175 3352 sffp_mmc - ok
17:34:35.0191 3352 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:34:35.0237 3352 sffp_sd - ok
17:34:35.0237 3352 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:34:35.0253 3352 sfloppy - ok
17:34:35.0315 3352 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:34:35.0378 3352 Sftfs - ok
17:34:35.0440 3352 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:34:35.0487 3352 Sftplay - ok
17:34:35.0518 3352 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:34:35.0565 3352 Sftredir - ok
17:34:35.0581 3352 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:34:35.0627 3352 Sftvol - ok
17:34:35.0643 3352 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:34:35.0643 3352 SiSRaid2 - ok
17:34:35.0659 3352 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:34:35.0674 3352 SiSRaid4 - ok
17:34:35.0674 3352 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:34:35.0690 3352 Smb - ok
17:34:35.0721 3352 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:34:35.0721 3352 spldr - ok
17:34:35.0752 3352 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:34:35.0799 3352 srv - ok
17:34:35.0830 3352 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:34:35.0893 3352 srv2 - ok
17:34:35.0908 3352 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:34:35.0955 3352 srvnet - ok
17:34:35.0986 3352 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:34:35.0986 3352 stexstor - ok
17:34:36.0033 3352 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
17:34:36.0080 3352 STHDA - ok
17:34:36.0095 3352 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:34:36.0095 3352 swenum - ok
17:34:36.0142 3352 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys
17:34:36.0189 3352 SynTP - ok
17:34:36.0267 3352 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
17:34:36.0392 3352 Tcpip - ok
17:34:36.0423 3352 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
17:34:36.0439 3352 TCPIP6 - ok
17:34:36.0485 3352 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:34:36.0532 3352 tcpipreg - ok
17:34:36.0548 3352 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:34:36.0563 3352 TDPIPE - ok
17:34:36.0563 3352 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:34:36.0579 3352 TDTCP - ok
17:34:36.0610 3352 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:34:36.0657 3352 tdx - ok
17:34:36.0688 3352 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:34:36.0751 3352 TermDD - ok
17:34:36.0797 3352 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:34:36.0875 3352 tssecsrv - ok
17:34:36.0938 3352 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:34:37.0016 3352 TsUsbFlt - ok
17:34:37.0047 3352 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:34:37.0078 3352 tunnel - ok
17:34:37.0094 3352 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:34:37.0094 3352 uagp35 - ok
17:34:37.0156 3352 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:34:37.0219 3352 udfs - ok
17:34:37.0250 3352 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:34:37.0250 3352 uliagpkx - ok
17:34:37.0297 3352 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:34:37.0328 3352 umbus - ok
17:34:37.0359 3352 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:34:37.0359 3352 UmPass - ok
17:34:37.0390 3352 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:34:37.0453 3352 usbccgp - ok
17:34:37.0484 3352 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:34:37.0499 3352 usbcir - ok
17:34:37.0515 3352 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:34:37.0562 3352 usbehci - ok
17:34:37.0593 3352 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:34:37.0640 3352 usbhub - ok
17:34:37.0671 3352 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:34:37.0702 3352 usbohci - ok
17:34:37.0733 3352 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:34:37.0733 3352 usbprint - ok
17:34:37.0765 3352 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:34:37.0765 3352 USBSTOR - ok
17:34:37.0780 3352 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:34:37.0827 3352 usbuhci - ok
17:34:37.0843 3352 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
17:34:37.0889 3352 usbvideo - ok
17:34:37.0921 3352 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:34:37.0921 3352 vdrvroot - ok
17:34:37.0936 3352 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:34:37.0936 3352 vga - ok
17:34:37.0952 3352 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:34:37.0967 3352 VgaSave - ok
17:34:37.0999 3352 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:34:38.0045 3352 vhdmp - ok
17:34:38.0077 3352 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:34:38.0092 3352 viaide - ok
17:34:38.0123 3352 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:34:38.0186 3352 volmgr - ok
17:34:38.0217 3352 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:34:38.0264 3352 volmgrx - ok
17:34:38.0279 3352 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:34:38.0279 3352 volsnap - ok
17:34:38.0311 3352 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:34:38.0311 3352 vsmraid - ok
17:34:38.0342 3352 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:34:38.0342 3352 vwifibus - ok
17:34:38.0357 3352 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:34:38.0373 3352 vwififlt - ok
17:34:38.0404 3352 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:34:38.0404 3352 WacomPen - ok
17:34:38.0451 3352 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:34:38.0498 3352 WANARP - ok
17:34:38.0498 3352 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:34:38.0498 3352 Wanarpv6 - ok
17:34:38.0513 3352 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:34:38.0529 3352 Wd - ok
17:34:38.0545 3352 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:34:38.0576 3352 Wdf01000 - ok
17:34:38.0607 3352 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:34:38.0623 3352 WfpLwf - ok
17:34:38.0669 3352 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
17:34:38.0747 3352 WimFltr - ok
17:34:38.0763 3352 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:34:38.0763 3352 WIMMount - ok
17:34:38.0841 3352 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:34:38.0903 3352 WinUsb - ok
17:34:38.0950 3352 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:34:38.0950 3352 WmiAcpi - ok
17:34:38.0981 3352 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:34:38.0997 3352 ws2ifsl - ok
17:34:39.0059 3352 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:34:39.0075 3352 WudfPf - ok
17:34:39.0106 3352 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:34:39.0122 3352 WUDFRd - ok
17:34:39.0169 3352 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
17:34:39.0184 3352 yukonw7 - ok
17:34:39.0215 3352 MBR (0x1B8) (c3220eb08add62e3ed9f72a1f4e4b1bb) \Device\Harddisk0\DR0
17:34:39.0231 3352 \Device\Harddisk0\DR0 - ok
17:34:39.0231 3352 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
17:34:39.0247 3352 \Device\Harddisk1\DR1 - ok
17:34:39.0247 3352 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
17:34:39.0247 3352 \Device\Harddisk0\DR0\Partition0 - ok
17:34:39.0262 3352 Boot (0x1200) (42830d70bbef9b5ec0b23baae40fa686) \Device\Harddisk0\DR0\Partition1
17:34:39.0262 3352 \Device\Harddisk0\DR0\Partition1 - ok
17:34:39.0262 3352 Boot (0x1200) (1b09aa0da72ab2899522b19ae54b3077) \Device\Harddisk1\DR1\Partition0
17:34:39.0262 3352 \Device\Harddisk1\DR1\Partition0 - ok
17:34:39.0262 3352 ============================================================
17:34:39.0262 3352 Scan finished
17:34:39.0262 3352 ============================================================
17:34:39.0278 3100 Detected object count: 0
17:34:39.0278 3100 Actual detected object count: 0
17:34:47.0140 5180 Deinitialize success

Malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
http://www.malwarebytes.org

Database version: 8105

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

07/11/2011 5:39:30 PM
mbam-log-2011-11-07 (17-39-30).txt

Scan type: Quick scan
Objects scanned: 175212
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OLT.txt:



OTL logfile created on: 11/7/2011 8:00:25 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\p\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 54.05% Memory free
5.73 Gb Paging File | 3.85 Gb Available in Paging File | 67.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 173.23 Gb Free Space | 61.14% Space Free | Partition Type: NTFS

Computer Name: PEYMAN-PC | User Name: p | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\p\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Utils\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe (Microsoft)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e4f153009e6761d35726222e1ae18a19\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Utils\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (AbsoluteNotifier) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe (Microsoft)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (cpextender) -- C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe (Check Point Software Technologies)


========== Driver Services (SafeList) ==========

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BcmVWL) -- C:\Windows\SysNative\drivers\bcmvwl64.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2161232794-2190574812-4148174400-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-2161232794-2190574812-4148174400-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2161232794-2190574812-4148174400-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-2161232794-2190574812-4148174400-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://ca.search.yahoo.com/search?fr=mcafee&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/03 18:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/10/31 20:10:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/10/10 15:57:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Utils\Mozilla Firefox\components [2011/10/03 18:47:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Utils\Mozilla Firefox\plugins [2011/10/03 18:47:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme

[2011/09/21 17:28:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\p\AppData\Roaming\Mozilla\Extensions
[2011/10/10 15:57:24 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2011/10/31 20:10:03 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/10/03 18:47:04 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

