TechSpot

Firefox redirect virus

By menka
Jul 27, 2012
  1. Hello I noticed for the last few weeks that a laptop of mine seems to have been infected with a redirect virus, Malware malbytes and Windows security does not seem to find it and it only redirects for firefox. Internet explorer does not seem to be infected from it at the moment.

    Malware Malbytes log:
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.07.27.08
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19272
    owner :: PATRICE [administrator]
    7/27/2012 2:03:03 PM
    mbam-log-2012-07-27 (14-03-03).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 174588
    Time elapsed: 6 minute(s), 40 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  2. menka

    menka TS Member Topic Starter Posts: 38

    GMER

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-27 14:57:52
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 FUJITSU_MHY2200BH rev.0000000B
    Running: q4wvdxs7.exe; Driver: C:\Users\owner\AppData\Local\Temp\pwddapob.sys

    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- Files - GMER 1.0.15 ----
    File C:\Windows\$NtUninstallKB13996$\1151938653 0 bytes
    File C:\Windows\$NtUninstallKB13996$\644157641 0 bytes
    File C:\Windows\$NtUninstallKB13996$\644157641\@ 2048 bytes
    File C:\Windows\$NtUninstallKB13996$\644157641\cfg.ini 40 bytes
    File C:\Windows\$NtUninstallKB13996$\644157641\Desktop.ini 4608 bytes
    File C:\Windows\$NtUninstallKB13996$\644157641\L 0 bytes
    File C:\Windows\$NtUninstallKB13996$\644157641\L\qnbwvoto 72192 bytes
    File C:\Windows\$NtUninstallKB13996$\644157641\U 0 bytes
    ---- EOF - GMER 1.0.15 ----
     
  3. menka

    menka TS Member Topic Starter Posts: 38

    DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19272
    Run by owner at 15:02:57 on 2012-07-27
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\owner\Desktop\dds.scr
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Skytel] Skytel.exe
    mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{D22A6BB4-CBD6-4AF5-BB9E-1F26A3CF7A55} : DhcpNameServer = 10.0.0.1
    Notify: igfxcui - igfxdev.dll
    Notify: VESWinlogon - VESWinlogon.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\z98tq3ua.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm021YYus&ptb=7CAA6F56-1A0C-4103-BEFF-850B4FAFA4DF&psa=&ind=2011072417&ptnrS=YJxdm021YYus&si=52901&st=kwd&n=77de87a1&searchfor=
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? gupdate;Google Update Service (gupdate)
    R? gupdatem;Google Update Service (gupdatem)
    R? MozillaMaintenance;Mozilla Maintenance Service
    R? NisDrv;Microsoft Network Inspection System
    R? NisSrv;Microsoft Network Inspection
    R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
    S? AdobeARMservice;Adobe Acrobat Update Service
    S? FontCache;Windows Font Cache Service
    S? MpFilter;Microsoft Malware Protection Driver
    S? SFEP;Sony Firmware Extension Parser
    .
    =============== Created Last 30 ================
    .
    2012-07-27 18:58:14 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9553ea17-0294-4e72-a022-90227f5fa54d}\mpengine.dll
    2012-07-24 19:15:23 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-07-20 23:09:58 -------- d-----w- c:\users\owner\appdata\local\Macromedia
    2012-07-13 01:29:48 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 21:13:24 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2012-07-11 21:13:20 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 21:13:19 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 21:13:17 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-11 21:13:16 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-07-11 21:13:16 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-06 18:17:21 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1e58bd07-5581-4a77-a9c1-14e4902ec243}\gapaengine.dll
    2012-07-06 18:03:42 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
    2012-07-06 18:03:41 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2012-07-06 18:03:41 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2012-07-06 18:03:41 117728 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
    2012-07-06 18:03:40 913888 ----a-w- c:\program files\mozilla firefox\firefox.exe
    2012-07-06 18:03:40 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
    2012-07-06 18:03:39 258528 ----a-w- c:\program files\mozilla firefox\freebl3.dll
    2012-07-06 18:03:36 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
    2012-07-06 18:03:35 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
    2012-07-02 17:22:02 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-07-02 17:20:46 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-07-02 17:19:52 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-07-02 17:19:51 33792 ----a-w- c:\windows\system32\wuapp.exe
    .
    ==================== Find3M ====================
    .
    2012-07-15 07:18:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-15 07:18:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-15 06:37:49 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 06:32:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-05-15 06:32:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-15 06:31:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2012-05-15 06:31:43 71680 ----a-w- c:\windows\system32\iesetup.dll
    2012-05-15 05:01:56 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-15 03:26:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-05-15 03:23:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-07-24 20:28:03 161744 ----a-w- c:\program files\u4res.dll
    .
    ============= FINISH: 15:03:30.72 ===============
     
  4. menka

    menka TS Member Topic Starter Posts: 38

    DDS attach

    .
    ==== Installed Programs ======================
    .
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Apple Application Support
    Apple Software Update
    CCleaner
    D3DX10
    DriverAgent by eSupport.com
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    Java(TM) 6 Update 24
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office Word Viewer 2003
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    PowerDVD
    QuickTime
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Segoe UI
    Setting Utility Series
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VAIO Control Center
    VAIO Event Service
    VAIO Launcher
    VAIO Power Management
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    Yahoo! Messenger
    Yahoo! Software Update
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  6. menka

    menka TS Member Topic Starter Posts: 38

    Thank you so much for your help.
    It did not seem to find anything.

    TDDSKiller

    19:46:34.0758 5916 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    19:46:35.0085 5916 ============================================================
    19:46:35.0085 5916 Current date / time: 2012/07/27 19:46:35.0085
    19:46:35.0085 5916 SystemInfo:
    19:46:35.0085 5916
    19:46:35.0085 5916 OS Version: 6.0.6002 ServicePack: 2.0
    19:46:35.0085 5916 Product type: Workstation
    19:46:35.0085 5916 ComputerName: PATRICE
    19:46:35.0085 5916 UserName: owner
    19:46:35.0085 5916 Windows directory: C:\Windows
    19:46:35.0085 5916 System windows directory: C:\Windows
    19:46:35.0085 5916 Processor architecture: Intel x86
    19:46:35.0085 5916 Number of processors: 2
    19:46:35.0085 5916 Page size: 0x1000
    19:46:35.0085 5916 Boot type: Normal boot
    19:46:35.0085 5916 ============================================================
    19:46:37.0956 5916 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    19:46:37.0956 5916 ============================================================
    19:46:37.0956 5916 \Device\Harddisk0\DR0:
    19:46:37.0987 5916 MBR partitions:
    19:46:37.0987 5916 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFD3000, BlocksNum 0x164CB800
    19:46:37.0987 5916 ============================================================
    19:46:38.0080 5916 C: <-> \Device\Harddisk0\DR0\Partition0
    19:46:38.0080 5916 ============================================================
    19:46:38.0080 5916 Initialize success
    19:46:38.0080 5916 ============================================================
    19:46:45.0490 4576 ============================================================
    19:46:45.0490 4576 Scan started
    19:46:45.0490 4576 Mode: Manual;
    19:46:45.0490 4576 ============================================================
    19:46:48.0423 4576 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    19:46:48.0439 4576 ACPI - ok
    19:46:48.0829 4576 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    19:46:48.0829 4576 AdobeARMservice - ok
    19:46:49.0874 4576 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    19:46:49.0890 4576 adp94xx - ok
    19:46:50.0560 4576 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    19:46:50.0670 4576 adpahci - ok
    19:46:50.0701 4576 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    19:46:50.0701 4576 adpu160m - ok
    19:46:50.0872 4576 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    19:46:50.0872 4576 adpu320 - ok
    19:46:50.0935 4576 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
    19:46:50.0950 4576 AeLookupSvc - ok
    19:46:51.0028 4576 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    19:46:51.0044 4576 AFD - ok
    19:46:51.0091 4576 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    19:46:51.0091 4576 agp440 - ok
    19:46:51.0138 4576 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    19:46:51.0138 4576 aic78xx - ok
    19:46:51.0481 4576 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
    19:46:51.0543 4576 ALG - ok
    19:46:51.0559 4576 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    19:46:51.0574 4576 aliide - ok
    19:46:51.0606 4576 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    19:46:51.0606 4576 amdagp - ok
    19:46:51.0699 4576 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    19:46:51.0762 4576 amdide - ok
    19:46:51.0793 4576 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    19:46:51.0793 4576 AmdK7 - ok
    19:46:51.0808 4576 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    19:46:51.0808 4576 AmdK8 - ok
    19:46:51.0886 4576 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
    19:46:51.0886 4576 Appinfo - ok
    19:46:51.0918 4576 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    19:46:51.0933 4576 arc - ok
    19:46:51.0996 4576 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    19:46:52.0011 4576 arcsas - ok
    19:46:52.0120 4576 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    19:46:52.0136 4576 AsyncMac - ok
    19:46:52.0245 4576 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    19:46:52.0245 4576 atapi - ok
    19:46:53.0478 4576 athr (7fa516fc81dd5931f389b56279a27a3e) C:\Windows\system32\DRIVERS\athr.sys
    19:46:53.0524 4576 athr - ok
    19:46:53.0946 4576 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    19:46:53.0961 4576 AudioEndpointBuilder - ok
    19:46:53.0977 4576 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    19:46:53.0992 4576 Audiosrv - ok
    19:46:54.0055 4576 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    19:46:54.0055 4576 Beep - ok
    19:46:54.0492 4576 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
    19:46:54.0538 4576 BFE - ok
    19:46:55.0131 4576 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
    19:46:55.0194 4576 BITS - ok
    19:46:55.0209 4576 blbdrive - ok
    19:46:55.0490 4576 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    19:46:55.0584 4576 bowser - ok
    19:46:55.0615 4576 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    19:46:55.0615 4576 BrFiltLo - ok
    19:46:55.0630 4576 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    19:46:55.0630 4576 BrFiltUp - ok
    19:46:55.0942 4576 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
    19:46:55.0942 4576 Browser - ok
    19:46:56.0005 4576 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    19:46:56.0005 4576 Brserid - ok
    19:46:56.0083 4576 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    19:46:56.0083 4576 BrSerWdm - ok
    19:46:56.0114 4576 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    19:46:56.0114 4576 BrUsbMdm - ok
    19:46:56.0145 4576 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    19:46:56.0145 4576 BrUsbSer - ok
    19:46:56.0161 4576 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    19:46:56.0161 4576 BTHMODEM - ok
    19:46:56.0239 4576 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    19:46:56.0270 4576 cdfs - ok
    19:46:56.0317 4576 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    19:46:56.0317 4576 cdrom - ok
    19:46:56.0504 4576 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    19:46:56.0582 4576 CertPropSvc - ok
    19:46:56.0613 4576 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    19:46:56.0629 4576 circlass - ok
    19:46:56.0941 4576 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    19:46:56.0956 4576 CLFS - ok
    19:46:57.0097 4576 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:46:57.0097 4576 clr_optimization_v2.0.50727_32 - ok
    19:46:57.0487 4576 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:46:57.0502 4576 clr_optimization_v4.0.30319_32 - ok
    19:46:57.0596 4576 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    19:46:57.0596 4576 CmBatt - ok
    19:46:57.0658 4576 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    19:46:57.0658 4576 cmdide - ok
    19:46:57.0736 4576 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    19:46:57.0752 4576 Compbatt - ok
    19:46:57.0752 4576 COMSysApp - ok
    19:46:57.0814 4576 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    19:46:57.0814 4576 crcdisk - ok
    19:46:57.0830 4576 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    19:46:57.0955 4576 Crusoe - ok
    19:46:58.0095 4576 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
    19:46:58.0360 4576 CryptSvc - ok
    19:46:59.0000 4576 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    19:46:59.0031 4576 DcomLaunch - ok
    19:46:59.0062 4576 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    19:46:59.0062 4576 DfsC - ok
    19:47:00.0560 4576 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
    19:47:00.0654 4576 DFSR - ok
    19:47:01.0402 4576 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
    19:47:01.0418 4576 Dhcp - ok
    19:47:01.0558 4576 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    19:47:01.0574 4576 disk - ok
    19:47:01.0605 4576 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
    19:47:01.0605 4576 DMICall - ok
    19:47:01.0652 4576 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
    19:47:01.0652 4576 Dnscache - ok
    19:47:01.0870 4576 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
    19:47:01.0870 4576 dot3svc - ok
    19:47:01.0948 4576 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
    19:47:01.0964 4576 DPS - ok
    19:47:01.0980 4576 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    19:47:01.0980 4576 drmkaud - ok
    19:47:02.0120 4576 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    19:47:02.0182 4576 DXGKrnl - ok
    19:47:02.0229 4576 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    19:47:02.0260 4576 E1G60 - ok
    19:47:02.0307 4576 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
    19:47:02.0323 4576 EapHost - ok
    19:47:02.0448 4576 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    19:47:02.0448 4576 Ecache - ok
    19:47:02.0728 4576 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
    19:47:02.0744 4576 ehRecvr - ok
    19:47:02.0806 4576 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
    19:47:02.0806 4576 ehSched - ok
    19:47:02.0822 4576 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
    19:47:02.0822 4576 ehstart - ok
    19:47:02.0916 4576 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    19:47:02.0931 4576 elxstor - ok
    19:47:03.0072 4576 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
    19:47:03.0103 4576 EMDMgmt - ok
    19:47:03.0212 4576 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
    19:47:03.0212 4576 EventSystem - ok
    19:47:03.0321 4576 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    19:47:03.0321 4576 exfat - ok
    19:47:03.0384 4576 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    19:47:03.0384 4576 fastfat - ok
    19:47:03.0430 4576 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    19:47:03.0430 4576 fdc - ok
    19:47:03.0493 4576 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
    19:47:03.0493 4576 fdPHost - ok
    19:47:03.0524 4576 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
    19:47:03.0524 4576 FDResPub - ok
    19:47:03.0540 4576 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    19:47:03.0540 4576 FileInfo - ok
    19:47:03.0571 4576 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    19:47:03.0571 4576 Filetrace - ok
    19:47:03.0602 4576 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    19:47:03.0602 4576 flpydisk - ok
    19:47:03.0664 4576 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    19:47:03.0680 4576 FltMgr - ok
