Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect problem


  • This topic is locked This topic is locked
3 replies to this topic

#1 shaymus1968

shaymus1968

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 17 October 2010 - 06:17 AM

Everytime I try to use google or yahoo search, it redirects to a different page. The only time I can use the search is if I copy and paste the URL of the website. Can someone tell me how to fix this ? I have tried numerous malware proggys with no avail.

OTL logfile created on: 10/17/2010 8:09:38 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Shay\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 377.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 8.22 Gb Free Space | 11.03% Space Free | Partition Type: NTFS

Computer Name: SHAY-PC | User Name: Shay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/17 08:08:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Shay\Desktop\OTL.exe
PRC - [2010/10/11 22:47:10 | 001,357,464 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/10/11 22:47:10 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/09/17 10:22:24 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/17 10:22:24 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/02/11 15:36:12 | 000,300,400 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 02:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) -- C:\Windows\UnsignedThemesSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/10/17 08:08:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Shay\Desktop\OTL.exe
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/11 22:47:10 | 001,357,464 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/02/11 15:36:12 | 000,300,400 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/13 02:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\CFRMD.sys -- (CFRMD)
DRV - [2010/10/11 22:47:14 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/08/12 08:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/12 08:15:19 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/11/08 23:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/11/04 03:59:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV - [2009/10/16 08:24:58 | 001,183,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 02:07:46 | 000,025,448 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\uxpatch.sys -- (uxpatch)
DRV - [2009/01/30 09:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/05 15:41:58 | 000,164,480 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2008/03/05 15:41:58 | 000,149,000 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV - [2008/03/05 15:41:58 | 000,024,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/03/05 15:41:48 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctnullport.sys -- (Nmea)
DRV - [2006/11/20 19:49:56 | 000,806,320 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2006/11/17 18:22:00 | 000,181,176 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/15 18:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 13:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/02/15 19:26:00 | 001,153,728 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/08/11 15:49:28 | 000,393,088 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/09/14 15:55:44 | 000,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MidiSyn.sys -- (MidiSyn)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/intl/en/options/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-19026157-515340557-2366644744-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/intl/en/options/
IE - HKU\S-1-5-21-19026157-515340557-2366644744-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/intl/en/options/
IE - HKU\S-1-5-21-19026157-515340557-2366644744-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-19026157-515340557-2366644744-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-19026157-515340557-2366644744-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 F7 06 DE 6C AE CA 01 [binary data]
IE - HKU\S-1-5-21-19026157-515340557-2366644744-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com
IE - HKU\S-1-5-21-19026157-515340557-2366644744-1000\Software\Microsoft\Internet Explorer\SearchURL\AV, = http://www.altavista.com/sites/search/web?q=%s
IE - HKU\S-1-5-21-19026157-515340557-2366644744-1000\Software\Microsoft\Internet Explorer\SearchURL\FM, = http://www.filemirrors.com/search.src?file=%s
IE - HKU\S-1-5-21-19026157-515340557-2366644744-1000\Software\Microsoft\Internet Explorer\SearchURL\GGL, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-21-19026157-515340557-2366644744-1000\Software\Microsoft\Internet Explorer\SearchURL\MSKB, = http://support.microsoft.com/?kbid=%s
IE - HKU\S-1-5-21-19026157-515340557-2366644744-1000\Software\Microsoft\Internet Explorer\SearchURL\MSN, = http://search.msn.com/results.asp?q=%s
IE - HKU\S-1-5-21-19026157-515340557-2366644744-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-19026157-515340557-2366644744-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

IE - HKU\S-1-5-21-19026157-515340557-2366644744-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google Maps"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: support@platinumhideip.com:1.0
FF - prefs.js..extensions.enabledItems: {2c088200-b973-11db-8314-0800200c9a66}:1.7.1
FF - prefs.js..extensions.enabledItems: djziggy@gmail.com:1.2.0
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..keyword.URL: "http://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-80-0-ur87&q="
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/11 14:49:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/24 04:26:10 | 000,000,000 | ---D | M]

[2010/02/15 14:52:19 | 000,000,000 | ---D | M] -- C:\Users\Shay\AppData\Roaming\Mozilla\Extensions
[2010/10/17 05:49:21 | 000,000,000 | ---D | M] -- C:\Users\Shay\AppData\Roaming\Mozilla\Firefox\Profiles\a6rcxm0a.default\extensions
[2010/04/08 02:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shay\AppData\Roaming\Mozilla\Firefox\Profiles\a6rcxm0a.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010/02/15 16:08:16 | 000,000,000 | ---D | M] (Harley Davidson) -- C:\Users\Shay\AppData\Roaming\Mozilla\Firefox\Profiles\a6rcxm0a.default\extensions\{2c088200-b973-11db-8314-0800200c9a66}
[2010/02/15 16:44:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Shay\AppData\Roaming\Mozilla\Firefox\Profiles\a6rcxm0a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/08 01:13:46 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Shay\AppData\Roaming\Mozilla\Firefox\Profiles\a6rcxm0a.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/02/27 12:26:35 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Shay\AppData\Roaming\Mozilla\Firefox\Profiles\a6rcxm0a.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/09/12 08:53:20 | 000,000,000 | ---D | M] -- C:\Users\Shay\AppData\Roaming\Mozilla\Firefox\Profiles\a6rcxm0a.default\extensions\bejeweledblitz3cheat@thecybershadow.net
[2010/09/08 01:13:43 | 000,000,000 | ---D | M] -- C:\Users\Shay\AppData\Roaming\Mozilla\Firefox\Profiles\a6rcxm0a.default\extensions\djziggy@gmail.com
[2010/02/27 12:26:35 | 000,000,000 | ---D | M] -- C:\Users\Shay\AppData\Roaming\Mozilla\Firefox\Profiles\a6rcxm0a.default\extensions\noia2_option@kk.noia
[2010/09/29 18:39:15 | 000,000,000 | ---D | M] -- C:\Users\Shay\AppData\Roaming\Mozilla\Firefox\Profiles\a6rcxm0a.default\extensions\support@platinumhideip.com
[2010/02/15 16:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shay\AppData\Roaming\Mozilla\Firefox\Profiles\a6rcxm0a.default\extensions\{2c088200-b973-11db-8314-0800200c9a66}\mozapps\extensions
[2010/03/03 21:59:54 | 000,001,836 | ---- | M] () -- C:\Users\Shay\AppData\Roaming\Mozilla\Firefox\Profiles\a6rcxm0a.default\searchplugins\bing-ff.xml
[2010/10/12 22:55:17 | 000,005,551 | ---- | M] () -- C:\Users\Shay\AppData\Roaming\Mozilla\Firefox\Profiles\a6rcxm0a.default\searchplugins\google-maps.xml
[2010/03/22 08:56:46 | 000,001,504 | ---- | M] () -- C:\Users\Shay\AppData\Roaming\Mozilla\Firefox\Profiles\a6rcxm0a.default\searchplugins\imdb.xml
[2010/09/21 20:13:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/14 10:50:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/21 20:15:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/11 15:38:46 | 000,421,796 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 14542 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-19026157-515340557-2366644744-1000\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\System32\ExplorerFrame.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-19026157-515340557-2366644744-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-19026157-515340557-2366644744-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O7 - HKU\S-1-5-21-19026157-515340557-2366644744-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-19026157-515340557-2366644744-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-19026157-515340557-2366644744-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-19026157-515340557-2366644744-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-19026157-515340557-2366644744-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-21-19026157-515340557-2366644744-500\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-19026157-515340557-2366644744-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (%windir%\Resources\Logon\logonui.exe) - C:\Windows\Resources\Logon\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Users\Shay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Users\Shay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d1750d8f-6ced-11df-944c-806e6f6e6963}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/17 08:08:48 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Shay\Desktop\OTL.exe
[2010/10/16 09:05:29 | 002,687,320 | ---- | C] (Adobe Systems, Copyright 2005-2007) -- C:\Users\Shay\Desktop\Setup.exe
[2010/10/11 22:47:18 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/10/11 22:47:15 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/10/11 07:56:00 | 133,582,520 | ---- | C] (Lavasoft ) -- C:\Users\Shay\Desktop\Ad-AwareInstall.exe
[2010/10/11 07:52:51 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Shay\Desktop\spybotsd162.exe
[2010/10/10 19:03:20 | 002,826,240 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Shay\Desktop\amtlib.dll
[2010/10/10 19:02:50 | 023,900,160 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Shay\Desktop\Photoshop.exe
[2010/10/03 22:24:31 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Roaming\ComodoGroup
[2010/10/03 22:17:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/10/03 22:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/10/03 07:35:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/03 07:35:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/03 07:35:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/03 07:35:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/03 07:35:08 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/10/03 07:34:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/03 07:33:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/29 18:36:06 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Roaming\PlatinumHideIP
[2010/09/29 18:36:06 | 000,000,000 | ---D | C] -- C:\ProgramData\PlatinumHideIP
[2010/09/29 18:31:09 | 000,000,000 | ---D | C] -- C:\Users\Shay\Desktop\Patch
[2010/09/23 05:09:37 | 000,000,000 | ---D | C] -- C:\Users\Shay\Desktop\Config
[2010/09/22 05:58:29 | 000,000,000 | ---D | C] -- C:\Users\Shay\Desktop\Day.And.Night
[2010/09/20 20:11:56 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Roaming\DMCache
[2010/09/20 15:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Yawcam
[2010/09/19 09:46:05 | 000,000,000 | ---D | C] -- C:\ExamView
[2010/09/18 08:32:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/09/18 08:25:37 | 000,000,000 | ---D | C] -- C:\Users\Shay\AppData\Local\Sunbelt Software
[2010/09/18 08:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/09/18 08:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/09/18 08:01:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/17 10:35:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/02/15 16:00:59 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Shay\AppData\Roaming\pcouffin.sys
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/17 08:11:50 | 000,133,632 | ---- | M] () -- C:\Users\Shay\Desktop\RKUnhookerLE.EXE
[2010/10/17 08:08:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Shay\Desktop\OTL.exe
[2010/10/17 05:38:08 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/10/17 05:35:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/17 05:35:43 | 804,757,504 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/16 09:05:32 | 002,687,320 | ---- | M] (Adobe Systems, Copyright 2005-2007) -- C:\Users\Shay\Desktop\Setup.exe
[2010/10/13 22:09:14 | 000,674,902 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2010/10/13 22:09:14 | 000,129,026 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2010/10/13 22:09:13 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/13 22:09:12 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/13 22:02:15 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\COMODO System Cleaner Update.job
[2010/10/11 22:47:14 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/10/11 22:39:34 | 000,001,124 | ---- | M] () -- C:\Users\Shay\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/11 22:39:34 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/10/11 15:38:46 | 000,421,796 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/11 14:49:46 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/10/11 07:58:52 | 133,582,520 | ---- | M] (Lavasoft ) -- C:\Users\Shay\Desktop\Ad-AwareInstall.exe
[2010/10/11 07:55:15 | 000,001,236 | ---- | M] () -- C:\Users\Shay\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/11 07:55:15 | 000,001,212 | ---- | M] () -- C:\Users\Shay\Desktop\Spybot - Search & Destroy.lnk
[2010/10/11 07:53:10 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Shay\Desktop\spybotsd162.exe
[2010/10/08 22:19:18 | 019,657,194 | ---- | M] () -- C:\Users\Shay\Documents\vlc-1.1.4-win32.exe
[2010/10/03 22:01:35 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\COMODO System - Cleaner.lnk
[2010/10/03 21:59:35 | 010,446,944 | ---- | M] () -- C:\Users\Shay\Desktop\CSC_Setup_2.2.335611.5_xp_vista_server2003_win7.exe
[2010/10/03 15:52:48 | 000,021,840 | ---- | M] () -- C:\Users\Shay\Desktop\fi.sh
[2010/10/03 08:04:17 | 000,525,824 | ---- | M] () -- C:\Users\Shay\Desktop\dds.com
[2010/09/22 05:51:02 | 000,001,041 | ---- | M] () -- C:\Users\Shay\AppData\Roaming\vso_ts_preview.xml
[2010/09/20 22:34:16 | 000,389,479 | ---- | M] () -- C:\Users\Shay\Documents\123.png
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/17 08:11:51 | 000,133,632 | ---- | C] () -- C:\Users\Shay\Desktop\RKUnhookerLE.EXE
[2010/10/16 07:05:21 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/10/12 04:30:52 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/10/11 22:39:34 | 000,001,124 | ---- | C] () -- C:\Users\Shay\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/11 22:39:34 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/10/11 14:49:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/03 22:01:52 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\COMODO System Cleaner Update.job
[2010/10/03 22:01:35 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\COMODO System - Cleaner.lnk
[2010/10/03 21:59:23 | 010,446,944 | ---- | C] () -- C:\Users\Shay\Desktop\CSC_Setup_2.2.335611.5_xp_vista_server2003_win7.exe
[2010/10/03 15:52:51 | 000,021,840 | ---- | C] () -- C:\Users\Shay\Desktop\fi.sh
[2010/10/03 08:04:20 | 000,525,824 | ---- | C] () -- C:\Users\Shay\Desktop\dds.com
[2010/10/03 07:35:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/03 07:35:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/03 07:35:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/03 07:35:33 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/03 07:35:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/20 22:34:13 | 000,389,479 | ---- | C] () -- C:\Users\Shay\Documents\123.png
[2010/08/17 16:58:52 | 000,007,605 | ---- | C] () -- C:\Users\Shay\AppData\Local\Resmon.ResmonCfg
[2010/05/04 07:57:20 | 000,000,000 | ---- | C] () -- C:\Users\Shay\AppData\Roaming\chrtmp
[2010/04/30 18:42:36 | 000,003,766 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/04/30 18:42:36 | 000,000,088 | RHS- | C] () -- C:\ProgramData\34FD1CD83C.sys
[2010/04/27 08:13:43 | 000,000,230 | ---- | C] () -- C:\Users\Shay\AppData\Local\LaunchHomeCenter.log
[2010/04/09 08:05:13 | 006,963,712 | ---- | C] () -- C:\Windows\System32\videotrans.dll
[2010/04/09 08:05:13 | 000,452,608 | ---- | C] () -- C:\Windows\System32\videoformat.dll
[2010/04/09 08:05:13 | 000,172,032 | ---- | C] () -- C:\Windows\System32\viscomgifenc.dll
[2010/04/09 08:05:13 | 000,159,744 | ---- | C] () -- C:\Windows\System32\viscomtran.dll
[2010/04/09 08:05:13 | 000,019,456 | ---- | C] () -- C:\Windows\System32\videocore.dll
[2010/04/09 08:05:12 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/04/09 08:05:12 | 000,154,624 | ---- | C] () -- C:\Windows\System32\imgscaler.dll
[2010/04/09 08:05:12 | 000,028,160 | ---- | C] () -- C:\Windows\System32\img_utils.dll
[2010/03/29 18:31:43 | 010,448,896 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/03/23 14:48:51 | 000,000,586 | ---- | C] () -- C:\Windows\System32\oeminfo.ini
[2010/03/15 11:54:04 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/03/14 20:10:31 | 000,000,338 | ---- | C] () -- C:\Users\Shay\AppData\Roaming\settings.dat
[2010/02/15 18:55:57 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2010/02/15 16:02:40 | 000,001,041 | ---- | C] () -- C:\Users\Shay\AppData\Roaming\vso_ts_preview.xml
[2010/02/15 16:01:50 | 000,000,033 | ---- | C] () -- C:\Users\Shay\AppData\Roaming\pcouffin.log
[2010/02/15 16:00:59 | 000,087,608 | ---- | C] () -- C:\Users\Shay\AppData\Roaming\inst.exe
[2010/02/15 16:00:59 | 000,007,887 | ---- | C] () -- C:\Users\Shay\AppData\Roaming\pcouffin.cat
[2010/02/15 16:00:59 | 000,001,144 | ---- | C] () -- C:\Users\Shay\AppData\Roaming\pcouffin.inf
[2010/02/15 15:12:26 | 000,027,240 | ---- | C] () -- C:\Users\Shay\AppData\Roaming\nvModes.001
[2010/02/15 14:42:25 | 000,027,240 | ---- | C] () -- C:\Users\Shay\AppData\Roaming\nvModes.dat
[2009/09/28 10:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 02:07:46 | 000,025,448 | ---- | C] () -- C:\Windows\System32\drivers\uxpatch.sys
[2009/04/27 17:52:28 | 009,869,368 | ---- | C] () -- C:\Users\Shay\AppData\Roaming\update_arch205.exe
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/03/05 15:41:58 | 000,024,840 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2006/03/09 14:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

< End of report >


OTL Extras logfile created on: 10/17/2010 8:09:38 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Shay\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 377.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 8.22 Gb Free Space | 11.03% Space Free | Partition Type: NTFS

Computer Name: SHAY-PC | User Name: Shay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\System32\regedit.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-19026157-515340557-2366644744-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-19026157-515340557-2366644744-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Notepad] -- Reg Error: Key error.
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{13EBF9E8-82FF-47D0-A324-534B79EF7F71}" = WordPerfect Office X5 - WT
"{17C5A285-F7B6-492B-8F3B-343D02B84D75}" = WordPerfect Office X5 - Common
"{19B4CD07-1919-4002-B28F-A5D2027026E0}" = WordPerfect Office X5 - IPM
"{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = Corel WordPerfect Office - iFilter
"{1F0D7D15-8A36-4AE4-8573-70BEA7DF379D}" = WordPerfect Office X5 - Migration Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1" = Loaris Trojan Remover 1.2
"{378BAC91-3AE8-45F0-90E4-4F81E3EAEBC5}" = WordPerfect Office X5 - PR
"{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages
"{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{64459BD5-3AE8-4689-B7B0-D57B667D8399}" = WordPerfect Office X5 - PerfectExperts EN
"{67ED9603-CB76-4338-B7B0-690FE144C4DA}" = WordPerfect Lightning
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C13C708-FF28-4991-84E6-5526A0EE677B}" = WordPerfect Office X5 - Oxford
"{6E4B1E42-A831-44B4-A705-D006F68560EC}" = WordPerfect Office X5 - Graphics
"{71D2F8EE-9D45-4D95-A6F6-F6433C2B94B5}" = WordPerfect Office X5 - System EN
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CEA4C7D0-ABBE-4074-A488-173BB382CDFF}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92B60B3B-7DF3-4BF7-8823-9F17A9EEA31E}" = WordPerfect Office X5
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
"{A6FD1334-FD75-4951-935D-08F8C7E4C6B0}" = WordPerfect Office X5 - Sharepoint
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
"{BEB3AD23-250E-4BD2-BBC9-27D4BB42DE07}" = COMODO System - Cleaner
"{C8310658-4019-4934-A7AC-AD1E35EDD8F5}" = CDRWIN 6.1
"{CD5C6C29-E6CB-4DF3-B45F-A04087B1C294}" = WordPerfect Office X5 - Templates
"{D4167D08-0F61-4F44-BC3F-26B4960745C4}" = WordPerfect Office X5 - Skins
"{D7643510-C1AE-44AD-B0F9-0665C4D73BFD}" = WordPerfect Office X5 - LegalTools
"{D99FD32F-2BC4-472C-8AAF-EB03C1E7CAB9}" = Tuning Mode for Harley-Davidson Delphi v477
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DAEDCD3D-B981-4F10-B17B-764753EDAF9F}" = WordPerfect Office X5 - QP
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5 - Setup Files
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E539B721-4458-4EFC-8BD0-04D4842051AE}" = Wordperfect Office X5 - EN
"{E67732DE-3387-4F1E-BDDA-2D0C08BC025B}" = WordPerfect Office X5 - Filters
"{EC61C6D9-159B-4B14-AAF3-AF33FCFA50DD}" = WordPerfect Office X5 - WP
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"BrowserBack Extension" = BrowserBack Extension
"CmdPromptHere Extension" = CmdPromptHere Extension
"DVDFab 6_is1" = DVDFab 6.2.0.5 (11/11/2009)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileExtToggle Extension" = FileExtToggle Extension
"HiddenFilesToggle Extension" = HiddenFilesToggle Extension
"ImgBurn" = ImgBurn
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Nero Lite 9.2.6.02.2" = Nero Lite 9.2.6.0 Build.2.2
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"Pretty Good Solitaire_is1" = Pretty Good Solitaire version 12.0.1
"SelectAll Extension" = SelectAll Extension
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR archiver
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Professional V5.51
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-19026157-515340557-2366644744-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/16/2010 2:05:53 AM | Computer Name = Shay-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
id: 0xbb0 Faulting application start time: 0x01cb6cd68e7fdc08 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 6e723ccc-d8eb-11df-978b-001641b31d3e

Error - 10/16/2010 2:31:53 AM | Computer Name = Shay-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
id: 0x70c Faulting application start time: 0x01cb6cf85d23f3ca Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 107cfdb5-d8ef-11df-978b-001641b31d3e

Error - 10/16/2010 7:16:16 AM | Computer Name = Shay-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
id: 0x424 Faulting application start time: 0x01cb6d21aafb9e5a Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: cabedc30-d916-11df-9835-001641b31d3e

Error - 10/16/2010 9:01:14 PM | Computer Name = Shay-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
id: 0x438 Faulting application start time: 0x01cb6d950ff2be74 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 096c4cb9-d98a-11df-a67a-001641b31d3e

Error - 10/16/2010 9:21:02 PM | Computer Name = Shay-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
id: 0x578 Faulting application start time: 0x01cb6d97119f8de9 Faulting application
path: C:\Windows\System32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: cdf4af30-d98c-11df-a67a-001641b31d3e

Error - 10/16/2010 10:00:49 PM | Computer Name = Shay-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
id: 0xdd4 Faulting application start time: 0x01cb6d99bebe3eb2 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 5c5dada0-d992-11df-a67a-001641b31d3e

Error - 10/16/2010 10:23:47 PM | Computer Name = Shay-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
id: 0x964 Faulting application start time: 0x01cb6d9f3176c1a4 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 91e02c74-d995-11df-a67a-001641b31d3e

Error - 10/16/2010 11:03:19 PM | Computer Name = Shay-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: Flash10d.ocx, version: 10.0.42.34, time
stamp: 0x4ae7baed Exception code: 0xc0000005 Fault offset: 0x00140a6a Faulting process
id: 0xfb0 Faulting application start time: 0x01cb6da28bc61060 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash10d.ocx
Report
Id: 17d964aa-d99b-11df-a67a-001641b31d3e

Error - 10/17/2010 6:00:52 AM | Computer Name = Shay-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdadb Exception code: 0xc0000374 Fault offset: 0x000c283b Faulting
process id: 0xad0 Faulting application start time: 0x01cb6ddee77315bc Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 6c41c04e-d9d5-11df-bc0d-001641b31d3e

Error - 10/17/2010 6:47:16 AM | Computer Name = Shay-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
id: 0x434 Faulting application start time: 0x01cb6ddeb5beaf72 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: e800bd5f-d9db-11df-bc0d-001641b31d3e

[ Media Center Events ]
Error - 6/23/2010 3:22:29 PM | Computer Name = Shay-PC | Source = MCUpdate | ID = 0
Description = 3:22:21 PM - Error connecting to the internet. 3:22:21 PM - Unable
to contact server..

Error - 6/26/2010 3:19:46 PM | Computer Name = Shay-PC | Source = MCUpdate | ID = 0
Description = 3:19:46 PM - Error connecting to the internet. 3:19:46 PM - Unable
to contact server..

Error - 6/26/2010 3:20:26 PM | Computer Name = Shay-PC | Source = MCUpdate | ID = 0
Description = 3:19:54 PM - Error connecting to the internet. 3:19:54 PM - Unable
to contact server..

Error - 6/30/2010 8:58:07 AM | Computer Name = Shay-PC | Source = MCUpdate | ID = 0
Description = 8:58:07 AM - Error connecting to the internet. 8:58:07 AM - Unable
to contact server..

Error - 6/30/2010 8:58:20 AM | Computer Name = Shay-PC | Source = MCUpdate | ID = 0
Description = 8:58:12 AM - Error connecting to the internet. 8:58:12 AM - Unable
to contact server..

Error - 6/30/2010 11:09:54 AM | Computer Name = Shay-PC | Source = MCUpdate | ID = 0
Description = 11:09:54 AM - Error connecting to the internet. 11:09:54 AM - Unable
to contact server..

Error - 6/30/2010 11:10:05 AM | Computer Name = Shay-PC | Source = MCUpdate | ID = 0
Description = 11:09:59 AM - Error connecting to the internet. 11:09:59 AM - Unable
to contact server..

Error - 6/30/2010 10:08:42 PM | Computer Name = Shay-PC | Source = MCUpdate | ID = 0
Description = 10:08:42 PM - Error connecting to the internet. 10:08:42 PM - Unable
to contact server..

Error - 6/30/2010 10:08:55 PM | Computer Name = Shay-PC | Source = MCUpdate | ID = 0
Description = 10:08:48 PM - Error connecting to the internet. 10:08:48 PM - Unable
to contact server..

Error - 7/8/2010 9:02:08 PM | Computer Name = Shay-PC | Source = MCUpdate | ID = 0
Description = 9:01:56 PM - Error connecting to the internet. 9:01:57 PM - Unable
to contact server..

[ System Events ]
Error - 10/17/2010 6:49:12 AM | Computer Name = Shay-PC | Source = Service Control Manager | ID = 7031
Description = The IP Helper service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 10/17/2010 6:49:12 AM | Computer Name = Shay-PC | Source = Service Control Manager | ID = 7031
Description = The Server service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 10/17/2010 6:49:13 AM | Computer Name = Shay-PC | Source = Service Control Manager | ID = 7031
Description = The User Profile Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 10/17/2010 6:49:13 AM | Computer Name = Shay-PC | Source = Service Control Manager | ID = 7031
Description = The Task Scheduler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/17/2010 6:49:13 AM | Computer Name = Shay-PC | Source = Service Control Manager | ID = 7031
Description = The Secondary Logon service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 10/17/2010 6:49:13 AM | Computer Name = Shay-PC | Source = Service Control Manager | ID = 7031
Description = The System Event Notification Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 10/17/2010 6:49:13 AM | Computer Name = Shay-PC | Source = Service Control Manager | ID = 7031
Description = The Shell Hardware Detection service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 10/17/2010 6:49:14 AM | Computer Name = Shay-PC | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 10/17/2010 6:49:14 AM | Computer Name = Shay-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 10/17/2010 6:51:14 AM | Computer Name = Shay-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056


< End of report >

RKu scan taking forever. I will post when finished.

Merged 2 posts. ~ OB

Edited by Orange Blossom, 17 October 2010 - 07:25 PM.


BC AdBot (Login to Remove)

 


#2 shaymus1968

shaymus1968
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 17 October 2010 - 09:46 AM

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #1
==============================================
>SSDT State
==============================================
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x855D1838 [348] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
0x8556A510 [476] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x862A0728 [484] C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd., Spybot-S&D Security Center integration)
0x86A72788 [540] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
0x86AE0380 [552] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x86B7E808 [592] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)
0x86B9A030 [600] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x86B98A70 [608] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
0x86BDCD40 [644] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
0x86C4F930 [772] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86C69930 [828] C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 179.67)
0x86C7F440 [864] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86B8D798 [880] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x86CC4530 [956] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86D694E0 [1036] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8609F030 [1120] C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC, Unsigned Themes Service)
0x860B9930 [1252] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x858ECA80 [1316] C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation, Sink to receive asynchronous callbacks for WMI client application)
0x860DDD40 [1344] C:\Windows\System32\rundll32.exe (Microsoft Corporation, Windows host process (Rundll32))
0x8542D030 [1428] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x858FC318 [1492] C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft, Ad-Aware Service Application)
0x85892518 [1564] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x861B8AD0 [1620] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8555F260 [1712] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x86205618 [1768] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8620B358 [1808] C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company, EKDiscovery Module for Kodak AiO Printers)
0x86220B38 [1840] C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc., PsiService PsiService)
0x86CB5668 [1880] C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc., SoundMAX service agent component)
0x86271030 [1976] C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc., AutoUpater Service Module)
0x86D24030 [2224] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86CDA030 [2300] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86D31030 [2316] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86D3B840 [2624] C:\Windows\System32\taskhost.exe (Microsoft Corporation, Host Process for Windows Tasks)
0x86CD9D40 [2704] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
0x860A6C30 [2824] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x86245030 [3032] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc., Synaptics TouchPad Enhancements)
0x84759370 [3068] C:\Windows\System32\rundll32.exe (Microsoft Corporation, Windows host process (Rundll32))
0x8479B030 [3084] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java™ Update Scheduler)
0x9AC11D40 [3120] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x847793E0 [3376] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)
0x86B03030 [3412] C:\Users\Shay\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
0x858771B8 [3712] C:\Windows\System32\notepad.exe (Microsoft Corporation, Notepad)
0x84760D40 [3748] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft, Ad-Aware Tray Application)
0x853CFC88 [3808] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86D1D030 [3820] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x86CD1030 [3848] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x853B9C20 [3868] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0x84532AF8 [4] System
==============================================
>Drivers
==============================================
0x8D428000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7544832 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 179.48 )
0x82A00000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82A00000 PnpManager 4259840 bytes
0x82A00000 RAW 4259840 bytes
0x82A00000 WMIxWDM 4259840 bytes
0x92D10000 Win32k 2400256 bytes
0x92D10000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x87208000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8BC13000 C:\Windows\system32\DRIVERS\RTL85n86.sys 1245184 bytes (Realtek Semiconductor Corporation , Realtek 8180/8185 Wireless Device)
0x86E32000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8CA89000 C:\Windows\system32\DRIVERS\AGRSM.sys 1155072 bytes (Agere Systems, SoftModem Device Driver)
0x8EA0A000 C:\Windows\System32\Drivers\BisonCam.sys 802816 bytes (Bison Electronics. Inc. , Universal Serial Bus Camera Driver)
0x8DC16000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8700F000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x83487000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9855B000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x98432000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83532000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8BD94000 C:\Windows\System32\Drivers\bthport.sys 409600 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x8B383000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8CA29000 C:\Windows\system32\drivers\senfilt.sys 393216 bytes (Sensaura, Sensaura WDM 3D Audio Driver)
0x86F9F000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8B231000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9AA3B000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x8BD43000 C:\Windows\system32\DRIVERS\yk62x86.sys 331776 bytes (-, -)
0x8C9AA000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8C877000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x836A4000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x835B1000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8EB55000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8DB5A000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x83445000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8B322000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8738B000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x870C6000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x98505000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8DCCD000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82E10000 ACPI_HAL 225280 bytes
0x82E10000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8C8D1000 C:\Windows\system32\drivers\smwdm.sys 225280 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0x8374F000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8C950000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x87139000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8B28B000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x87351000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8C908000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x873D2000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8CBB0000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x86F61000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8C833000 C:\Windows\system32\DRIVERS\SynTP.sys 176128 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8363B000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8C984000 C:\Windows\system32\drivers\aeaudio.sys 155648 bytes (Andrea Electronics Corporation, Audio Noise Filtering Driver)
0x8717C000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x87104000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8DBD5000 C:\Windows\system32\DRIVERS\rfcomm.sys 147456 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0x83723000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x984E2000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8DD67000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x98400000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8B20E000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x837A3000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x871D3000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8B2C4000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x92C60000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x8D40D000 C:\Windows\system32\DRIVERS\bthpan.sys 110592 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x8EAF1000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x98540000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8EB0C000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x984B7000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8C937000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8CBDC000 C:\Windows\system32\DRIVERS\sdbus.sys 102400 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8B3E7000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8C80E000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8DD44000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8DD89000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8DDA1000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8DDB8000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8360E000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x8EB2F000 C:\Windows\system32\drivers\MidiSyn.sys 90112 bytes (Analog Devices, Inc., SoundMAX Wavetable Synthesizer (WDM) )
0x83704000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x86E17000 C:\Windows\system32\drivers\SBREdrv.sys 90112 bytes (Sunbelt Software, Anti-Rootkit Engine)
0x8CA0E000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x86F8C000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8EBAB000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8B2F1000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8DD32000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8DD0A000 C:\Windows\system32\DRIVERS\amdk8.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x8DBC3000 C:\Windows\System32\Drivers\BTHUSB.sys 73728 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x984D0000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8716B000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8DBB2000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x83783000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8DC00000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x83670000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8342C000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8EB45000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x87129000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8EB9B000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8B304000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x83694000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x83794000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x8C8C2000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8B200000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8B2E3000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x83600000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x836F6000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x86E00000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8CA00000 C:\Windows\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)
0x8B314000 C:\Windows\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0x8EACE000 C:\Windows\System32\Drivers\STREAM.SYS 57344 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0x8DDE3000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x835A3000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8D400000 C:\Windows\system32\DRIVERS\BthEnum.sys 53248 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x8DD25000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x8DDF1000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8C826000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8CBA3000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8C860000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x98421000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x837C4000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8B377000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x87000000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x83689000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x8DB9E000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x83421000 C:\Windows\system32\mcupdate_AuthenticAMD.dll 45056 bytes (Microsoft Corporation, AMD Microcode Update Library)
0x8EAE6000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x837E9000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8DD5C000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x83625000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x83665000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x8EADC000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8B36D000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8B363000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8DDD7000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x985F2000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8C86D000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x83746000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x8371A000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8DBA9000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x86E0E000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9AA90000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x92F70000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8EB26000 C:\Windows\system32\drivers\uxpatch.sys 36864 bytes
0x87382000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8DD1C000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x83400000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8343D000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x83681000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x87200000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BD0000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x83409000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8DDCF000 C:\Windows\system32\DRIVERS\pctnullport.sys 32768 bytes (PCTEL Inc., Null-modem emulator)
0x837D1000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x837D9000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x837E1000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x873CA000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x871F9000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x871F2000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x836EF000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8B2BD000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8DD06000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9AA8C000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x8DDE1000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8C85E000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
!!!!!!!!!!!Hidden driver: 0x85245AEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x853C04C0 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0x8371A000 WARNING: suspicious driver modification [atapi.sys::0x85245AEA]
0x04B80000 Hidden Image-->Inkjet.Localization.dll [ EPROCESS 0x8620B358 ] PID: 1808, 143360 bytes
0x04BB0000 Hidden Image-->Inkjet.Hardware.dll [ EPROCESS 0x8620B358 ] PID: 1808, 176128 bytes
0x04B50000 Hidden Image-->Inkjet.Statistics.dll [ EPROCESS 0x8620B358 ] PID: 1808, 53248 bytes
0x05000000 Hidden Image-->Inkjet.DeviceSettings.dll [ EPROCESS 0x8620B358 ] PID: 1808, 61440 bytes
0x01AE0000 Hidden Image-->Inkjet.Diagnostics.dll [ EPROCESS 0x8620B358 ] PID: 1808, 69632 bytes
0x83670000 WARNING: Virus alike driver modification [partmgr.sys], 69632 bytes
0x01A80000 Hidden Image-->Inkjet.Automation.dll [ EPROCESS 0x8620B358 ] PID: 1808, 77824 bytes
0x04BE0000 Hidden Image-->Inkjet.Utilities.dll [ EPROCESS 0x8620B358 ] PID: 1808, 77824 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_887EF325.exe_cb29fb2ce9c129b36fd96fb9afb3cc94e4f4c6_05415f2c\Report.wer
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\0318EB13d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\05E56A15d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\076DD587d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\08634713d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\0AD7D5F1d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\0D402873d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\0EAF5C63d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\0FE93BCAd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\1199C96Ed01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\1235CDCFd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\13954B49d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\14BEED29d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\17E288B7d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\18A50E73d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\19CE68EDd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\1F86E10Dd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\2279C7C0d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\24D4363Cd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\27D9B6F7d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\2B98558Ed01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\33C92BCAd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\36DBA18Ad01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\37904F76d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\37A45045d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\3A052B9Ed01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\3DE3F8BAd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\449974F6d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\4677FE56d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\4947351Ad01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\4AFF0961d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\4CD2D968d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\4D506049d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\4EC0AB56d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\5087E166d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\51DE72C2d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\605D186Dd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\64C4D422d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\696912DAd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\6A998A79d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\6B69F94Fd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\6FE1BF72d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\7069EC6Cd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\72630E85d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\7343491Cd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\7577968Dd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\75D2F1D1d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\7D20C83Dd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\7E0010F1d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\8A637C55d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\8D2AAEE3d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\8DD1ED79d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\8E53542Cd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\91E43BFAd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\9675342Dd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\9B30376Cd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\9E251AF9d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\A01796A7d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\A20D95F7d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\A28C96C3d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\A2E3CBEBd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\A3AE122Cd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\A4E58669d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\A7CE9653d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\A89F6F5Ad01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\A91082F3d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\AB0D3749d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\AC78C13Cd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\ACFC3D7Fd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\AD9ECE5Dd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\AFAFAE35d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\B0C2AFDBd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\B13B3773d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\B7B2691Fd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\B97CB147d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\B9D3526Bd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\BA34DF34d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\BA92F215d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\BB75DEADd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\BBA7E7C4d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\BD54FEBDd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\C65146D0d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\CA406C70d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\CB61A8A2d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\CC175246d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\D42E56BBd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\D4F01C2Fd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\D834405Cd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\DC47B2C6d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\E1D88869d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\E32F2964d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\E6E38A1Cd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\E81D2F20d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\EB1EDE48d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\EB682292d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\F088412Fd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\F20FCC7Dd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\F2E5E9CAd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\F7565E1Cd01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\F7E8BCA2d01
!-->[Hidden] C:\Users\Shay\AppData\Local\Mozilla\Firefox\Profiles\a6rcxm0a.default\Cache\F7E936FDd01
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\adServerESI[1].aspx
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\lucky-shops-rotator[1].jpg
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOfferCA5I8UB7.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOfferCA6501HB.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOfferCA80WOE4.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOfferCAJNLND9.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOfferCAKSKDGB.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOfferCAKW654D.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOfferCAPKTJ7I.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOfferCAT6P2I9.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOfferCAW4JKYO.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOfferCAWBUN4R.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOffer[10].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOffer[11].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOffer[1].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOffer[2].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOffer[3].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOffer[4].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOffer[5].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOffer[6].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOffer[7].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOffer[8].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\targetedOffer[9].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\to=y%7Cp=1669%7Cvar=CN.ad.lotame[1].tags%7Cout=json
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\GPW00QB9\to=y%7Cp=1676%7Cvar=CN.ad.lotame[1].tags%7Cout=json
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\targetedOfferCA3JQ6WN.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\targetedOfferCA4Q8IGC.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\targetedOfferCA4ZJ5DD.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\targetedOfferCACG40BA.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\targetedOfferCAN5YEX4.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\targetedOfferCAUV6E94.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\targetedOfferCAWO3QMZ.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\targetedOfferCAY0B95Q.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\targetedOfferCAZ0XQOZ.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\targetedOffer[10].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\targetedOffer[11].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\targetedOffer[1].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\targetedOffer[2].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\targetedOffer[3].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\targetedOffer[4].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\targetedOffer[5].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\targetedOffer[6].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\targetedOffer[7].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\targetedOffer[8].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\targetedOffer[9].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\to=y%7Cp=1669%7Cvar=CN.ad.lotame[1].tags%7Cout=json
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\J4F8FZ4F\to=y%7Cp=1676%7Cvar=CN.ad.lotame[1].tags%7Cout=json
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\XHPTUGLM\settings[1].xml
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\XHPTUGLM\targetedOffer[1].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\XHPTUGLM\targetedOffer[2].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\XHPTUGLM\targetedOffer[3].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\XHPTUGLM\targetedOffer[4].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\XHPTUGLM\targetedOffer[5].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\XHPTUGLM\targetedOffer[6].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\XHPTUGLM\targetedOffer[7].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\XHPTUGLM\targetedOffer[8].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\XHPTUGLM\targetedOffer[9].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\XHPTUGLM\to=y%7Cp=1669%7Cvar=CN.ad.lotame[1].tags%7Cout=json
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOfferCA075PTQ.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOfferCA0FDEH1.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOfferCA3JZ1V1.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOfferCA4BGDI1.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOfferCACS7KX3.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOfferCAD09IZ6.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOfferCAM2U47L.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOfferCAM7IRFJ.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOfferCAPJ2MVJ.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOfferCAVUYZV8.jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOffer[10].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOffer[11].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOffer[1].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOffer[2].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOffer[3].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOffer[4].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOffer[5].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOffer[6].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOffer[7].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOffer[8].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\targetedOffer[9].jsp
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\to=y%7Cp=1669%7Cvar=CN.ad.lotame[1].tags%7Cout=json
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\to=y%7Cp=1669%7Cvar=CN.ad.lotame[2].tags%7Cout=json
!-->[Hidden] C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZOR905TB\to=y%7Cp=1669%7Cvar=CN.ad.lotame[3].tags%7Cout=json
==============================================
>Hooks
==============================================
[1344]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[1344]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [apphelp.dll]
[1344]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]
[1344]rundll32.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7120144C-->00000000 [apphelp.dll]
[1976]YahooAUService.exe-->advapi32.dll-->CreateServiceW, Type: IAT modification 0x00467054-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77C6178C-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77C617F0-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77C61848-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[1976]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77C61844-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x00467088-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x00467090-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x00467004-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x00467084-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x0046707C-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61154-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B611E0-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B6118C-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [apphelp.dll]
[1976]YahooAUService.exe-->kernel32.dll-->CreateFileA, Type: IAT modification 0x00467138-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->kernel32.dll-->CreateFileW, Type: IAT modification 0x004670C8-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x004670D8-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->kernel32.dll-->DeleteFileA, Type: IAT modification 0x00467250-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x004670AC-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x00467108-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004670F0-->00000000 [apphelp.dll]
[1976]YahooAUService.exe-->kernel32.dll-->MoveFileA, Type: IAT modification 0x00467254-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x738022B8-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x73802240-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x7380228C-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D11524-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]
[1976]YahooAUService.exe-->user32.dll-->kernel32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D114B4-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->user32.dll-->kernel32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D11444-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->user32.dll-->kernel32.dll-->RegSetValueExW, Type: IAT modification 0x77D114AC-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->wininet.dll-->advapi32.dll-->RegCreateKeyExA, Type: IAT modification 0x71201284-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->wininet.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x712011D0-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->wininet.dll-->advapi32.dll-->RegDeleteValueA, Type: IAT modification 0x71201244-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->wininet.dll-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x712011D8-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->wininet.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x7120128C-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->wininet.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x71201268-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->wininet.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x71201288-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->wininet.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x712011DC-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->wininet.dll-->kernel32.dll-->CopyFileA, Type: IAT modification 0x712012DC-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->wininet.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x712014CC-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->wininet.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x712014D0-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->wininet.dll-->kernel32.dll-->DeleteFileA, Type: IAT modification 0x712014F4-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->wininet.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x71201448-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7120144C-->00000000 [apphelp.dll]
[1976]YahooAUService.exe-->wininet.dll-->kernel32.dll-->MoveFileA, Type: IAT modification 0x71201318-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->wininet.dll-->kernel32.dll-->MoveFileExA, Type: IAT modification 0x71201444-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->wininet.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x71201310-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->wininet.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x71201314-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->wininet.dll-->kernel32.dll-->SetFileAttributesA, Type: IAT modification 0x7120132C-->00000000 [AcGenral.dll]
[1976]YahooAUService.exe-->wininet.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x71201400-->00000000 [AcGenral.dll]
[2824]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x76F84B3B-->00000000 [xul.dll]
[3068]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[3068]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [apphelp.dll]
[3068]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]
[3068]rundll32.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7120144C-->00000000 [apphelp.dll]
[3448]svchost.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x74BB2BBC-->00000000 [unknown_code_page]
[3448]svchost.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x74BB44B1-->00000000 [unknown_code_page]
[3448]svchost.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x74BB46B7-->00000000 [unknown_code_page]
[3448]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77066448-->00000000 [unknown_code_page]
[3448]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77065360-->00000000 [unknown_code_page]
[3448]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x77065EE0-->00000000 [unknown_code_page]
[3448]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x76F5C198-->00000000 [unknown_code_page]
[3868]explorer.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x74BB2BBC-->00000000 [unknown_code_page]
[3868]explorer.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x74BB44B1-->00000000 [unknown_code_page]
[3868]explorer.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x74BB46B7-->00000000 [unknown_code_page]
[3868]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77066448-->00000000 [unknown_code_page]
[3868]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77065360-->00000000 [unknown_code_page]
[3868]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x77065EE0-->00000000 [unknown_code_page]
[880]firefox.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x74BB2BBC-->00000000 [unknown_code_page]
[880]firefox.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x74BB44B1-->00000000 [unknown_code_page]
[880]firefox.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x74BB46B7-->00000000 [unknown_code_page]
[880]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77066448-->00000000 [unknown_code_page]
[880]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7707F585-->00000000 [firefox.exe]
[880]firefox.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77065360-->00000000 [unknown_code_page]
[880]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x77065EE0-->00000000 [unknown_code_page]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:30 AM

Posted 27 October 2010 - 02:22 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:30 AM

Posted 31 October 2010 - 05:12 AM

Due to lack of feedback, this topic will now be closed.

If you are the original topic starter and you need it reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users