O1 HOSTS File: ([2011/09/23 16:06:55 | 000,000,710 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 textsrv.com
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111010165509.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111010165509.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-2161232794-2190574812-4148174400-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2161232794-2190574812-4148174400-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2161232794-2190574812-4148174400-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2161232794-2190574812-4148174400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2161232794-2190574812-4148174400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81D9875D-1B45-4FB4-BDF7-CAA4627FEAFF}: DhcpNameServer = 64.71.255.198
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 19:58:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\p\Desktop\OTL.exe
[2011/11/07 19:46:19 | 000,000,000 | ---D | C] -- C:\Users\p\AppData\Roaming\Scooter Software
[2011/11/07 17:24:55 | 000,000,000 | ---D | C] -- C:\Users\p\Desktop\tdsskiller
[2011/11/07 17:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/11/07 02:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/07 02:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/07 02:25:55 | 000,000,000 | ---D | C] -- C:\fake-alert-stinger.aspx_files
[2011/11/07 01:29:21 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.51.2.1300.exe
[2011/11/07 01:18:43 | 007,226,944 | ---- | C] (McAfee Inc.) -- C:\stinger10.2.0.359.exe
[2011/11/06 21:35:21 | 000,000,000 | ---D | C] -- C:\Users\p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/11/01 19:00:57 | 000,000,000 | ---D | C] -- C:\Users\p\Desktop\malware-removal
[2011/10/27 16:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/27 16:59:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/27 16:59:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/27 16:59:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/18 01:15:44 | 000,000,000 | ---D | C] -- C:\Users\p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Source Insight 3
[2011/10/18 01:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Source Insight 3
[2011/10/18 01:15:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Source Insight 3
[2011/10/15 20:19:27 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/15 20:19:25 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/15 20:18:51 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/10/15 20:18:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/15 20:18:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/15 20:18:49 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/15 20:18:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/15 20:18:45 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/15 20:18:44 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/15 20:18:16 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/15 20:18:15 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/15 20:18:08 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/15 20:18:07 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/14 18:30:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/18 23:43:02 | 005,943,312 | ---- | C] (Absolute Software Corp. ) -- C:\Users\p\AppData\Roaming\LoJackSetup.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 19:59:56 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 19:59:56 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 19:58:49 | 000,727,358 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/07 19:58:49 | 000,629,312 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/07 19:58:49 | 000,111,206 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/07 19:58:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\p\Desktop\OTL.exe
[2011/11/07 19:52:26 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2011/11/07 19:52:24 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2011/11/07 19:52:21 | 000,000,506 | -H-- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/11/07 19:52:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/07 19:52:12 | 2307,928,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 19:24:03 | 000,164,319 | ---- | M] () -- C:\bookmarks-2011-11-07.json
[2011/11/07 17:39:51 | 000,001,220 | ---- | M] () -- C:\mbam-log-2011-11-07 (17-39-30).rtf
[2011/11/07 17:24:16 | 000,684,297 | ---- | M] () -- C:\Users\p\Desktop\unhide.exe
[2011/11/07 17:22:07 | 001,008,092 | ---- | M] () -- C:\rkill.exe
[2011/11/07 16:39:32 | 001,545,191 | ---- | M] () -- C:\Users\p\Desktop\tdsskiller.zip
[2011/11/07 16:38:58 | 001,008,092 | ---- | M] () -- C:\Users\p\Desktop\rkill.exe
[2011/11/07 02:49:15 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2011/11/07 02:48:22 | 000,007,090 | ---- | M] () -- C:\mbam-log-2011-11-07 (02-47-58).rtf
[2011/11/07 02:42:43 | 000,001,099 | ---- | M] () -- C:\Users\p\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/07 02:42:43 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/07 02:36:57 | 000,000,017 | ---- | M] () -- C:\stinger10.2.0.359.opt
[2011/11/07 02:25:56 | 000,025,986 | ---- | M] () -- C:\fake-alert-stinger.aspx.htm