    19:47:03.0852 4576 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
    19:47:03.0883 4576 FontCache - ok
    19:47:03.0945 4576 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    19:47:03.0961 4576 FontCache3.0.0.0 - ok
    19:47:03.0976 4576 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
    19:47:03.0992 4576 Fs_Rec - ok
    19:47:04.0023 4576 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    19:47:04.0023 4576 gagp30kx - ok
    19:47:04.0179 4576 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
    19:47:04.0210 4576 gpsvc - ok
    19:47:04.0351 4576 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    19:47:04.0351 4576 gupdate - ok
    19:47:04.0366 4576 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    19:47:04.0366 4576 gupdatem - ok
    19:47:04.0460 4576 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
    19:47:04.0460 4576 HdAudAddService - ok
    19:47:04.0569 4576 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    19:47:04.0585 4576 HDAudBus - ok
    19:47:04.0616 4576 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    19:47:04.0616 4576 HidBth - ok
    19:47:04.0632 4576 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    19:47:04.0647 4576 HidIr - ok
    19:47:04.0663 4576 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
    19:47:04.0663 4576 hidserv - ok
    19:47:04.0694 4576 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
    19:47:04.0694 4576 HidUsb - ok
    19:47:04.0741 4576 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
    19:47:04.0756 4576 hkmsvc - ok
    19:47:04.0772 4576 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    19:47:04.0772 4576 HpCISSs - ok
    19:47:04.0850 4576 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    19:47:04.0866 4576 HSFHWAZL - ok
    19:47:05.0022 4576 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    19:47:05.0068 4576 HSF_DPV - ok
    19:47:05.0162 4576 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    19:47:05.0193 4576 HTTP - ok
    19:47:05.0256 4576 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    19:47:05.0256 4576 i2omp - ok
    19:47:05.0334 4576 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    19:47:05.0334 4576 i8042prt - ok
    19:47:05.0412 4576 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    19:47:05.0412 4576 iaStorV - ok
    19:47:05.0614 4576 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    19:47:05.0646 4576 idsvc - ok
    19:47:05.0989 4576 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
    19:47:06.0067 4576 igfx - ok
    19:47:06.0254 4576 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    19:47:06.0254 4576 iirsp - ok
    19:47:06.0379 4576 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
    19:47:06.0394 4576 IKEEXT - ok
    19:47:06.0706 4576 IntcAzAudAddService (6f62bafe6150f3952f877051c65786fe) C:\Windows\system32\drivers\RTKVHDA.sys
    19:47:06.0769 4576 IntcAzAudAddService - ok
    19:47:06.0894 4576 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    19:47:06.0894 4576 intelide - ok
    19:47:06.0940 4576 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    19:47:06.0956 4576 intelppm - ok
    19:47:07.0018 4576 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
    19:47:07.0018 4576 IPBusEnum - ok
    19:47:07.0034 4576 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:47:07.0034 4576 IpFilterDriver - ok
    19:47:07.0112 4576 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
    19:47:07.0112 4576 iphlpsvc - ok
    19:47:07.0128 4576 IpInIp - ok
    19:47:07.0174 4576 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    19:47:07.0174 4576 IPMIDRV - ok
    19:47:07.0206 4576 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    19:47:07.0206 4576 IPNAT - ok
    19:47:07.0237 4576 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    19:47:07.0237 4576 IRENUM - ok
    19:47:07.0268 4576 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    19:47:07.0268 4576 isapnp - ok
    19:47:07.0362 4576 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    19:47:07.0377 4576 iScsiPrt - ok
    19:47:07.0393 4576 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    19:47:07.0393 4576 iteatapi - ok
    19:47:07.0424 4576 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    19:47:07.0424 4576 iteraid - ok
    19:47:07.0471 4576 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    19:47:07.0486 4576 kbdclass - ok
    19:47:07.0502 4576 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
    19:47:07.0502 4576 kbdhid - ok
    19:47:07.0533 4576 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    19:47:07.0549 4576 KeyIso - ok
    19:47:08.0095 4576 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
    19:47:08.0095 4576 KSecDD - ok
    19:47:08.0344 4576 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
    19:47:08.0376 4576 KtmRm - ok
    19:47:08.0500 4576 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
    19:47:08.0500 4576 LanmanServer - ok
    19:47:08.0625 4576 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
    19:47:08.0641 4576 LanmanWorkstation - ok
    19:47:08.0734 4576 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    19:47:08.0734 4576 lltdio - ok
    19:47:08.0797 4576 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
    19:47:08.0828 4576 lltdsvc - ok
    19:47:08.0875 4576 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
    19:47:08.0875 4576 lmhosts - ok
    19:47:09.0093 4576 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    19:47:09.0093 4576 LSI_FC - ok
    19:47:09.0140 4576 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    19:47:09.0140 4576 LSI_SAS - ok
    19:47:09.0218 4576 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    19:47:09.0234 4576 LSI_SCSI - ok
    19:47:09.0280 4576 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    19:47:09.0296 4576 luafv - ok
    19:47:09.0327 4576 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
    19:47:09.0327 4576 Mcx2Svc - ok
    19:47:09.0358 4576 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    19:47:09.0358 4576 megasas - ok
    19:47:09.0405 4576 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    19:47:09.0421 4576 MMCSS - ok
    19:47:09.0436 4576 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    19:47:09.0436 4576 Modem - ok
    19:47:09.0483 4576 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    19:47:09.0483 4576 monitor - ok
    19:47:09.0577 4576 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    19:47:09.0592 4576 mouclass - ok
    19:47:09.0639 4576 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
    19:47:09.0639 4576 mouhid - ok
    19:47:09.0686 4576 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    19:47:09.0702 4576 MountMgr - ok
    19:47:09.0920 4576 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    19:47:09.0936 4576 MozillaMaintenance - ok
    19:47:10.0029 4576 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
    19:47:10.0045 4576 MpFilter - ok
    19:47:10.0107 4576 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    19:47:10.0107 4576 mpio - ok
    19:47:10.0341 4576 MpKsl4e255874 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ABEF799A-51B3-4752-B153-2D7B6EC76F8E}\MpKsl4e255874.sys
    19:47:10.0341 4576 MpKsl4e255874 - ok
    19:47:10.0497 4576 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    19:47:10.0544 4576 mpsdrv - ok
    19:47:11.0168 4576 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
    19:47:11.0199 4576 MpsSvc - ok
    19:47:11.0246 4576 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    19:47:11.0246 4576 Mraid35x - ok
    19:47:11.0340 4576 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    19:47:11.0340 4576 MRxDAV - ok
    19:47:11.0605 4576 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:47:11.0683 4576 mrxsmb - ok
    19:47:11.0792 4576 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:47:11.0823 4576 mrxsmb10 - ok
    19:47:11.0854 4576 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:47:11.0854 4576 mrxsmb20 - ok
    19:47:11.0932 4576 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
    19:47:11.0932 4576 msahci - ok
    19:47:11.0979 4576 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    19:47:11.0995 4576 msdsm - ok
    19:47:12.0166 4576 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
    19:47:12.0166 4576 MSDTC - ok
    19:47:12.0213 4576 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    19:47:12.0213 4576 Msfs - ok
    19:47:12.0244 4576 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    19:47:12.0244 4576 msisadrv - ok
    19:47:12.0307 4576 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
    19:47:12.0322 4576 MSiSCSI - ok
    19:47:12.0322 4576 msiserver - ok
    19:47:12.0369 4576 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    19:47:12.0369 4576 MSKSSRV - ok
    19:47:12.0588 4576 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
    19:47:12.0603 4576 MsMpSvc - ok
    19:47:12.0806 4576 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    19:47:12.0853 4576 MSPCLOCK - ok
    19:47:12.0868 4576 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    19:47:12.0868 4576 MSPQM - ok
    19:47:13.0165 4576 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    19:47:13.0180 4576 MsRPC - ok
    19:47:13.0227 4576 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    19:47:13.0227 4576 mssmbios - ok
    19:47:13.0274 4576 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    19:47:13.0274 4576 MSTEE - ok
    19:47:13.0368 4576 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    19:47:13.0368 4576 Mup - ok
    19:47:13.0898 4576 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
    19:47:13.0945 4576 napagent - ok
    19:47:14.0194 4576 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    19:47:14.0210 4576 NativeWifiP - ok
    19:47:14.0350 4576 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    19:47:14.0382 4576 NDIS - ok
    19:47:14.0428 4576 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    19:47:14.0428 4576 NdisTapi - ok
    19:47:14.0444 4576 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    19:47:14.0444 4576 Ndisuio - ok
    19:47:15.0006 4576 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    19:47:15.0068 4576 NdisWan - ok
    19:47:15.0177 4576 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    19:47:15.0177 4576 NDProxy - ok
    19:47:15.0318 4576 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    19:47:15.0333 4576 NetBIOS - ok
    19:47:15.0505 4576 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    19:47:15.0536 4576 netbt - ok
    19:47:15.0567 4576 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    19:47:15.0583 4576 Netlogon - ok
    19:47:16.0238 4576 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
    19:47:16.0254 4576 Netman - ok
    19:47:16.0472 4576 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
    19:47:16.0488 4576 netprofm - ok
    19:47:16.0800 4576 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    19:47:16.0815 4576 NetTcpPortSharing - ok
    19:47:16.0862 4576 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    19:47:16.0893 4576 nfrd960 - ok
    19:47:16.0956 4576 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    19:47:16.0956 4576 NisDrv - ok
    19:47:17.0268 4576 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
    19:47:17.0283 4576 NisSrv - ok
    19:47:17.0392 4576 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
    19:47:17.0408 4576 NlaSvc - ok
    19:47:17.0455 4576 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    19:47:17.0455 4576 Npfs - ok
    19:47:17.0486 4576 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
    19:47:17.0486 4576 nsi - ok
    19:47:17.0502 4576 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    19:47:17.0502 4576 nsiproxy - ok
    19:47:19.0202 4576 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    19:47:19.0264 4576 Ntfs - ok
    19:47:19.0296 4576 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    19:47:19.0296 4576 ntrigdigi - ok
    19:47:19.0358 4576 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    19:47:19.0405 4576 Null - ok
    19:47:19.0436 4576 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    19:47:19.0452 4576 nvraid - ok
    19:47:19.0483 4576 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    19:47:19.0483 4576 nvstor - ok
    19:47:19.0732 4576 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    19:47:19.0779 4576 nv_agp - ok
    19:47:19.0779 4576 NwlnkFlt - ok
    19:47:19.0795 4576 NwlnkFwd - ok
    19:47:19.0935 4576 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    19:47:19.0935 4576 ohci1394 - ok
    19:47:20.0185 4576 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    19:47:20.0216 4576 ose - ok
    19:47:20.0341 4576 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    19:47:20.0388 4576 p2pimsvc - ok
    19:47:20.0403 4576 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    19:47:20.0419 4576 p2psvc - ok
    19:47:20.0450 4576 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    19:47:20.0450 4576 Parport - ok
    19:47:20.0762 4576 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
    19:47:20.0762 4576 partmgr - ok
    19:47:20.0887 4576 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    19:47:20.0902 4576 Parvdm - ok
    19:47:20.0965 4576 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
    19:47:20.0980 4576 PcaSvc - ok
    19:47:21.0386 4576 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    19:47:21.0386 4576 pci - ok
    19:47:21.0417 4576 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    19:47:21.0417 4576 pciide - ok
    19:47:21.0589 4576 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
    19:47:21.0589 4576 pcmcia - ok
    19:47:22.0478 4576 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    19:47:22.0494 4576 PEAUTH - ok
    19:47:24.0334 4576 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
    19:47:24.0412 4576 pla - ok
    19:47:25.0520 4576 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
    19:47:25.0536 4576 PlugPlay - ok
    19:47:26.0425 4576 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    19:47:26.0440 4576 PNRPAutoReg - ok
    19:47:26.0472 4576 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    19:47:26.0487 4576 PNRPsvc - ok
    19:47:26.0628 4576 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
    19:47:26.0643 4576 PolicyAgent - ok
    19:47:26.0846 4576 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    19:47:26.0846 4576 PptpMiniport - ok
    19:47:27.0080 4576 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    19:47:27.0096 4576 Processor - ok
    19:47:27.0189 4576 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
    19:47:27.0220 4576 ProfSvc - ok
    19:47:27.0267 4576 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    19:47:27.0267 4576 ProtectedStorage - ok
    19:47:27.0345 4576 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    19:47:27.0345 4576 PSched - ok
    19:47:27.0688 4576 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    19:47:27.0782 4576 ql2300 - ok
    19:47:27.0860 4576 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    19:47:27.0876 4576 ql40xx - ok
    19:47:28.0032 4576 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
    19:47:28.0063 4576 QWAVE - ok
    19:47:28.0094 4576 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    19:47:28.0094 4576 QWAVEdrv - ok
    19:47:28.0110 4576 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    19:47:28.0125 4576 RasAcd - ok
    19:47:28.0156 4576 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
    19:47:28.0156 4576 RasAuto - ok
    19:47:28.0219 4576 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:47:28.0250 4576 Rasl2tp - ok
    19:47:28.0422 4576 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
    19:47:28.0437 4576 RasMan - ok
    19:47:28.0484 4576 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    19:47:28.0484 4576 RasPppoe - ok
    19:47:28.0578 4576 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    19:47:28.0578 4576 RasSstp - ok
    19:47:29.0155 4576 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    19:47:29.0170 4576 rdbss - ok
    19:47:29.0264 4576 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:47:29.0264 4576 RDPCDD - ok
    19:47:29.0404 4576 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    19:47:29.0404 4576 rdpdr - ok
    19:47:29.0420 4576 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    19:47:29.0420 4576 RDPENCDD - ok
    19:47:29.0716 4576 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
    19:47:29.0763 4576 RDPWD - ok
    19:47:29.0872 4576 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
    19:47:29.0888 4576 RemoteAccess - ok
    19:47:30.0044 4576 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
    19:47:30.0060 4576 RemoteRegistry - ok
    19:47:30.0091 4576 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
    19:47:30.0091 4576 RpcLocator - ok
    19:47:30.0450 4576 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    19:47:30.0465 4576 RpcSs - ok
    19:47:30.0543 4576 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    19:47:30.0543 4576 rspndr - ok
    19:47:30.0637 4576 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    19:47:30.0637 4576 SamSs - ok
    19:47:30.0918 4576 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    19:47:30.0933 4576 sbp2port - ok
    19:47:30.0980 4576 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
    19:47:31.0011 4576 SCardSvr - ok
    19:47:31.0464 4576 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
    19:47:31.0573 4576 Schedule - ok
    19:47:31.0698 4576 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    19:47:31.0698 4576 SCPolicySvc - ok
    19:47:32.0041 4576 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
    19:47:32.0088 4576 SDRSVC - ok
    19:47:32.0119 4576 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    19:47:32.0134 4576 secdrv - ok
    19:47:32.0181 4576 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
    19:47:32.0197 4576 seclogon - ok
    19:47:32.0244 4576 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
    19:47:32.0244 4576 SENS - ok
    19:47:32.0290 4576 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    19:47:32.0290 4576 Serenum - ok
    19:47:32.0322 4576 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    19:47:32.0322 4576 Serial - ok
    19:47:32.0353 4576 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    19:47:32.0353 4576 sermouse - ok
    19:47:32.0400 4576 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
    19:47:32.0415 4576 SessionEnv - ok
    19:47:32.0493 4576 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
    19:47:32.0493 4576 SFEP - ok
    19:47:32.0509 4576 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    19:47:32.0509 4576 sffdisk - ok
    19:47:32.0524 4576 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    19:47:32.0524 4576 sffp_mmc - ok
    19:47:32.0540 4576 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    19:47:32.0540 4576 sffp_sd - ok
    19:47:32.0556 4576 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    19:47:32.0571 4576 sfloppy - ok
    19:47:32.0883 4576 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
    19:47:32.0899 4576 SharedAccess - ok
    19:47:33.0258 4576 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
    19:47:33.0336 4576 ShellHWDetection - ok
    19:47:33.0382 4576 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    19:47:33.0382 4576 sisagp - ok
    19:47:33.0398 4576 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    19:47:33.0398 4576 SiSRaid2 - ok
    19:47:33.0429 4576 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    19:47:33.0445 4576 SiSRaid4 - ok
    19:47:35.0520 4576 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
    19:47:35.0660 4576 slsvc - ok
    19:47:36.0487 4576 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
    19:47:36.0502 4576 SLUINotify - ok
    19:47:36.0643 4576 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    19:47:36.0643 4576 Smb - ok
    19:47:36.0736 4576 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
    19:47:36.0752 4576 SNMPTRAP - ok
    19:47:36.0783 4576 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    19:47:36.0783 4576 spldr - ok
    19:47:37.0002 4576 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
    19:47:37.0033 4576 Spooler - ok
    19:47:37.0204 4576 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    19:47:37.0220 4576 srv - ok
    19:47:37.0282 4576 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    19:47:37.0282 4576 srv2 - ok
    19:47:37.0314 4576 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    19:47:37.0329 4576 srvnet - ok
    19:47:37.0407 4576 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
    19:47:37.0423 4576 SSDPSRV - ok
    19:47:37.0454 4576 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
    19:47:37.0470 4576 SstpSvc - ok
    19:47:37.0782 4576 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
    19:47:37.0813 4576 stisvc - ok
    19:47:37.0906 4576 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    19:47:37.0922 4576 swenum - ok
    19:47:38.0000 4576 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
    19:47:38.0031 4576 swprv - ok
    19:47:38.0078 4576 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    19:47:38.0078 4576 Symc8xx - ok
    19:47:38.0140 4576 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    19:47:38.0140 4576 Sym_hi - ok
    19:47:38.0156 4576 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    19:47:38.0156 4576 Sym_u3 - ok
    19:47:38.0281 4576 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
    19:47:38.0312 4576 SysMain - ok
    19:47:38.0343 4576 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
    19:47:38.0359 4576 TabletInputService - ok
    19:47:38.0437 4576 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
    19:47:38.0452 4576 TapiSrv - ok
    19:47:38.0515 4576 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
    19:47:38.0530 4576 TBS - ok
    19:47:38.0718 4576 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
    19:47:38.0749 4576 Tcpip - ok
    19:47:38.0780 4576 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
    19:47:38.0796 4576 Tcpip6 - ok
    19:47:38.0842 4576 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
    19:47:38.0842 4576 tcpipreg - ok
    19:47:38.0858 4576 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    19:47:38.0858 4576 TDPIPE - ok
    19:47:38.0874 4576 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    19:47:38.0874 4576 TDTCP - ok
    19:47:38.0920 4576 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    19:47:38.0920 4576 tdx - ok
    19:47:38.0936 4576 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    19:47:38.0952 4576 TermDD - ok
    19:47:39.0061 4576 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
    19:47:39.0076 4576 TermService - ok
    19:47:39.0154 4576 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
    19:47:39.0170 4576 Themes - ok
    19:47:39.0217 4576 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    19:47:39.0232 4576 THREADORDER - ok
    19:47:39.0295 4576 tifm21 (28b7f973c36d157a7885b1ae42a4a2a9) C:\Windows\system32\drivers\tifm21.sys
    19:47:39.0310 4576 tifm21 - ok
    19:47:39.0373 4576 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
    19:47:39.0388 4576 TrkWks - ok
    19:47:39.0482 4576 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
    19:47:39.0482 4576 TrustedInstaller - ok
    19:47:39.0513 4576 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:47:39.0513 4576 tssecsrv - ok
    19:47:39.0560 4576 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    19:47:39.0576 4576 tunmp - ok
    19:47:39.0591 4576 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    19:47:39.0591 4576 tunnel - ok
    19:47:39.0638 4576 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    19:47:39.0638 4576 uagp35 - ok
    19:47:39.0685 4576 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    19:47:39.0700 4576 udfs - ok
    19:47:39.0732 4576 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
    19:47:39.0747 4576 UI0Detect - ok
    19:47:39.0763 4576 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    19:47:39.0778 4576 uliagpkx - ok
    19:47:39.0825 4576 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    19:47:39.0841 4576 uliahci - ok
    19:47:39.0856 4576 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    19:47:39.0872 4576 UlSata - ok
    19:47:39.0903 4576 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    19:47:39.0919 4576 ulsata2 - ok
    19:47:39.0966 4576 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    19:47:39.0966 4576 umbus - ok
    19:47:40.0044 4576 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
    19:47:40.0059 4576 upnphost - ok
    19:47:40.0090 4576 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
    19:47:40.0090 4576 usbccgp - ok
    19:47:40.0106 4576 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    19:47:40.0122 4576 usbcir - ok
    19:47:40.0184 4576 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    19:47:40.0184 4576 usbehci - ok
    19:47:40.0262 4576 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    19:47:40.0262 4576 usbhub - ok
    19:47:40.0293 4576 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    19:47:40.0293 4576 usbohci - ok
    19:47:40.0309 4576 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    19:47:40.0309 4576 usbprint - ok
    19:47:40.0371 4576 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:47:40.0371 4576 USBSTOR - ok
    19:47:40.0418 4576 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    19:47:40.0418 4576 usbuhci - ok
    19:47:40.0480 4576 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
    19:47:40.0496 4576 UxSms - ok
    19:47:40.0621 4576 VAIO Event Service (8a9f18adad471402236ca931553bf79b) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    19:47:40.0636 4576 VAIO Event Service - ok
    19:47:40.0730 4576 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
    19:47:40.0761 4576 vds - ok
    19:47:40.0792 4576 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    19:47:40.0792 4576 vga - ok
    19:47:40.0855 4576 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    19:47:40.0855 4576 VgaSave - ok
    19:47:40.0870 4576 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    19:47:40.0870 4576 viaagp - ok
    19:47:40.0902 4576 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    19:47:40.0902 4576 ViaC7 - ok
    19:47:40.0917 4576 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    19:47:40.0917 4576 viaide - ok
    19:47:40.0964 4576 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    19:47:40.0980 4576 volmgr - ok
    19:47:41.0073 4576 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    19:47:41.0073 4576 volmgrx - ok
    19:47:41.0136 4576 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    19:47:41.0136 4576 volsnap - ok
    19:47:41.0182 4576 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    19:47:41.0198 4576 vsmraid - ok
    19:47:41.0354 4576 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
    19:47:41.0401 4576 VSS - ok
    19:47:41.0463 4576 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
    19:47:41.0494 4576 W32Time - ok
    19:47:41.0588 4576 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    19:47:41.0588 4576 WacomPen - ok
    19:47:41.0650 4576 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    19:47:41.0650 4576 Wanarp - ok
    19:47:41.0650 4576 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    19:47:41.0650 4576 Wanarpv6 - ok
    19:47:41.0760 4576 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
    19:47:41.0791 4576 wcncsvc - ok
    19:47:41.0838 4576 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
    19:47:41.0838 4576 WcsPlugInService - ok
    19:47:41.0869 4576 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    19:47:41.0884 4576 Wd - ok
    19:47:41.0994 4576 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    19:47:42.0009 4576 Wdf01000 - ok
    19:47:42.0025 4576 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    19:47:42.0040 4576 WdiServiceHost - ok
    19:47:42.0040 4576 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    19:47:42.0056 4576 WdiSystemHost - ok
    19:47:42.0118 4576 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
    19:47:42.0134 4576 WebClient - ok
    19:47:42.0196 4576 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
    19:47:42.0212 4576 Wecsvc - ok
    19:47:42.0243 4576 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
    19:47:42.0243 4576 wercplsupport - ok
    19:47:42.0306 4576 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
    19:47:42.0321 4576 WerSvc - ok
    19:47:42.0430 4576 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    19:47:42.0462 4576 winachsf - ok
    19:47:42.0586 4576 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
    19:47:42.0602 4576 WinDefend - ok
    19:47:42.0618 4576 WinHttpAutoProxySvc - ok
    19:47:43.0148 4576 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
    19:47:43.0195 4576 Winmgmt - ok
    19:47:44.0349 4576 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
    19:47:44.0427 4576 WinRM - ok
    19:47:44.0802 4576 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
    19:47:44.0833 4576 Wlansvc - ok
    19:47:47.0594 4576 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    19:47:47.0688 4576 wlidsvc - ok
    19:47:49.0388 4576 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    19:47:49.0388 4576 WmiAcpi - ok
    19:47:49.0840 4576 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
    19:47:49.0840 4576 wmiApSrv - ok
    19:47:53.0647 4576 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
    19:47:53.0740 4576 WMPNetworkSvc - ok
    19:47:53.0943 4576 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
    19:47:53.0959 4576 WPCSvc - ok
    19:47:54.0224 4576 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
    19:47:54.0224 4576 WPDBusEnum - ok
    19:47:54.0333 4576 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    19:47:54.0349 4576 WpdUsb - ok
    19:47:54.0942 4576 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    19:47:54.0973 4576 WPFFontCache_v0400 - ok
    19:47:55.0035 4576 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    19:47:55.0051 4576 ws2ifsl - ok
    19:47:55.0191 4576 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
    19:47:55.0207 4576 wscsvc - ok
    19:47:55.0222 4576 WSearch - ok
    19:47:56.0330 4576 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
    19:47:56.0424 4576 wuauserv - ok
    19:47:56.0970 4576 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:47:56.0970 4576 WUDFRd - ok
    19:47:57.0001 4576 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
    19:47:57.0016 4576 wudfsvc - ok
    19:47:57.0313 4576 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    19:47:57.0391 4576 YahooAUService - ok
    19:47:57.0453 4576 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
    19:47:57.0453 4576 yukonwlh - ok
    19:47:57.0484 4576 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    19:47:59.0403 4576 \Device\Harddisk0\DR0 - ok
    19:47:59.0434 4576 Boot (0x1200) (3caa35899355d60e9cffcd62ae8e8613) \Device\Harddisk0\DR0\Partition0
    19:47:59.0450 4576 \Device\Harddisk0\DR0\Partition0 - ok
    19:47:59.0450 4576 ============================================================
    19:47:59.0450 4576 Scan finished
    19:47:59.0450 4576 ============================================================
    19:47:59.0481 4116 Detected object count: 0
    19:47:59.0481 4116 Actual detected object count: 0
     
  7. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  8. menka

    menka TS Member Topic Starter Posts: 38

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User: owner [Admin rights]
    Mode: Scan -- Date: 07/27/2012 20:26:54
    ¤¤¤ Bad processes: 0 ¤¤¤
    ¤¤¤ Registry Entries: 3 ¤¤¤
    [BLACKLIST DLL] HKUS\S-1-5-21-1114184814-3568446412-1611862538-1000_Classes[...]\Run : Apple Computer (rundll32.exe "C:\Users\owner\AppData\Local\eSupport.com\Apple Computer\pedswf.dll",DllRegisterServer) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver: [LOADED] ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost
    ::1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: FUJITSU MHY2200BH ATA Device +++++
    --- User ---
    [MBR] c87639a984bd2837c364bd86fc65eb46
    [BSP] f7e53bf228211653b105a85dc238cc1a : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 8101 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16592896 | Size: 182679 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  9. menka

    menka TS Member Topic Starter Posts: 38

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-27 20:34:42
    -----------------------------
    20:34:42.423 OS Version: Windows 6.0.6002 Service Pack 2
    20:34:42.423 Number of processors: 2 586 0xF0D
    20:34:42.438 ComputerName: PATRICE UserName: owner
    20:34:45.340 Initialize success
    20:36:50.960 AVAST engine defs: 12072701
    20:37:01.147 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
    20:37:01.147 Disk 0 Vendor: FUJITSU_MHY2200BH 0000000B Size: 190782MB BusType: 3
    20:37:01.256 Disk 0 MBR read successfully
    20:37:01.272 Disk 0 MBR scan
    20:37:01.287 Disk 0 Windows VISTA default MBR code
    20:37:01.381 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8101 MB offset 2048
    20:37:01.475 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 182679 MB offset 16592896
    20:37:01.599 Disk 0 scanning sectors +390719488
    20:37:02.255 Disk 0 scanning C:\Windows\system32\drivers
    20:38:35.402 Service scanning
    20:38:58.178 Service MpKsl4e255874 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ABEF799A-51B3-4752-B153-2D7B6EC76F8E}\MpKsl4e255874.sys **LOCKED** 32
    20:39:35.571 Modules scanning
    20:40:57.487 Disk 0 trace - called modules:
    20:40:57.596 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys dxgkrnl.sys igdkmd32.sys
    20:40:57.612 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85809ac8]
    20:40:57.627 3 CLASSPNP.SYS[885ac8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x8560c030]
    20:40:58.907 AVAST engine scan C:\Windows
    20:42:05.019 AVAST engine scan C:\Windows\system32
    20:55:30.338 AVAST engine scan C:\Windows\system32\drivers
    20:56:10.134 AVAST engine scan C:\Users\owner
    20:58:33.763 AVAST engine scan C:\ProgramData
    20:59:42.138 Scan finished successfully
    21:19:21.311 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
    21:19:21.326 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"
     
  10. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. menka

    menka TS Member Topic Starter Posts: 38

    ComboFix 12-07-27.03 - owner 07/27/2012 23:04:40.1.2 - x86
    Running from: c:\users\owner\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\GuffinsEI
    c:\programdata\081223t8l868t851j382f3dxi1w3
    c:\windows\$NtUninstallKB13996$
    c:\windows\$NtUninstallKB13996$\1151938653
    c:\windows\$NtUninstallKB13996$\644157641\@
    c:\windows\$NtUninstallKB13996$\644157641\cfg.ini
    c:\windows\$NtUninstallKB13996$\644157641\Desktop.ini
    c:\windows\$NtUninstallKB13996$\644157641\L\qnbwvoto
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-28 03:14 . 2012-07-28 03:14 -------- d-----w- c:\users\owner\AppData\Local\temp
    2012-07-28 03:14 . 2012-07-28 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-27 19:07 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ABEF799A-51B3-4752-B153-2D7B6EC76F8E}\mpengine.dll
    2012-07-24 19:15 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-20 23:09 . 2012-07-20 23:09 -------- d-----w- c:\users\owner\AppData\Local\Macromedia
    2012-07-13 01:29 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 21:13 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2012-07-11 21:13 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 21:13 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 21:13 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-11 21:13 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-07-11 21:13 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-06 18:17 . 2012-06-10 20:59 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E58BD07-5581-4A77-A9C1-14E4902EC243}\gapaengine.dll
    2012-07-06 18:03 . 2012-07-06 18:03 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
    2012-07-06 18:03 . 2012-07-06 18:03 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2012-07-06 18:03 . 2012-07-06 18:03 85472 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2012-07-06 18:03 . 2012-07-06 18:03 117728 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
    2012-07-06 18:03 . 2012-07-06 18:03 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
    2012-07-06 18:03 . 2012-07-06 18:03 913888 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
    2012-07-06 18:03 . 2012-07-06 18:03 258528 ----a-w- c:\program files\Mozilla Firefox\freebl3.dll
    2012-07-06 18:03 . 2012-07-06 18:03 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
    2012-07-06 18:03 . 2012-07-06 18:03 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
    2012-07-02 17:22 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-07-02 17:22 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-07-02 17:22 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-07-02 17:22 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-07-02 17:20 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
    2012-07-02 17:20 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-07-02 17:20 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-07-02 17:19 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-07-02 17:19 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-15 07:18 . 2012-03-31 05:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-15 07:18 . 2011-07-27 21:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-03 17:46 . 2012-06-23 19:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-10 20:59 . 2011-07-19 01:05 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-05-15 06:37 . 2012-06-17 22:54 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 06:32 . 2012-06-17 22:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-05-15 06:32 . 2012-06-17 22:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-15 06:31 . 2012-06-17 22:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2012-05-15 06:31 . 2012-06-17 22:53 71680 ----a-w- c:\windows\system32\iesetup.dll
    2012-05-15 05:01 . 2012-06-17 22:53 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-15 03:26 . 2012-06-17 22:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-05-15 03:23 . 2012-06-17 22:53 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2012-05-08 16:40 . 2012-06-08 22:35 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{588A5A61-6563-4B84-B342-84F5E591B0E5}\mpengine.dll
    2012-05-01 14:03 . 2012-06-17 22:53 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-07-24 20:28 . 2011-07-25 07:33 161744 ----a-w- c:\program files\u4res.dll
    2012-07-06 18:03 . 2012-07-06 18:03 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4669440]
    "Skytel"="Skytel.exe" [2008-01-08 1826816]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2007-08-15 00:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\35289884.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-10 08:42]
    .
    2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-10 08:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    TCP: DhcpNameServer = 10.0.0.1
    FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\z98tq3ua.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm021YYus&ptb=7CAA6F56-1A0C-4103-BEFF-850B4FAFA4DF&psa=&ind=2011072417&ptnrS=YJxdm021YYus&si=52901&st=kwd&n=77de87a1&searchfor=
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-27 23:14
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-07-27 23:18:42
    ComboFix-quarantined-files.txt 2012-07-28 03:18
    .
    Pre-Run: 139,465,957,376 bytes free
    Post-Run: 139,280,535,552 bytes free
    .
    - - End Of File - - ACD7D3C21BA7F3B7C300CBB5FEE493BD
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Looks good :)

    How is computer doing?

    =============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. menka

    menka TS Member Topic Starter Posts: 38

    Sadly I just checked firefox and the redirect is still happening. IE continues not to be infected by it, it also been the browser I been using lately so would that make a difference?
    OTL logfile created on: 7/27/2012 11:51:54 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\owner\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19272)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 52.00% Memory free
    4.22 Gb Paging File | 3.33 Gb Available in Paging File | 79.04% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 178.40 Gb Total Space | 129.36 Gb Free Space | 72.51% Space Free | Partition Type: NTFS

    Computer Name: PATRICE | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/27 23:50:41 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2007/10/31 13:13:44 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    PRC - [2007/08/14 20:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    PRC - [2007/08/14 20:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/07/06 14:03:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/08/14 20:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\owner\AppData\Local\Temp\mbr.sys -- (mbr)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\owner\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2009/06/19 16:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
    DRV - [2008/08/18 06:15:48 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2008/05/28 14:28:32 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
    DRV - [2007/09/19 13:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/myweb...52901&st=sb&n=77de87a1&searchfor={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1114184814-3568446412-1611862538-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-1114184814-3568446412-1611862538-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1114184814-3568446412-1611862538-1000\..\SearchScopes,DefaultScope = {D776BC87-28A7-43A7-897D-E66B2F553CB7}
    IE - HKU\S-1-5-21-1114184814-3568446412-1611862538-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1114184814-3568446412-1611862538-1000\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/myweb...52901&st=sb&n=77de87a1&searchfor={searchTerms}
    IE - HKU\S-1-5-21-1114184814-3568446412-1611862538-1000\..\SearchScopes\{D776BC87-28A7-43A7-897D-E66B2F553CB7}: "URL" = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
    IE - HKU\S-1-5-21-1114184814-3568446412-1611862538-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/Ser...z&scc=1&ltmpl=default&ltmplcache=2&from=login"
    FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/myweb...m021YYus&si=52901&st=kwd&n=77de87a1&searchfor="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/06 14:03:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/17 16:49:13 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/06 14:03:42 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/17 16:49:13 | 000,000,000 | ---D | M]

    [2011/03/28 01:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
    [2012/06/03 00:10:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\z98tq3ua.default\extensions
    [2012/05/25 18:54:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\z98tq3ua.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/07/24 18:47:31 | 000,009,980 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\z98tq3ua.default\searchplugins\Guffins.xml
    [2011/03/27 23:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2008/01/18 21:49:14 | 000,004,813 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z98TQ3UA.DEFAULT\EXTENSIONS\NZHSLNUILN@NZHSLNUILN.ORG.XPI
    [2012/07/06 14:03:41 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/07/06 14:03:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/07/06 14:03:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/07/27 23:14:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1114184814-3568446412-1611862538-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1114184814-3568446412-1611862538-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D22A6BB4-CBD6-4AF5-BB9E-1F26A3CF7A55}: DhcpNameServer = 10.0.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
    O24 - Desktop WallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/27 23:50:26 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
    [2012/07/27 23:18:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/27 23:18:46 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\temp
    [2012/07/27 22:52:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/27 22:52:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/27 22:52:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/27 22:52:22 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/07/27 22:52:16 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/27 22:51:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/27 22:49:27 | 004,719,842 | R--- | C] (Swearware) -- C:\Users\owner\Desktop\ComboFix.exe
    [2012/07/27 20:25:19 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\RK_Quarantine
    [2012/07/27 20:18:59 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\owner\Desktop\aswMBR.exe
    [2012/07/27 19:45:37 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\tdsskiller
    [2012/07/27 13:49:49 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\owner\Desktop\dds.scr
    [2012/07/20 19:09:58 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Macromedia

    ========== Files - Modified Within 30 Days ==========

    [2012/07/27 23:50:41 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
    [2012/07/27 23:14:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/07/27 23:09:47 | 000,606,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/07/27 23:09:47 | 000,105,238 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/07/27 23:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/27 23:02:42 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/27 23:02:41 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/27 23:02:36 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/27 23:02:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/27 23:02:18 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/27 22:50:26 | 004,719,842 | R--- | M] (Swearware) -- C:\Users\owner\Desktop\ComboFix.exe
    [2012/07/27 21:19:21 | 000,000,512 | ---- | M] () -- C:\Users\owner\Desktop\MBR.dat
    [2012/07/27 20:19:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\owner\Desktop\aswMBR.exe
    [2012/07/27 20:17:10 | 001,552,384 | ---- | M] () -- C:\Users\owner\Desktop\RogueKiller.exe
    [2012/07/27 13:50:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\owner\Desktop\dds.scr
    [2012/07/27 13:49:06 | 000,302,592 | ---- | M] () -- C:\Users\owner\Desktop\q4wvdxs7.exe
    [2012/07/24 16:27:55 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/12 21:49:15 | 000,247,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/07/02 14:35:56 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

    ========== Files Created - No Company Name ==========

    [2012/07/27 22:52:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/27 22:52:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/27 22:52:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/27 22:52:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/27 22:52:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/27 21:19:21 | 000,000,512 | ---- | C] () -- C:\Users\owner\Desktop\MBR.dat
    [2012/07/27 20:17:01 | 001,552,384 | ---- | C] () -- C:\Users\owner\Desktop\RogueKiller.exe
    [2012/07/27 13:48:57 | 000,302,592 | ---- | C] () -- C:\Users\owner\Desktop\q4wvdxs7.exe
    [2011/12/23 02:59:50 | 000,010,256 | -HS- | C] () -- C:\Users\owner\AppData\Local\081223t8l868t851j382f3dxi1w3
    [2011/07/31 14:01:07 | 000,003,584 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/25 03:33:12 | 000,161,744 | ---- | C] () -- C:\Program Files\u4res.dll
    [2011/03/27 12:50:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2011/03/27 12:50:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011/03/27 02:53:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2011/03/26 12:47:10 | 000,006,648 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat

    ========== LOP Check ==========

    [2011/03/27 02:11:54 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\OpenOffice.org
    [2011/03/26 23:08:32 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Thunderbird
    [2012/07/27 23:01:26 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
     
  14. menka

    menka TS Member Topic Starter Posts: 38

    OTL Extras logfile created on: 7/27/2012 11:51:54 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\owner\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19272)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 52.00% Memory free
    4.22 Gb Paging File | 3.33 Gb Available in Paging File | 79.04% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 178.40 Gb Total Space | 129.36 Gb Free Space | 72.51% Space Free | Partition Type: NTFS

    Computer Name: PATRICE | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0A975435-2B37-43B7-BD44-023D05D0D197}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{91864B7A-2CFB-44ED-8A07-CF3D915F629E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{4B4B5700-DA29-4AA0-A3E1-D0F1E1B214DA}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{7170A629-6461-4601-9B88-985A7B6C354E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{ADBDED45-3921-42C3-BFDD-BAC679F05D5F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{C6E0ED2E-1012-4E58-9D3D-6D0A62BDAC91}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{F3E66518-3A31-416A-9547-93EAD2AB6669}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
    "{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B54B8CD3-E12B-4C29-AF5A-2101E2FF5F53}" = TIPCI
    "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "CCleaner" = CCleaner
    "DriverAgent.exe" = DriverAgent by eSupport.com
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "InstallShield_{B54B8CD3-E12B-4C29-AF5A-2101E2FF5F53}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "WinLiveSuite" = Windows Live Essentials
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/21/2012 1:35:56 PM | Computer Name = Patrice | Source = Windows Search Service | ID = 3031
    Description =

    Error - 7/22/2012 12:31:32 PM | Computer Name = Patrice | Source = Windows Search Service | ID = 9000
    Description =

    Error - 7/22/2012 12:31:33 PM | Computer Name = Patrice | Source = Windows Search Service | ID = 9002
    Description =

    Error - 7/22/2012 12:31:33 PM | Computer Name = Patrice | Source = Windows Search Service | ID = 3029
    Description =

    Error - 7/22/2012 12:31:34 PM | Computer Name = Patrice | Source = Windows Search Service | ID = 3029
    Description =

    Error - 7/22/2012 12:31:34 PM | Computer Name = Patrice | Source = Windows Search Service | ID = 3028
    Description =

    Error - 7/22/2012 12:31:34 PM | Computer Name = Patrice | Source = Windows Search Service | ID = 3058
    Description =

    Error - 7/23/2012 1:42:56 AM | Computer Name = Patrice | Source = Windows Search Service | ID = 3013
    Description =

    Error - 7/27/2012 2:15:09 PM | Computer Name = Patrice | Source = Application Error | ID = 1000
    Description = Faulting application q4wvdxs7.exe, version 1.0.15.15641, time stamp
    0x4e21f2b1, faulting module q4wvdxs7.exe, version 1.0.15.15641, time stamp 0x4e21f2b1,
    exception code 0xc0000005, fault offset 0x0000c676, process id 0x173c, application
    start time 0x01cd6c234df10108.

    Error - 7/27/2012 2:20:14 PM | Computer Name = Patrice | Source = Perflib | ID = 1010
    Description =

    [ System Events ]
    Error - 7/23/2012 12:48:20 AM | Computer Name = Patrice | Source = Service Control Manager | ID = 7000
    Description =

    Error - 7/24/2012 3:05:24 PM | Computer Name = Patrice | Source = Service Control Manager | ID = 7000
    Description =

    Error - 7/26/2012 6:06:46 PM | Computer Name = Patrice | Source = Service Control Manager | ID = 7000
    Description =

    Error - 7/27/2012 1:41:10 PM | Computer Name = Patrice | Source = Service Control Manager | ID = 7000
    Description =

    Error - 7/27/2012 2:17:20 PM | Computer Name = Patrice | Source = Dhcp | ID = 1002
    Description = The IP address lease 10.0.0.3 for the Network Card with network address
    001DD977F63F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
    DHCPNACK message).

    Error - 7/27/2012 10:53:50 PM | Computer Name = Patrice | Source = Service Control Manager | ID = 7030
    Description =

    Error - 7/27/2012 11:04:02 PM | Computer Name = Patrice | Source = Service Control Manager | ID = 7000
    Description =

    Error - 7/27/2012 11:04:02 PM | Computer Name = Patrice | Source = Service Control Manager | ID = 7030
    Description =

    Error - 7/27/2012 11:09:31 PM | Computer Name = Patrice | Source = Service Control Manager | ID = 7030
    Description =

    Error - 7/27/2012 11:14:10 PM | Computer Name = Patrice | Source = Service Control Manager | ID = 7030
    Description =


    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 52,911   +344

  16. menka

    menka TS Member Topic Starter Posts: 38

    Reinstalling helped it no longer redirects now! Thanks so much for that what other steps are left now?
     
  17. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Good :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKLM\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/myweb...52901&st=sb&n=77de87a1&searchfor={searchTerms}
      IE - HKU\S-1-5-21-1114184814-3568446412-1611862538-1000\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/myweb...52901&st=sb&n=77de87a1&searchfor={searchTerms}
      FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/myweb...m021YYus&si=52901&st=kwd&n=77de87a1&searchfor="
      [2008/01/18 21:49:14 | 000,004,813 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z98TQ3UA.DEFAULT\EXTENSIONS\NZHSLNUILN@NZHSLNUILN.ORG.XPI
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ============================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. menka

    menka TS Member Topic Starter Posts: 38

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1114184814-3568446412-1611862538-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}\ not found.
    Prefs.js: "http://search.mywebsearch.com/myweb...m021YYus&si=52901&st=kwd&n=77de87a1&searchfor=" removed from keyword.URL
    C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z98TQ3UA.DEFAULT\EXTENSIONS\NZHSLNUILN@NZHSLNUILN.ORG.XPI moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: owner
    ->Temp folder emptied: 32660 bytes
    ->Temporary Internet Files folder emptied: 11468126 bytes
    ->Java cache emptied: 730532 bytes
    ->FireFox cache emptied: 68786918 bytes
    ->Flash cache emptied: 506 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 12144 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 77.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: owner
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: owner
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.55.0 log created on 07282012_134403
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  19. menka

    menka TS Member Topic Starter Posts: 38

    Results of screen317's Security Check version 0.99.43
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    CCleaner
    Java(TM) 6 Update 24
    Java version out of Date!
    Adobe Flash Player 11.3.300.265
    Adobe Reader X (10.1.3)
    Mozilla Firefox (14.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1 %
    ````````````````````End of Log``````````````````````
     
  20. menka

    menka TS Member Topic Starter Posts: 38

    Farbar Service Scanner Version: 26-07-2012
    Ran by owner (administrator) on 28-07-2012 at 14:02:55
    Running from "C:\Users\owner\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  21. menka

    menka TS Member Topic Starter Posts: 38

    C:\_OTL\MovedFiles\07282012_134403\C_USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z98TQ3UA.DEFAULT\EXTENSIONS\nzhslnuiln@nzhslnuiln.org.xpi JS/Redirector.NCA trojan deleted - quarantined
     
  22. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =======================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  23. menka

    menka TS Member Topic Starter Posts: 38

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: owner
    ->Temp folder emptied: 90126 bytes
    ->Temporary Internet Files folder emptied: 2621685 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 11126069 bytes
    ->Flash cache emptied: 506 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2336 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 13.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: owner
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: owner
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    System Restore Service not available.

    OTL by OldTimer - Version 3.2.55.0 log created on 07282012_162030
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  24. menka

    menka TS Member Topic Starter Posts: 38

    Thank you so much for your help everything seems to be working fine on my end.
     
  25. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Yes!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...