Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

formatted pc after virus - redirected


  • This topic is locked This topic is locked
26 replies to this topic

#1 shannianni

shannianni

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 18 October 2013 - 08:27 AM

hi i recently formatted my daughters pc after a virus, but now on most webpages i am being redirected, can anyone help please

 

i have run these

 

adwcleaner - items found and deleted

jrt cleaner - items found and deleted

malewarebytes

 

but i am still being redirected

 

 

many thanks

 

Moderator Edit: Moved from XP forum to a more appropriate forum

Roger


Edited by rotor123, 18 October 2013 - 09:30 AM.


BC AdBot (Login to Remove)

 


#2 hbyton

hbyton

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:04:43 AM

Posted 18 October 2013 - 03:37 PM

Can you please post the logs for Adwcleaner and JRT?

 

Could you also run these tools and add the logs to your next post

 

Rkill

http://www.bleepingcomputer.com/download/rkill/

 

 

 

malwarebytes antirootkit (different to normal malwarebytes)

 

http://www.bleepingcomputer.com/download/malwarebytes-anti-rootkit/

 

 

TDSSkiller

http://www.bleepingcomputer.com/download/tdsskiller/



#3 shannianni

shannianni
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 20 October 2013 - 04:48 AM

hi

 

many thanks for the reply, here are the logs requested, i cannot run the MBAR rootkit as it keps freezing.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by Ian Sweeney on 18/10/2013 at 12:58:08.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\Ian Sweeney\Application Data\mozilla\firefox\profiles\sli91poc.default-1379247027000\extensions\staged
Emptied folder: C:\Documents and Settings\Ian Sweeney\Application Data\mozilla\firefox\profiles\q5y9hytc.default\minidumps [1 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\Ian Sweeney\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/10/2013 at 13:06:16.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

# AdwCleaner v3.004 - Report created 19/09/2013 at 08:22:34
# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Ian Sweeney - IAN-KNVN30KA4RW
# Running from : C:\Documents and Settings\Ian Sweeney\My Documents\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : dealplylive
Service Found : dealplylivem
Service Found : Update lucky leap

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Ian Sweeney\Application Data\Mozilla\Firefox\Profiles\q5y9hytc.default\searchplugins\Conduit.xml
File Found : C:\Documents and Settings\Ian Sweeney\Application Data\Mozilla\Firefox\Profiles\sli91poc.default-1379247027000\Extensions\firefox@luckyleap.net.xpi
File Found : C:\END
File Found : C:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineCore.job
File Found : C:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineUA.job
Folder Found : C:\Documents and Settings\Ian Sweeney\Application Data\Mozilla\Firefox\Profiles\q5y9hytc.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}
Folder Found : C:\Documents and Settings\Ian Sweeney\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf
Folder Found C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\All Users\Application Data\Conduit
Folder Found C:\Documents and Settings\All Users\Application Data\DealPlyLive
Folder Found C:\Documents and Settings\Ian Sweeney\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\Ian Sweeney\Application Data\DealPly
Folder Found C:\Documents and Settings\Ian Sweeney\Application Data\Searchprotect
Folder Found C:\Documents and Settings\Ian Sweeney\Local Settings\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\Ian Sweeney\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\Ian Sweeney\Local Settings\Application Data\DealPlyLive
Folder Found C:\Documents and Settings\Ian Sweeney\Local Settings\Application Data\MixiDJ_V37
Folder Found C:\Documents and Settings\Ian Sweeney\Start Menu\Programs\DealPly
Folder Found C:\Program Files\AVG Secure Search
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\DealPly
Folder Found C:\Program Files\DealPlyLive
Folder Found C:\Program Files\driver-soft
Folder Found C:\Program Files\lucky leap
Folder Found C:\Program Files\MixiDJ_V37
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\MyPC Backup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\DealPly
Key Found : HKCU\Software\dealplylive
Key Found : HKCU\Software\lucky leap
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEF3855C-FC2D-41E6-8D91-D368F51B3055}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Found : HKCU\Software\MixiDJ_V37
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Toolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Key Found : HKLM\SOFTWARE\Classes\AppID\dealplylive.exe
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2A7C3C4E-AFCE-4A4E-BB64-EFAC2435ACF9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C84BABA-BF9D-4E42-A684-5288580631D2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEF3855C-FC2D-41E6-8D91-D368F51B3055}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}
Key Found : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9
Key Found : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.coreclass
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachine
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclasssvc.1.0
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298573
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DealPly
Key Found : HKLM\Software\dealplylive
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32BAE43E-56AB-42E0-8519-473895B6C42B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56707D9B-AFEC-482E-9A0B-D0A05E4149DE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEF3855C-FC2D-41E6-8D91-D368F51B3055}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C84BABA-BF9D-4E42-A684-5288580631D2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap
Key Found : HKLM\Software\MixiDJ_V37
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Key Found : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEF3855C-FC2D-41E6-8D91-D368F51B3055}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEF3855C-FC2D-41E6-8D91-D368F51B3055}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.2180


-\\ Mozilla Firefox v23.0.1 (en-GB)

[ File : C:\Documents and Settings\Ian Sweeney\Application Data\Mozilla\Firefox\Profiles\q5y9hytc.default\prefs.js ]

Line Found : user_pref("CT3298573.FF19Solved", "true");
Line Found : user_pref("CT3298573.UserID", "UN21115117438670295");
Line Found : user_pref("CT3298573.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3298573.fullUserID", "UN21115117438670295.IN.20130916155857");
Line Found : user_pref("CT3298573.installDate", "16/09/2013 15:59:06");
Line Found : user_pref("CT3298573.installSessionId", "{14BE81B2-EBD0-4551-9CB7-761A00A00845}");
Line Found : user_pref("CT3298573.installSp", "TRUE");
Line Found : user_pref("CT3298573.installerVersion", "1.6.1.2");
Line Found : user_pref("CT3298573.keyword", "true");
Line Found : user_pref("CT3298573.originalHomepage", "about:home");
Line Found : user_pref("CT3298573.originalSearchAddressUrl", "");
Line Found : user_pref("CT3298573.originalSearchEngine", "");
Line Found : user_pref("CT3298573.originalSearchEngineName", "");
Line Found : user_pref("CT3298573.searchRevert", "false");
Line Found : user_pref("CT3298573.searchUserMode", "2");
Line Found : user_pref("CT3298573.smartbar.homepage", "true");
Line Found : user_pref("CT3298573.versionFromInstaller", "10.20.0.13");
Line Found : user_pref("CT3298573.xpeMode", "0");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("browser.search.defaultenginename", "MixiDJ V37 Customized Web Search");
Line Found : user_pref("browser.search.defaultthis.engineName", "MixiDJ V37 Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI=UN21115117438670295&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("browser.search.selectedEngine", "MixiDJ V37 Customized Web Search");
Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN21115117438670295&UM=2&q=");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3298573");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN21115117438670295&UM=2&SearchSource=13");
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN21115117438670295&UM=2&q=");
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298573");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3298573");
Line Found : user_pref("smartbar.machineId", "HBZXGYTU9RRA3BEME51XPSRTSM0");

*************************

AdwCleaner[R0].txt - [15659 octets] - [19/09/2013 08:22:34]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15720 octets] ##########
 

 

 

 

09:40:43.0078 0x0830  TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
09:40:53.0125 0x0830  ============================================================
09:40:53.0125 0x0830  Current date / time: 2013/10/20 09:40:53.0125
09:40:53.0125 0x0830  SystemInfo:
09:40:53.0125 0x0830  
09:40:53.0125 0x0830  OS Version: 5.1.2600 ServicePack: 3.0
09:40:53.0125 0x0830  Product type: Workstation
09:40:53.0125 0x0830  ComputerName: IAN-KNVN30KA4RW
09:40:53.0140 0x0830  UserName: Ian Sweeney
09:40:53.0140 0x0830  Windows directory: C:\WINDOWS
09:40:53.0140 0x0830  System windows directory: C:\WINDOWS
09:40:53.0140 0x0830  Processor architecture: Intel x86
09:40:53.0140 0x0830  Number of processors: 2
09:40:53.0140 0x0830  Page size: 0x1000
09:40:53.0140 0x0830  Boot type: Normal boot
09:40:53.0140 0x0830  ============================================================
09:43:00.0859 0x0830  System UUID: {F0B68882-D192-1385-32FB-3D4F84247504}
09:43:49.0328 0x0830  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:43:49.0531 0x0830  Drive \Device\Harddisk1\DR1 - Size: 0x1BF4290000 (111.82 Gb), SectorSize: 0x200, Cylinders: 0x3904, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:43:51.0937 0x0830  ============================================================
09:43:51.0937 0x0830  \Device\Harddisk0\DR0:
09:43:52.0703 0x0830  MBR partitions:
09:43:52.0703 0x0830  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
09:43:52.0703 0x0830  \Device\Harddisk1\DR1:
09:43:52.0703 0x0830  MBR partitions:
09:43:52.0703 0x0830  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF9F3C5
09:43:52.0703 0x0830  ============================================================
09:43:54.0687 0x0830  D: <-> \Device\Harddisk1\DR1\Partition1
09:44:12.0359 0x0830  C: <-> \Device\Harddisk0\DR0\Partition1
09:44:12.0437 0x0830  ============================================================
09:44:12.0437 0x0830  Initialize success
09:44:12.0437 0x0830  ============================================================
09:44:15.0796 0x0ddc  ============================================================
09:44:15.0796 0x0ddc  Scan started
09:44:15.0796 0x0ddc  Mode: Manual;
09:44:15.0796 0x0ddc  ============================================================
09:44:15.0796 0x0ddc  KSN ping started
09:44:33.0718 0x0ddc  KSN ping finished: true
09:44:50.0281 0x0ddc  ================ Scan system memory ========================
09:44:50.0296 0x0ddc  System memory - ok
09:44:50.0296 0x0ddc  ================ Scan services =============================
09:44:52.0281 0x0ddc  [ 9EBE730D4B5E3FF25EAAF5A59BA6CCFF, 558231A81D30F98D2285D3AC63E0B33D0BB8BA182115E263436CC431BA4CC0CD ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
09:44:52.0312 0x0ddc  !SASCORE - ok
09:44:57.0937 0x0ddc  Abiosdsk - ok
09:44:57.0937 0x0ddc  abp480n5 - ok
09:44:58.0062 0x0ddc  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:44:58.0187 0x0ddc  ACPI - ok
09:44:58.0234 0x0ddc  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
09:44:58.0390 0x0ddc  ACPIEC - ok
09:44:58.0609 0x0ddc  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:44:58.0750 0x0ddc  AdobeFlashPlayerUpdateSvc - ok
09:44:58.0750 0x0ddc  adpu160m - ok
09:44:58.0921 0x0ddc  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
09:44:58.0984 0x0ddc  aec - ok
09:44:59.0093 0x0ddc  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
09:44:59.0265 0x0ddc  AFD - ok
09:44:59.0265 0x0ddc  Aha154x - ok
09:44:59.0281 0x0ddc  aic78u2 - ok
09:44:59.0281 0x0ddc  aic78xx - ok
09:45:03.0828 0x0ddc  [ DD8520280304B6145A6BE31008748C7C, 4007EAA97E501492E450241338759337EF05E4F5C61AA05FF4BA3CFAD036B0D9 ] ALCXWDM         C:\WINDOWS\system32\drivers\ALCXWDM.SYS
09:45:04.0953 0x0ddc  ALCXWDM - ok
09:45:05.0031 0x0ddc  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
09:45:05.0078 0x0ddc  Alerter - ok
09:45:05.0093 0x0ddc  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
09:45:05.0109 0x0ddc  ALG - ok
09:45:05.0109 0x0ddc  AliIde - ok
09:45:05.0125 0x0ddc  amsint - ok
09:45:05.0187 0x0ddc  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
09:45:05.0234 0x0ddc  AppMgmt - ok
09:45:05.0250 0x0ddc  asc - ok
09:45:05.0265 0x0ddc  asc3350p - ok
09:45:05.0265 0x0ddc  asc3550 - ok
09:45:09.0093 0x0ddc  [ D33C507942299753868204CC7642FA27, 4E7096D6F4B1176C4823540427219988AC9180E70954D3BF32A6C15ED1332670 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:45:09.0421 0x0ddc  aspnet_state - ok
09:45:09.0718 0x0ddc  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:45:09.0765 0x0ddc  AsyncMac - ok
09:45:09.0796 0x0ddc  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
09:45:09.0796 0x0ddc  atapi - ok
09:45:09.0796 0x0ddc  Atdisk - ok
09:45:14.0187 0x0ddc  [ 454DFDC3D40B777455846E749D3B49FF, ED1E0366868742FC1216E0A9E283E6E45AC7A2F7098FCFA30EBF46E3B4D25BC3 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
09:45:14.0609 0x0ddc  Ati HotKey Poller - ok
09:45:21.0656 0x0ddc  [ EF94E95E9D5366A88275FBB15E9D6E74, CC72121B44CFA8D2AD2685FB5BABF04DB196B4F86F57F0C27CB7C0291B93C0AA ] ATI Smart       C:\WINDOWS\system32\ati2sgag.exe
09:45:21.0796 0x0ddc  ATI Smart - ok
09:45:23.0500 0x0ddc  [ C51608BBA3248BE2F6D21B132910752A, B27E1837AF1719769011CDC29B833D97B72C925187D4D74A9A4FE32F058C3851 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:45:25.0421 0x0ddc  ati2mtag - ok
09:45:25.0656 0x0ddc  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:45:25.0687 0x0ddc  Atmarpc - ok
09:45:25.0812 0x0ddc  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
09:45:25.0843 0x0ddc  AudioSrv - ok
09:45:26.0062 0x0ddc  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
09:45:26.0093 0x0ddc  audstub - ok
09:45:26.0437 0x0ddc  [ D39A1C2FB0486D55F2CFBB4359363788, 07F633B089D605BA4BC9AC9F127C8AE8BF9A1D61AFB998B16712169048F7C12F ] Avgdiskx        C:\WINDOWS\system32\DRIVERS\avgdiskx.sys
09:45:26.0484 0x0ddc  Avgdiskx - ok
09:45:31.0562 0x0ddc  [ F0EFB3F533DF6C153033211889023905, 382D3205A8FCAA7CCC1EBC9F6EE53B57B122BB881C357FF135354DC44A05D47E ] AVGIDSAgent     C:\Program Files\AVG\AVG2014\avgidsagent.exe
09:45:33.0859 0x0ddc  AVGIDSAgent - ok
09:45:33.0953 0x0ddc  [ 7AE7C4B6D43CDBB26EA3C54D4FCF158D, 5CCFAE3CBC1F2FB4E261D12E1B373386C738E77FDAF6AD0CFE8962D1B105D149 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
09:45:34.0093 0x0ddc  AVGIDSDriver - ok
09:45:35.0937 0x0ddc  [ 497AF53B32C7F3685D7AA1A15C2638D7, 9153AF7CA0BD30EAD428759ACC5BB0EBB025DBEB1B0E8D708B201E911F82781F ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
09:45:36.0078 0x0ddc  AVGIDSHX - ok
09:45:36.0968 0x0ddc  [ 24ACC517D260BCE160D030BC26A6454C, 8FC578A54F3563CB2632780CD89358B77A4C6B282C5ED6C8A5DDF0B33DD9366D ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
09:45:37.0046 0x0ddc  AVGIDSShim - ok
09:45:37.0343 0x0ddc  [ 819099E43D54BF21D22A5F3CC164D02F, 080530F39CAE883011CC63FB5078ED46D5CE0A50AE87B60D40124407438D1302 ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
09:45:37.0421 0x0ddc  Avgldx86 - ok
09:45:38.0218 0x0ddc  [ 6F44DF68CE52F171BFC77287EDA3A79F, 362C58630905839743D267118ACDB8A975BE4B0368307D5F360BFAC4117BA1AF ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
09:45:38.0359 0x0ddc  Avglogx - ok
09:45:38.0468 0x0ddc  [ 02C25C2974F728391E33A2E45A23FFA4, B36A9601BF855ABAC4855023913A8D977567AD15EDCC3FFAB3028A9B6FE5D2CA ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
09:45:38.0484 0x0ddc  Avgmfx86 - ok
09:45:38.0828 0x0ddc  [ 1B1885BB91FA122C983A03C0A67CBEB6, A43B59E1FEC28725E0FAD840521D1007F8D21C3A79BA9451410675C8A3D95FE1 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
09:45:38.0875 0x0ddc  Avgrkx86 - ok
09:45:41.0171 0x0ddc  [ E98603F9D1F412F38ADF2F76053F9E5A, 1CE4668E0202ADD8C4C3D7D883DC837F7888F5D6E3B6FEE8338E15A86FE6AC22 ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
09:45:41.0281 0x0ddc  Avgtdix - ok
09:45:41.0484 0x0ddc  [ 311C5A8D894563CD2712CD297A34FAFB, 6E001F1D5BE331E991ACA1823B385B58D558301B2A0AF3BDC99131130B5B5AFD ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
09:45:41.0484 0x0ddc  avgtp - ok
09:45:41.0921 0x0ddc  [ 19781AE826FD0A14BE5B583408C6185F, 3105E3A6883DC64CFA3C4E73438E7C76EFB7618A9680C965AE9FD7CBC6ABFB55 ] avgwd           C:\Program Files\AVG\AVG2014\avgwdsvc.exe
09:45:42.0093 0x0ddc  avgwd - ok
09:45:42.0203 0x0ddc  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
09:45:42.0218 0x0ddc  Beep - ok
09:45:42.0546 0x0ddc  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
09:45:42.0812 0x0ddc  BITS - ok
09:45:42.0921 0x0ddc  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
09:45:42.0953 0x0ddc  Browser - ok
09:45:43.0203 0x0ddc  catchme - ok
09:45:43.0265 0x0ddc  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
09:45:43.0296 0x0ddc  cbidf2k - ok
09:45:43.0296 0x0ddc  cd20xrnt - ok
09:45:43.0343 0x0ddc  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
09:45:43.0343 0x0ddc  Cdaudio - ok
09:45:43.0375 0x0ddc  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
09:45:43.0375 0x0ddc  Cdfs - ok
09:45:43.0437 0x0ddc  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:45:43.0453 0x0ddc  Cdrom - ok
09:45:43.0453 0x0ddc  Changer - ok
09:45:43.0500 0x0ddc  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] cisvc           C:\WINDOWS\system32\cisvc.exe
09:45:43.0515 0x0ddc  cisvc - ok
09:45:43.0546 0x0ddc  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
09:45:43.0562 0x0ddc  ClipSrv - ok
09:45:43.0609 0x0ddc  [ 3C4D595E7F9B747325AEF28B4ADCAAE5, 4A283F3E2E659DA996EC16BC8181E9F521BDFDFCF246D0E432D65D2672AC9629 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:45:43.0828 0x0ddc  clr_optimization_v2.0.50727_32 - ok
09:45:43.0843 0x0ddc  CmdIde - ok
09:45:43.0843 0x0ddc  COMSysApp - ok
09:45:43.0859 0x0ddc  Cpqarray - ok
09:45:43.0921 0x0ddc  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
09:45:43.0921 0x0ddc  CryptSvc - ok
09:45:43.0937 0x0ddc  dac2w2k - ok
09:45:43.0937 0x0ddc  dac960nt - ok
09:45:44.0062 0x0ddc  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
09:45:44.0078 0x0ddc  DcomLaunch - ok
09:45:44.0140 0x0ddc  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
09:45:44.0156 0x0ddc  Dhcp - ok
09:45:44.0171 0x0ddc  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
09:45:44.0187 0x0ddc  Disk - ok
09:45:44.0187 0x0ddc  dmadmin - ok
09:45:44.0421 0x0ddc  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
09:45:44.0671 0x0ddc  dmboot - ok
09:45:44.0687 0x0ddc  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
09:45:44.0734 0x0ddc  dmio - ok
09:45:44.0781 0x0ddc  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
09:45:44.0781 0x0ddc  dmload - ok
09:45:44.0828 0x0ddc  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
09:45:44.0843 0x0ddc  dmserver - ok
09:45:44.0859 0x0ddc  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
09:45:44.0875 0x0ddc  DMusic - ok
09:45:44.0921 0x0ddc  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
09:45:44.0937 0x0ddc  Dnscache - ok
09:45:45.0156 0x0ddc  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
09:45:45.0171 0x0ddc  Dot3svc - ok
09:45:45.0187 0x0ddc  dpti2o - ok
09:45:45.0234 0x0ddc  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
09:45:45.0234 0x0ddc  drmkaud - ok
09:45:45.0328 0x0ddc  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
09:45:45.0343 0x0ddc  EapHost - ok
09:45:45.0406 0x0ddc  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
09:45:45.0406 0x0ddc  ERSvc - ok
09:45:45.0453 0x0ddc  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
09:45:45.0468 0x0ddc  Eventlog - ok
09:45:45.0546 0x0ddc  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\System32\es.dll
09:45:45.0562 0x0ddc  EventSystem - ok
09:45:45.0578 0x0ddc  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
09:45:45.0609 0x0ddc  Fastfat - ok
09:45:45.0671 0x0ddc  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:45:45.0734 0x0ddc  FastUserSwitchingCompatibility - ok
09:45:45.0812 0x0ddc  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
09:45:45.0890 0x0ddc  Fdc - ok
09:45:46.0234 0x0ddc  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
09:45:46.0265 0x0ddc  Fips - ok
09:45:46.0281 0x0ddc  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
09:45:46.0312 0x0ddc  Flpydisk - ok
09:45:46.0453 0x0ddc  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
09:45:46.0531 0x0ddc  FltMgr - ok
09:45:46.0562 0x0ddc  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:45:46.0609 0x0ddc  Fs_Rec - ok
09:45:46.0750 0x0ddc  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:45:46.0781 0x0ddc  Ftdisk - ok
09:45:46.0828 0x0ddc  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:45:46.0828 0x0ddc  Gpc - ok
09:45:46.0921 0x0ddc  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
09:45:46.0937 0x0ddc  gupdate - ok
09:45:46.0953 0x0ddc  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
09:45:46.0953 0x0ddc  gupdatem - ok
09:45:47.0140 0x0ddc  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:45:47.0156 0x0ddc  helpsvc - ok
09:45:47.0156 0x0ddc  HidServ - ok
09:45:47.0218 0x0ddc  [ 17CD007771E721D697A0A75C4CDD90F2, 6DE7D90B239F901773160BA7846F985D68A07C41307544C9760137ACC9ABE48B ] hitmanpro37     C:\WINDOWS\system32\drivers\hitmanpro37.sys
09:45:47.0218 0x0ddc  hitmanpro37 - ok
09:45:47.0281 0x0ddc  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
09:45:47.0296 0x0ddc  hkmsvc - ok
09:45:47.0312 0x0ddc  hpn - ok
09:45:47.0328 0x0ddc  hpt3xx - ok
09:45:47.0390 0x0ddc  [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
09:45:47.0406 0x0ddc  HTTP - ok
09:45:47.0468 0x0ddc  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
09:45:47.0515 0x0ddc  HTTPFilter - ok
09:45:47.0515 0x0ddc  i2omgmt - ok
09:45:47.0531 0x0ddc  i2omp - ok
09:45:47.0593 0x0ddc  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:45:47.0609 0x0ddc  i8042prt - ok
09:45:47.0625 0x0ddc  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\drivers\Imapi.sys
09:45:47.0625 0x0ddc  Imapi - ok
09:45:47.0703 0x0ddc  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
09:45:47.0718 0x0ddc  ImapiService - ok
09:45:47.0734 0x0ddc  ini910u - ok
09:45:47.0750 0x0ddc  IntelIde - ok
09:45:47.0796 0x0ddc  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:45:47.0812 0x0ddc  intelppm - ok
09:45:47.0875 0x0ddc  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
09:45:47.0890 0x0ddc  ip6fw - ok
09:45:47.0953 0x0ddc  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:45:48.0000 0x0ddc  IpFilterDriver - ok
09:45:48.0015 0x0ddc  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:45:48.0031 0x0ddc  IpInIp - ok
09:45:48.0078 0x0ddc  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:45:48.0125 0x0ddc  IpNat - ok
09:45:48.0140 0x0ddc  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:45:48.0156 0x0ddc  IPSec - ok
09:45:48.0187 0x0ddc  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
09:45:48.0187 0x0ddc  IRENUM - ok
09:45:48.0218 0x0ddc  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:45:48.0218 0x0ddc  isapnp - ok
09:45:48.0406 0x0ddc  [ A5937B2A94424CF1B13A4AD503AF6B2E, E96CE4E526E053FB410987BD444627BC7B26FCE48DC0A61916ADD0A69EFA6941 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
09:45:48.0421 0x0ddc  JavaQuickStarterService - ok
09:45:48.0468 0x0ddc  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:45:48.0484 0x0ddc  Kbdclass - ok
09:45:48.0515 0x0ddc  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
09:45:48.0546 0x0ddc  kmixer - ok
09:45:48.0609 0x0ddc  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
09:45:48.0609 0x0ddc  KSecDD - ok
09:45:48.0671 0x0ddc  [ F385F4B02C535BFFE1D70CAB80838123, A1695E161673BCB77CE150C2D98A07FCB454C53F10EEBECD754D2CC40DEAA1E0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
09:45:48.0687 0x0ddc  lanmanserver - ok
09:45:48.0750 0x0ddc  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:45:48.0781 0x0ddc  lanmanworkstation - ok
09:45:48.0796 0x0ddc  lbrtfdc - ok
09:45:48.0843 0x0ddc  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
09:45:48.0843 0x0ddc  LmHosts - ok
09:45:49.0062 0x0ddc  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
09:45:49.0078 0x0ddc  MBAMProtector - ok
09:45:49.0171 0x0ddc  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:45:49.0250 0x0ddc  MBAMScheduler - ok
09:45:49.0343 0x0ddc  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:45:49.0406 0x0ddc  MBAMService - ok
09:45:49.0453 0x0ddc  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
09:45:49.0453 0x0ddc  Messenger - ok
09:45:49.0531 0x0ddc  Microsoft SharePoint Workspace Audit Service - ok
09:45:49.0562 0x0ddc  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
09:45:49.0562 0x0ddc  mnmdd - ok
09:45:49.0609 0x0ddc  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
09:45:49.0609 0x0ddc  mnmsrvc - ok
09:45:49.0656 0x0ddc  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
09:45:49.0671 0x0ddc  Modem - ok
09:45:49.0703 0x0ddc  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:45:49.0703 0x0ddc  Mouclass - ok
09:45:49.0718 0x0ddc  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
09:45:49.0734 0x0ddc  MountMgr - ok
09:45:49.0781 0x0ddc  [ 0329A45C849C9D77901094B8FFE8BBB9, 2151C15A4185FABBC3367B8213017B45E08C43E26E1D8942E707E217C6A5EDA7 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:45:49.0796 0x0ddc  MozillaMaintenance - ok
09:45:49.0812 0x0ddc  mraid35x - ok
09:45:49.0843 0x0ddc  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:45:49.0890 0x0ddc  MRxDAV - ok
09:45:49.0937 0x0ddc  [ 68755F0FF16070178B54674FE5B847B0, 2FFBCE3A67FA7E30E373624521C602E5510C5565F04381C6C9F961253DA928A6 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:45:50.0015 0x0ddc  MRxSmb - ok
09:45:50.0046 0x0ddc  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
09:45:50.0046 0x0ddc  MSDTC - ok
09:45:50.0062 0x0ddc  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
09:45:50.0078 0x0ddc  Msfs - ok
09:45:50.0078 0x0ddc  MSIServer - ok
09:45:50.0140 0x0ddc  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:45:50.0140 0x0ddc  MSKSSRV - ok
09:45:50.0171 0x0ddc  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:45:50.0171 0x0ddc  MSPCLOCK - ok
09:45:50.0187 0x0ddc  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
09:45:50.0187 0x0ddc  MSPQM - ok
09:45:50.0250 0x0ddc  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:45:50.0250 0x0ddc  mssmbios - ok
09:45:50.0296 0x0ddc  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
09:45:50.0312 0x0ddc  Mup - ok
09:45:50.0406 0x0ddc  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
09:45:50.0437 0x0ddc  napagent - ok
09:45:50.0500 0x0ddc  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
09:45:50.0515 0x0ddc  NDIS - ok
09:45:50.0562 0x0ddc  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:45:50.0562 0x0ddc  NdisTapi - ok
09:45:50.0593 0x0ddc  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:45:50.0593 0x0ddc  Ndisuio - ok
09:45:50.0609 0x0ddc  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:45:50.0625 0x0ddc  NdisWan - ok
09:45:50.0671 0x0ddc  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
09:45:50.0687 0x0ddc  NDProxy - ok
09:45:50.0734 0x0ddc  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
09:45:50.0734 0x0ddc  NetBIOS - ok
09:45:50.0765 0x0ddc  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
09:45:50.0796 0x0ddc  NetBT - ok
09:45:50.0906 0x0ddc  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
09:45:50.0937 0x0ddc  NetDDE - ok
09:45:50.0953 0x0ddc  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
09:45:50.0968 0x0ddc  NetDDEdsdm - ok
09:45:51.0062 0x0ddc  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
09:45:51.0062 0x0ddc  Netlogon - ok
09:45:51.0125 0x0ddc  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
09:45:51.0140 0x0ddc  Netman - ok
09:45:51.0218 0x0ddc  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
09:45:51.0234 0x0ddc  Nla - ok
09:45:51.0281 0x0ddc  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
09:45:51.0296 0x0ddc  Npfs - ok
09:45:51.0343 0x0ddc  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
09:45:51.0406 0x0ddc  Ntfs - ok
09:45:51.0437 0x0ddc  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
09:45:51.0437 0x0ddc  NtLmSsp - ok
09:45:51.0562 0x0ddc  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
09:45:51.0765 0x0ddc  NtmsSvc - ok
09:45:51.0781 0x0ddc  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
09:45:51.0796 0x0ddc  Null - ok
09:45:51.0828 0x0ddc  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:45:51.0906 0x0ddc  NwlnkFlt - ok
09:45:51.0921 0x0ddc  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:45:51.0921 0x0ddc  NwlnkFwd - ok
09:45:52.0031 0x0ddc  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:45:52.0046 0x0ddc  ose - ok
09:45:52.0562 0x0ddc  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:45:52.0906 0x0ddc  osppsvc - ok
09:45:53.0000 0x0ddc  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
09:45:53.0015 0x0ddc  Parport - ok
09:45:53.0015 0x0ddc  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
09:45:53.0031 0x0ddc  PartMgr - ok
09:45:53.0062 0x0ddc  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
09:45:53.0062 0x0ddc  ParVdm - ok
09:45:53.0078 0x0ddc  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
09:45:53.0078 0x0ddc  PCI - ok
09:45:53.0093 0x0ddc  PCIDump - ok
09:45:53.0093 0x0ddc  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
09:45:53.0109 0x0ddc  PCIIde - ok
09:45:53.0156 0x0ddc  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
09:45:53.0171 0x0ddc  Pcmcia - ok
09:45:53.0171 0x0ddc  PDCOMP - ok
09:45:53.0187 0x0ddc  PDFRAME - ok
09:45:53.0203 0x0ddc  PDRELI - ok
09:45:53.0203 0x0ddc  PDRFRAME - ok
09:45:53.0218 0x0ddc  perc2 - ok
09:45:53.0218 0x0ddc  perc2hib - ok
09:45:53.0265 0x0ddc  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
09:45:53.0265 0x0ddc  PlugPlay - ok
09:45:53.0281 0x0ddc  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
09:45:53.0296 0x0ddc  PolicyAgent - ok
09:45:53.0328 0x0ddc  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:45:53.0343 0x0ddc  PptpMiniport - ok
09:45:53.0359 0x0ddc  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
09:45:53.0359 0x0ddc  Processor - ok
09:45:53.0375 0x0ddc  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:45:53.0375 0x0ddc  ProtectedStorage - ok
09:45:53.0375 0x0ddc  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
09:45:53.0390 0x0ddc  PSched - ok
09:45:53.0406 0x0ddc  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:45:53.0421 0x0ddc  Ptilink - ok
09:45:53.0421 0x0ddc  ql1080 - ok
09:45:53.0437 0x0ddc  Ql10wnt - ok
09:45:53.0437 0x0ddc  ql12160 - ok
09:45:53.0453 0x0ddc  ql1240 - ok
09:45:53.0453 0x0ddc  ql1280 - ok
09:45:53.0484 0x0ddc  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:45:53.0484 0x0ddc  RasAcd - ok
09:45:53.0546 0x0ddc  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
09:45:53.0562 0x0ddc  RasAuto - ok
09:45:53.0593 0x0ddc  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:45:53.0593 0x0ddc  Rasl2tp - ok
09:45:53.0656 0x0ddc  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
09:45:53.0671 0x0ddc  RasMan - ok
09:45:53.0687 0x0ddc  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:45:53.0687 0x0ddc  RasPppoe - ok
09:45:53.0718 0x0ddc  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
09:45:53.0718 0x0ddc  Raspti - ok
09:45:53.0781 0x0ddc  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:45:53.0796 0x0ddc  Rdbss - ok
09:45:53.0812 0x0ddc  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:45:53.0812 0x0ddc  RDPCDD - ok
09:45:53.0843 0x0ddc  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:45:53.0859 0x0ddc  rdpdr - ok
09:45:53.0906 0x0ddc  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
09:45:53.0921 0x0ddc  RDPWD - ok
09:45:54.0078 0x0ddc  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
09:45:54.0093 0x0ddc  RDSessMgr - ok
09:45:54.0109 0x0ddc  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
09:45:54.0125 0x0ddc  redbook - ok
09:45:54.0187 0x0ddc  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
09:45:54.0187 0x0ddc  RemoteAccess - ok
09:45:54.0250 0x0ddc  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
09:45:54.0250 0x0ddc  RemoteRegistry - ok
09:45:54.0312 0x0ddc  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\System32\locator.exe
09:45:54.0328 0x0ddc  RpcLocator - ok
09:45:54.0375 0x0ddc  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
09:45:54.0375 0x0ddc  RpcSs - ok
09:45:54.0421 0x0ddc  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\System32\rsvp.exe
09:45:54.0437 0x0ddc  RSVP - ok
09:45:54.0500 0x0ddc  [ CF84B1F0E8B14D4120AAF9CF35CBB265, 3F9B0E70DFD96B822A21A3D5E0438DCB3E08EF6A516756CE58CBDB2F52D09604 ] RTL8023xp       C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
09:45:54.0515 0x0ddc  RTL8023xp - ok
09:45:54.0562 0x0ddc  [ D507C1400284176573224903819FFDA3, DD0BDB2AB39A8A0A300B6D60FB6A7F5BA08C4DB8F59E0A784FB763EA8AD72AB2 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
09:45:54.0562 0x0ddc  rtl8139 - ok
09:45:54.0578 0x0ddc  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
09:45:54.0593 0x0ddc  SamSs - ok
09:45:54.0609 0x0ddc  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:45:54.0609 0x0ddc  SASDIFSV - ok
09:45:54.0656 0x0ddc  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:45:54.0656 0x0ddc  SASKUTIL - ok
09:45:54.0718 0x0ddc  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
09:45:54.0734 0x0ddc  SCardSvr - ok
09:45:54.0796 0x0ddc  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
09:45:54.0828 0x0ddc  Schedule - ok
09:45:54.0859 0x0ddc  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:45:54.0859 0x0ddc  Secdrv - ok
09:45:54.0906 0x0ddc  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
09:45:54.0906 0x0ddc  seclogon - ok
09:45:54.0921 0x0ddc  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
09:45:54.0921 0x0ddc  SENS - ok
09:45:54.0968 0x0ddc  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
09:45:55.0000 0x0ddc  serenum - ok
09:45:55.0031 0x0ddc  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
09:45:55.0031 0x0ddc  Serial - ok
09:45:55.0046 0x0ddc  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
09:45:55.0046 0x0ddc  Sfloppy - ok
09:45:55.0109 0x0ddc  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
09:45:55.0140 0x0ddc  SharedAccess - ok
09:45:55.0171 0x0ddc  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:45:55.0171 0x0ddc  ShellHWDetection - ok
09:45:55.0187 0x0ddc  Simbad - ok
09:45:55.0187 0x0ddc  Sparrow - ok
09:45:55.0234 0x0ddc  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
09:45:55.0234 0x0ddc  splitter - ok
09:45:55.0281 0x0ddc  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
09:45:55.0281 0x0ddc  Spooler - ok
09:45:55.0406 0x0ddc  [ 82699E5EDE403F59FC4384D39EB77B52, DDFD7DB8086E74A24E0C46E84B177B43BC3721B45B7739AA373DC0909BA2C0B9 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
09:45:55.0421 0x0ddc  SpyHunter 4 Service - ok
09:45:55.0453 0x0ddc  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
09:45:55.0453 0x0ddc  sr - ok
09:45:55.0515 0x0ddc  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
09:45:55.0531 0x0ddc  srservice - ok
09:45:55.0593 0x0ddc  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
09:45:55.0687 0x0ddc  Srv - ok
09:45:55.0734 0x0ddc  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
09:45:55.0781 0x0ddc  SSDPSRV - ok
09:45:55.0890 0x0ddc  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
09:45:55.0953 0x0ddc  stisvc - ok
09:45:56.0046 0x0ddc  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
09:45:56.0109 0x0ddc  swenum - ok
09:45:56.0156 0x0ddc  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
09:45:56.0187 0x0ddc  swmidi - ok
09:45:56.0187 0x0ddc  SwPrv - ok
09:45:56.0203 0x0ddc  symc810 - ok
09:45:56.0218 0x0ddc  symc8xx - ok
09:45:56.0218 0x0ddc  sym_hi - ok
09:45:56.0234 0x0ddc  sym_u3 - ok
09:45:56.0250 0x0ddc  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
09:45:56.0265 0x0ddc  sysaudio - ok
09:45:56.0390 0x0ddc  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
09:45:56.0437 0x0ddc  SysmonLog - ok
09:45:56.0593 0x0ddc  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
09:45:56.0640 0x0ddc  TapiSrv - ok
09:45:56.0687 0x0ddc  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:45:56.0796 0x0ddc  Tcpip - ok
09:45:56.0843 0x0ddc  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
09:45:56.0843 0x0ddc  TDPIPE - ok
09:45:56.0859 0x0ddc  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
09:45:56.0859 0x0ddc  TDTCP - ok
09:45:56.0890 0x0ddc  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
09:45:56.0890 0x0ddc  TermDD - ok
09:45:56.0953 0x0ddc  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
09:45:57.0015 0x0ddc  TermService - ok
09:45:57.0031 0x0ddc  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
09:45:57.0031 0x0ddc  Themes - ok
09:45:57.0093 0x0ddc  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
09:45:57.0109 0x0ddc  TlntSvr - ok
09:45:57.0109 0x0ddc  TosIde - ok
09:45:57.0156 0x0ddc  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
09:45:57.0171 0x0ddc  TrkWks - ok
09:45:57.0203 0x0ddc  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
09:45:57.0203 0x0ddc  Udfs - ok
09:45:57.0218 0x0ddc  ultra - ok
09:45:57.0265 0x0ddc  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
09:45:57.0296 0x0ddc  Update - ok
09:45:57.0375 0x0ddc  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
09:45:57.0390 0x0ddc  upnphost - ok
09:45:57.0437 0x0ddc  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
09:45:57.0437 0x0ddc  UPS - ok
09:45:57.0500 0x0ddc  [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:45:57.0500 0x0ddc  usbehci - ok
09:45:57.0546 0x0ddc  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:45:57.0546 0x0ddc  usbhub - ok
09:45:57.0593 0x0ddc  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:45:57.0593 0x0ddc  usbohci - ok
09:45:57.0609 0x0ddc  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:45:57.0609 0x0ddc  usbstor - ok
09:45:57.0656 0x0ddc  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
09:45:57.0656 0x0ddc  VgaSave - ok
09:45:57.0671 0x0ddc  ViaIde - ok
09:45:57.0687 0x0ddc  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
09:45:57.0687 0x0ddc  VolSnap - ok
09:45:57.0796 0x0ddc  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
09:45:57.0812 0x0ddc  VSS - ok
09:45:57.0859 0x0ddc  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
09:45:57.0890 0x0ddc  W32Time - ok
09:45:57.0906 0x0ddc  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:45:57.0906 0x0ddc  Wanarp - ok
09:45:57.0921 0x0ddc  WDICA - ok
09:45:57.0968 0x0ddc  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
09:45:57.0984 0x0ddc  wdmaud - ok
09:45:58.0031 0x0ddc  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
09:45:58.0046 0x0ddc  WebClient - ok
09:45:58.0125 0x0ddc  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
09:45:58.0156 0x0ddc  winmgmt - ok
09:45:58.0218 0x0ddc  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
09:45:58.0218 0x0ddc  WmdmPmSN - ok
09:45:58.0281 0x0ddc  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
09:45:58.0328 0x0ddc  Wmi - ok
09:45:58.0390 0x0ddc  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
09:45:58.0390 0x0ddc  WmiApSrv - ok
09:45:58.0437 0x0ddc  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:45:58.0437 0x0ddc  WS2IFSL - ok
09:45:58.0484 0x0ddc  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
09:45:58.0500 0x0ddc  wscsvc - ok
09:45:58.0531 0x0ddc  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
09:45:58.0546 0x0ddc  wuauserv - ok
09:45:58.0609 0x0ddc  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
09:45:58.0640 0x0ddc  WZCSVC - ok
09:45:58.0734 0x0ddc  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
09:45:58.0734 0x0ddc  xmlprov - ok
09:45:58.0750 0x0ddc  ================ Scan global ===============================
09:45:58.0796 0x0ddc  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
09:45:58.0859 0x0ddc  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
09:45:58.0890 0x0ddc  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
09:45:58.0921 0x0ddc  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
09:45:58.0921 0x0ddc  [ Global ] - ok
09:45:58.0921 0x0ddc  ================ Scan MBR ==================================
09:45:58.0953 0x0ddc  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:45:59.0640 0x0ddc  \Device\Harddisk0\DR0 - ok
09:45:59.0656 0x0ddc  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
09:45:59.0671 0x0ddc  \Device\Harddisk1\DR1 - ok
09:45:59.0671 0x0ddc  ================ Scan VBR ==================================
09:45:59.0671 0x0ddc  [ CAAE7F5B2AFD962BB738F1DC6A9FF87E ] \Device\Harddisk0\DR0\Partition1
09:45:59.0687 0x0ddc  \Device\Harddisk0\DR0\Partition1 - ok
09:45:59.0687 0x0ddc  [ B981BFA1E3E9264B504E9EE13AB507A4 ] \Device\Harddisk1\DR1\Partition1
09:45:59.0687 0x0ddc  \Device\Harddisk1\DR1\Partition1 - ok
09:45:59.0687 0x0ddc  Waiting for KSN requests completion. In queue: 202
09:46:00.0687 0x0ddc  Waiting for KSN requests completion. In queue: 202
09:46:01.0687 0x0ddc  Waiting for KSN requests completion. In queue: 202
09:46:02.0859 0x0ddc  AV detected via SS1: AVG Internet Security 2014, 2014.0, enabled, outofdate
09:46:02.0921 0x0ddc  Win FW state via NFM: enabled
09:46:05.0265 0x0ddc  ============================================================
09:46:05.0265 0x0ddc  Scan finished
09:46:05.0265 0x0ddc  ============================================================
09:46:05.0265 0x0ebc  Detected object count: 0
09:46:05.0265 0x0ebc  Actual detected object count: 0
09:47:55.0281 0x0d14  Deinitialize success
 

 

 

 

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/20/2013 09:34:35 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e => C:\WINDOWS\WinSxS\MSIL_CCC_90ba9c70f846762e_2.0.0.0_x-ww_c7ed2bb0 [Dir]
     * C:\WINDOWS\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e => C:\WINDOWS\WinSxS\MSIL_CLI_90ba9c70f846762e_2.0.0.0_x-ww_42656733 [Dir]
     * C:\WINDOWS\assembly\GAC_MSIL\LOG\2.0.3559.38389__90ba9c70f846762e => C:\WINDOWS\WinSxS\MSIL_LOG_90ba9c70f846762e_2.0.3559.38389_x-ww_bfc9a7b8 [Dir]
     * C:\WINDOWS\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e => C:\WINDOWS\WinSxS\MSIL_MOM_90ba9c70f846762e_2.0.0.0_x-ww_a60193a8 [Dir]

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 10/20/2013 09:37:57 AM
Execution time: 0 hours(s), 3 minute(s), and 22 seconds(s)
 



#4 shannianni

shannianni
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 20 October 2013 - 06:49 AM

hi

 

here is the last log finally

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.199000 GHz
Memory total: 468168704, free: 212471808

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.199000 GHz
Memory total: 468168704, free: 31543296

Could not load protection driver
Downloaded database version: v2013.10.20.03
Downloaded database version: v2013.10.11.02
Initializing...
======================
------------ Kernel report ------------
     10/20/2013 09:58:03
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\System32\Drivers\Imapi.SYS
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\Rtnicxp.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\System32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\avgdiskx.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR7
Upper Device Object: 0xffffffff84600ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xffffffff848d4030
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR6
Upper Device Object: 0xffffffff84600030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xffffffff8493c030
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR5
Upper Device Object: 0xffffffff84638ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006e\
Lower Device Object: 0xffffffff848e2030
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff84638030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xffffffff84942030
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff84d7b328
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T1L0-1f\
Lower Device Object: 0xffffffff84d7d4d0
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff84d7bab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-17\
Lower Device Object: 0xffffffff84d7d030
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff84d7bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84d7b890, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84d7bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84d7cf18, DeviceName: \Device\00000066\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff84d7d030, DeviceName: \Device\Ide\IdeDeviceP4T0L0-17\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: EED0EEC

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 156280257
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 80026361856 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff84d7b328, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84d7a020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84d7b328, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84d7cc68, DeviceName: \Device\00000067\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff84d7d4d0, DeviceName: \Device\Ide\IdeDeviceP4T1L0-1f\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F207F138

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 234484677

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 120060444672 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff84638030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84948a90, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84638030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84942030, DeviceName: \Device\0000006d\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff84638ab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8490f020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84638ab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff848e2030, DeviceName: \Device\0000006e\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff84600030, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff848d1480, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84600030, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8493c030, DeviceName: \Device\0000006f\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffffff84600ab8, DeviceName: \Device\Harddisk5\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff848d7020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84600ab8, DeviceName: \Device\Harddisk5\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff848d4030, DeviceName: \Device\00000070\, DriverName: \Driver\usbstor\
------------ End ----------
Read File:  File "c:\documents and settings\all users\application data\avg2014\chjw\7840a87c40a8432c.dat:64a63c01-1d28-464c-8c53-ad1dd7926d0a" is sparse (flags = 32768)
Scan Interrupted
Scan Interrupted
Scan Interrupted
Scan Interrupted
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.199000 GHz
Memory total: 468168704, free: 234225664

Could not load protection driver
Downloaded database version: v2013.10.20.03
Downloaded database version: v2013.10.11.02
Initializing...
======================
------------ Kernel report ------------
     10/20/2013 12:11:25
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\System32\Drivers\Imapi.SYS
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\Rtnicxp.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\avgdiskx.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR7
Upper Device Object: 0xffffffff84979ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xffffffff84989b88
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR6
Upper Device Object: 0xffffffff84980ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xffffffff84989540
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR5
Upper Device Object: 0xffffffff849a0120
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006e\
Lower Device Object: 0xffffffff84988878
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff84661ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xffffffff84987d38
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff84d7ba68
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T1L0-1f\
Lower Device Object: 0xffffffff84d7d4d0
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff84d7b030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-17\
Lower Device Object: 0xffffffff84d7d030
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff84d7b030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84d7c8f8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84d7b030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84d7d360, DeviceName: \Device\00000066\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff84d7d030, DeviceName: \Device\Ide\IdeDeviceP4T0L0-17\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: EED0EEC

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 156280257
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 80026361856 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff84d7ba68, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84d7b788, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84d7ba68, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84d7cf18, DeviceName: \Device\00000067\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff84d7d4d0, DeviceName: \Device\Ide\IdeDeviceP4T1L0-1f\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F207F138

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 234484677

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 120060444672 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff84661ab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8497ee08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84661ab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84987d38, DeviceName: \Device\0000006d\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff849a0120, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84990618, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff849a0120, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84988878, DeviceName: \Device\0000006e\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff84980ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84994378, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84980ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84989540, DeviceName: \Device\0000006f\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffffff84979ab8, DeviceName: \Device\Harddisk5\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8489e7f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84979ab8, DeviceName: \Device\Harddisk5\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84989b88, DeviceName: \Device\00000070\, DriverName: \Driver\usbstor\
------------ End ----------
Read File: File "c:\windows\system32\config\systemprofile\local settings\application data\avg2014\log\avg-289ef12b-3a66-4f08-9502-1a7ef33a3f5e.tmp" is compressed (flags = 1)
Read File: File "c:\windows\system32\config\systemprofile\local settings\application data\avg2014\log\avg-2babc732-49c5-483a-a116-30014c77c318.tmp" is compressed (flags = 1)
Read File: File "c:\windows\system32\config\systemprofile\local settings\application data\avg2014\log\avg-f6450d31-d483-4e4f-bd34-c249ddba2475.tmp" is compressed (flags = 1)
Read File: File "c:\windows\system32\config\systemprofile\local settings\application data\avg2014\log\avg-fa954d16-80ad-4878-9fea-3a1ade2f8550.tmp" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
 



#5 shannianni

shannianni
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 22 October 2013 - 07:01 AM

hi can anyone help please



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,981 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:43 AM

Posted 22 October 2013 - 10:13 AM

Hi, could you please let me know what issues you are still having at this point?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 shannianni

shannianni
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 22 October 2013 - 11:15 AM

Hi

Many thanks for your reply, everytime my daughter or I go onto a web page we get redirected to differant sites.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,981 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:43 AM

Posted 22 October 2013 - 11:26 AM

Can you please tell me if this only happens with Firefox, or also when using Internet Explorer?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 shannianni

shannianni
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 22 October 2013 - 11:27 AM

We are using firefox
I don't use explorer

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,981 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:43 AM

Posted 22 October 2013 - 12:12 PM

Can you please try it with Internet Explorer as well, this may help us narrow down the search for the cause of the redirect.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 shannianni

shannianni
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 23 October 2013 - 02:25 AM

hi

i used explorer and this came up in the address bar when google opened

http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtCyDyDzzyCtByEyD0AtAyD0CyB0AtN0D0Tzu0CyCyCtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1330994801&ir=

#12 shannianni

shannianni
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 23 October 2013 - 02:36 AM

hi and now getting redirected to here

 

http://www.noyapps.com/lp/codecperformer/v7/?cid=3975&clickid=00002556p5500741490&a=1



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,981 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:43 AM

Posted 23 October 2013 - 05:10 AM

Hi again,

Does this happen when you open the browser and the normal homepage is not loaded, or when you type "www.google.com" in the address bar and press enter?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 shannianni

shannianni
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 23 October 2013 - 05:35 AM

if i open a browser and the google homepage is there at the top it says searchdial as above then when i search i get redirected



#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,981 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:43 AM

Posted 23 October 2013 - 06:02 AM

Lets try the following. Please download and run Shortcut Cleaner: http://www.bleepingcomputer.com/download/shortcut-cleaner/

When done please post me its log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users