[2011/11/07 01:29:29 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.51.2.1300.exe
[2011/11/07 01:18:49 | 007,226,944 | ---- | M] (McAfee Inc.) -- C:\stinger10.2.0.359.exe
[2011/11/06 23:49:58 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2011/11/06 23:49:13 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
[2011/11/06 21:35:21 | 000,000,683 | ---- | M] () -- C:\Users\p\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/06 21:35:21 | 000,000,659 | ---- | M] () -- C:\Users\p\Desktop\System Restore.lnk
[2011/10/18 23:53:21 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/18 23:53:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/18 21:11:02 | 000,001,488 | ---- | M] () -- C:\Users\p\Desktop\Insight3 - Shortcut.lnk
[2011/10/16 07:26:50 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 19:24:02 | 000,164,319 | ---- | C] () -- C:\bookmarks-2011-11-07.json
[2011/11/07 17:46:06 | 000,002,506 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - dell.lnk
[2011/11/07 17:46:06 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/07 17:46:06 | 000,000,813 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/07 17:45:57 | 000,002,543 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2011/11/07 17:45:57 | 000,002,448 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/11/07 17:45:57 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/07 17:45:57 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2011/11/07 17:45:57 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/11/07 17:45:57 | 000,001,420 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/11/07 17:45:57 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/11/07 17:45:57 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/07 17:45:57 | 000,001,336 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/11/07 17:45:57 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/11/07 17:45:57 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/07 17:45:57 | 000,001,267 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/11/07 17:45:57 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/11/07 17:45:57 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/11/07 17:45:57 | 000,000,825 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/07 17:39:51 | 000,001,220 | ---- | C] () -- C:\mbam-log-2011-11-07 (17-39-30).rtf
[2011/11/07 17:24:16 | 000,684,297 | ---- | C] () -- C:\Users\p\Desktop\unhide.exe
[2011/11/07 17:22:46 | 001,008,092 | ---- | C] () -- C:\Users\p\Desktop\rkill.exe
[2011/11/07 17:22:06 | 001,008,092 | ---- | C] () -- C:\rkill.exe
[2011/11/07 17:19:00 | 001,545,191 | ---- | C] () -- C:\Users\p\Desktop\tdsskiller.zip
[2011/11/07 02:48:22 | 000,007,090 | ---- | C] () -- C:\mbam-log-2011-11-07 (02-47-58).rtf
[2011/11/07 02:42:43 | 000,001,099 | ---- | C] () -- C:\Users\p\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/07 02:42:43 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/07 02:26:59 | 000,000,017 | ---- | C] () -- C:\stinger10.2.0.359.opt
[2011/11/07 02:25:55 | 000,025,986 | ---- | C] () -- C:\fake-alert-stinger.aspx.htm
[2011/11/06 23:49:13 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
[2011/11/06 21:35:21 | 000,000,683 | ---- | C] () -- C:\Users\p\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/06 21:35:21 | 000,000,659 | ---- | C] () -- C:\Users\p\Desktop\System Restore.lnk
[2011/10/18 21:11:02 | 000,001,488 | ---- | C] () -- C:\Users\p\Desktop\Insight3 - Shortcut.lnk
[2011/05/17 17:04:32 | 000,003,584 | ---- | C] () -- C:\Users\p\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/15 20:04:29 | 000,000,600 | ---- | C] () -- C:\Users\p\AppData\Roaming\winscp.rnd
[2011/02/01 23:50:59 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/01/21 21:25:02 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/01/20 00:56:52 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2011/01/20 00:56:23 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2011/01/19 11:54:29 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/18 23:41:50 | 000,000,046 | ---- | C] () -- C:\Users\p\AppData\Roaming\FactoryInstaller.xml
[2011/01/18 22:56:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/09 18:59:12 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/01/09 18:59:12 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/01/09 18:59:12 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/01/09 18:59:12 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/01/09 18:59:11 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/01/09 18:56:11 | 000,000,325 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2011/01/09 18:56:11 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini
[2011/01/09 18:56:11 | 000,000,035 | ---- | C] () -- C:\Windows\DELL_LANGCODE.ini
[2011/01/09 18:56:11 | 000,000,033 | ---- | C] () -- C:\Windows\DELL_OSTYPE.ini
[2011/01/09 18:56:11 | 000,000,032 | ---- | C] () -- C:\Windows\WisHWDest.ini
[2011/01/09 18:56:11 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2011/01/09 18:56:11 | 000,000,023 | ---- | C] () -- C:\Windows\WisSysInfo.ini
[2011/01/09 18:28:15 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >


Extras will follow in the next post:
Last edited by pey321 on November 7th, 2011, 9:48 pm, edited 2 times in total.
pey321
Regular Member
 
Posts: 20
Joined: November 1st, 2011, 8:13 pm

Re: hijacked browser - Random words change to spam links

Unread postby pey321 » November 7th, 2011, 9:34 pm

Extras:

OTL Extras logfile created on: 11/7/2011 8:00:25 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\p\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 54.05% Memory free
5.73 Gb Paging File | 3.85 Gb Available in Paging File | 67.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 173.23 Gb Free Space | 61.14% Space Free | Partition Type: NTFS

Computer Name: PEYMAN-PC | User Name: p | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2161232794-2190574812-4148174400-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AF09E130E2FD4D1BEFD1B9132AE624BAE0364719" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"doPDF 6 printer_is1" = doPDF 6.3 printer
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{819c63ae-b20f-4e30-889d-bbdc2c974649}" = Check Point SSL Network Extender
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFCD2A80-EC16-11E0-A273-B8AC6F97B88E}" = Google Earth
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBE939ED-4612-45FD-A39E-77AC199C4273}" = Absolute Notifier
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"ESET Online Scanner" = ESET Online Scanner v3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"MSC" = McAfee SecurityCenter
"nxclient_is1" = NX Client for Windows 3.3.0-6
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"RealPlayer 12.0" = RealPlayer
"Source Insight 3.5" = Source Insight 3.5
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.1.11
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.2.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2161232794-2190574812-4148174400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/8/2011 10:32:02 PM | Computer Name = peyman-pc | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 9/8/2011 10:32:02 PM | Computer Name = peyman-pc | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 9/9/2011 7:28:12 PM | Computer Name = peyman-pc | Source = PC-Doctor | ID = 1
Description = (4548) Asapi: (19:28:12:4250)(4548) CSPinvoke - Error -- 461 Exception
in C# layer (asapicsharp_wrap.cxx, line 41121; threadid = 5196): License authentication
result = FAIL; reasons = SIGNATURE_CHECK Stack Trace: !!! Stack Trace exceptions
not supported in 64-bit. !!! (end stack trace) ***** NOTE *****: Use stacktraceparser.exe
to translate the instruction offsets into function names.

Error - 9/9/2011 7:50:03 PM | Computer Name = peyman-pc | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 6.0.2.4262 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1748 Start
Time: 01cc6f49f3258ee0 Termination Time: 75 Application Path: C:\Utils\Mozilla Firefox\firefox.exe

Report
Id: 6a34c227-db3e-11e0-ae1b-86bff11bc7fe

Error - 9/9/2011 8:44:57 PM | Computer Name = peyman-pc | Source = Application Hang | ID = 1002
Description = The program WINWORDC.EXE version 0.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 194 Start
Time: 01cc6f52a1cf2e6a Termination Time: 6 Application Path: Q:\140066.enu\Office14\WINWORDC.EXE

Report
Id: 0fd9eeb2-db46-11e0-ae1b-86bff11bc7fe

Error - 9/9/2011 8:46:18 PM | Computer Name = peyman-pc | Source = Application Virtualization Client | ID = 3159
Description = {hap=28:app=Microsoft Word Starter 2010 9014006604090000:tid=1184:usr=p}
Unable
to shut app down (launch thread still going)

Error - 9/10/2011 8:46:12 PM | Computer Name = peyman-pc | Source = PC-Doctor | ID = 1
Description = (6736) Asapi: (20:46:12:9010)(6736) CSPinvoke - Error -- 461 Exception
in C# layer (asapicsharp_wrap.cxx, line 41121; threadid = 5072): License authentication
result = FAIL; reasons = SIGNATURE_CHECK Stack Trace: !!! Stack Trace exceptions
not supported in 64-bit. !!! (end stack trace) ***** NOTE *****: Use stacktraceparser.exe
to translate the instruction offsets into function names.

Error - 9/10/2011 9:12:29 PM | Computer Name = peyman-pc | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 9/11/2011 5:18:06 PM | Computer Name = peyman-pc | Source = PC-Doctor | ID = 1
Description = (4152) Asapi: (17:18:06:2970)(4152) CSPinvoke - Error -- 461 Exception
in C# layer (asapicsharp_wrap.cxx, line 41121; threadid = 256): License authentication
result = FAIL; reasons = SIGNATURE_CHECK Stack Trace: !!! Stack Trace exceptions
not supported in 64-bit. !!! (end stack trace) ***** NOTE *****: Use stacktraceparser.exe
to translate the instruction offsets into function names.

Error - 9/12/2011 6:36:05 PM | Computer Name = peyman-pc | Source = PC-Doctor | ID = 1
Description = (1824) Asapi: (18:36:05:4500)(1824) CSPinvoke - Error -- 461 Exception
in C# layer (asapicsharp_wrap.cxx, line 41121; threadid = 6116): License authentication
result = FAIL; reasons = SIGNATURE_CHECK Stack Trace: !!! Stack Trace exceptions
not supported in 64-bit. !!! (end stack trace) ***** NOTE *****: Use stacktraceparser.exe
to translate the instruction offsets into function names.

[ Broadcom Wireless LAN Events ]
Error - 10/14/2011 7:32:34 PM | Computer Name = peyman-pc | Source = WLAN-Tray | ID = 0
Description = 19:32:32, Fri, Oct 14, 11 Error - Unable to gain access to user store


Error - 10/19/2011 12:53:30 AM | Computer Name = peyman-pc | Source = WLAN-Tray | ID = 0
Description = 00:53:27, Wed, Oct 19, 11 Error - Unable to gain access to user store


[ Dell Events ]
Error - 4/16/2011 8:13:54 PM | Computer Name = peyman-pc | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/4/2011 10:42:39 PM | Computer Name = peyman-pc | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/4/2011 10:42:39 PM | Computer Name = peyman-pc | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/4/2011 11:15:38 PM | Computer Name = peyman-pc | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/4/2011 11:15:38 PM | Computer Name = peyman-pc | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 6/27/2011 9:21:32 PM | Computer Name = peyman-pc | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 6/27/2011 9:21:32 PM | Computer Name = peyman-pc | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/28/2011 10:37:21 PM | Computer Name = peyman-pc | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/28/2011 10:37:21 PM | Computer Name = peyman-pc | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/17/2011 12:07:42 AM | Computer Name = peyman-pc | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 11/7/2011 6:18:40 PM | Computer Name = peyman-pc | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 11/7/2011 6:19:50 PM | Computer Name = peyman-pc | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 11/7/2011 6:19:50 PM | Computer Name = peyman-pc | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

Error - 11/7/2011 6:37:59 PM | Computer Name = peyman-pc | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 11/7/2011 6:51:21 PM | Computer Name = peyman-pc | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 11/7/2011 8:52:12 PM | Computer Name = peyman-pc | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 11/7/2011 8:52:21 PM | Computer Name = peyman-pc | Source = Service Control Manager | ID = 7003
Description = The Check Point SSL Network Extender service depends the following
service: VNA. This service might not be installed.

Error - 11/7/2011 8:53:09 PM | Computer Name = peyman-pc | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 11/7/2011 8:54:49 PM | Computer Name = peyman-pc | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 11/7/2011 8:54:49 PM | Computer Name = peyman-pc | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2


< End of report >
pey321
Regular Member
 
Posts: 20
Joined: November 1st, 2011, 8:13 pm

Re: hijacked browser - Random words change to spam links

Unread postby deltalima » November 8th, 2011, 4:09 am

Hi pey321,

Every thing looks OK except that there is a new suspicious behavior; I can not eject (safe remove) a USB drive after it is connected. There is a persistent message indicating that a program is still using it. Could it be because of a mall-ware trying to infect it?


It's possible, we will continue until the computer is clean.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    :otl
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: hijacked browser - Random words change to spam links

Unread postby pey321 » November 8th, 2011, 9:29 pm

A few things to mention before posting the log files:

1) I suffered from "Windows Crash Blue Screen" a couple of times. (Before running the scans)

2) When running OTL, I pressed "RunScan" instead of "RunFix" for the first time by mistake. Then I ran "RunFix" and computer rebooted as expected. Sorry for the mistake, hopefully this doesn't have any bad side effects.

3) Once in a while I see McAfee blocks suspicious connections made by programs like "FireFox", "Windows Explorer", "Windows Services" to various IP addresses.



OTL Fix log:

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: p
->Temp folder emptied: 25330950 bytes
->Temporary Internet Files folder emptied: 38904325 bytes
->Java cache emptied: 1416349 bytes
->FireFox cache emptied: 256350669 bytes
->Flash cache emptied: 15885 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44711806 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35173 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 350.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: p
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: p
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11082011_184756

Files\Folders moved on Reboot...
C:\Users\p\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\p\AppData\Local\Temp\~DF08E80D381F283ADA.TMP not found!
C:\Users\p\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\Windows\temp\TMP000000111E7A0A32F85E66B3 not found!

Registry entries deleted on Reboot...

ESETS log is in the next post...
pey321
Regular Member
 
Posts: 20
Joined: November 1st, 2011, 8:13 pm

Re: hijacked browser - Random words change to spam links

Unread postby pey321 » November 9th, 2011, 12:01 am

ESET Log (*** 3 infected files found ***):

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9d9f09f06984c24880abb360111d925c
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-11-09 02:10:59
# local_time=2011-11-08 09:10:59 (-0500, Eastern Standard Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777213 100 75 3813021 21186715 0 0
# compatibility_mode=5893 16776573 100 94 0 72346721 0 0
# compatibility_mode=8192 67108863 100 0 4071633 4071633 0 0
# scanned=15212
# found=0
# cleaned=0
# scan_time=1387
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9d9f09f06984c24880abb360111d925c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-11-09 03:56:55
# local_time=2011-11-08 10:56:55 (-0500, Eastern Standard Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777213 100 75 3814935 21188629 0 0
# compatibility_mode=5893 16776573 100 94 0 72348635 0 0
# compatibility_mode=8192 67108863 100 0 4073547 4073547 0 0
# scanned=189684
# found=3
# cleaned=0
# scan_time=5828
C:\Install\winzip\winzip155.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
pey321
Regular Member
 
Posts: 20
Joined: November 1st, 2011, 8:13 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 334 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware