Browser hijacked "Do Searches"

View previous topic View next topic Go down

Browser hijacked "Do Searches"

Post by Vladimir on 17th October 2013, 10:30 am

Hi,

When I open mozilla firefox although I have set as my start page "google" i get a start page "do searches". Before this I had the delta virus which I removed. I tried scanning with malware bytes anti-malware, spyware doctor and couldn't fix my problem. Can any tech here help me remove this virus?



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Superdave on 17th October 2013, 6:40 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.  

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download [You must be registered and logged in to see this link.]by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.

  • Double click on adwcleaner.exe to run the tool.

  • Click on Delete.

  • Confirm each time with OK

  • Your computer will be rebooted automatically. A text file will open after the restart.

  • Please post the content of that logfile in your reply.

  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.


*********************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.

  • If an update is found, it will download and install the latest version.

  • Once the program has loaded, select "Perform Full Scan", then click Scan.

  • The scan may take some time to finish,so please be patient.

  • When the scan is complete, click OK, then Show Results to view the results.

  • Make sure that everything is checked, and click Remove Selected.

  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)

  • Please save the log to a location you will remember.

  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

  • Copy and paste the entire report in your next reply.


Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Please download [You must be registered and logged in to see this link.] to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.]link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 17th October 2013, 7:36 pm

On adwcleaner there is no such command as "delete" so I pressed "scan" and then I removed the selected.
AdwCleaner:
# AdwCleaner v3.008 - Report created 17/10/2013 at 22:33:22
# Updated 17/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Vlad&Luciferia - USER-HQAI7P9NL5
# Running from : C:\Documents and Settings\Vlad&Luciferia\Επιφάνεια εργασίας\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BitGuard
Folder Deleted : C:\Documents and Settings\All Users\Application Data\eSafe
Folder Deleted : C:\Documents and Settings\All Users\Application Data\StarApp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Daownload keoeperr
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Syafe seave
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Syafe seave
Folder Deleted : C:\DOCUME~1\VLAD&L~1\LOCALS~1\Temp\eIntaller
Folder Deleted : C:\Documents and Settings\Vlad&Luciferia\Application Data\SimilarSites
Folder Deleted : C:\Documents and Settings\Vlad&Luciferia\Application Data\Uniblue\DriverScanner
File Deleted : C:\Documents and Settings\Vlad&Luciferia\Application Data\Mozilla\Firefox\Profiles\fpegqkwo.default\invalidprefs.js
File Deleted : C:\Documents and Settings\Vlad&Luciferia\Application Data\Mozilla\Firefox\Profiles\fpegqkwo.default\searchplugins\dalesearch.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\dosearches.xml
File Deleted : C:\Documents and Settings\Vlad&Luciferia\Application Data\Mozilla\Firefox\Profiles\fpegqkwo.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe]
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\eSafeSecControl
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSysControl
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{924C3DC2-8E4E-432E-F973-9A2174A39774}

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

-\\ Mozilla Firefox v24.0 (el)

[ File : C:\Documents and Settings\Vlad&Luciferia\Application Data\Mozilla\Firefox\Profiles\fpegqkwo.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchere.info/?pid=298&r=2013/10/09&hid=9228460810964628143&lg=EN&cc=GR&unqvl=37&l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("extensions.5211295dc2356.scode", "new function(){var a=this;a.domain_storage=\"hxxp://xls.searchfun.in\";a.prefix=\"if72ru4ruh7fewui\";a.conf={\"1\":{\"0\":1,\"1\":0,\"2\":0,\"3\":0,\"4\":0[...]
Line Deleted : user_pref("extensions.9QUseiCPcQZp.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;[...]
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.EXklfjdC.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};(function(){if(window.self==window.top){var a=document.createElement(\"script\"[...]
Line Deleted : user_pref("extensions.Zu8.scode", "(function(){try{if(window.opener&&window.self==window.top&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.sel[...]
Line Deleted : user_pref("extensions.dalesearch.admin", false);
Line Deleted : user_pref("extensions.dalesearch.aflt", "babsst");
Line Deleted : user_pref("extensions.dalesearch.appId", "{33CB14BC-58BB-4B3A-9877-7946A3F41BAE}");
Line Deleted : user_pref("extensions.dalesearch.autoRvrt", "false");
Line Deleted : user_pref("extensions.dalesearch.dfltLng", "en");
Line Deleted : user_pref("extensions.dalesearch.excTlbr", false);
Line Deleted : user_pref("extensions.dalesearch.ffxUnstlRst", false);
Line Deleted : user_pref("extensions.dalesearch.id", "60c26bc400000000000000137287bf0e");
Line Deleted : user_pref("extensions.dalesearch.instlDay", "15987");
Line Deleted : user_pref("extensions.dalesearch.instlRef", "sst");
Line Deleted : user_pref("extensions.dalesearch.newTab", false);
Line Deleted : user_pref("extensions.dalesearch.prdct", "dalesearch");
Line Deleted : user_pref("extensions.dalesearch.prtnrId", "dalesearch");
Line Deleted : user_pref("extensions.dalesearch.rvrt", "false");
Line Deleted : user_pref("extensions.dalesearch.smplGrp", "none");
Line Deleted : user_pref("extensions.dalesearch.tlbrId", "base");
Line Deleted : user_pref("extensions.dalesearch.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.dalesearch.vrsn", "1.8.16.19");
Line Deleted : user_pref("extensions.dalesearch.vrsnTs", "1.8.16.190:55:20");
Line Deleted : user_pref("extensions.dalesearch.vrsni", "1.8.16.19");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "60c26bc400000000000000137287bf0e");
Line Deleted : user_pref("extensions.delta.instlDay", "15987");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.615:19:21");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=123621&tsp=5030");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.searchere.info/?pid=298&r=2013/10/09&hid=9228460810964628143&lg=EN&cc=GR&unqvl=37&l=1&q=");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v

[ File : C:\Documents and Settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [10707 octets] - [17/10/2013 22:31:11]
AdwCleaner[S0].txt - [9839 octets] - [17/10/2013 22:33:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9899 octets] ##########



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 17th October 2013, 8:21 pm

On "junkware" and "security check "programs I got this message "The system could not locate the disk path" and both programs couldn't finish their work..

Malware bytes:
Malwarebytes Anti-Malware 1.75.0.1300
[You must be registered and logged in to see this link.]

Έκδοση βάσης δεδομένων: v2013.10.13.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Vlad&Luciferia :: USER-HQAI7P9NL5 [διαχειριστής]

17/10/2013 10:48:14 μμ
mbam-log-2013-10-17 (22-48-14).txt

Τύπος σάρωσης: Πλήρης σάρωση (C:\|)
Ενεργοποιημένες επιλογές σάρωσης: Μνήμη | Εκκίνηση | Μητρώο | Σύστημα αρχείων | Ευρετική μέθοδος/Extra | Ευρετική μέθοδος/Shuriken | PUP | PUM
Απενεργοποιημένες επιλογές σάρωσης: P2P
Αντικείμενα που σαρώθηκαν: 233827
Χρόνος που έχει διανυθεί: 32 λεπτό(ά), 51 δευτερόλεπτο(α)

Εντοπίστηκαν διεργασίες στη μνήμη: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν στοιχεία στη μνήμη: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν κλειδιά στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν τιμές στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν αντικείμενα δεδομένων στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν φάκελοι: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν αρχεία: 2
C:\Documents and Settings\Vlad&Luciferia\Local Settings\Temp\ICReinstall_wintoflash_0.7.0057-Beta_setup.exe (PUP.Optional.Freemium.A) -> Απομονώθηκε και διαγράφτηκε επιτυχώς.
C:\RECYCLER\S-1-5-21-1085031214-1060284298-839522115-1004\Dc57.exe (PUP.Optional.Freemium.A) -> Απομονώθηκε και διαγράφτηκε επιτυχώς.

(τέλος)



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Superdave on 17th October 2013, 9:58 pm

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 17th October 2013, 10:19 pm

ComboFix 13-10-16.02 - Vlad&Luciferia 18/10/2013 1:04.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1253.30.1032.18.1014.472 [GMT 3:00]
Running from: c:\documents and settings\Vlad&Luciferia\+Ώώ?-Ίίώά ί±ήά?-ά?\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcgmehbfdnnenigpjeloaghefejfanka
c:\documents and settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcgmehbfdnnenigpjeloaghefejfanka\1.6\background.html
c:\documents and settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcgmehbfdnnenigpjeloaghefejfanka\1.6\content.js
c:\documents and settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcgmehbfdnnenigpjeloaghefejfanka\1.6\lsdb.js
c:\documents and settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcgmehbfdnnenigpjeloaghefejfanka\1.6\manifest.json
c:\documents and settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcgmehbfdnnenigpjeloaghefejfanka\1.6\sqlite.js
c:\documents and settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcgmehbfdnnenigpjeloaghefejfanka\1.6\zYiVoyT.js
c:\documents and settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iibljhbgeihagednfcefiohkkhlebafm
c:\documents and settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iibljhbgeihagednfcefiohkkhlebafm\1.0\8OlTFzsklOl.js
c:\documents and settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iibljhbgeihagednfcefiohkkhlebafm\1.0\background.html
c:\documents and settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iibljhbgeihagednfcefiohkkhlebafm\1.0\content.js
c:\documents and settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iibljhbgeihagednfcefiohkkhlebafm\1.0\lsdb.js
c:\documents and settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iibljhbgeihagednfcefiohkkhlebafm\1.0\manifest.json
c:\documents and settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iibljhbgeihagednfcefiohkkhlebafm\1.0\newtab.html
c:\documents and settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iibljhbgeihagednfcefiohkkhlebafm\1.0\sqlite.js
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WSYSSVC
.
.
((((((((((((((((((((((((( Files Created from 2013-09-17 to 2013-10-17 )))))))))))))))))))))))))))))))
.
.
2013-10-17 19:38 . 2013-10-17 19:38 -------- d-----w- c:\windows\ERUNT
2013-10-17 19:30 . 2013-10-17 21:45 -------- d-----w- C:\AdwCleaner
2013-10-16 15:56 . 2013-10-16 16:43 -------- d-----w- c:\windows\system32\NtmsData
2013-10-14 01:48 . 2013-10-14 01:48 -------- d-----w- c:\program files\CCleaner
2013-10-14 01:43 . 2013-10-14 01:43 -------- d-----w- c:\documents and settings\All Users\Anvisoft
2013-10-14 01:32 . 2013-10-14 01:40 -------- d-----w- c:\windows\865537E164904193A4B6669C62711852.TMP
2013-10-14 01:32 . 2013-10-14 01:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-10-14 01:17 . 2013-10-14 01:17 -------- d-----w- c:\documents and settings\Vlad&Luciferia\Local Settings\Application Data\LogMeIn
2013-10-14 01:17 . 2013-10-14 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2013-10-13 16:02 . 2013-10-13 21:44 -------- d-----w- c:\documents and settings\Vlad&Luciferia\Application Data\Mount&Blade Warband
2013-10-13 16:00 . 2007-03-15 13:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2013-10-13 16:00 . 2007-03-12 13:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2013-10-13 16:00 . 2007-03-12 13:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2013-10-13 16:00 . 2007-01-24 12:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2013-10-13 16:00 . 2006-12-08 09:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2013-10-13 16:00 . 2006-11-29 10:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-10-13 16:00 . 2007-03-05 09:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2013-10-13 16:00 . 2006-09-28 13:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2013-10-13 16:00 . 2006-09-28 13:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2013-10-13 16:00 . 2006-07-28 06:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2013-10-13 16:00 . 2006-07-28 06:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2013-10-13 16:00 . 2013-10-14 01:50 -------- d-----w- c:\windows\Logs
2013-10-13 15:59 . 2013-10-13 15:59 -------- d-----w- c:\program files\Dirext_X
2013-10-13 15:18 . 2013-10-13 16:02 -------- d-----w- c:\program files\Mount & Blade - Warband
2013-10-13 14:44 . 2013-10-13 15:17 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-10-13 14:43 . 2013-10-16 16:01 -------- d-----w- c:\documents and settings\Vlad&Luciferia\Application Data\DAEMON Tools Lite
2013-10-13 14:43 . 2013-10-13 14:43 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-10-13 14:42 . 2013-10-13 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2013-10-13 11:16 . 2013-10-13 11:16 -------- d-----w- C:\Users
2013-10-09 22:23 . 2013-10-09 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SummerSoft
2013-10-09 12:19 . 2013-10-09 12:19 -------- d-----w- c:\documents and settings\Vlad&Luciferia\Local Settings\Application Data\avgchrome
2013-10-09 12:18 . 2013-10-09 21:58 -------- d-----w- c:\documents and settings\Vlad&Luciferia\Application Data\Rovio
2013-10-09 03:22 . 2009-03-18 15:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2013-10-09 03:21 . 2013-10-09 03:21 -------- d-----w- c:\program files\LogMeIn Hamachi
2013-10-03 18:04 . 2013-10-03 18:05 -------- d-----w- c:\program files\Common Files\Adobe
2013-10-03 18:03 . 2013-10-03 18:06 -------- d-----w- c:\documents and settings\Vlad&Luciferia\Local Settings\Application Data\Adobe
2013-09-26 19:29 . 2013-09-26 19:29 -------- d-----w- c:\documents and settings\Vlad&Luciferia\Application Data\Malwarebytes
2013-09-26 19:29 . 2013-09-26 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-09-26 19:29 . 2013-04-04 11:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-26 19:29 . 2013-09-26 19:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-26 19:29 . 2013-09-26 19:29 -------- d-----w- c:\documents and settings\Vlad&Luciferia\Application Data\SUPERAntiSpyware.com
2013-09-26 19:28 . 2013-09-26 19:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-09-26 19:28 . 2013-09-26 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-09-26 18:00 . 2013-09-26 18:00 208760 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-09-18 11:06 . 2008-04-13 21:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2013-09-18 11:06 . 2008-04-13 21:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2013-09-18 11:02 . 2003-03-18 17:04 765952 ----a-w- c:\windows\system32\msvcp71d.dll
2013-09-18 11:02 . 2003-03-18 17:03 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2013-09-18 11:02 . 2002-01-05 00:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2013-09-18 11:02 . 2005-10-31 18:28 69632 ----a-w- c:\windows\system32\MobOlExt.dll
2013-09-18 11:02 . 2013-09-18 12:29 -------- d-----w- c:\program files\ALCATEL PC Suite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-29 11:00 . 2009-05-21 17:21 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-08-29 11:00 . 2009-05-21 15:57 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-08-24 03:57 . 2013-08-17 07:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-24 03:57 . 2013-08-17 07:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-08-29 295512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousUserGroupPolicy"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 13:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-15 10:46 135168 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2013-10-01 12:51 2345296 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 20:00 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2013-08-15 00:27 5703920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Documents and Settings\\Vlad&Luciferia\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Mount & Blade - Warband\\mb_warband.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [13/10/2013 5:44 μμ 243128]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [16/11/2010 9:59 μμ 20088]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/7/2011 7:27 μμ 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/7/2011 12:55 πμ 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [23/5/2013 11:11 μμ 119056]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [1/10/2013 3:51 μμ 1612112]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [26/8/2013 4:46 μμ 375056]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [14/8/2013 3:19 μμ 39056]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-08 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1085031214-1060284298-839522115-1004.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 12:19]
.
2013-10-17 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1085031214-1060284298-839522115-1004.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 12:19]
.
2013-10-17 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1085031214-1060284298-839522115-1004.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 12:19]
.
2013-10-17 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1085031214-1060284298-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 14:13]
.
2013-10-17 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1085031214-1060284298-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 14:13]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Απ&οστολή στο OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files\PokerStars.EU\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Vlad&Luciferia\Application Data\Mozilla\Firefox\Profiles\fpegqkwo.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - ExtSQL: 2013-08-28 22:33; [You must be registered and logged in to see this link.]; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: 2013-08-29 14:01; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\documents and settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: !HIDDEN! 2013-08-28 22:33; [You must be registered and logged in to see this link.]; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2013-10-18 01:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(300)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1032\GrooveIntlResource.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-10-18 01:19:14 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-17 22:19
.
Pre-Run: 8 Κατάλογοι 16.365.268.992 διαθέσιμα byte
Post-Run: 11 Κατάλογοι 17.359.941.632 διαθέσιμα byte
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 5955B45CFFE8C3342F28E4DEF13ADE3B
3C27C0429156ADC19E0F46AF77CD22D7



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Superdave on 18th October 2013, 1:10 am

Malwarebytes' Anti-Rootkit

Please download [You must be registered and logged in to see this link.] and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and [You must be registered and logged in to see this link.] all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.


Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 18th October 2013, 11:05 am

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
[You must be registered and logged in to see this link.]

Database version: v2013.10.02.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Vlad&Luciferia :: USER-HQAI7P9NL5 [administrator]

18/10/2013 1:55:04 μμ
mbar-log-2013-10-18 (13-55-04).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 192828
Time elapsed: 9 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 18th October 2013, 11:06 am

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 1063325696, free: 508911616

=======================================
------------ Kernel report ------------
    10/18/2013 13:54:54
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\b57xp32.sys
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\senfilt.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\??\C:\Program Files\HWiNFO32\HWiNFO32.SYS
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\usbccgp.sys
\SystemRoot\System32\DRIVERS\kbdhid.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\HPZius12.sys
\SystemRoot\system32\DRIVERS\HPZid412.sys
\SystemRoot\system32\DRIVERS\HPZipr12.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff863c9ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-e\
Lower Device Object: 0xffffffff86349030
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff863c9ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86373c60, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff863c9ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86349030, DeviceName: \Device\Ide\IdeDeviceP1T0L0-e\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 41AB2316

Partition information:

   Partition 0 type is Other (0xde)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 63  Numsec = 80262

   Partition 1 type is Primary (0x7)
   Partition is ACTIVE.
   Partition starts at LBA: 80325  Numsec = 78027705
   Partition file system is NTFS
   Partition is bootable

   Partition 2 type is Empty (0x0)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 0  Numsec = 0

   Partition 3 type is Empty (0x0)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 0  Numsec = 0

Disk Size: 40000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-78105000-78125000)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_80325_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 18th October 2013, 11:08 am

The problem hasn't been solved yet :/ . "Do searches" keeps appearing when I open any of my browsers.. (mozilla and internet explorer)



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 18th October 2013, 4:04 pm

Now when I open a new window on my broswer, except from "Do searches" it opens up and the last page that I was in. For example I was in GeekPolice and then I close the window. When I press mozilla it opens up GeekPolice with do searches (2 windows)..



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 18th October 2013, 6:34 pm

Here is super Antispyware log:
SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 10/18/2013 at 09:32 PM

Application Version : 5.6.1032

Core Rules Database Version : 10840
Trace Rules Database Version: 8652

Scan type : Complete Scan
Total Scan Time : 00:21:37

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 370
Memory threats detected : 0
Registry items scanned : 35693
Registry threats detected : 0
File items scanned : 21111
File threats detected : 23

Adware.Tracking Cookie
[You must be registered and logged in to see this link.] [ C:\DOCUMENTS AND SETTINGS\VLAD&LUCIFERIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FPEGQKWO.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\DOCUMENTS AND SETTINGS\VLAD&LUCIFERIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FPEGQKWO.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\DOCUMENTS AND SETTINGS\VLAD&LUCIFERIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FPEGQKWO.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\DOCUMENTS AND SETTINGS\VLAD&LUCIFERIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FPEGQKWO.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\DOCUMENTS AND SETTINGS\VLAD&LUCIFERIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FPEGQKWO.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\DOCUMENTS AND SETTINGS\VLAD&LUCIFERIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FPEGQKWO.DEFAULT\COOKIES.SQLITE ]
.findmysoft.com [ C:\DOCUMENTS AND SETTINGS\VLAD&LUCIFERIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FPEGQKWO.DEFAULT\COOKIES.SQLITE ]
.findmysoft.com [ C:\DOCUMENTS AND SETTINGS\VLAD&LUCIFERIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FPEGQKWO.DEFAULT\COOKIES.SQLITE ]
.findmysoft.com [ C:\DOCUMENTS AND SETTINGS\VLAD&LUCIFERIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FPEGQKWO.DEFAULT\COOKIES.SQLITE ]
.questionnaire3.pampers.gr [ C:\DOCUMENTS AND SETTINGS\VLAD&LUCIFERIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FPEGQKWO.DEFAULT\COOKIES.SQLITE ]
.questionnaire3.pampers.gr [ C:\DOCUMENTS AND SETTINGS\VLAD&LUCIFERIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FPEGQKWO.DEFAULT\COOKIES.SQLITE ]
.questionnaire3.pampers.gr [ C:\DOCUMENTS AND SETTINGS\VLAD&LUCIFERIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FPEGQKWO.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\VLAD&LUCIFERIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FPEGQKWO.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP81\A0014705.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP81\A0014706.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP81\A0014707.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP81\A0014708.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP81\A0014710.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP81\A0014711.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP81\A0014713.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP81\A0014714.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP81\A0014715.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP87\A0016403.EXE



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Superdave on 18th October 2013, 6:38 pm


  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.



  • If an infected file is detected, the default action will be Cure, click on Continue.



  • If a suspicious file is detected, the default action will be Skip, click on Continue.



  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.



  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 18th October 2013, 6:46 pm

21:40:17.0578 0x0c38 TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
21:40:20.0359 0x0c38 ============================================================
21:40:20.0359 0x0c38 Current date / time: 2013/10/18 21:40:20.0359
21:40:20.0359 0x0c38 SystemInfo:
21:40:20.0359 0x0c38
21:40:20.0359 0x0c38 OS Version: 5.1.2600 ServicePack: 3.0
21:40:20.0359 0x0c38 Product type: Workstation
21:40:20.0359 0x0c38 ComputerName: USER-HQAI7P9NL5
21:40:20.0359 0x0c38 UserName: Vlad&Luciferia
21:40:20.0359 0x0c38 Windows directory: C:\WINDOWS
21:40:20.0359 0x0c38 System windows directory: C:\WINDOWS
21:40:20.0359 0x0c38 Processor architecture: Intel x86
21:40:20.0359 0x0c38 Number of processors: 2
21:40:20.0359 0x0c38 Page size: 0x1000
21:40:20.0359 0x0c38 Boot type: Normal boot
21:40:20.0359 0x0c38 ============================================================
21:40:24.0718 0x0c38 System UUID: {69A5662A-633F-3187-1D20-38AD284BA1AD}
21:40:25.0421 0x0c38 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:40:25.0421 0x0c38 ============================================================
21:40:25.0421 0x0c38 \Device\Harddisk0\DR0:
21:40:25.0421 0x0c38 MBR partitions:
21:40:25.0421 0x0c38 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x4A69BB9
21:40:25.0421 0x0c38 ============================================================
21:40:25.0468 0x0c38 C: <-> \Device\Harddisk0\DR0\Partition1
21:40:25.0468 0x0c38 ============================================================
21:40:25.0468 0x0c38 Initialize success
21:40:25.0468 0x0c38 ============================================================
21:43:40.0625 0x0ce0 ============================================================
21:43:40.0625 0x0ce0 Scan started
21:43:40.0625 0x0ce0 Mode: Manual;
21:43:40.0625 0x0ce0 ============================================================
21:43:40.0625 0x0ce0 KSN ping started
21:43:54.0187 0x0ce0 KSN ping finished: true
21:43:54.0796 0x0ce0 ================ Scan system memory ========================
21:43:54.0796 0x0ce0 System memory - ok
21:43:54.0796 0x0ce0 ================ Scan services =============================
21:43:54.0953 0x0ce0 [ 9EBE730D4B5E3FF25EAAF5A59BA6CCFF, 558231A81D30F98D2285D3AC63E0B33D0BB8BA182115E263436CC431BA4CC0CD ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:43:54.0968 0x0ce0 !SASCORE - ok
21:43:55.0296 0x0ce0 Abiosdsk - ok
21:43:55.0296 0x0ce0 abp480n5 - ok
21:43:55.0359 0x0ce0 [ 1C3C72C504F312C19426CC7CB9AD8E98, 5EF626A490B84F973BE930715C31D6E303C1110D790B4FFCD64572D750DFE4A1 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:43:55.0375 0x0ce0 ACPI - ok
21:43:55.0421 0x0ce0 [ 99F9466C2611E379C88FBBFC8DF89B17, B64927A30C69CF0B103EEC1A46CF7D9FF54BA004F0CC2CBA639ACAAD8C9F47AB ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:43:55.0421 0x0ce0 ACPIEC - ok
21:43:55.0421 0x0ce0 adpu160m - ok
21:43:55.0484 0x0ce0 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:43:55.0484 0x0ce0 aec - ok
21:43:55.0500 0x0ce0 [ 322D0E36693D6E24A2398BEE62A268CD, FB0BFF5846E50DBCC2826639318A6A1DE79EE7DEA2719ED74A5F6F44454E13D0 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:43:55.0500 0x0ce0 AFD - ok
21:43:55.0515 0x0ce0 Aha154x - ok
21:43:55.0515 0x0ce0 aic78u2 - ok
21:43:55.0531 0x0ce0 aic78xx - ok
21:43:55.0562 0x0ce0 [ 2D60F4A987FB1D39281EFD8C4FD0A298, 14F79FAAA2F943068CCFCCFEFA409E5FFA0BA8572D0EAAF092137D49ACF0F796 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:43:55.0562 0x0ce0 Alerter - ok
21:43:55.0593 0x0ce0 [ 9E2814734BE84F8395FB45C16DB6F17B, 476DAE2CC5E745A7DA96A501761BEEAA1AC9C445CCFC7DC614E9B1D5D129CEEF ] ALG C:\WINDOWS\System32\alg.exe
21:43:55.0609 0x0ce0 ALG - ok
21:43:55.0609 0x0ce0 AliIde - ok
21:43:55.0609 0x0ce0 amsint - ok
21:43:55.0625 0x0ce0 AppMgmt - ok
21:43:55.0625 0x0ce0 asc - ok
21:43:55.0640 0x0ce0 asc3350p - ok
21:43:55.0640 0x0ce0 asc3550 - ok
21:43:55.0796 0x0ce0 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:43:55.0828 0x0ce0 aspnet_state - ok
21:43:55.0875 0x0ce0 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:43:55.0875 0x0ce0 AsyncMac - ok
21:43:55.0921 0x0ce0 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:43:55.0921 0x0ce0 atapi - ok
21:43:55.0937 0x0ce0 Atdisk - ok
21:43:55.0968 0x0ce0 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:43:55.0968 0x0ce0 Atmarpc - ok
21:43:56.0015 0x0ce0 [ BE097D45F15D94690E94C9A2AF1C5730, E43B641B9287E4EF2961E2E83FAE6903652661FAB636F585298C7164EB489084 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:43:56.0015 0x0ce0 AudioSrv - ok
21:43:56.0078 0x0ce0 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:43:56.0078 0x0ce0 audstub - ok
21:43:56.0140 0x0ce0 [ 241474D01380E9ED41D4C07F4F5FD401, 93CAD2FB0260C5CDDF014E16D8D99A63E8CA107BC2EE6D403CC7C877C3ADBD97 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:43:56.0140 0x0ce0 b57w2k - ok
21:43:56.0203 0x0ce0 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:43:56.0203 0x0ce0 Beep - ok
21:43:56.0265 0x0ce0 [ ABDC5CF759C736DFBFEB031FDC01E303, 8F6B70E4563AB8B6DDCEE4DE7A3D5DEA0EBF26A379BEA7C03F1EB22931137F75 ] BITS C:\WINDOWS\system32\qmgr.dll
21:43:56.0359 0x0ce0 BITS - ok
21:43:56.0406 0x0ce0 [ 9ADFF48255BFC005805E1886ED9ED8CE, B196737A4CCDEF20B0BB540208A92ADB6966BE319D07E0CC349FF39596A5C26A ] Browser C:\WINDOWS\System32\browser.dll
21:43:56.0406 0x0ce0 Browser - ok
21:43:56.0406 0x0ce0 catchme - ok
21:43:56.0453 0x0ce0 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:43:56.0453 0x0ce0 cbidf2k - ok
21:43:56.0468 0x0ce0 cd20xrnt - ok
21:43:56.0500 0x0ce0 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:43:56.0500 0x0ce0 Cdaudio - ok
21:43:56.0562 0x0ce0 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:43:56.0562 0x0ce0 Cdfs - ok
21:43:56.0578 0x0ce0 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:43:56.0578 0x0ce0 Cdrom - ok
21:43:56.0578 0x0ce0 Changer - ok
21:43:56.0593 0x0ce0 [ BE6F88236BA32F780CD93BBCAF54AE32, 7E0DC0B6478D686B424371175A8712FF2BF1898EEE0C66CFA8361213DBC8FAFA ] cisvc C:\WINDOWS\system32\cisvc.exe
21:43:56.0593 0x0ce0 cisvc - ok
21:43:56.0625 0x0ce0 [ BC6C0DBFB19D610D9B1E996F4452B161, BC4DCE99F30350DB2D4D89A369C885C148D487433C711A44FE736CA3B5B85536 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:43:56.0625 0x0ce0 ClipSrv - ok
21:43:56.0718 0x0ce0 [ 234B1BC2796483E1F5C3F26649FB3388, F412B31340B11418698F263A60C78CB086F3D973EDA0C15DF12331971EB3C9DC ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:43:56.0718 0x0ce0 clr_optimization_v2.0.50727_32 - ok
21:43:56.0765 0x0ce0 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:43:56.0812 0x0ce0 clr_optimization_v4.0.30319_32 - ok
21:43:56.0828 0x0ce0 CmdIde - ok
21:43:56.0828 0x0ce0 COMSysApp - ok
21:43:56.0843 0x0ce0 Cpqarray - ok
21:43:56.0875 0x0ce0 [ F50F73977012F0F5CF807451B79B6736, 859C67511686AF78B7C460A7EC22FF7100D99EAABD32809EEE518EC16FD8014C ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:43:56.0875 0x0ce0 CryptSvc - ok
21:43:56.0875 0x0ce0 dac2w2k - ok
21:43:56.0890 0x0ce0 dac960nt - ok
21:43:56.0968 0x0ce0 [ CAF10713E4A7C574FB8C86D34FF70616, 1C527733FC91F6A2649F5EA166E8FE8DAC231535600A84A1BB5EA2BF81DFAAC0 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:43:56.0984 0x0ce0 DcomLaunch - ok
21:43:57.0046 0x0ce0 [ 94C7EE99425BC8342D2991A915D8A8A9, ED27DD1380324F537071E0C410DBC71204A76C0C09BAD1FECCF0ED346D1466F6 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:43:57.0046 0x0ce0 Dhcp - ok
21:43:57.0140 0x0ce0 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:43:57.0140 0x0ce0 Disk - ok
21:43:57.0140 0x0ce0 dmadmin - ok
21:43:57.0218 0x0ce0 [ FD983F66EEB5245EF9B28EA3444B2E20, A274DF31385071E8A58365DFE68F417FD0B7031637B8888CAC6445A199C80B5D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:43:57.0265 0x0ce0 dmboot - ok
21:43:57.0312 0x0ce0 [ A732FC0D3B930E2539018EB8EC9314C2, 6266AA5072FF1246AA9FE95487F401E972EC40F990439D40F1588A82275A1445 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:43:57.0312 0x0ce0 dmio - ok
21:43:57.0343 0x0ce0 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:43:57.0343 0x0ce0 dmload - ok
21:43:57.0375 0x0ce0 [ F78D2A217BE961A73BBCBA8C502746F6, C134196D5577E1C439D4DAD5F8B930F49C3CF1EFCED4449CD626D4252E95782E ] dmserver C:\WINDOWS\System32\dmserver.dll
21:43:57.0375 0x0ce0 dmserver - ok
21:43:57.0421 0x0ce0 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:43:57.0421 0x0ce0 DMusic - ok
21:43:57.0484 0x0ce0 [ B88F912AEC6E655051A935C2D41FA5B3, 5C2195E2CFFB1E0D2ADD2276BEA2439C9A7A304AC333AC655DFB429D5D074819 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:43:57.0484 0x0ce0 Dnscache - ok
21:43:57.0531 0x0ce0 [ AEF153DBE79177F71B03AA013FA237A2, E6691D2367179FEF9CE56B037597EF6DAEC83AAE07BBF6F5CF59BC80CB16FDDD ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:43:57.0546 0x0ce0 Dot3svc - ok
21:43:57.0546 0x0ce0 dpti2o - ok
21:43:57.0578 0x0ce0 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:43:57.0578 0x0ce0 drmkaud - ok
21:43:57.0640 0x0ce0 [ E6B7D1B24E16FB24CE1FEA964E144EBC, 30F81E0A017163A1AB463FE3A13B5CC2905B973E782AEBC1EB63759BF2470658 ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
21:43:57.0656 0x0ce0 dtsoftbus01 - ok
21:43:57.0703 0x0ce0 [ DFD142289BBE62FE420B018A33CE6104, C423F4B5E0F46A2A1C91C03F3BBE5A2CCD0DE7BA6093710D4BCDDAD80BFA458C ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:43:57.0703 0x0ce0 EapHost - ok
21:43:57.0750 0x0ce0 [ 94F58EC326A57BBE8E81636B9B583578, AC74286395B80AF22ADEE8DC673E54F148AEF7A436EA09C92E700104C85350BE ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:43:57.0750 0x0ce0 ERSvc - ok
21:43:57.0812 0x0ce0 [ 207AB7A1A36004BB6F33E58E71C1C90E, C4B4729276A5C1E523C5E48DCFA436E15311C85AC775A8CF3B549A71E7D3C2D2 ] Eventlog C:\WINDOWS\system32\services.exe
21:43:57.0828 0x0ce0 Eventlog - ok
21:43:57.0843 0x0ce0 [ 53B11DD7E1BF16BDE231B63A3D6C6BC0, D3D9785D264D47C18ADFB6D1106DAA0FBBD84A1450239149E9C229DA6764503B ] EventSystem C:\WINDOWS\System32\es.dll
21:43:57.0859 0x0ce0 EventSystem - ok
21:43:57.0890 0x0ce0 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:43:57.0890 0x0ce0 Fastfat - ok
21:43:57.0953 0x0ce0 [ 9ED683865B8F0D374B95F4159F33833C, 6570DBEABF2AD245867949FD5DB195D4B44C0BF4EAFF021515BCDE061058F756 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:43:57.0968 0x0ce0 FastUserSwitchingCompatibility - ok
21:43:57.0984 0x0ce0 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:43:57.0984 0x0ce0 Fdc - ok
21:43:58.0031 0x0ce0 [ 418D3078A9B107DE75C9BA9B56CBA035, 463B5C9C34BD48CCD25BEDC1C27A004383155797374A26FE313C2B6A2AF35388 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:43:58.0031 0x0ce0 Fips - ok
21:43:58.0046 0x0ce0 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:43:58.0046 0x0ce0 Flpydisk - ok
21:43:58.0093 0x0ce0 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:43:58.0109 0x0ce0 FltMgr - ok
21:43:58.0218 0x0ce0 [ 993883524AA9CF1C90E1545411A9AC9C, 95B854BFBB3761225F3AB4FA61E299991EE2BB5F78D22C2F7FB3C4BD0EEBD654 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:43:58.0218 0x0ce0 FontCache3.0.0.0 - ok
21:43:58.0234 0x0ce0 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:43:58.0234 0x0ce0 Fs_Rec - ok
21:43:58.0250 0x0ce0 [ 9C798FDC0D53DFBA6F4C4059A11FBFE8, D6FF0E3D4120A8226A8086B81C0B805813866CC2EE73C30773558282D52A8032 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:43:58.0265 0x0ce0 Ftdisk - ok
21:43:58.0312 0x0ce0 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:43:58.0312 0x0ce0 Gpc - ok
21:43:58.0343 0x0ce0 [ 833051C6C6C42117191935F734CFBD97, 5EB5672ABC7994A4AFF855A572158B8BE4FC6E541CFD4B9BE4FF2739A9A6AFB8 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
21:43:58.0343 0x0ce0 hamachi - ok
21:43:58.0500 0x0ce0 [ C9EF0B0B132EA48CDD5E206F6F99EDC9, 6D47DE6CE13CDC8AC0CD337989FCD2FD3A7004DD253C2B7EF1009C7ECFD9EECD ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
21:43:58.0578 0x0ce0 Hamachi2Svc - ok
21:43:58.0687 0x0ce0 [ A8555880AA97C410DCEA531B4799FA11, 02C7D5EA432A2CC53215DB2F39E1536BDE69CD93DA57E32AAE787DC5BBE8E98E ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:43:58.0687 0x0ce0 helpsvc - ok
21:43:58.0687 0x0ce0 HidServ - ok
21:43:58.0750 0x0ce0 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:43:58.0750 0x0ce0 hidusb - ok
21:43:58.0781 0x0ce0 [ 0C71805B04E14FD1AE2ED3938F4F2D05, 2E24DB2F8282AC28E6F46096A45C584F15A41C14C00EF770592BCD23BB208E94 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:43:58.0796 0x0ce0 hkmsvc - ok
21:43:58.0796 0x0ce0 hpn - ok
21:43:58.0953 0x0ce0 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05, 7B3F117C1D606DDA7623BEC0BFBC362C33A12213E899F049AC56A55826984134 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:43:58.0968 0x0ce0 hpqcxs08 - ok
21:43:59.0000 0x0ce0 [ F3F72A2A86C22610BCA5439FA789DD52, DA5A8F09DCC512AA1558863AD4FAC12F72DD83CA8FB4D8D9831E4AFBB6B3C616 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:43:59.0000 0x0ce0 hpqddsvc - ok
21:43:59.0015 0x0ce0 hpt3xx - ok
21:43:59.0046 0x0ce0 [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:43:59.0046 0x0ce0 HPZid412 - ok
21:43:59.0078 0x0ce0 [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:43:59.0078 0x0ce0 HPZipr12 - ok
21:43:59.0125 0x0ce0 [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:43:59.0125 0x0ce0 HPZius12 - ok
21:43:59.0187 0x0ce0 [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:43:59.0218 0x0ce0 HTTP - ok
21:43:59.0265 0x0ce0 [ 4E71FDAC76E5E9ED1C88DC3FB16E301D, 335D7AF232FE8EDFBED6DD2C288256E170AFE71179BE614110597B8AF137326A ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:43:59.0281 0x0ce0 HTTPFilter - ok
21:43:59.0359 0x0ce0 [ AC1E9496BA0AC3B27B45F2228ED51B2C, C1EB7B5ECC4CF6AADD8CB7D7CE7D5A31581979619E8E3E7D4ADB220730919E17 ] HWiNFO32 C:\Program Files\HWiNFO32\HWiNFO32.SYS
21:43:59.0359 0x0ce0 HWiNFO32 - ok
21:43:59.0375 0x0ce0 i2omgmt - ok
21:43:59.0375 0x0ce0 i2omp - ok
21:43:59.0390 0x0ce0 [ F8D6633482E0BD81766C74441B134FDF, 826589D4B7B4952B207F31E5F159B03DAF04518AB4461F5E51B51618FA8FE59B ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
21:43:59.0390 0x0ce0 i8042prt - ok
21:43:59.0734 0x0ce0 [ 48846B31BE5A4FA662CCFDE7A1BA86B9, BC653F3ADAD70E766484986F196D4045D2CC6D92E5D827907E734254EE489A33 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:44:00.0000 0x0ce0 ialm - ok
21:44:00.0109 0x0ce0 [ E7CC3AEAED9893A88876744CD439F76C, C5421E8866A8468FE8E1DCE11245E8EEE6F9750C4F7365497D4C2DE007864FB5 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:44:00.0171 0x0ce0 idsvc - ok
21:44:00.0203 0x0ce0 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:44:00.0203 0x0ce0 Imapi - ok
21:44:00.0281 0x0ce0 [ 2471854671044613A324486986236FFF, 44EFC50E3AB5936AC18B33C9A62DE991B315AF451EAF7C0FD68641357AE2DC38 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:44:00.0281 0x0ce0 ImapiService - ok
21:44:00.0296 0x0ce0 ini910u - ok
21:44:00.0296 0x0ce0 IntelIde - ok
21:44:00.0312 0x0ce0 [ BB055E429E9F54AA3FBA2DD33BEB0935, B1276A6CAD3B7DCE24C668D5DBB38A6AC69D38D1CFF85360D7C57BF6270FB708 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:44:00.0312 0x0ce0 intelppm - ok
21:44:00.0343 0x0ce0 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:44:00.0359 0x0ce0 ip6fw - ok
21:44:00.0390 0x0ce0 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:44:00.0390 0x0ce0 IpFilterDriver - ok
21:44:00.0406 0x0ce0 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:44:00.0406 0x0ce0 IpInIp - ok
21:44:00.0468 0x0ce0 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:44:00.0500 0x0ce0 IpNat - ok
21:44:00.0515 0x0ce0 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:44:00.0531 0x0ce0 IPSec - ok
21:44:00.0562 0x0ce0 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:44:00.0562 0x0ce0 IRENUM - ok
21:44:00.0609 0x0ce0 [ D3715A2DBA29215BE59DCFC11294D493, 130C73426F31383118E12195FFE097E1F3AADEF291F4D8ED5CAB0301E4C92702 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:44:00.0625 0x0ce0 isapnp - ok
21:44:00.0687 0x0ce0 [ AF1FD8035B4A34EAF25F8BB1CD3C95FF, C322780CAF17CC2229CDBAE63B5BDFE223238B628B1AA917822AA0B0A70914BE ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:44:00.0687 0x0ce0 Kbdclass - ok
21:44:00.0750 0x0ce0 [ 2FA8856D81EEE4C59272B3CC61DEA319, 45DA3FBD638707E011679CF3E0A496698C11ED45D6DDCB9E5B20D63D8224A6F8 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:44:00.0750 0x0ce0 kbdhid - ok
21:44:00.0765 0x0ce0 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:44:00.0781 0x0ce0 kmixer - ok
21:44:00.0796 0x0ce0 [ 1705745D900DABF2D89F90EBADDC7517, FE90589415BDB3BA482D3EBE1A87A7BF1429791E8F18BCB66BF8874631CC8B2C ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:44:00.0796 0x0ce0 KSecDD - ok
21:44:00.0875 0x0ce0 [ 7B05FA3CF479FE189EE8670F9E03A5B9, 8294D0E3FC15266D7496A7DB258B4E2F302CDB2FAA2E23765429081670CC602B ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:44:00.0875 0x0ce0 lanmanserver - ok
21:44:00.0937 0x0ce0 [ 7EF583535D811F65E871E14C218CEF38, 08BB517DDE93D6DA18C05D93DD3BD9F3BF72716ED283FD530FD588ED74CD006C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:44:00.0953 0x0ce0 lanmanworkstation - ok
21:44:00.0953 0x0ce0 lbrtfdc - ok
21:44:01.0015 0x0ce0 [ 429F8A7802C1E7D8254C1EE7B70499E3, 87444AC13A739C618B65E88E194741A9730104D34262EE12F82F97DCB0294259 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:44:01.0015 0x0ce0 LmHosts - ok
21:44:01.0093 0x0ce0 [ EA3E1648442BF717B35A68108CA4B0B3, AF5AFC4628BD4F5DCA40DB70CC1DA8D1C9F43B05028D663F48150DBBDCCADF2E ] LMIGuardianSvc C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
21:44:01.0156 0x0ce0 LMIGuardianSvc - ok
21:44:01.0203 0x0ce0 [ 805C6F337968C7271F0421D0A386C8EE, 1FAB99BA07A4B1012857EC2F1E38696BBBE1E494AF6E165A76FE41E46BDC463A ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
21:44:01.0203 0x0ce0 mbamchameleon - ok
21:44:01.0234 0x0ce0 [ E5D6246619CDF5ABC631D3600AAF1DAD, 3FB432FF5FA1A1CAD8C9F1402EF037B8DF7AD22AE0F203C15DE3B83D21B89F6D ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:44:01.0234 0x0ce0 Messenger - ok
21:44:01.0312 0x0ce0 Microsoft SharePoint Workspace Audit Service - ok
21:44:01.0359 0x0ce0 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:44:01.0359 0x0ce0 mnmdd - ok
21:44:01.0406 0x0ce0 [ DC6F63935B77436AC4EDEEF59025CDC9, 9FA080604CD015228C0C9C597140632F9377ADB693E05FA5B9797445A8A1E111 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
21:44:01.0406 0x0ce0 mnmsrvc - ok
21:44:01.0468 0x0ce0 [ 4C84460A6BC9A5BF60555C04BE55792E, D030016A57F7964FD91A5BEA8FDF4087542EA17A9E7C23E1C4986C1337386C3E ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:44:01.0468 0x0ce0 Modem - ok
21:44:01.0468 0x0ce0 [ 6BE02786A7C13CCEAE728298EFFA0730, F0D7F81A96AC361200133A2C0FEC6251809A65CD8D4767026ED4CA8BF8EB55DF ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:44:01.0468 0x0ce0 Mouclass - ok
21:44:01.0531 0x0ce0 [ 89DDB41A54DDF8B3E5B7B9E92ED23A50, 5DEB875DDA4FD0DB768DDBF5E3D4B0CC1A39C8BB1E46054B482C94F41A145E16 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:44:01.0531 0x0ce0 mouhid - ok
21:44:01.0546 0x0ce0 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:44:01.0546 0x0ce0 MountMgr - ok
21:44:01.0609 0x0ce0 [ 0329A45C849C9D77901094B8FFE8BBB9, 2151C15A4185FABBC3367B8213017B45E08C43E26E1D8942E707E217C6A5EDA7 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:44:01.0609 0x0ce0 MozillaMaintenance - ok
21:44:01.0625 0x0ce0 mraid35x - ok
21:44:01.0640 0x0ce0 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:44:01.0656 0x0ce0 MRxDAV - ok
21:44:01.0687 0x0ce0 [ 68755F0FF16070178B54674FE5B847B0, 2FFBCE3A67FA7E30E373624521C602E5510C5565F04381C6C9F961253DA928A6 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:44:01.0718 0x0ce0 MRxSmb - ok
21:44:01.0796 0x0ce0 [ 3D3535F73A38BEB3E4491E2C0459F77D, 412CB41F9BF305B6E5F4B8A00A22211D940C2D6665D2BD3AACA8FF71022E9DE6 ] MSDTC C:\WINDOWS\System32\msdtc.exe
21:44:01.0796 0x0ce0 MSDTC - ok
21:44:01.0843 0x0ce0 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:44:01.0859 0x0ce0 Msfs - ok
21:44:01.0875 0x0ce0 MSIServer - ok
21:44:01.0921 0x0ce0 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:44:01.0921 0x0ce0 MSKSSRV - ok
21:44:01.0937 0x0ce0 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:44:01.0937 0x0ce0 MSPCLOCK - ok
21:44:01.0968 0x0ce0 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:44:01.0968 0x0ce0 MSPQM - ok
21:44:02.0000 0x0ce0 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:44:02.0000 0x0ce0 mssmbios - ok
21:44:02.0062 0x0ce0 [ 2F625D11385B1A94360BFC70AAEFDEE1, 23E4974120233CF1A7BEE48977706A0A55418699379D1450502ABEB24191AC80 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:44:02.0062 0x0ce0 Mup - ok
21:44:02.0125 0x0ce0 [ 730BD15AF8C65C3BBD040D121576123D, 58BC15DAA8B16B0A92476F3038C6DF6A3E273966823D6852E5AADDC43B3F76CE ] napagent C:\WINDOWS\System32\qagentrt.dll
21:44:02.0140 0x0ce0 napagent - ok
21:44:02.0171 0x0ce0 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:44:02.0187 0x0ce0 NDIS - ok
21:44:02.0203 0x0ce0 [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:44:02.0203 0x0ce0 NdisTapi - ok
21:44:02.0218 0x0ce0 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:44:02.0218 0x0ce0 Ndisuio - ok
21:44:02.0296 0x0ce0 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:44:02.0296 0x0ce0 NdisWan - ok
21:44:02.0312 0x0ce0 [ 6215023940CFD3702B46ABC304E1D45A, C767F3A349B365F6E7566C0738E2F62D8FFF8CB4457347E3614BD403BC6CADCB ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:44:02.0312 0x0ce0 NDProxy - ok
21:44:02.0390 0x0ce0 [ 510C138564486FF926A3F773205C63D1, 50FBB8555C284ED22F71D99750899321B63E3B4C255174FE9B4F31084F9A34B1 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
21:44:02.0390 0x0ce0 Net Driver HPZ12 - ok
21:44:02.0421 0x0ce0 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:44:02.0437 0x0ce0 NetBIOS - ok
21:44:02.0468 0x0ce0 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:44:02.0484 0x0ce0 NetBT - ok
21:44:02.0546 0x0ce0 [ EAE9FB52F7552C0EA407BE6EFF69C094, 63FFD46DFE0ED972BD91E71589D8B45F024302D2AF79D3F7ECD68819BB2DCC79 ] NetDDE C:\WINDOWS\system32\netdde.exe
21:44:02.0562 0x0ce0 NetDDE - ok
21:44:02.0593 0x0ce0 [ EAE9FB52F7552C0EA407BE6EFF69C094, 63FFD46DFE0ED972BD91E71589D8B45F024302D2AF79D3F7ECD68819BB2DCC79 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:44:02.0593 0x0ce0 NetDDEdsdm - ok
21:44:02.0656 0x0ce0 [ 1806020B8905C2A400ECD23733B78B87, 4309BB2D27C62708023836A2EC420D488F18B9B2F633837A30568007808F8B59 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:44:02.0656 0x0ce0 Netlogon - ok
21:44:02.0718 0x0ce0 [ A443996504A45CDF60CBA800DCB14420, D1C60B688D42A66A0D84763C5E48B80F7CABEEA4136DD65647F3B43C459094F3 ] Netman C:\WINDOWS\System32\netman.dll
21:44:02.0734 0x0ce0 Netman - ok
21:44:02.0781 0x0ce0 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:44:02.0796 0x0ce0 NetTcpPortSharing - ok
21:44:02.0843 0x0ce0 [ 205B0507C0D7AFE3ACAF669AB3E245F1, 5EB4265AC553FD1B84E99E369D269BB17B6A5656356649E3AC50AE4F8BE371AA ] Nla C:\WINDOWS\System32\mswsock.dll
21:44:02.0859 0x0ce0 Nla - ok
21:44:02.0921 0x0ce0 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:44:02.0921 0x0ce0 Npfs - ok
21:44:02.0953 0x0ce0 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:44:02.0984 0x0ce0 Ntfs - ok
21:44:03.0000 0x0ce0 [ 1806020B8905C2A400ECD23733B78B87, 4309BB2D27C62708023836A2EC420D488F18B9B2F633837A30568007808F8B59 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
21:44:03.0000 0x0ce0 NtLmSsp - ok
21:44:03.0062 0x0ce0 [ 5AA7FCAAFB3A3F81641BFA9DAB55CE42, 08B19AEB608B6850B879D2E3D1D06D852499135694C6F62822C0D4CC2A481F09 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:44:03.0109 0x0ce0 NtmsSvc - ok
21:44:03.0140 0x0ce0 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
21:44:03.0140 0x0ce0 Null - ok
21:44:03.0187 0x0ce0 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:44:03.0187 0x0ce0 NwlnkFlt - ok
21:44:03.0203 0x0ce0 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:44:03.0203 0x0ce0 NwlnkFwd - ok
21:44:03.0296 0x0ce0 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:44:03.0328 0x0ce0 ose - ok



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 18th October 2013, 6:47 pm

21:44:03.0671 0x0ce0 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:44:03.0875 0x0ce0 osppsvc - ok
21:44:03.0953 0x0ce0 [ 3D383486B2D3B97CD44334A406AE3418, 470C374DB9A5BCD9C380A02B43E575CF6D4C3AF2D3A9F90D0544D57E4D764F12 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:44:03.0968 0x0ce0 Parport - ok
21:44:03.0984 0x0ce0 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:44:03.0984 0x0ce0 PartMgr - ok
21:44:04.0031 0x0ce0 [ CBC2A624A1DAC81BD1A2932985A8955F, D5470225BCBF9269B5295F3840C3F234A3024AEC3F6074BDB9C5FA3EB12733BB ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:44:04.0031 0x0ce0 ParVdm - ok
21:44:04.0062 0x0ce0 [ DCB32B61125E35AF33CB8CD54A1E7737, D8A2293D0F27EE9094243D2B8223A2149CB9762B24CDD74BAC613F12476F8623 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:44:04.0062 0x0ce0 PCI - ok
21:44:04.0078 0x0ce0 PCIDump - ok
21:44:04.0078 0x0ce0 [ D0F88F309E94460AE276C843192D9DE7, 493BC0A4F1CB4CF134CAA4DC9D11B1943FB024DDE6759014A017FDB30B466ADE ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:44:04.0078 0x0ce0 PCIIde - ok
21:44:04.0109 0x0ce0 [ 1E052D2D5A43C0D097FD96B1490D6083, E8457F3F6A3BD36BD0443385C2A00D2F53AFD0BBD8DBF85AAECC80171285F3CB ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:44:04.0109 0x0ce0 Pcmcia - ok
21:44:04.0125 0x0ce0 PDCOMP - ok
21:44:04.0125 0x0ce0 PDFRAME - ok
21:44:04.0140 0x0ce0 PDRELI - ok
21:44:04.0140 0x0ce0 PDRFRAME - ok
21:44:04.0140 0x0ce0 perc2 - ok
21:44:04.0156 0x0ce0 perc2hib - ok
21:44:04.0203 0x0ce0 [ 207AB7A1A36004BB6F33E58E71C1C90E, C4B4729276A5C1E523C5E48DCFA436E15311C85AC775A8CF3B549A71E7D3C2D2 ] PlugPlay C:\WINDOWS\system32\services.exe
21:44:04.0203 0x0ce0 PlugPlay - ok
21:44:04.0218 0x0ce0 [ 37E5E8FFBAD35605DAEEC3224EA0E465, E3A9BE275D3C8A3E143DF3A795964E9860A1F6C18BE36F8FE552E954435AC927 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
21:44:04.0218 0x0ce0 Pml Driver HPZ12 - ok
21:44:04.0281 0x0ce0 [ 1806020B8905C2A400ECD23733B78B87, 4309BB2D27C62708023836A2EC420D488F18B9B2F633837A30568007808F8B59 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:44:04.0281 0x0ce0 PolicyAgent - ok
21:44:04.0296 0x0ce0 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:44:04.0296 0x0ce0 PptpMiniport - ok
21:44:04.0312 0x0ce0 [ B7F6B49187EA0254076BBBEEF59E200B, BB6BC8549A70C438509D0FF8A00A71F5131D248818C3CBDF9C4EE2DB5F6AA670 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
21:44:04.0312 0x0ce0 Processor - ok
21:44:04.0328 0x0ce0 [ 1806020B8905C2A400ECD23733B78B87, 4309BB2D27C62708023836A2EC420D488F18B9B2F633837A30568007808F8B59 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:44:04.0328 0x0ce0 ProtectedStorage - ok
21:44:04.0328 0x0ce0 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:44:04.0328 0x0ce0 PSched - ok
21:44:04.0390 0x0ce0 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:44:04.0390 0x0ce0 Ptilink - ok
21:44:04.0390 0x0ce0 ql1080 - ok
21:44:04.0406 0x0ce0 Ql10wnt - ok
21:44:04.0421 0x0ce0 ql12160 - ok
21:44:04.0421 0x0ce0 ql1240 - ok
21:44:04.0437 0x0ce0 ql1280 - ok
21:44:04.0453 0x0ce0 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:44:04.0453 0x0ce0 RasAcd - ok
21:44:04.0500 0x0ce0 [ A45F25BED4DEF4E941B7CCFB5391E782, B097492CD218C09C49699D2211D3E8111DCEF347E549197D384D5B5E41381007 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:44:04.0515 0x0ce0 RasAuto - ok
21:44:04.0562 0x0ce0 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:44:04.0562 0x0ce0 Rasl2tp - ok
21:44:04.0640 0x0ce0 [ A31E640E2CB33C8E029B4235E6F6681B, E8E3E03DA8BB0FD0C9E4D8B4AEB5A449E33E5DD4A2E7AE332A571992DCF8BD85 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:44:04.0656 0x0ce0 RasMan - ok
21:44:04.0703 0x0ce0 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:44:04.0703 0x0ce0 RasPppoe - ok
21:44:04.0718 0x0ce0 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:44:04.0718 0x0ce0 Raspti - ok
21:44:04.0781 0x0ce0 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:44:04.0796 0x0ce0 Rdbss - ok
21:44:04.0812 0x0ce0 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:44:04.0812 0x0ce0 RDPCDD - ok
21:44:04.0843 0x0ce0 [ 6728E45B66F93C08F11DE2E316FC70DD, EA63ECD4F84CAE08BD2BF843C48AF505B1B9D7B61349A63536C9C6FEBEF23452 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:44:04.0859 0x0ce0 RDPWD - ok
21:44:04.0890 0x0ce0 [ 279C3728D2AF16167EC544F495F39341, 09C68414A17EE842B9B13CD23CAD8C22015BFEFC1B20C641758129194B6963F9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:44:04.0906 0x0ce0 RDSessMgr - ok
21:44:05.0000 0x0ce0 [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
21:44:05.0015 0x0ce0 RealNetworks Downloader Resolver Service - ok
21:44:05.0031 0x0ce0 [ EB83EDB7F55F1910E4DB8C823A86CEED, 373C05C823C2F0214A00DE01D0200DD33860E80C030F841CDD92918536266C97 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:44:05.0031 0x0ce0 redbook - ok
21:44:05.0093 0x0ce0 [ A9BF621F4C5B89CEA6DD4FAE77281754, AC4BDCC9668BCC1B3CFDBFE025499E5520BAAB57CAA1F60E2603C6F30E4E31A3 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:44:05.0093 0x0ce0 RemoteAccess - ok
21:44:05.0140 0x0ce0 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
21:44:05.0140 0x0ce0 ROOTMODEM - ok
21:44:05.0203 0x0ce0 [ 9651CCA84B86457879A69DB07FA98617, 0A52EAF75982841EEBAD6359C0599FD66E616BD86B5F5FB6D6A0401871290B24 ] RpcLocator C:\WINDOWS\System32\locator.exe
21:44:05.0203 0x0ce0 RpcLocator - ok
21:44:05.0281 0x0ce0 [ CAF10713E4A7C574FB8C86D34FF70616, 1C527733FC91F6A2649F5EA166E8FE8DAC231535600A84A1BB5EA2BF81DFAAC0 ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:44:05.0296 0x0ce0 RpcSs - ok
21:44:05.0343 0x0ce0 [ 0A4E041DBA5D0FB36863460DCBAE2623, 6C3E801815DDA93644C8A2F439E617697648627E9A91183AA7628D6E425D17EA ] RSVP C:\WINDOWS\System32\rsvp.exe
21:44:05.0359 0x0ce0 RSVP - ok
21:44:05.0375 0x0ce0 [ 1806020B8905C2A400ECD23733B78B87, 4309BB2D27C62708023836A2EC420D488F18B9B2F633837A30568007808F8B59 ] SamSs C:\WINDOWS\system32\lsass.exe
21:44:05.0375 0x0ce0 SamSs - ok
21:44:05.0390 0x0ce0 [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:44:05.0390 0x0ce0 SASDIFSV - ok
21:44:05.0437 0x0ce0 [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:44:05.0437 0x0ce0 SASKUTIL - ok
21:44:05.0500 0x0ce0 [ 5DBE70E8932492DCFE78D21965652968, 3A5C05834DC1F752021F90A8E67C1175FEA6DDC774DFA227041CA4D59B720B66 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:44:05.0500 0x0ce0 SCardSvr - ok
21:44:05.0546 0x0ce0 [ 20B2751CD4C8F3FD989739CA661B9F30, 7D2449FB3657DD219D7A401AB8BC0B3AF0FBB6BD784C1AC723825CB1B688BEC5 ] SCDEmu C:\WINDOWS\system32\drivers\SCDEmu.sys
21:44:05.0562 0x0ce0 SCDEmu - ok
21:44:05.0625 0x0ce0 [ 9D48CFB98C9FD9159D00243FE665CF43, 87E8C88BCA4938AA7258C0C6D1730D26A8CCD1530EE49312394D02EA250ABFB8 ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:44:05.0640 0x0ce0 Schedule - ok
21:44:05.0687 0x0ce0 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:44:05.0687 0x0ce0 Secdrv - ok
21:44:05.0750 0x0ce0 [ 1B2629D2114A76ED82D33D028CB9E9A0, ACCAB9E0DEB7DA40435EBB63502AB1CBFF0688A67C26728F4F918D5A44C2D4E5 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:44:05.0750 0x0ce0 seclogon - ok
21:44:05.0843 0x0ce0 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8, E94F7E97AAB80600DED0310160527C3CC8CAC8593EC2FBEAED2EF5EC5A6C4086 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
21:44:05.0890 0x0ce0 senfilt - ok
21:44:05.0890 0x0ce0 [ 5FED33452FD871BDE528AF32F0D5063F, 05064166CAF8311937BCFD9702C6C253DFDAF769CD2238626DA90D8FA3C4B08A ] SENS C:\WINDOWS\system32\sens.dll
21:44:05.0906 0x0ce0 SENS - ok
21:44:05.0921 0x0ce0 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:44:05.0921 0x0ce0 serenum - ok
21:44:05.0937 0x0ce0 [ AD994A88BBFA3C686397951B11A701A5, D4C718282B6EEE4C50CC1E4F848B5C42BE69CA7522BABDAAB28341DAB4C3504D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:44:05.0953 0x0ce0 Serial - ok
21:44:05.0984 0x0ce0 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:44:06.0000 0x0ce0 Sfloppy - ok
21:44:06.0062 0x0ce0 [ 522873DF0FFD34FB1A8AF7D7E276727E, B882BAE7C5B9B2778743DC0655BE17962B70A4735BEC22865BF979DC386908E0 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:44:06.0078 0x0ce0 SharedAccess - ok
21:44:06.0140 0x0ce0 [ 9ED683865B8F0D374B95F4159F33833C, 6570DBEABF2AD245867949FD5DB195D4B44C0BF4EAFF021515BCDE061058F756 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:44:06.0140 0x0ce0 ShellHWDetection - ok
21:44:06.0140 0x0ce0 Simbad - ok
21:44:06.0218 0x0ce0 [ C6D9959E493682F872A639B6EC1B4A08, 5B6D3FD23A44422F8B3972CF47BF16B5015DC0CCF7EF59FADAFEEF1AEE32958B ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
21:44:06.0234 0x0ce0 smwdm - ok
21:44:06.0250 0x0ce0 Sparrow - ok
21:44:06.0250 0x0ce0 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:44:06.0250 0x0ce0 splitter - ok
21:44:06.0312 0x0ce0 [ 2A5DA64E77498E92EC20DC36A747DC98, 4237829F8500A0D0489B3054A9DF3918B5C3ACDE70844DFABB32A67E87C2C93B ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:44:06.0328 0x0ce0 Spooler - ok
21:44:06.0375 0x0ce0 [ A41AC0D87DC3054DB716F1456C84391C, 25F9E3C2BE3E2059BB6673BAFFCD7837B036CB704B7005FD2AD85660EC112637 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:44:06.0390 0x0ce0 sr - ok
21:44:06.0453 0x0ce0 [ BB9B6E360FF1A701A7920AA798A335BF, 7AE7A6DD74434AFB192A6D47B8796DAAC8329E2E367DA051ACCE7F03BA5ECFD4 ] srservice C:\WINDOWS\system32\srsvc.dll
21:44:06.0468 0x0ce0 srservice - ok
21:44:06.0500 0x0ce0 [ 5252605079810904E31C332E241CD59B, 039DD965DE2137219168F95CA3BF1CA7353957026BDD0481F7964E2578DF2128 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:44:06.0515 0x0ce0 Srv - ok
21:44:06.0578 0x0ce0 [ 0870FA719DCFC9C49044A4852CC0859E, 90417F6B4734852C1241A88E7914E2E4933028791B33A04B81634602084C48DD ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:44:06.0578 0x0ce0 SSDPSRV - ok
21:44:06.0656 0x0ce0 [ C93AAC10D3B6375E9C859AD8779B63BF, 8B00A50C9EBE91D04F32D7EAFECEAD5C9735A9B0AC45AD6AAFF164BB45F68ECE ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:44:06.0687 0x0ce0 stisvc - ok
21:44:06.0750 0x0ce0 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:44:06.0750 0x0ce0 swenum - ok
21:44:06.0781 0x0ce0 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:44:06.0796 0x0ce0 swmidi - ok
21:44:06.0812 0x0ce0 SwPrv - ok
21:44:06.0843 0x0ce0 symc810 - ok
21:44:06.0859 0x0ce0 symc8xx - ok
21:44:06.0890 0x0ce0 sym_hi - ok
21:44:06.0906 0x0ce0 sym_u3 - ok
21:44:06.0921 0x0ce0 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:44:06.0921 0x0ce0 sysaudio - ok
21:44:07.0000 0x0ce0 [ C4AAC8BA839951337C8029CCC1841D8B, 7211FAEED828B479EDEBCC893E473B91DA8F35DAC5831AE1C2C8C4D41553FCC4 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:44:07.0000 0x0ce0 SysmonLog - ok
21:44:07.0078 0x0ce0 [ 3AFFC05E23E4A809B324952E8BCE29C0, 55889C0C10D6B8284553BB4BA68943F5A5CCF1B9C31DE78DB64AB47FF52D905A ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:44:07.0140 0x0ce0 TapiSrv - ok
21:44:07.0171 0x0ce0 [ 93EA8D04EC73A85DB02EB8805988F733, 013008E23F5F14E0C836C28524D1181759BAF84530C6331163882A772217F398 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:44:07.0187 0x0ce0 Tcpip - ok
21:44:07.0234 0x0ce0 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:44:07.0234 0x0ce0 TDPIPE - ok
21:44:07.0265 0x0ce0 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:44:07.0265 0x0ce0 TDTCP - ok
21:44:07.0296 0x0ce0 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:44:07.0296 0x0ce0 TermDD - ok
21:44:07.0359 0x0ce0 [ 949249FFEFBDF35AB5A3BB31800B7C20, C2836454A113E454E5AFF18F0FDD55C73B6E142BE8D28AC67984F5EFB08AF403 ] TermService C:\WINDOWS\System32\termsrv.dll
21:44:07.0375 0x0ce0 TermService - ok
21:44:07.0406 0x0ce0 [ 9ED683865B8F0D374B95F4159F33833C, 6570DBEABF2AD245867949FD5DB195D4B44C0BF4EAFF021515BCDE061058F756 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:44:07.0406 0x0ce0 Themes - ok
21:44:07.0421 0x0ce0 TosIde - ok
21:44:07.0468 0x0ce0 [ 3986C1B3E63E831288F4CE4AC5902886, C53EE2A1E3EED718B4C0BD145658BC8D2240D306C3B8E9C65FC1AD25B7109D0C ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:44:07.0484 0x0ce0 TrkWks - ok
21:44:07.0546 0x0ce0 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:44:07.0546 0x0ce0 Udfs - ok
21:44:07.0562 0x0ce0 ultra - ok
21:44:07.0640 0x0ce0 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:44:07.0671 0x0ce0 Update - ok
21:44:07.0750 0x0ce0 [ 0A0435BE61CE7BB2F43A529EAC811CB8, 2624BA570B5192898FFE71B372E1B77D463BB6CB8327289E612E2218470533D9 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:44:07.0781 0x0ce0 upnphost - ok
21:44:07.0812 0x0ce0 [ A7F37334A19A15F41935C8EC9037007F, 3FEC70885EB9B74C74CEC414DA295304925AB80AE9A0A8279C8B81AB4047DC3B ] UPS C:\WINDOWS\System32\ups.exe
21:44:07.0812 0x0ce0 UPS - ok
21:44:07.0890 0x0ce0 [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:44:07.0890 0x0ce0 usbccgp - ok
21:44:07.0937 0x0ce0 [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:44:07.0937 0x0ce0 usbehci - ok
21:44:08.0000 0x0ce0 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:44:08.0000 0x0ce0 usbhub - ok
21:44:08.0015 0x0ce0 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:44:08.0015 0x0ce0 usbprint - ok
21:44:08.0046 0x0ce0 [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:44:08.0046 0x0ce0 usbscan - ok
21:44:08.0078 0x0ce0 [ 1C888B000C2F9492F4B15B5B6B84873E, 40698DFA5CD7BCFAFC14A2227FBF58CAD44D95C4E48B4B81160A6BCC33A8C3E3 ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys
21:44:08.0078 0x0ce0 usbser - ok
21:44:08.0109 0x0ce0 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:44:08.0109 0x0ce0 USBSTOR - ok
21:44:08.0156 0x0ce0 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:44:08.0156 0x0ce0 usbuhci - ok
21:44:08.0171 0x0ce0 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:44:08.0171 0x0ce0 VgaSave - ok
21:44:08.0187 0x0ce0 ViaIde - ok
21:44:08.0250 0x0ce0 [ 3CF5DC3FDF17AE17D488D4548AC33741, 217036C8C7650B73A1733E9087A22A1ABBB6EEDCF037C33633C4F69012051225 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:44:08.0250 0x0ce0 VolSnap - ok
21:44:08.0312 0x0ce0 [ 2B2B357B63ACBEE389BEA503B5CA89CE, 18D04627ED301A2442047625EBF88CB182F43A8DEDD3FEA7B103630B1FC13A04 ] VSS C:\WINDOWS\System32\vssvc.exe
21:44:08.0328 0x0ce0 VSS - ok
21:44:08.0406 0x0ce0 [ B49EE293A184A0FFFF710CDD6713BD47, 433D45CC36E797B4E886049CF7CDC14EF89FCAADE6D14ACF7B3072CEF6362EEA ] W32Time C:\WINDOWS\system32\w32time.dll
21:44:08.0421 0x0ce0 W32Time - ok
21:44:08.0468 0x0ce0 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:44:08.0468 0x0ce0 Wanarp - ok
21:44:08.0484 0x0ce0 WDICA - ok
21:44:08.0500 0x0ce0 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:44:08.0500 0x0ce0 wdmaud - ok
21:44:08.0562 0x0ce0 [ 7D28CEE58219B1ADE976C8438442BF41, 379A124B25A7C1A906B049F0D84902DFEE900BDE44BFEC84642E608DD28D4C5E ] WebClient C:\WINDOWS\System32\webclnt.dll
21:44:08.0562 0x0ce0 WebClient - ok
21:44:08.0671 0x0ce0 [ 075EC50CA60F1B4EE576886BEF72AB21, 8391C74EAE6216F7836848DE243B9AAE81CB367D7E0FB1838E3672F7820DD28A ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:44:08.0687 0x0ce0 winmgmt - ok
21:44:08.0734 0x0ce0 [ E3122C37EFE571F99EA955CBD7EF08D3, 4D27E043AB5519FBC5C66393C4D46CAF9BC5A26FE8FF3C6BC6F5ABF0BD2A1D13 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
21:44:08.0734 0x0ce0 WmdmPmSN - ok
21:44:08.0781 0x0ce0 [ DDED6630AFD8227395A714E3162A97D7, 2672C5BEB018D4A63684ED493120361F9D2DC1350534ECF6FD2DF3002821D709 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
21:44:08.0781 0x0ce0 WmiApSrv - ok
21:44:08.0937 0x0ce0 [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:44:08.0968 0x0ce0 WPFFontCache_v0400 - ok
21:44:09.0015 0x0ce0 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:44:09.0015 0x0ce0 WS2IFSL - ok
21:44:09.0078 0x0ce0 [ 1A5DDC44B0AB7C40C13796DB7DB82989, 4DB5742A69FDE879E7FAC3E10DE5DC920B090D3DB51D74BF84FC250C5E0BDEC0 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:44:09.0093 0x0ce0 wscsvc - ok
21:44:09.0156 0x0ce0 [ 6F55057EE883AC1675F31242B6DD6EF3, 2A0B02440C3FB3BB6ACF3C770AA896A6149464A5D57401BE51AB39A6A5690678 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:44:09.0187 0x0ce0 wuauserv - ok
21:44:09.0250 0x0ce0 [ 0AF6479664B3AAB3B46881143345AEAA, 5CCA12371A8EDDEE337001D5804D17C94123A96E26B662BBC6D89F06AC5BBCF7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:44:09.0265 0x0ce0 WZCSVC - ok
21:44:09.0312 0x0ce0 [ 34994678129C0BD63E4C29E5780F4D34, A1F2D80F9D486BA2D30D25F45A17AA1C9AFDC0CF5BDB02486070D6E4DD7240D4 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:44:09.0375 0x0ce0 xmlprov - ok
21:44:09.0375 0x0ce0 ================ Scan global ===============================
21:44:09.0421 0x0ce0 [ E8944EEC78EC2FE5F3A613DDF201C815, BD2746229A76F58E7564CB740466AA3B332F783515FD5AB4872156222BCD1FA4 ] C:\WINDOWS\system32\basesrv.dll
21:44:09.0484 0x0ce0 [ D1556933FB2E69FDA72AABC05348C60C, 5C6BF487D610996101D713D7594A6ADD8419011DDD0546592194591ACE4354EF ] C:\WINDOWS\system32\winsrv.dll
21:44:09.0515 0x0ce0 [ D1556933FB2E69FDA72AABC05348C60C, 5C6BF487D610996101D713D7594A6ADD8419011DDD0546592194591ACE4354EF ] C:\WINDOWS\system32\winsrv.dll
21:44:09.0578 0x0ce0 [ 207AB7A1A36004BB6F33E58E71C1C90E, C4B4729276A5C1E523C5E48DCFA436E15311C85AC775A8CF3B549A71E7D3C2D2 ] C:\WINDOWS\system32\services.exe
21:44:09.0578 0x0ce0 [ Global ] - ok
21:44:09.0578 0x0ce0 ================ Scan MBR ==================================
21:44:09.0625 0x0ce0 [ 3C27C0429156ADC19E0F46AF77CD22D7 ] \Device\Harddisk0\DR0
21:44:10.0000 0x0ce0 \Device\Harddisk0\DR0 - ok
21:44:10.0000 0x0ce0 ================ Scan VBR ==================================
21:44:10.0000 0x0ce0 [ 9C152BBCD1664EFAB2720EA14D625830 ] \Device\Harddisk0\DR0\Partition1
21:44:10.0000 0x0ce0 \Device\Harddisk0\DR0\Partition1 - ok
21:44:10.0000 0x0ce0 Waiting for KSN requests completion. In queue: 164
21:44:11.0000 0x0ce0 Waiting for KSN requests completion. In queue: 164
21:44:12.0000 0x0ce0 Waiting for KSN requests completion. In queue: 164
21:44:13.0000 0x0ce0 Waiting for KSN requests completion. In queue: 164
21:44:14.0031 0x0ce0 Win FW state via NFM: enabled
21:44:16.0500 0x0ce0 ============================================================
21:44:16.0500 0x0ce0 Scan finished
21:44:16.0500 0x0ce0 ============================================================
21:44:16.0515 0x0cd8 Detected object count: 0
21:44:16.0515 0x0cd8 Actual detected object count: 0
21:44:40.0281 0x05d8 ============================================================
21:44:40.0281 0x05d8 Scan started
21:44:40.0281 0x05d8 Mode: Manual;
21:44:40.0281 0x05d8 ============================================================
21:44:40.0281 0x05d8 KSN ping started
21:44:42.0609 0x05d8 KSN ping finished: true
21:44:42.0765 0x05d8 ================ Scan system memory ========================
21:44:42.0765 0x05d8 System memory - ok
21:44:42.0765 0x05d8 ================ Scan services =============================
21:44:42.0906 0x05d8 [ 9EBE730D4B5E3FF25EAAF5A59BA6CCFF, 558231A81D30F98D2285D3AC63E0B33D0BB8BA182115E263436CC431BA4CC0CD ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:44:42.0906 0x05d8 !SASCORE - ok
21:44:43.0078 0x05d8 Abiosdsk - ok
21:44:43.0078 0x05d8 abp480n5 - ok
21:44:43.0140 0x05d8 [ 1C3C72C504F312C19426CC7CB9AD8E98, 5EF626A490B84F973BE930715C31D6E303C1110D790B4FFCD64572D750DFE4A1 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:44:43.0140 0x05d8 ACPI - ok
21:44:43.0187 0x05d8 [ 99F9466C2611E379C88FBBFC8DF89B17, B64927A30C69CF0B103EEC1A46CF7D9FF54BA004F0CC2CBA639ACAAD8C9F47AB ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:44:43.0187 0x05d8 ACPIEC - ok
21:44:43.0187 0x05d8 adpu160m - ok
21:44:43.0250 0x05d8 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:44:43.0250 0x05d8 aec - ok
21:44:43.0265 0x05d8 [ 322D0E36693D6E24A2398BEE62A268CD, FB0BFF5846E50DBCC2826639318A6A1DE79EE7DEA2719ED74A5F6F44454E13D0 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:44:43.0281 0x05d8 AFD - ok
21:44:43.0281 0x05d8 Aha154x - ok
21:44:43.0296 0x05d8 aic78u2 - ok
21:44:43.0296 0x05d8 aic78xx - ok
21:44:43.0343 0x05d8 [ 2D60F4A987FB1D39281EFD8C4FD0A298, 14F79FAAA2F943068CCFCCFEFA409E5FFA0BA8572D0EAAF092137D49ACF0F796 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:44:43.0343 0x05d8 Alerter - ok
21:44:43.0375 0x05d8 [ 9E2814734BE84F8395FB45C16DB6F17B, 476DAE2CC5E745A7DA96A501761BEEAA1AC9C445CCFC7DC614E9B1D5D129CEEF ] ALG C:\WINDOWS\System32\alg.exe
21:44:43.0375 0x05d8 ALG - ok
21:44:43.0375 0x05d8 AliIde - ok
21:44:43.0390 0x05d8 amsint - ok
21:44:43.0390 0x05d8 AppMgmt - ok
21:44:43.0406 0x05d8 asc - ok
21:44:43.0406 0x05d8 asc3350p - ok
21:44:43.0421 0x05d8 asc3550 - ok
21:44:43.0578 0x05d8 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:44:43.0578 0x05d8 aspnet_state - ok
21:44:43.0625 0x05d8 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:44:43.0640 0x05d8 AsyncMac - ok
21:44:43.0687 0x05d8 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:44:43.0687 0x05d8 atapi - ok
21:44:43.0703 0x05d8 Atdisk - ok
21:44:43.0734 0x05d8 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:44:43.0734 0x05d8 Atmarpc - ok
21:44:43.0781 0x05d8 [ BE097D45F15D94690E94C9A2AF1C5730, E43B641B9287E4EF2961E2E83FAE6903652661FAB636F585298C7164EB489084 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:44:43.0781 0x05d8 AudioSrv - ok
21:44:43.0828 0x05d8 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:44:43.0828 0x05d8 audstub - ok
21:44:43.0890 0x05d8 [ 241474D01380E9ED41D4C07F4F5FD401, 93CAD2FB0260C5CDDF014E16D8D99A63E8CA107BC2EE6D403CC7C877C3ADBD97 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:44:43.0890 0x05d8 b57w2k - ok
21:44:43.0953 0x05d8 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:44:43.0953 0x05d8 Beep - ok
21:44:44.0031 0x05d8 [ ABDC5CF759C736DFBFEB031FDC01E303, 8F6B70E4563AB8B6DDCEE4DE7A3D5DEA0EBF26A379BEA7C03F1EB22931137F75 ] BITS C:\WINDOWS\system32\qmgr.dll
21:44:44.0046 0x05d8 BITS - ok
21:44:44.0093 0x05d8 [ 9ADFF48255BFC005805E1886ED9ED8CE, B196737A4CCDEF20B0BB540208A92ADB6966BE319D07E0CC349FF39596A5C26A ] Browser C:\WINDOWS\System32\browser.dll
21:44:44.0093 0x05d8 Browser - ok
21:44:44.0093 0x05d8 catchme - ok
21:44:44.0140 0x05d8 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:44:44.0140 0x05d8 cbidf2k - ok
21:44:44.0156 0x05d8 cd20xrnt - ok
21:44:44.0187 0x05d8 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:44:44.0187 0x05d8 Cdaudio - ok
21:44:44.0250 0x05d8 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:44:44.0250 0x05d8 Cdfs - ok
21:44:44.0265 0x05d8 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:44:44.0265 0x05d8 Cdrom - ok
21:44:44.0265 0x05d8 Changer - ok
21:44:44.0328 0x05d8 [ BE6F88236BA32F780CD93BBCAF54AE32, 7E0DC0B6478D686B424371175A8712FF2BF1898EEE0C66CFA8361213DBC8FAFA ] cisvc C:\WINDOWS\system32\cisvc.exe
21:44:44.0328 0x05d8 cisvc - ok
21:44:44.0375 0x05d8 [ BC6C0DBFB19D610D9B1E996F4452B161, BC4DCE99F30350DB2D4D89A369C885C148D487433C711A44FE736CA3B5B85536 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:44:44.0375 0x05d8 ClipSrv - ok
21:44:44.0453 0x05d8 [ 234B1BC2796483E1F5C3F26649FB3388, F412B31340B11418698F263A60C78CB086F3D973EDA0C15DF12331971EB3C9DC ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:44:44.0468 0x05d8 clr_optimization_v2.0.50727_32 - ok
21:44:44.0515 0x05d8 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:44:44.0515 0x05d8 clr_optimization_v4.0.30319_32 - ok
21:44:44.0515 0x05d8 CmdIde - ok
21:44:44.0531 0x05d8 COMSysApp - ok
21:44:44.0546 0x05d8 Cpqarray - ok
21:44:44.0609 0x05d8 [ F50F73977012F0F5CF807451B79B6736, 859C67511686AF78B7C460A7EC22FF7100D99EAABD32809EEE518EC16FD8014C ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:44:44.0609 0x05d8 CryptSvc - ok
21:44:44.0609 0x05d8 dac2w2k - ok
21:44:44.0625 0x05d8 dac960nt - ok
21:44:44.0687 0x05d8 [ CAF10713E4A7C574FB8C86D34FF70616, 1C527733FC91F6A2649F5EA166E8FE8DAC231535600A84A1BB5EA2BF81DFAAC0 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:44:44.0703 0x05d8 DcomLaunch - ok
21:44:44.0765 0x05d8 [ 94C7EE99425BC8342D2991A915D8A8A9, ED27DD1380324F537071E0C410DBC71204A76C0C09BAD1FECCF0ED346D1466F6 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:44:44.0765 0x05d8 Dhcp - ok
21:44:44.0828 0x05d8 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:44:44.0828 0x05d8 Disk - ok
21:44:44.0843 0x05d8 dmadmin - ok
21:44:44.0906 0x05d8 [ FD983F66EEB5245EF9B28EA3444B2E20, A274DF31385071E8A58365DFE68F417FD0B7031637B8888CAC6445A199C80B5D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:44:44.0921 0x05d8 dmboot - ok
21:44:44.0953 0x05d8 [ A732FC0D3B930E2539018EB8EC9314C2, 6266AA5072FF1246AA9FE95487F401E972EC40F990439D40F1588A82275A1445 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:44:44.0968 0x05d8 dmio - ok
21:44:45.0000 0x05d8 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:44:45.0000 0x05d8 dmload - ok
21:44:45.0031 0x05d8 [ F78D2A217BE961A73BBCBA8C502746F6, C134196D5577E1C439D4DAD5F8B930F49C3CF1EFCED4449CD626D4252E95782E ] dmserver C:\WINDOWS\System32\dmserver.dll
21:44:45.0031 0x05d8 dmserver - ok
21:44:45.0078 0x05d8 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:44:45.0078 0x05d8 DMusic - ok
21:44:45.0125 0x05d8 [ B88F912AEC6E655051A935C2D41FA5B3, 5C2195E2CFFB1E0D2ADD2276BEA2439C9A7A304AC333AC655DFB429D5D074819 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:44:45.0140 0x05d8 Dnscache - ok
21:44:45.0187 0x05d8 [ AEF153DBE79177F71B03AA013FA237A2, E6691D2367179FEF9CE56B037597EF6DAEC83AAE07BBF6F5CF59BC80CB16FDDD ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:44:45.0187 0x05d8 Dot3svc - ok
21:44:45.0203 0x05d8 dpti2o - ok
21:44:45.0218 0x05d8 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:44:45.0218 0x05d8 drmkaud - ok
21:44:45.0296 0x05d8 [ E6B7D1B24E16FB24CE1FEA964E144EBC, 30F81E0A017163A1AB463FE3A13B5CC2905B973E782AEBC1EB63759BF2470658 ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
21:44:45.0296 0x05d8 dtsoftbus01 - ok
21:44:45.0343 0x05d8 [ DFD142289BBE62FE420B018A33CE6104, C423F4B5E0F46A2A1C91C03F3BBE5A2CCD0DE7BA6093710D4BCDDAD80BFA458C ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:44:45.0343 0x05d8 EapHost - ok
21:44:45.0390 0x05d8 [ 94F58EC326A57BBE8E81636B9B583578, AC74286395B80AF22ADEE8DC673E54F148AEF7A436EA09C92E700104C85350BE ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:44:45.0390 0x05d8 ERSvc - ok
21:44:45.0453 0x05d8 [ 207AB7A1A36004BB6F33E58E71C1C90E, C4B4729276A5C1E523C5E48DCFA436E15311C85AC775A8CF3B549A71E7D3C2D2 ] Eventlog C:\WINDOWS\system32\services.exe
21:44:45.0468 0x05d8 Eventlog - ok
21:44:45.0531 0x05d8 [ 53B11DD7E1BF16BDE231B63A3D6C6BC0, D3D9785D264D47C18ADFB6D1106DAA0FBBD84A1450239149E9C229DA6764503B ] EventSystem C:\WINDOWS\System32\es.dll
21:44:45.0546 0x05d8 EventSystem - ok
21:44:45.0562 0x05d8 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:44:45.0578 0x05d8 Fastfat - ok
21:44:45.0640 0x05d8 [ 9ED683865B8F0D374B95F4159F33833C, 6570DBEABF2AD245867949FD5DB195D4B44C0BF4EAFF021515BCDE061058F756 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:44:45.0640 0x05d8 FastUserSwitchingCompatibility - ok
21:44:45.0656 0x05d8 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:44:45.0656 0x05d8 Fdc - ok
21:44:45.0703 0x05d8 [ 418D3078A9B107DE75C9BA9B56CBA035, 463B5C9C34BD48CCD25BEDC1C27A004383155797374A26FE313C2B6A2AF35388 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:44:45.0703 0x05d8 Fips - ok
21:44:45.0718 0x05d8 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:44:45.0718 0x05d8 Flpydisk - ok
21:44:45.0750 0x05d8 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:44:45.0765 0x05d8 FltMgr - ok
21:44:45.0843 0x05d8 [ 993883524AA9CF1C90E1545411A9AC9C, 95B854BFBB3761225F3AB4FA61E299991EE2BB5F78D22C2F7FB3C4BD0EEBD654 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:44:45.0843 0x05d8 FontCache3.0.0.0 - ok
21:44:45.0859 0x05d8 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:44:45.0859 0x05d8 Fs_Rec - ok
21:44:45.0875 0x05d8 [ 9C798FDC0D53DFBA6F4C4059A11FBFE8, D6FF0E3D4120A8226A8086B81C0B805813866CC2EE73C30773558282D52A8032 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:44:45.0875 0x05d8 Ftdisk - ok
21:44:45.0937 0x05d8 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:44:45.0937 0x05d8 Gpc - ok
21:44:45.0968 0x05d8 [ 833051C6C6C42117191935F734CFBD97, 5EB5672ABC7994A4AFF855A572158B8BE4FC6E541CFD4B9BE4FF2739A9A6AFB8 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
21:44:45.0968 0x05d8 hamachi - ok
21:44:46.0125 0x05d8 [ C9EF0B0B132EA48CDD5E206F6F99EDC9, 6D47DE6CE13CDC8AC0CD337989FCD2FD3A7004DD253C2B7EF1009C7ECFD9EECD ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
21:44:46.0171 0x05d8 Hamachi2Svc - ok
21:44:46.0265 0x05d8 [ A8555880AA97C410DCEA531B4799FA11, 02C7D5EA432A2CC53215DB2F39E1536BDE69CD93DA57E32AAE787DC5BBE8E98E ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:44:46.0265 0x05d8 helpsvc - ok
21:44:46.0265 0x05d8 HidServ - ok
21:44:46.0328 0x05d8 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:44:46.0328 0x05d8 hidusb - ok
21:44:46.0390 0x05d8 [ 0C71805B04E14FD1AE2ED3938F4F2D05, 2E24DB2F8282AC28E6F46096A45C584F15A41C14C00EF770592BCD23BB208E94 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:44:46.0390 0x05d8 hkmsvc - ok
21:44:46.0390 0x05d8 hpn - ok
21:44:46.0546 0x05d8 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05, 7B3F117C1D606DDA7623BEC0BFBC362C33A12213E899F049AC56A55826984134 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:44:46.0562 0x05d8 hpqcxs08 - ok
21:44:46.0593 0x05d8 [ F3F72A2A86C22610BCA5439FA789DD52, DA5A8F09DCC512AA1558863AD4FAC12F72DD83CA8FB4D8D9831E4AFBB6B3C616 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:44:46.0593 0x05d8 hpqddsvc - ok
21:44:46.0593 0x05d8 hpt3xx - ok
21:44:46.0640 0x05d8 [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:44:46.0640 0x05d8 HPZid412 - ok
21:44:46.0671 0x05d8 [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:44:46.0671 0x05d8 HPZipr12 - ok
21:44:46.0703 0x05d8 [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:44:46.0703 0x05d8 HPZius12 - ok
21:44:46.0765 0x05d8 [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:44:46.0781 0x05d8 HTTP - ok
21:44:46.0828 0x05d8 [ 4E71FDAC76E5E9ED1C88DC3FB16E301D, 335D7AF232FE8EDFBED6DD2C288256E170AFE71179BE614110597B8AF137326A ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:44:46.0828 0x05d8 HTTPFilter - ok
21:44:46.0921 0x05d8 [ AC1E9496BA0AC3B27B45F2228ED51B2C, C1EB7B5ECC4CF6AADD8CB7D7CE7D5A31581979619E8E3E7D4ADB220730919E17 ] HWiNFO32 C:\Program Files\HWiNFO32\HWiNFO32.SYS
21:44:46.0921 0x05d8 HWiNFO32 - ok
21:44:46.0937 0x05d8 i2omgmt - ok
21:44:46.0937 0x05d8 i2omp - ok
21:44:46.0953 0x05d8 [ F8D6633482E0BD81766C74441B134FDF, 826589D4B7B4952B207F31E5F159B03DAF04518AB4461F5E51B51618FA8FE59B ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
21:44:46.0953 0x05d8 i8042prt - ok
21:44:47.0296 0x05d8 [ 48846B31BE5A4FA662CCFDE7A1BA86B9, BC653F3ADAD70E766484986F196D4045D2CC6D92E5D827907E734254EE489A33 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:44:47.0437 0x05d8 ialm - ok
21:44:47.0531 0x05d8 [ E7CC3AEAED9893A88876744CD439F76C, C5421E8866A8468FE8E1DCE11245E8EEE6F9750C4F7365497D4C2DE007864FB5 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:44:47.0562 0x05d8 idsvc - ok
21:44:47.0593 0x05d8 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:44:47.0593 0x05d8 Imapi - ok
21:44:47.0656 0x05d8 [ 2471854671044613A324486986236FFF, 44EFC50E3AB5936AC18B33C9A62DE991B315AF451EAF7C0FD68641357AE2DC38 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:44:47.0671 0x05d8 ImapiService - ok
21:44:47.0687 0x05d8 ini910u - ok
21:44:47.0703 0x05d8 IntelIde - ok
21:44:47.0718 0x05d8 [ BB055E429E9F54AA3FBA2DD33BEB0935, B1276A6CAD3B7DCE24C668D5DBB38A6AC69D38D1CFF85360D7C57BF6270FB708 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:44:47.0718 0x05d8 intelppm - ok
21:44:47.0750 0x05d8 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:44:47.0750 0x05d8 ip6fw - ok
21:44:47.0796 0x05d8 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:44:47.0796 0x05d8 IpFilterDriver - ok
21:44:47.0812 0x05d8 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:44:47.0812 0x05d8 IpInIp - ok
21:44:47.0875 0x05d8 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:44:47.0875 0x05d8 IpNat - ok
21:44:47.0890 0x05d8 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:44:47.0890 0x05d8 IPSec - ok
21:44:47.0921 0x05d8 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:44:47.0921 0x05d8 IRENUM - ok
21:44:47.0968 0x05d8 [ D3715A2DBA29215BE59DCFC11294D493, 130C73426F31383118E12195FFE097E1F3AADEF291F4D8ED5CAB0301E4C92702 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:44:47.0968 0x05d8 isapnp - ok
21:44:48.0031 0x05d8 [ AF1FD8035B4A34EAF25F8BB1CD3C95FF, C322780CAF17CC2229CDBAE63B5BDFE223238B628B1AA917822AA0B0A70914BE ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:44:48.0031 0x05d8 Kbdclass - ok
21:44:48.0078 0x05d8 [ 2FA8856D81EEE4C59272B3CC61DEA319, 45DA3FBD638707E011679CF3E0A496698C11ED45D6DDCB9E5B20D63D8224A6F8 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:44:48.0078 0x05d8 kbdhid - ok
21:44:48.0093 0x05d8 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:44:48.0109 0x05d8 kmixer - ok
21:44:48.0109 0x05d8 [ 1705745D900DABF2D89F90EBADDC7517, FE90589415BDB3BA482D3EBE1A87A7BF1429791E8F18BCB66BF8874631CC8B2C ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:44:48.0109 0x05d8 KSecDD - ok
21:44:48.0171 0x05d8 [ 7B05FA3CF479FE189EE8670F9E03A5B9, 8294D0E3FC15266D7496A7DB258B4E2F302CDB2FAA2E23765429081670CC602B ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:44:48.0171 0x05d8 lanmanserver - ok
21:44:48.0234 0x05d8 [ 7EF583535D811F65E871E14C218CEF38, 08BB517DDE93D6DA18C05D93DD3BD9F3BF72716ED283FD530FD588ED74CD006C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:44:48.0250 0x05d8 lanmanworkstation - ok
21:44:48.0250 0x05d8 lbrtfdc - ok
21:44:48.0312 0x05d8 [ 429F8A7802C1E7D8254C1EE7B70499E3, 87444AC13A739C618B65E88E194741A9730104D34262EE12F82F97DCB0294259 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:44:48.0312 0x05d8 LmHosts - ok
21:44:48.0390 0x05d8 [ EA3E1648442BF717B35A68108CA4B0B3, AF5AFC4628BD4F5DCA40DB70CC1DA8D1C9F43B05028D663F48150DBBDCCADF2E ] LMIGuardianSvc C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
21:44:48.0406 0x05d8 LMIGuardianSvc - ok
21:44:48.0453 0x05d8 [ 805C6F337968C7271F0421D0A386C8EE, 1FAB99BA07A4B1012857EC2F1E38696BBBE1E494AF6E165A76FE41E46BDC463A ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
21:44:48.0453 0x05d8 mbamchameleon - ok
21:44:48.0484 0x05d8 [ E5D6246619CDF5ABC631D3600AAF1DAD, 3FB432FF5FA1A1CAD8C9F1402EF037B8DF7AD22AE0F203C15DE3B83D21B89F6D ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:44:48.0484 0x05d8 Messenger - ok
21:44:48.0546 0x05d8 Microsoft SharePoint Workspace Audit Service - ok
21:44:48.0593 0x05d8 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:44:48.0593 0x05d8 mnmdd - ok
21:44:48.0640 0x05d8 [ DC6F63935B77436AC4EDEEF59025CDC9, 9FA080604CD015228C0C9C597140632F9377ADB693E05FA5B9797445A8A1E111 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
21:44:48.0640 0x05d8 mnmsrvc - ok
21:44:48.0703 0x05d8 [ 4C84460A6BC9A5BF60555C04BE55792E, D030016A57F7964FD91A5BEA8FDF4087542EA17A9E7C23E1C4986C1337386C3E ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:44:48.0703 0x05d8 Modem - ok
21:44:48.0718 0x05d8 [ 6BE02786A7C13CCEAE728298EFFA0730, F0D7F81A96AC361200133A2C0FEC6251809A65CD8D4767026ED4CA8BF8EB55DF ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:44:48.0718 0x05d8 Mouclass - ok
21:44:48.0781 0x05d8 [ 89DDB41A54DDF8B3E5B7B9E92ED23A50, 5DEB875DDA4FD0DB768DDBF5E3D4B0CC1A39C8BB1E46054B482C94F41A145E16 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:44:48.0781 0x05d8 mouhid - ok
21:44:48.0781 0x05d8 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:44:48.0796 0x05d8 MountMgr - ok
21:44:48.0859 0x05d8 [ 0329A45C849C9D77901094B8FFE8BBB9, 2151C15A4185FABBC3367B8213017B45E08C43E26E1D8942E707E217C6A5EDA7 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:44:48.0859 0x05d8 MozillaMaintenance - ok
21:44:48.0859 0x05d8 mraid35x - ok
21:44:48.0890 0x05d8 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:44:48.0890 0x05d8 MRxDAV - ok
21:44:48.0921 0x05d8 [ 68755F0FF16070178B54674FE5B847B0, 2FFBCE3A67FA7E30E373624521C602E5510C5565F04381C6C9F961253DA928A6 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:44:48.0937 0x05d8 MRxSmb - ok
21:44:49.0000 0x05d8 [ 3D3535F73A38BEB3E4491E2C0459F77D, 412CB41F9BF305B6E5F4B8A00A22211D940C2D6665D2BD3AACA8FF71022E9DE6 ] MSDTC C:\WINDOWS\System32\msdtc.exe
21:44:49.0000 0x05d8 MSDTC - ok
21:44:49.0015 0x05d8 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:44:49.0015 0x05d8 Msfs - ok
21:44:49.0031 0x05d8 MSIServer - ok
21:44:49.0062 0x05d8 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:44:49.0062 0x05d8 MSKSSRV - ok
21:44:49.0093 0x05d8 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:44:49.0093 0x05d8 MSPCLOCK - ok
21:44:49.0093 0x05d8 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:44:49.0093 0x05d8 MSPQM - ok
21:44:49.0140 0x05d8 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:44:49.0140 0x05d8 mssmbios - ok
21:44:49.0187 0x05d8 [ 2F625D11385B1A94360BFC70AAEFDEE1, 23E4974120233CF1A7BEE48977706A0A55418699379D1450502ABEB24191AC80 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:44:49.0187 0x05d8 Mup - ok
21:44:49.0250 0x05d8 [ 730BD15AF8C65C3BBD040D121576123D, 58BC15DAA8B16B0A92476F3038C6DF6A3E273966823D6852E5AADDC43B3F76CE ] napagent C:\WINDOWS\System32\qagentrt.dll
21:44:49.0265 0x05d8 napagent - ok
21:44:49.0296 0x05d8 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:44:49.0312 0x05d8 NDIS - ok
21:44:49.0312 0x05d8 [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:44:49.0312 0x05d8 NdisTapi - ok
21:44:49.0328 0x05d8 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:44:49.0343 0x05d8 Ndisuio - ok
21:44:49.0406 0x05d8 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:44:49.0406 0x05d8 NdisWan - ok
21:44:49.0421 0x05d8 [ 6215023940CFD3702B46ABC304E1D45A, C767F3A349B365F6E7566C0738E2F62D8FFF8CB4457347E3614BD403BC6CADCB ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:44:49.0421 0x05d8 NDProxy - ok
21:44:49.0484 0x05d8 [ 510C138564486FF926A3F773205C63D1, 50FBB8555C284ED22F71D99750899321B63E3B4C255174FE9B4F31084F9A34B1 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
21:44:49.0484 0x05d8 Net Driver HPZ12 - ok
21:44:49.0500 0x05d8 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:44:49.0500 0x05d8 NetBIOS - ok
21:44:49.0531 0x05d8 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:44:49.0531 0x05d8 NetBT - ok
21:44:49.0578 0x05d8 [ EAE9FB52F7552C0EA407BE6EFF69C094, 63FFD46DFE0ED972BD91E71589D8B45F024302D2AF79D3F7ECD68819BB2DCC79 ] NetDDE C:\WINDOWS\system32\netdde.exe
21:44:49.0578 0x05d8 NetDDE - ok
21:44:49.0593 0x05d8 [ EAE9FB52F7552C0EA407BE6EFF69C094, 63FFD46DFE0ED972BD91E71589D8B45F024302D2AF79D3F7ECD68819BB2DCC79 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:44:49.0593 0x05d8 NetDDEdsdm - ok
21:44:49.0625 0x05d8 [ 1806020B8905C2A400ECD23733B78B87, 4309BB2D27C62708023836A2EC420D488F18B9B2F633837A30568007808F8B59 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:44:49.0625 0x05d8 Netlogon - ok
21:44:49.0703 0x05d8 [ A443996504A45CDF60CBA800DCB14420, D1C60B688D42A66A0D84763C5E48B80F7CABEEA4136DD65647F3B43C459094F3 ] Netman C:\WINDOWS\System32\netman.dll
21:44:49.0703 0x05d8 Netman - ok
21:44:49.0734 0x05d8 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:44:49.0750 0x05d8 NetTcpPortSharing - ok
21:44:49.0781 0x05d8 [ 205B0507C0D7AFE3ACAF669AB3E245F1, 5EB4265AC553FD1B84E99E369D269BB17B6A5656356649E3AC50AE4F8BE371AA ] Nla C:\WINDOWS\System32\mswsock.dll
21:44:49.0796 0x05d8 Nla - ok
21:44:49.0859 0x05d8 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:44:49.0859 0x05d8 Npfs - ok
21:44:49.0890 0x05d8 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:44:49.0906 0x05d8 Ntfs - ok
21:44:49.0921 0x05d8 [ 1806020B8905C2A400ECD23733B78B87, 4309BB2D27C62708023836A2EC420D488F18B9B2F633837A30568007808F8B59 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
21:44:49.0921 0x05d8 NtLmSsp - ok
21:44:49.0984 0x05d8 [ 5AA7FCAAFB3A3F81641BFA9DAB55CE42, 08B19AEB608B6850B879D2E3D1D06D852499135694C6F62822C0D4CC2A481F09 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:44:50.0000 0x05d8 NtmsSvc - ok
21:44:50.0031 0x05d8 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
21:44:50.0031 0x05d8 Null - ok
21:44:50.0078 0x05d8 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:44:50.0078 0x05d8 NwlnkFlt - ok
21:44:50.0078 0x05d8 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:44:50.0093 0x05d8 NwlnkFwd - ok



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 18th October 2013, 6:48 pm

21:44:50.0171 0x05d8  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:44:50.0187 0x05d8  ose - ok
21:44:50.0453 0x05d8  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:44:50.0562 0x05d8  osppsvc - ok
21:44:50.0656 0x05d8  [ 3D383486B2D3B97CD44334A406AE3418, 470C374DB9A5BCD9C380A02B43E575CF6D4C3AF2D3A9F90D0544D57E4D764F12 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
21:44:50.0656 0x05d8  Parport - ok
21:44:50.0671 0x05d8  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
21:44:50.0671 0x05d8  PartMgr - ok
21:44:50.0734 0x05d8  [ CBC2A624A1DAC81BD1A2932985A8955F, D5470225BCBF9269B5295F3840C3F234A3024AEC3F6074BDB9C5FA3EB12733BB ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
21:44:50.0734 0x05d8  ParVdm - ok
21:44:50.0765 0x05d8  [ DCB32B61125E35AF33CB8CD54A1E7737, D8A2293D0F27EE9094243D2B8223A2149CB9762B24CDD74BAC613F12476F8623 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
21:44:50.0781 0x05d8  PCI - ok
21:44:50.0781 0x05d8  PCIDump - ok
21:44:50.0781 0x05d8  [ D0F88F309E94460AE276C843192D9DE7, 493BC0A4F1CB4CF134CAA4DC9D11B1943FB024DDE6759014A017FDB30B466ADE ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
21:44:50.0796 0x05d8  PCIIde - ok
21:44:50.0812 0x05d8  [ 1E052D2D5A43C0D097FD96B1490D6083, E8457F3F6A3BD36BD0443385C2A00D2F53AFD0BBD8DBF85AAECC80171285F3CB ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
21:44:50.0812 0x05d8  Pcmcia - ok
21:44:50.0828 0x05d8  PDCOMP - ok
21:44:50.0828 0x05d8  PDFRAME - ok
21:44:50.0843 0x05d8  PDRELI - ok
21:44:50.0843 0x05d8  PDRFRAME - ok
21:44:50.0859 0x05d8  perc2 - ok
21:44:50.0859 0x05d8  perc2hib - ok
21:44:50.0921 0x05d8  [ 207AB7A1A36004BB6F33E58E71C1C90E, C4B4729276A5C1E523C5E48DCFA436E15311C85AC775A8CF3B549A71E7D3C2D2 ] PlugPlay        C:\WINDOWS\system32\services.exe
21:44:50.0921 0x05d8  PlugPlay - ok
21:44:50.0937 0x05d8  [ 37E5E8FFBAD35605DAEEC3224EA0E465, E3A9BE275D3C8A3E143DF3A795964E9860A1F6C18BE36F8FE552E954435AC927 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
21:44:50.0937 0x05d8  Pml Driver HPZ12 - ok
21:44:50.0968 0x05d8  [ 1806020B8905C2A400ECD23733B78B87, 4309BB2D27C62708023836A2EC420D488F18B9B2F633837A30568007808F8B59 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
21:44:50.0968 0x05d8  PolicyAgent - ok
21:44:50.0984 0x05d8  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:44:50.0984 0x05d8  PptpMiniport - ok
21:44:51.0000 0x05d8  [ B7F6B49187EA0254076BBBEEF59E200B, BB6BC8549A70C438509D0FF8A00A71F5131D248818C3CBDF9C4EE2DB5F6AA670 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
21:44:51.0000 0x05d8  Processor - ok
21:44:51.0015 0x05d8  [ 1806020B8905C2A400ECD23733B78B87, 4309BB2D27C62708023836A2EC420D488F18B9B2F633837A30568007808F8B59 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:44:51.0015 0x05d8  ProtectedStorage - ok
21:44:51.0015 0x05d8  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
21:44:51.0031 0x05d8  PSched - ok
21:44:51.0078 0x05d8  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:44:51.0078 0x05d8  Ptilink - ok
21:44:51.0078 0x05d8  ql1080 - ok
21:44:51.0093 0x05d8  Ql10wnt - ok
21:44:51.0093 0x05d8  ql12160 - ok
21:44:51.0109 0x05d8  ql1240 - ok
21:44:51.0109 0x05d8  ql1280 - ok
21:44:51.0156 0x05d8  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:44:51.0156 0x05d8  RasAcd - ok
21:44:51.0203 0x05d8  [ A45F25BED4DEF4E941B7CCFB5391E782, B097492CD218C09C49699D2211D3E8111DCEF347E549197D384D5B5E41381007 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
21:44:51.0203 0x05d8  RasAuto - ok
21:44:51.0234 0x05d8  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:44:51.0234 0x05d8  Rasl2tp - ok
21:44:51.0296 0x05d8  [ A31E640E2CB33C8E029B4235E6F6681B, E8E3E03DA8BB0FD0C9E4D8B4AEB5A449E33E5DD4A2E7AE332A571992DCF8BD85 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:44:51.0296 0x05d8  RasMan - ok
21:44:51.0328 0x05d8  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:44:51.0328 0x05d8  RasPppoe - ok
21:44:51.0328 0x05d8  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
21:44:51.0343 0x05d8  Raspti - ok
21:44:51.0406 0x05d8  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:44:51.0406 0x05d8  Rdbss - ok
21:44:51.0421 0x05d8  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:44:51.0421 0x05d8  RDPCDD - ok
21:44:51.0453 0x05d8  [ 6728E45B66F93C08F11DE2E316FC70DD, EA63ECD4F84CAE08BD2BF843C48AF505B1B9D7B61349A63536C9C6FEBEF23452 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
21:44:51.0468 0x05d8  RDPWD - ok
21:44:51.0500 0x05d8  [ 279C3728D2AF16167EC544F495F39341, 09C68414A17EE842B9B13CD23CAD8C22015BFEFC1B20C641758129194B6963F9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
21:44:51.0500 0x05d8  RDSessMgr - ok
21:44:51.0609 0x05d8  [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
21:44:51.0609 0x05d8  RealNetworks Downloader Resolver Service - ok
21:44:51.0625 0x05d8  [ EB83EDB7F55F1910E4DB8C823A86CEED, 373C05C823C2F0214A00DE01D0200DD33860E80C030F841CDD92918536266C97 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
21:44:51.0625 0x05d8  redbook - ok
21:44:51.0671 0x05d8  [ A9BF621F4C5B89CEA6DD4FAE77281754, AC4BDCC9668BCC1B3CFDBFE025499E5520BAAB57CAA1F60E2603C6F30E4E31A3 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:44:51.0671 0x05d8  RemoteAccess - ok
21:44:51.0718 0x05d8  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
21:44:51.0718 0x05d8  ROOTMODEM - ok
21:44:51.0765 0x05d8  [ 9651CCA84B86457879A69DB07FA98617, 0A52EAF75982841EEBAD6359C0599FD66E616BD86B5F5FB6D6A0401871290B24 ] RpcLocator      C:\WINDOWS\System32\locator.exe
21:44:51.0765 0x05d8  RpcLocator - ok
21:44:51.0812 0x05d8  [ CAF10713E4A7C574FB8C86D34FF70616, 1C527733FC91F6A2649F5EA166E8FE8DAC231535600A84A1BB5EA2BF81DFAAC0 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
21:44:51.0828 0x05d8  RpcSs - ok
21:44:51.0843 0x05d8  [ 0A4E041DBA5D0FB36863460DCBAE2623, 6C3E801815DDA93644C8A2F439E617697648627E9A91183AA7628D6E425D17EA ] RSVP            C:\WINDOWS\System32\rsvp.exe
21:44:51.0859 0x05d8  RSVP - ok
21:44:51.0875 0x05d8  [ 1806020B8905C2A400ECD23733B78B87, 4309BB2D27C62708023836A2EC420D488F18B9B2F633837A30568007808F8B59 ] SamSs           C:\WINDOWS\system32\lsass.exe
21:44:51.0875 0x05d8  SamSs - ok
21:44:51.0890 0x05d8  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:44:51.0890 0x05d8  SASDIFSV - ok
21:44:51.0937 0x05d8  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:44:51.0937 0x05d8  SASKUTIL - ok
21:44:51.0968 0x05d8  [ 5DBE70E8932492DCFE78D21965652968, 3A5C05834DC1F752021F90A8E67C1175FEA6DDC774DFA227041CA4D59B720B66 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
21:44:51.0968 0x05d8  SCardSvr - ok
21:44:52.0015 0x05d8  [ 20B2751CD4C8F3FD989739CA661B9F30, 7D2449FB3657DD219D7A401AB8BC0B3AF0FBB6BD784C1AC723825CB1B688BEC5 ] SCDEmu          C:\WINDOWS\system32\drivers\SCDEmu.sys
21:44:52.0015 0x05d8  SCDEmu - ok
21:44:52.0078 0x05d8  [ 9D48CFB98C9FD9159D00243FE665CF43, 87E8C88BCA4938AA7258C0C6D1730D26A8CCD1530EE49312394D02EA250ABFB8 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:44:52.0078 0x05d8  Schedule - ok
21:44:52.0125 0x05d8  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:44:52.0125 0x05d8  Secdrv - ok
21:44:52.0171 0x05d8  [ 1B2629D2114A76ED82D33D028CB9E9A0, ACCAB9E0DEB7DA40435EBB63502AB1CBFF0688A67C26728F4F918D5A44C2D4E5 ] seclogon        C:\WINDOWS\System32\seclogon.dll
21:44:52.0171 0x05d8  seclogon - ok
21:44:52.0265 0x05d8  [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8, E94F7E97AAB80600DED0310160527C3CC8CAC8593EC2FBEAED2EF5EC5A6C4086 ] senfilt         C:\WINDOWS\system32\drivers\senfilt.sys
21:44:52.0281 0x05d8  senfilt - ok
21:44:52.0328 0x05d8  [ 5FED33452FD871BDE528AF32F0D5063F, 05064166CAF8311937BCFD9702C6C253DFDAF769CD2238626DA90D8FA3C4B08A ] SENS            C:\WINDOWS\system32\sens.dll
21:44:52.0328 0x05d8  SENS - ok
21:44:52.0359 0x05d8  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
21:44:52.0359 0x05d8  serenum - ok
21:44:52.0375 0x05d8  [ AD994A88BBFA3C686397951B11A701A5, D4C718282B6EEE4C50CC1E4F848B5C42BE69CA7522BABDAAB28341DAB4C3504D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
21:44:52.0390 0x05d8  Serial - ok
21:44:52.0437 0x05d8  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
21:44:52.0437 0x05d8  Sfloppy - ok
21:44:52.0500 0x05d8  [ 522873DF0FFD34FB1A8AF7D7E276727E, B882BAE7C5B9B2778743DC0655BE17962B70A4735BEC22865BF979DC386908E0 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
21:44:52.0515 0x05d8  SharedAccess - ok
21:44:52.0531 0x05d8  [ 9ED683865B8F0D374B95F4159F33833C, 6570DBEABF2AD245867949FD5DB195D4B44C0BF4EAFF021515BCDE061058F756 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:44:52.0546 0x05d8  ShellHWDetection - ok
21:44:52.0546 0x05d8  Simbad - ok
21:44:52.0625 0x05d8  [ C6D9959E493682F872A639B6EC1B4A08, 5B6D3FD23A44422F8B3972CF47BF16B5015DC0CCF7EF59FADAFEEF1AEE32958B ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
21:44:52.0625 0x05d8  smwdm - ok
21:44:52.0640 0x05d8  Sparrow - ok
21:44:52.0656 0x05d8  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
21:44:52.0656 0x05d8  splitter - ok
21:44:52.0718 0x05d8  [ 2A5DA64E77498E92EC20DC36A747DC98, 4237829F8500A0D0489B3054A9DF3918B5C3ACDE70844DFABB32A67E87C2C93B ] Spooler         C:\WINDOWS\system32\spoolsv.exe
21:44:52.0718 0x05d8  Spooler - ok
21:44:52.0781 0x05d8  [ A41AC0D87DC3054DB716F1456C84391C, 25F9E3C2BE3E2059BB6673BAFFCD7837B036CB704B7005FD2AD85660EC112637 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
21:44:52.0781 0x05d8  sr - ok
21:44:52.0843 0x05d8  [ BB9B6E360FF1A701A7920AA798A335BF, 7AE7A6DD74434AFB192A6D47B8796DAAC8329E2E367DA051ACCE7F03BA5ECFD4 ] srservice       C:\WINDOWS\system32\srsvc.dll
21:44:52.0859 0x05d8  srservice - ok
21:44:52.0890 0x05d8  [ 5252605079810904E31C332E241CD59B, 039DD965DE2137219168F95CA3BF1CA7353957026BDD0481F7964E2578DF2128 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
21:44:52.0890 0x05d8  Srv - ok
21:44:52.0953 0x05d8  [ 0870FA719DCFC9C49044A4852CC0859E, 90417F6B4734852C1241A88E7914E2E4933028791B33A04B81634602084C48DD ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
21:44:52.0953 0x05d8  SSDPSRV - ok
21:44:53.0031 0x05d8  [ C93AAC10D3B6375E9C859AD8779B63BF, 8B00A50C9EBE91D04F32D7EAFECEAD5C9735A9B0AC45AD6AAFF164BB45F68ECE ] stisvc          C:\WINDOWS\system32\wiaservc.dll
21:44:53.0046 0x05d8  stisvc - ok
21:44:53.0093 0x05d8  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
21:44:53.0093 0x05d8  swenum - ok
21:44:53.0109 0x05d8  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
21:44:53.0109 0x05d8  swmidi - ok
21:44:53.0125 0x05d8  SwPrv - ok
21:44:53.0125 0x05d8  symc810 - ok
21:44:53.0140 0x05d8  symc8xx - ok
21:44:53.0140 0x05d8  sym_hi - ok
21:44:53.0156 0x05d8  sym_u3 - ok
21:44:53.0171 0x05d8  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
21:44:53.0171 0x05d8  sysaudio - ok
21:44:53.0234 0x05d8  [ C4AAC8BA839951337C8029CCC1841D8B, 7211FAEED828B479EDEBCC893E473B91DA8F35DAC5831AE1C2C8C4D41553FCC4 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
21:44:53.0234 0x05d8  SysmonLog - ok
21:44:53.0296 0x05d8  [ 3AFFC05E23E4A809B324952E8BCE29C0, 55889C0C10D6B8284553BB4BA68943F5A5CCF1B9C31DE78DB64AB47FF52D905A ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
21:44:53.0312 0x05d8  TapiSrv - ok
21:44:53.0343 0x05d8  [ 93EA8D04EC73A85DB02EB8805988F733, 013008E23F5F14E0C836C28524D1181759BAF84530C6331163882A772217F398 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:44:53.0343 0x05d8  Tcpip - ok
21:44:53.0390 0x05d8  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
21:44:53.0390 0x05d8  TDPIPE - ok
21:44:53.0421 0x05d8  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
21:44:53.0421 0x05d8  TDTCP - ok
21:44:53.0453 0x05d8  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
21:44:53.0453 0x05d8  TermDD - ok
21:44:53.0531 0x05d8  [ 949249FFEFBDF35AB5A3BB31800B7C20, C2836454A113E454E5AFF18F0FDD55C73B6E142BE8D28AC67984F5EFB08AF403 ] TermService     C:\WINDOWS\System32\termsrv.dll
21:44:53.0531 0x05d8  TermService - ok
21:44:53.0562 0x05d8  [ 9ED683865B8F0D374B95F4159F33833C, 6570DBEABF2AD245867949FD5DB195D4B44C0BF4EAFF021515BCDE061058F756 ] Themes          C:\WINDOWS\System32\shsvcs.dll
21:44:53.0562 0x05d8  Themes - ok
21:44:53.0578 0x05d8  TosIde - ok
21:44:53.0640 0x05d8  [ 3986C1B3E63E831288F4CE4AC5902886, C53EE2A1E3EED718B4C0BD145658BC8D2240D306C3B8E9C65FC1AD25B7109D0C ] TrkWks          C:\WINDOWS\system32\trkwks.dll
21:44:53.0640 0x05d8  TrkWks - ok
21:44:53.0671 0x05d8  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
21:44:53.0671 0x05d8  Udfs - ok
21:44:53.0687 0x05d8  ultra - ok
21:44:53.0765 0x05d8  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
21:44:53.0765 0x05d8  Update - ok
21:44:53.0812 0x05d8  [ 0A0435BE61CE7BB2F43A529EAC811CB8, 2624BA570B5192898FFE71B372E1B77D463BB6CB8327289E612E2218470533D9 ] upnphost        C:\WINDOWS\System32\upnphost.dll
21:44:53.0828 0x05d8  upnphost - ok
21:44:53.0859 0x05d8  [ A7F37334A19A15F41935C8EC9037007F, 3FEC70885EB9B74C74CEC414DA295304925AB80AE9A0A8279C8B81AB4047DC3B ] UPS             C:\WINDOWS\System32\ups.exe
21:44:53.0859 0x05d8  UPS - ok
21:44:53.0921 0x05d8  [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:44:53.0921 0x05d8  usbccgp - ok
21:44:53.0968 0x05d8  [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:44:53.0968 0x05d8  usbehci - ok
21:44:54.0031 0x05d8  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:44:54.0031 0x05d8  usbhub - ok
21:44:54.0046 0x05d8  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:44:54.0046 0x05d8  usbprint - ok
21:44:54.0078 0x05d8  [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:44:54.0093 0x05d8  usbscan - ok
21:44:54.0125 0x05d8  [ 1C888B000C2F9492F4B15B5B6B84873E, 40698DFA5CD7BCFAFC14A2227FBF58CAD44D95C4E48B4B81160A6BCC33A8C3E3 ] usbser          C:\WINDOWS\system32\DRIVERS\usbser.sys
21:44:54.0125 0x05d8  usbser - ok
21:44:54.0156 0x05d8  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:44:54.0156 0x05d8  USBSTOR - ok
21:44:54.0203 0x05d8  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:44:54.0203 0x05d8  usbuhci - ok
21:44:54.0218 0x05d8  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
21:44:54.0218 0x05d8  VgaSave - ok
21:44:54.0218 0x05d8  ViaIde - ok
21:44:54.0281 0x05d8  [ 3CF5DC3FDF17AE17D488D4548AC33741, 217036C8C7650B73A1733E9087A22A1ABBB6EEDCF037C33633C4F69012051225 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
21:44:54.0281 0x05d8  VolSnap - ok
21:44:54.0359 0x05d8  [ 2B2B357B63ACBEE389BEA503B5CA89CE, 18D04627ED301A2442047625EBF88CB182F43A8DEDD3FEA7B103630B1FC13A04 ] VSS             C:\WINDOWS\System32\vssvc.exe
21:44:54.0359 0x05d8  VSS - ok
21:44:54.0437 0x05d8  [ B49EE293A184A0FFFF710CDD6713BD47, 433D45CC36E797B4E886049CF7CDC14EF89FCAADE6D14ACF7B3072CEF6362EEA ] W32Time         C:\WINDOWS\system32\w32time.dll
21:44:54.0437 0x05d8  W32Time - ok
21:44:54.0500 0x05d8  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:44:54.0500 0x05d8  Wanarp - ok
21:44:54.0500 0x05d8  WDICA - ok
21:44:54.0515 0x05d8  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
21:44:54.0515 0x05d8  wdmaud - ok
21:44:54.0578 0x05d8  [ 7D28CEE58219B1ADE976C8438442BF41, 379A124B25A7C1A906B049F0D84902DFEE900BDE44BFEC84642E608DD28D4C5E ] WebClient       C:\WINDOWS\System32\webclnt.dll
21:44:54.0578 0x05d8  WebClient - ok
21:44:54.0703 0x05d8  [ 075EC50CA60F1B4EE576886BEF72AB21, 8391C74EAE6216F7836848DE243B9AAE81CB367D7E0FB1838E3672F7820DD28A ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
21:44:54.0703 0x05d8  winmgmt - ok
21:44:54.0750 0x05d8  [ E3122C37EFE571F99EA955CBD7EF08D3, 4D27E043AB5519FBC5C66393C4D46CAF9BC5A26FE8FF3C6BC6F5ABF0BD2A1D13 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
21:44:54.0765 0x05d8  WmdmPmSN - ok
21:44:54.0796 0x05d8  [ DDED6630AFD8227395A714E3162A97D7, 2672C5BEB018D4A63684ED493120361F9D2DC1350534ECF6FD2DF3002821D709 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
21:44:54.0812 0x05d8  WmiApSrv - ok
21:44:54.0953 0x05d8  [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:44:54.0968 0x05d8  WPFFontCache_v0400 - ok
21:44:55.0015 0x05d8  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:44:55.0015 0x05d8  WS2IFSL - ok
21:44:55.0078 0x05d8  [ 1A5DDC44B0AB7C40C13796DB7DB82989, 4DB5742A69FDE879E7FAC3E10DE5DC920B090D3DB51D74BF84FC250C5E0BDEC0 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
21:44:55.0078 0x05d8  wscsvc - ok
21:44:55.0140 0x05d8  [ 6F55057EE883AC1675F31242B6DD6EF3, 2A0B02440C3FB3BB6ACF3C770AA896A6149464A5D57401BE51AB39A6A5690678 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
21:44:55.0156 0x05d8  wuauserv - ok
21:44:55.0218 0x05d8  [ 0AF6479664B3AAB3B46881143345AEAA, 5CCA12371A8EDDEE337001D5804D17C94123A96E26B662BBC6D89F06AC5BBCF7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
21:44:55.0234 0x05d8  WZCSVC - ok
21:44:55.0296 0x05d8  [ 34994678129C0BD63E4C29E5780F4D34, A1F2D80F9D486BA2D30D25F45A17AA1C9AFDC0CF5BDB02486070D6E4DD7240D4 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
21:44:55.0296 0x05d8  xmlprov - ok
21:44:55.0312 0x05d8  ================ Scan global ===============================
21:44:55.0359 0x05d8  [ E8944EEC78EC2FE5F3A613DDF201C815, BD2746229A76F58E7564CB740466AA3B332F783515FD5AB4872156222BCD1FA4 ] C:\WINDOWS\system32\basesrv.dll
21:44:55.0375 0x05d8  [ D1556933FB2E69FDA72AABC05348C60C, 5C6BF487D610996101D713D7594A6ADD8419011DDD0546592194591ACE4354EF ] C:\WINDOWS\system32\winsrv.dll
21:44:55.0406 0x05d8  [ D1556933FB2E69FDA72AABC05348C60C, 5C6BF487D610996101D713D7594A6ADD8419011DDD0546592194591ACE4354EF ] C:\WINDOWS\system32\winsrv.dll
21:44:55.0421 0x05d8  [ 207AB7A1A36004BB6F33E58E71C1C90E, C4B4729276A5C1E523C5E48DCFA436E15311C85AC775A8CF3B549A71E7D3C2D2 ] C:\WINDOWS\system32\services.exe
21:44:55.0421 0x05d8  [ Global ] - ok
21:44:55.0421 0x05d8  ================ Scan MBR ==================================
21:44:55.0453 0x05d8  [ 3C27C0429156ADC19E0F46AF77CD22D7 ] \Device\Harddisk0\DR0
21:44:55.0656 0x05d8  \Device\Harddisk0\DR0 - ok
21:44:55.0656 0x05d8  ================ Scan VBR ==================================
21:44:55.0656 0x05d8  [ 9C152BBCD1664EFAB2720EA14D625830 ] \Device\Harddisk0\DR0\Partition1
21:44:55.0671 0x05d8  \Device\Harddisk0\DR0\Partition1 - ok
21:44:55.0687 0x05d8  Win FW state via NFM: enabled
21:45:10.0125 0x05d8  ============================================================
21:45:10.0125 0x05d8  Scan finished
21:45:10.0125 0x05d8  ============================================================
21:45:10.0125 0x058c  Detected object count: 0
21:45:10.0125 0x058c  Actual detected object count: 0



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Superdave on 18th October 2013, 7:07 pm

Please run AdwCleaner and MBAM again and see if anything shows up.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 18th October 2013, 7:08 pm

# AdwCleaner v3.008 - Report created 18/10/2013 at 22:07:49
# Updated 17/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Vlad&Luciferia - USER-HQAI7P9NL5
# Running from : C:\Documents and Settings\Vlad&Luciferia\Επιφάνεια εργασίας\Aρχεία\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v24.0 (el)

[ File : C:\Documents and Settings\Vlad&Luciferia\Application Data\Mozilla\Firefox\Profiles\fpegqkwo.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10707 octets] - [17/10/2013 22:31:11]
AdwCleaner[R1].txt - [1129 octets] - [18/10/2013 00:44:28]
AdwCleaner[R2].txt - [990 octets] - [18/10/2013 22:07:49]
AdwCleaner[S0].txt - [9979 octets] - [17/10/2013 22:33:22]
AdwCleaner[S1].txt - [1191 octets] - [18/10/2013 00:45:33]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1169 octets] ##########



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 18th October 2013, 7:10 pm

this is the correct, sorry
# AdwCleaner v3.008 - Report created 18/10/2013 at 22:07:49
# Updated 17/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Vlad&Luciferia - USER-HQAI7P9NL5
# Running from : C:\Documents and Settings\Vlad&Luciferia\Επιφάνεια εργασίας\Aρχεία\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v24.0 (el)

[ File : C:\Documents and Settings\Vlad&Luciferia\Application Data\Mozilla\Firefox\Profiles\fpegqkwo.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10707 octets] - [17/10/2013 22:31:11]
AdwCleaner[R1].txt - [1129 octets] - [18/10/2013 00:44:28]
AdwCleaner[R2].txt - [990 octets] - [18/10/2013 22:07:49]
AdwCleaner[S0].txt - [9979 octets] - [17/10/2013 22:33:22]
AdwCleaner[S1].txt - [1191 octets] - [18/10/2013 00:45:33]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1169 octets] ##########



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 18th October 2013, 7:12 pm

scanning with mbam now..virus is still present :/



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 18th October 2013, 7:43 pm

Here is the MBAM:

Malwarebytes Anti-Malware 1.75.0.1300
[You must be registered and logged in to see this link.]

Έκδοση βάσης δεδομένων: v2013.10.13.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Vlad&Luciferia :: USER-HQAI7P9NL5 [διαχειριστής]

18/10/2013 10:11:19 μμ
mbam-log-2013-10-18 (22-11-19).txt

Τύπος σάρωσης: Πλήρης σάρωση (C:\|)
Ενεργοποιημένες επιλογές σάρωσης: Μνήμη | Εκκίνηση | Μητρώο | Σύστημα αρχείων | Ευρετική μέθοδος/Extra | Ευρετική μέθοδος/Shuriken | PUP | PUM
Απενεργοποιημένες επιλογές σάρωσης: P2P
Αντικείμενα που σαρώθηκαν: 232059
Χρόνος που έχει διανυθεί: 32 λεπτό(ά), 2 δευτερόλεπτο(α)

Εντοπίστηκαν διεργασίες στη μνήμη: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν στοιχεία στη μνήμη: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν κλειδιά στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν τιμές στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν αντικείμενα δεδομένων στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν φάκελοι: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν αρχεία: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

(τέλος)



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 18th October 2013, 7:45 pm

I think that those are weird, what do you think :




Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Superdave on 19th October 2013, 12:52 am

You can try stopping those suspicious processes one at a time and see if it helps.

Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*********************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 19th October 2013, 11:59 am

I don't know why, but as I said on my previous posts, security check cannot run as it should and I get some kind of error inside the program saying "Could not locate the disk path"...


Eset:
C:\AdwCleaner\Quarantine\C\Documents and Settings\VLAD&L~1\LOCALS~1\Temp\eIntaller\A77CB00929914442BD038C99765B0F83\eGdpSvc.exe.vir a variant of Win32/ELEX.S application cleaned by deleting - quarantined
C:\Documents and Settings\Vlad&Luciferia\?? ??????? ???\Downloads\Windows XP Pro SP3, Activated, +genuine, +sata, (July 2013)\Windows_XP_Pro_SP3_activated.iso a variant of Win32/HackTool.WpaKill.E application deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcgmehbfdnnenigpjeloaghefejfanka\1.6\zYiVoyT.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Vlad&Luciferia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iibljhbgeihagednfcefiohkkhlebafm\1.0\8OlTFzsklOl.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\System Volume Information\_restore{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP75\A0014268.exe Win32/SProtector.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP77\A0014337.exe a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined
C:\System Volume Information\_restore{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP77\A0014341.exe a variant of Win32/SpeedingUpMyPC application deleted - quarantined
C:\System Volume Information\_restore{233CA534-2ECC-468B-9319-1BCF517C9EE4}\RP84\A0014832.exe Win32/SProtector.B application cleaned by deleting - quarantined



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 19th October 2013, 12:02 pm

Virus still exists... Sad tearing



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Superdave on 19th October 2013, 10:05 pm

security check cannot run as it should and I get some kind of error inside the program saying "Could not locate the disk path"...
Are you downloading the program directly to your computer or are you trying to run it from a CD?

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 19th October 2013, 10:13 pm

I download the program and run it, no use of a cd..
I did what you said above and here is the result:

The above error says "Windows could not locate mrt.exe Make sure you typed correct the name and try later.



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Superdave on 19th October 2013, 10:49 pm

You can download and install MRT [You must be registered and logged in to see this link.]

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 20th October 2013, 8:49 am

With mrt all is good, no infection found



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Superdave on 20th October 2013, 5:07 pm

[You must be registered and logged in to see this link.] wrote:With mrt all is good, no infection found
I need to know what Av you're using?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 20th October 2013, 5:35 pm

I do not use any real time antivirus, I only scan my pc with MBAM and superantispyware.



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Superdave on 20th October 2013, 5:42 pm

I do not use any real time antivirus, I only scan my pc with MBAM and superantispyware
That is not a very good idea. You can check your Add-ons in your browsers to see if there are any add-ons that could be causing that problem. I will cease help you with this problem until you install and activate one of these AV programs. I recommend MicroSoft Security Essentials.

Remember to only install one antivirus!

1) [You must be registered and logged in to see this link.]
2) [You must be registered and logged in to see this link.]
3) [You must be registered and logged in to see this link.]
4) [You must be registered and logged in to see this link.] All versions and all languages.
5) [You must be registered and logged in to see this link.] (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) [You must be registered and logged in to see this link.]

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 20th October 2013, 5:45 pm

I download and install Comodo. What next? I do not use microsoft security essentials because of my windows beeing a cracked version..



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 20th October 2013, 6:05 pm

I checked my add-ons in my browser and all is ok, I do not have any unwanted add-on installed.. And virus is still active :/
We reached the limit? We cannot do sth else?



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 20th October 2013, 7:10 pm

Here is the troublesome virus that hijacks my browsers
[/URL]




Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 20th October 2013, 7:13 pm

And here it is again on internet explorer.





Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Superdave on 20th October 2013, 10:06 pm

This is not a virus. Since your Windows OS is not a legal version I cannot help you anymore. This is a rule of the forum.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 20th October 2013, 10:56 pm

At least tell me what can I do about it if it's not a virus. I cannot remove it, so what is it?



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Superdave on 21st October 2013, 12:53 am

[You must be registered and logged in to see this link.] wrote:At least tell me what can I do about it if it's not a virus. I cannot remove it, so what is it?
What happens when you change your home page back to Google?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Vladimir on 21st October 2013, 5:40 pm

Never mind, thank you.. At last I solved the problem..



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30518
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked "Do Searches"

Post by Superdave on 24th October 2013, 10:06 pm

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum