View Full Version : Redirect issues & DDS can't be downloaded
jpatrick
2012-07-08, 06:04
Hello Spybot forums,
I've been infected with a redirect virus/malware which sends me to newsfudge.com & other sites when I use Google or Yahoo and try to open a link in the results screen. It started yesterday, July 6th. I've run Avast & Spybot & they have found no problems. Also cleared the cache.... if that's worth anything.
I've tried to download DDS, but I can't seem to get the program. What was downloaded at the DDS link was: "DDS.SCR". When I right clicked on the file to check it's properties, under the 'General' tab, it stated that the file type was a 'screen saver (.scr)'.... the description line had: 'DDS. Doesn't Do Squat'. What the heck? I didn't open it. I've read that certain maleware/viruses can block the download of DDS....is this what is happening?
I have the Erunt file already.
Any thoughts and/or help is appreciated.
jpatrick
PS I posted (http://forums.spybot.info/showthread.php?t=62270) last year, but I have a new computer: Windows 7, IE 9, version 9.08112.16421.
Hello again SpyBot forums,
Below is the DDS info. Apparently, the .scr extension is normal....right?
Attached is the required 'attach' file.
Erunt program ran, registry backed up.
Thanks again for any help.
Jpatrick
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Admin at 14:33:38 on 2012-07-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2368 [GMT
-4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanCU.exe
C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.weather.com/weather/tenday/Bennington+VT+05201
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: FlashCatchBHO Class: {88618a96-6d8a-42e7-b932-9073d5b2080f} - C:\Program Files (x86)\FlashCatch\flashcatch.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
TB: FlashCatch: {10cecf4f-a96e-4803-8ac2-f565fb29ff47} - C:\Program Files (x86)\FlashCatch\flashcatch.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Temp] rundll32.exe "C:\Users\Admin\AppData\Local\VirtualStore\Temp\ggqkf.dll",CreateInstance
mRun: [DMXLauncher] "C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe"
mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [<NO NAME>]
StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanCU.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: microsoft.com\oas.support
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{27A76691-41C0-4E44-995C-D5AC9A99A256} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{96B9080E-81CC-4304-A255-8ED57B92B0A3} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Roxio\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: FlashCatchBHO Class: {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files (x86)\FlashCatch\flashcatch.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
TB-X64: FlashCatch: {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files (x86)\FlashCatch\flashcatch.dll
TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [DMXLauncher] "C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe"
mRun-x64: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
mRun-x64: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [(Default)]
Hosts: 127.0.0.1 www.spywareinfo.com <http://www.spywareinfo.com>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\auc4ujdm.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\Plugins\npqtplugin.dll
FF - plugin: c:\program files\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\Plugins\npqtplugin5.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-20 1153368]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n64.sys --> C:\Windows\system32\DRIVERS\RTL85n64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-13 136176]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-9-9 309744]
S2 SessionLauncher;SessionLauncher;C:\Users\Admin\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\Admin\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-13 136176]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-9-9 1120752]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-02 15:18:30 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
.
==================== Find3M ====================
.
2012-04-19 08:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-01-21 02:52:27 258560 ----a-w- C:\Program Files\UnitConverter.exe
2001-06-20 21:34:42 127488 ----a-w- C:\Program Files\QuickTimeUpdater.exe
2001-06-20 21:34:38 303616 ----a-w- C:\Program Files\PictureViewer.exe
2001-06-20 21:34:38 225792 ----a-w- C:\Program Files\QTInfo.exe
2001-06-20 21:34:38 1043968 ----a-w- C:\Program Files\QuickTimePlayer.exe
.
============= FINISH: 14:34:01.64 ===============
Jack&Jill
2012-07-13, 01:17
Hello and welcome to Safer Networking.
I am currently assessing your situation and will be back with a fix for your problem as soon as possible.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.
Please be patient with me during this time.
Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.
Jack&Jill
2012-07-13, 01:43
Hello jpatrick :),
Welcome to Safer Networking. I am Jack&Jill, and I will be helping you out.
Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.
Please observe and follow these Forum Rules (http://forums.spybot.info/showthread.php?t=288).
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.
If you are agreeable to the above, then everything should go smoothly :) . We may begin.
--------------------
Does the redirect occur with all browsers or certain ones only? What other symptoms do you experience?
--------------------
Please download aswMBR and save it to your desktop. Click here. (http://public.avast.com/~gmerek/aswMBR.exe)
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.
When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.
Please post the contents of the log in your next reply.
--------------------
Scan with RogueKiller
Please download RogueKiller© by Tigzy and save it to your desktop. Click here. (www.sur-la-toile.com/RogueKiller/RogueKiller.exe)
Allow the download if prompted by your security software and please close all your programs.
Double click on RogueKiller.exe to run it. If it does not run, please try a few times.
Wait for PreScan to finish, then click on Scan.
Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
Please copy and paste the contents of that log in your next reply.
--------------------
Please post back:
1. answers to my questions for more information
2. aswMBR result
3. RogueKiller log
jpatrick
2012-07-13, 10:57
Hello Jack&Jill,
Thank you for responding!
I've attached what you've asked for. FYI: Downloading the Avast virus definitions & the scan took longer than the 15 minutes that the AVG protections were supposed to be off, so I added another 15 minutes DURING the aswMBR scan. I don't know if this will effect the results.
As to your questions, I only use IE9 so it's only with that web browser that I'm experiencing the problem, but I do have Firefox installed.
The redirect is the primary problem which I experience with Yahoo search results(Google results as well). When I right click on a link to open it in a new tab the redirect opens a new window, there is a brief page that then shoots me off to different pages, newsfudge.com, for instance.
What I have done the last few days is clear the cache(cookie, TempFiles & history) and use IE9 without searching on Yahoo or Google and there are no symptoms. However, if I do a search on Yahoo and the redirect occurs, I've noticed that my browser is slower & I have problems with various websites. An example would be the Vermont Public TV website yesterday when I got this error message from IE9: "Internet Explorer has closed this webpage to protect your computer. A malfunctioning or malicious add-on has caused Internet Explorer to close this page." I used the Ctrl/Print Screen to get an image of the error message. If you would like to have that I can attach it next time.
Other than the above, I have avoided doing much with the computer for the past 5 days as I haven't wanted to potentially deepen the problem. As a result, I haven't been able to notice any other symptoms.
I do need to note that when this redirect occurred the first time on 7/6, I cleared the cache, as stated above, and ran CCleaner, v3.14/1616(64bit). That included the cleaner & the registry tool as well. Doing this clearly didn't help with the redirect issues. CCleaner lets you save a copy of the registry before you change it & I have that copy if you need that. Let me know.
I think that's all for now. Again, thank you for responding.... I was beginning to despair.
Jpatrick
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-13 03:37:40
-----------------------------
03:37:40.125 OS Version: Windows x64 6.1.7601 Service Pack 1
03:37:40.125 Number of processors: 3 586 0x503
03:37:40.125 ComputerName: ADMIN-PC UserName: Admin
03:37:40.985 Initialize success
03:48:36.445 AVAST engine defs: 12071201
03:48:43.115 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
03:48:43.115 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
03:48:43.145 Disk 0 MBR read successfully
03:48:43.145 Disk 0 MBR scan
03:48:43.155 Disk 0 Windows 7 default MBR code
03:48:43.165 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
03:48:43.175 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
03:48:43.205 Disk 0 scanning C:\Windows\system32\drivers
03:48:51.495 Service scanning
03:49:08.475 Modules scanning
03:49:08.495 Disk 0 trace - called modules:
03:49:08.515 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
03:49:08.525 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049073d0]
03:49:08.525 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa800396a9e0]
03:49:08.535 5 ACPI.sys[fffff88000f1d7a1] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa80044b3060]
03:49:10.505 AVAST engine scan C:\Windows
03:49:12.655 AVAST engine scan C:\Windows\system32
03:51:59.661 AVAST engine scan C:\Windows\system32\drivers
03:52:21.367 AVAST engine scan C:\Users\Admin
03:57:47.827 AVAST engine scan C:\ProgramData
03:58:29.417 Scan finished successfully
03:58:57.427 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
03:58:57.427 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR log 07132012.txt"
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Admin [Admin rights]
Mode: Scan -- Date: 07/13/2012 04:03:45
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 4 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : Temp (rundll32.exe "C:\Users\Admin\AppData\Local\VirtualStore\Temp\ggqkf.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-4245015985-2778896149-1756623667-1000[...]\Run : Temp (rundll32.exe "C:\Users\Admin\AppData\Local\VirtualStore\Temp\ggqkf.dll",CreateInstance) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD50 00AADS-00S9B SCSI Disk Device +++++
--- User ---
[MBR] 332b7a39b16aca7656fea55c2c2b9b19
[BSP] f9bcb8bee9782548fbff0e5de19b16f5 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt
Jack&Jill
2012-07-13, 11:34
Hello jpatrick :),
Please post the logs by copy and pasting into your reply.
Please uninstall these:
YouTube Downloader 3.5
YouTube Downloader Toolbar v6.0
--------------------
We need to disable Spybot S&D's Teatimer real-time protection temporarily as it will interfere with the fix.
First step:
Right click the Spybot icon that looks like a blue/white calendar with a padlock symbol in the System Tray (lower right corner where the clock is situated).
For version 1.6, the steps are similar to either one of the below.
If you have version 1.5, click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now unchecked (unticked). The Spybot icon should now be colorless.
If you have Version 1.4, click on Exit Spybot S&D Resident.
Second step, for either version:
Open Spybot S&D.
Click Mode, choose Advanced Mode.
Go to the bottom of the vertical panel on the left, click Tools.
Then, also in left panel, click on Resident that shows a red/white shield.
If your firewall raises a question, say OK.
In the Resident protection status frame, uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active.
OK any prompts.
Exit Spybot S&D and reboot your machine for the changes to take effect.
Remember to enable it after the fix.
--------------------
RogueKiller in action
Please rerun RogueKiller. Try a few times if it does not run.
Click on Scan.
Go to the Registry tab and uncheck (untick) the following:
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
Click Delete.
Get the result via the Report button and post back the contents of the log.
--------------------
Please download Malwarebytes' Anti-Malware (MBAM)© from Malwarebytes and save it to your desktop. Click here. (http://www.malwarebytes.org/mbam-download.php)
Run MBAM
Double click on mbam-setup.exe and follow the prompts to install the program.
At the end of installation, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
MBAM will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update mirror, select one of the websites and click on Check for Updates.
Upon completion of update and loading, select the Scanner tab. Click on Perform full scan, then click on Scan.
Leave the default options as it is and click on Start Scan.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
When done, you will be prompted. Click OK, then click on Show Results.
Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time. It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.
--------------------
Your Firefox browser is outdated. Older versions have security vulnerabilities that can be exploited.
Please update your Firefox browser to the latest. You may need to use Internet Explorer temporarily for this, or download the program first before continuing the uninstall step.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:
Mozilla Firefox 9.0.1 (x86 en-US)
Go to the Mozilla Firefox download page. Click here. (http://www.mozilla.org/en-US/firefox/new/)
Click on the Free Download button and save the setup file to a convenient location.
Double click on the setup file and follow the steps accordingly.
Please check if the redirect occurs in Firefox.
--------------------
Please post back:
1. new RogueKiller log
2. MBAM report
3. if redirect occurs in Firefox
jpatrick
2012-07-13, 12:02
Hello Jack&Jill,
Sorry about the cut/paste/attach issue.
I have questions about your RogueKiller request:
- By rerun, you mean the scan as well, correct? There are no result to delete w/o my rerunning the scan.
- When you ask me to uncheck the following:
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
You want those boxes left with out a check mark and then hit delete? It seems counter intuitive to UNCHECK boxes that you want to delete.
Thanks,
Jpatrick
Jack&Jill
2012-07-14, 02:15
Hello jpatrick :),
Please run the tool the way I outlined and untick those two entries, then followed by delete. The entries are to be left out.
jpatrick
2012-07-14, 11:57
Hello Jack&Jill,
Below are the RK report & MBAM log.... copied & pasted this time :halo::
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Admin [Admin rights]
Mode: Remove -- Date: 07/14/2012 03:42:04
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 3 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : Temp (rundll32.exe "C:\Users\Admin\AppData\Local\VirtualStore\Temp\ggqkf.dll",CreateInstance) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD50 00AADS-00S9B SCSI Disk Device +++++
--- User ---
[MBR] 332b7a39b16aca7656fea55c2c2b9b19
[BSP] f9bcb8bee9782548fbff0e5de19b16f5 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.14.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: ADMIN-PC [administrator]
7/14/2012 3:53:07 AM
mbam-log-2012-07-14 (03-53-07).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 320259
Time elapsed: 32 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Utilities\Eenable Help\help.exe (PUP.Radmin) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\0.162408693952372 (Exploit.Drop.9) -> Quarantined and deleted successfully.
(end)
Jack&Jill,
I deleted the YouTube Downloader program & toolbar as well as Firefox. I've installed the new version of Firefox, have used it and have not had any redirect issues. I also used IE9 and I haven't had any redirect issues there either.....:yahoo:
I noted that when I restarted the computer after Malwarebytes prompted me to, that ERNDT errors popped up. This is the program that does an auto backup of the Registry. Is this serious? Should I reboot again & see if the issues continue?
In the list of malicious software found by Malwarebytes, there was PUP.Radmin. It was in folder called 'Utilities' & was created by my local computer dealer, E-enable, from whom I bought this computer. They told me that the folder contained programs that would help them diagnose problems. Should I let the company know that there is a problem with one of the files?
Lastly, do you know how I was infected with this redirect virus? I'm assuming that the YouTube Downloader was the main culprit. Does this mean I should not use any version of that program?
I want to thank you for your time & your help with this issue. Of course, I'm assuming that the fix worked- you will let me know if it has -but again I'm appreciative of your help in getting rid of this problem. :beerbeerb:
Cheers,
Jpatrick
jpatrick
2012-07-14, 13:38
Jack&Jill,
I continued to use IE9 & Firefox for the next hour or so just be sure there weren't any problems and suddenly in Firefox I began to be redirected again! :mad:
I think that when I deleted the old version of Firefox it kept the old settings. I was prompted to keep something & I was afraid that I would loose all my bookmarks/favorites so I unchecked/checked the box to keep the old settings. Should I remove Firefox again, this time completely, & reinstall it? Let me know what is best.
IE9 is not effected.
Jpatrick
Jack&Jill
2012-07-14, 19:11
Hello jpatrick :),
You are welcome.
ERUNT seems to have issues backing up correctly in Windows 7. When we are done, you can uninstall it if you like.
MBAM marked the said program as PUP, which means potentially unwanted program.
Yes, please avoid YouTube Downloader.
--------------------
Please download OTL© by OldTimer from one of the links below and save it to your desktop.
Link 1 (http://oldtimer.geekstogo.com/OTL.exe)
Link 2 (http://www.itxassociates.com/OT-Tools/OTL.exe)
Scan with OTL
Double click on OTL.exe to run it.
Make sure all the Use SafeList options is checked (selected). There are five of them.
Under the Modules section, please select No Company Name.
Check Scan All Users.
At the lower right corner, check LOP Check and Purity Check.
Click on Run Scan at the top left hand corner. This might take a while.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
Note: These files are saved as OTL.txt and Extras.txt on the desktop.
--------------------
Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
Click here (http://www.eset.com/onlinescan/) to go to ESET Online Scanner page.
Click on Run ESET Online Scanner. A new window will open.
For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
You will be prompted to install an ActiveX Control from ESET. Please install.
At the Computer scan settings section, uncheck (untick) Remove found threats. <-- Important, do not remove anything yet.
Then, check Scan archives.
Now, click on Advanced settings and make sure all these are checked:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Click on Scan to proceed.
When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
Post the contents in your reply.
If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.
--------------------
Please post back:
1. the OTL logs
2. ESET report
jpatrick
2012-07-15, 11:33
Good morning Jack&Jill,
I tried to download OTL.exe and I got a security warning from my SmartScreen filter which said something to the effect: the program is not commonly downloaded, it isn't signed by the auther and it could harm my computer.
Are you sure you want me to download OTL.exe? :fear:
On the Firefox issue, I uninstalled it yesterday, I rebooted my system then reinstalled it and the redirect issue seems to be gone.
FYI: After the above reboot ERDNT didn't show any errors. :D:
Jpatrick
Jack&Jill
2012-07-15, 19:24
Hello jpatrick :),
Yes, please download OTL and complete the steps.
jpatrick
2012-07-15, 20:10
Jack&Jill,
OTL LOG:
OTL logfile created on: 7/15/2012 1:32:27 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 65.41% Memory free
7.50 Gb Paging File | 5.53 Gb Available in Paging File | 73.76% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 351.32 Gb Free Space | 75.45% Space Free | Partition Type: NTFS
Drive D: | 634.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/15 05:23:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/16 21:39:13 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/04/28 18:17:04 | 000,512,000 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanCU.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/08 12:03:58 | 000,113,136 | ---- | M] () -- C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe
========== Modules (No Company Name) ==========
MOD - [2010/04/28 18:17:04 | 000,512,000 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanCU.exe
MOD - [2009/10/07 17:58:10 | 000,376,832 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanDll.dll
MOD - [2009/03/10 20:03:52 | 000,184,320 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WPSCtrl.dll
MOD - [2008/09/08 12:03:58 | 000,113,136 | ---- | M] () -- C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/09 10:07:54 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/09/09 10:07:14 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/07/02 10:08:52 | 002,061,928 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/09/09 11:12:54 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/tenday/Bennington+VT+05201
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 60 BF 6A 0E D6 CC 01 [binary data]
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\..\SearchScopes,DefaultScope = {7C0FB11C-C21D-472D-BEB2-B7CEBE00D336}
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\..\SearchScopes\{7C0FB11C-C21D-472D-BEB2-B7CEBE00D336}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/06 09:17:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\flashcatch@flashcatch.com: C:\Program Files (x86)\FlashCatch\firefox [2012/03/19 01:34:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 09:19:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/14 11:22:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/07/14 11:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2012/07/14 11:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/19 23:58:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/14 18:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/13 11:14:47 | 000,003,739 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/07/16 15:19:25 | 000,443,522 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15233 more lines...
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashCatchBHO Class) - {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files (x86)\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files (x86)\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\..\Toolbar\WebBrowser: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files (x86)\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O4:64bit: - HKLM..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\Windows\SysNative\MSTMON_S.EXE (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27A76691-41C0-4E44-995C-D5AC9A99A256}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96B9080E-81CC-4304-A255-8ED57B92B0A3}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999/09/23 11:38:49 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{609edac7-3df9-11e1-b644-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{609edac7-3df9-11e1-b644-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [1999/09/23 11:58:15 | 000,025,600 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/15 05:23:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/07/14 11:22:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2012/07/14 03:49:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2012/07/14 03:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/14 03:49:30 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/14 03:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/14 03:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/13 07:18:39 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Admin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/13 04:03:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\RK_Quarantine
[2012/07/09 20:48:23 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2012/07/08 14:33:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/07/08 14:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/07/08 14:32:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/07/08 14:29:31 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Admin\Desktop\erunt-setup.exe
[2012/07/06 09:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/01/20 22:52:21 | 000,258,560 | ---- | C] (Quad-Lock) -- C:\Program Files\UnitConverter.exe
[2001/06/20 17:34:39 | 000,127,488 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\QuickTimeUpdater.exe
[2001/06/20 17:34:38 | 001,043,968 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\QuickTimePlayer.exe
[2001/06/20 17:34:38 | 000,303,616 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\PictureViewer.exe
[2001/06/20 17:34:38 | 000,225,792 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\QTInfo.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/15 13:26:04 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/15 13:25:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/15 05:23:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/07/15 05:19:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/14 18:01:49 | 101,528,768 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/14 11:27:10 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 11:27:10 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 11:24:13 | 000,792,118 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/14 11:24:13 | 000,668,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/14 11:24:13 | 000,125,022 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/14 11:22:53 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/14 11:19:51 | 3018,690,560 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/14 04:37:43 | 000,032,894 | ---- | M] () -- C:\Users\Admin\Desktop\Reboot notice ERDNT 4.jpg
[2012/07/14 04:37:11 | 000,035,537 | ---- | M] () -- C:\Users\Admin\Desktop\Reboot notice ERDNT 3.jpg
[2012/07/14 04:36:31 | 000,033,751 | ---- | M] () -- C:\Users\Admin\Desktop\Reboot notice ERDNT 2.jpg
[2012/07/14 04:35:44 | 000,052,417 | ---- | M] () -- C:\Users\Admin\Desktop\Reboot notice ERDNT.jpg
[2012/07/14 04:27:48 | 000,047,009 | ---- | M] () -- C:\Users\Admin\Desktop\Malwarebytes results 07142012.jpg
[2012/07/14 03:49:31 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/13 09:40:18 | 000,013,312 | -H-- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/13 07:19:36 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Admin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/13 04:01:29 | 001,558,016 | ---- | M] () -- C:\Users\Admin\Desktop\RogueKiller.exe
[2012/07/13 03:58:57 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Desktop\MBR.dat
[2012/07/12 09:01:41 | 000,076,515 | ---- | M] () -- C:\Users\Admin\Desktop\VPT malware issue 07122012.jpg
[2012/07/12 09:00:01 | 000,387,979 | ---- | M] () -- C:\Users\Admin\Desktop\2012-07-World-Detailed.pdf
[2012/07/12 08:58:01 | 000,088,275 | ---- | M] () -- C:\Users\Admin\Desktop\2012-07-World-Grid.pdf
[2012/07/12 08:57:05 | 000,108,656 | ---- | M] () -- C:\Users\Admin\Desktop\2012-07-Create-Grid.pdf
[2012/07/12 08:56:06 | 000,388,956 | ---- | M] () -- C:\Users\Admin\Desktop\2012-07-VPT-Detailed.pdf
[2012/07/11 22:19:57 | 000,443,522 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/11 22:14:54 | 000,000,938 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120711-221957.backup
[2012/07/11 22:13:58 | 000,443,522 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120711-221454.backup
[2012/07/11 12:32:41 | 000,007,611 | -H-- | M] () -- C:\Users\Admin\AppData\Local\resmon.resmoncfg
[2012/07/10 10:41:51 | 017,855,727 | ---- | M] () -- C:\Users\Admin\Documents\Styx The Grand Illusion with lyrics.wmv
[2012/07/10 10:40:02 | 023,780,647 | ---- | M] () -- C:\Users\Admin\Documents\Styx The Grand Illusion with lyrics.flv
[2012/07/10 10:24:02 | 015,478,199 | ---- | M] () -- C:\Users\Admin\Documents\Why America is NOT the greatest country in the world, anymore..wmv
[2012/07/10 10:21:24 | 015,722,051 | ---- | M] () -- C:\Users\Admin\Documents\Why America is NOT the greatest country in the world, anymore..flv
[2012/07/09 20:48:23 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2012/07/08 22:09:52 | 000,277,807 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/08 14:32:23 | 000,001,108 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/07/08 14:32:00 | 000,000,928 | ---- | M] () -- C:\Users\Admin\Desktop\NTREGOPT.lnk
[2012/07/08 14:32:00 | 000,000,909 | ---- | M] () -- C:\Users\Admin\Desktop\ERUNT.lnk
[2012/07/07 15:27:22 | 000,017,884 | ---- | M] () -- C:\Users\Admin\Documents\cc_20120707_152716.reg
[2012/07/06 20:38:29 | 000,443,048 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120711-221358.backup
[2012/07/06 09:17:48 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/02 17:00:16 | 000,001,369 | ---- | M] () -- C:\Windows\wininit.ini
[2012/07/02 11:43:12 | 000,442,922 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120706-203829.backup
[2012/07/02 11:39:37 | 000,046,270 | ---- | M] () -- C:\Users\Admin\Documents\cc_20120702_113920.reg
[2012/06/26 10:32:43 | 000,442,922 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120702-114312.backup
[2012/06/16 02:37:20 | 000,442,922 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120626-103243.backup
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/07/14 11:22:52 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/14 04:37:43 | 000,032,894 | ---- | C] () -- C:\Users\Admin\Desktop\Reboot notice ERDNT 4.jpg
[2012/07/14 04:37:11 | 000,035,537 | ---- | C] () -- C:\Users\Admin\Desktop\Reboot notice ERDNT 3.jpg
[2012/07/14 04:36:31 | 000,033,751 | ---- | C] () -- C:\Users\Admin\Desktop\Reboot notice ERDNT 2.jpg
[2012/07/14 04:35:44 | 000,052,417 | ---- | C] () -- C:\Users\Admin\Desktop\Reboot notice ERDNT.jpg
[2012/07/14 04:27:48 | 000,047,009 | ---- | C] () -- C:\Users\Admin\Desktop\Malwarebytes results 07142012.jpg
[2012/07/14 03:49:31 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/13 04:01:28 | 001,558,016 | ---- | C] () -- C:\Users\Admin\Desktop\RogueKiller.exe
[2012/07/12 09:01:41 | 000,076,515 | ---- | C] () -- C:\Users\Admin\Desktop\VPT malware issue 07122012.jpg
[2012/07/12 09:00:01 | 000,387,979 | ---- | C] () -- C:\Users\Admin\Desktop\2012-07-World-Detailed.pdf
[2012/07/12 08:58:01 | 000,088,275 | ---- | C] () -- C:\Users\Admin\Desktop\2012-07-World-Grid.pdf
[2012/07/12 08:57:05 | 000,108,656 | ---- | C] () -- C:\Users\Admin\Desktop\2012-07-Create-Grid.pdf
[2012/07/12 08:56:06 | 000,388,956 | ---- | C] () -- C:\Users\Admin\Desktop\2012-07-VPT-Detailed.pdf
[2012/07/10 10:40:26 | 017,855,727 | ---- | C] () -- C:\Users\Admin\Documents\Styx The Grand Illusion with lyrics.wmv
[2012/07/10 10:35:42 | 023,780,647 | ---- | C] () -- C:\Users\Admin\Documents\Styx The Grand Illusion with lyrics.flv
[2012/07/10 10:22:49 | 015,478,199 | ---- | C] () -- C:\Users\Admin\Documents\Why America is NOT the greatest country in the world, anymore..wmv
[2012/07/10 10:17:46 | 015,722,051 | ---- | C] () -- C:\Users\Admin\Documents\Why America is NOT the greatest country in the world, anymore..flv
[2012/07/09 20:50:33 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Desktop\MBR.dat
[2012/07/08 14:32:23 | 000,001,108 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/07/08 14:32:00 | 000,000,928 | ---- | C] () -- C:\Users\Admin\Desktop\NTREGOPT.lnk
[2012/07/08 14:32:00 | 000,000,909 | ---- | C] () -- C:\Users\Admin\Desktop\ERUNT.lnk
[2012/07/07 15:27:20 | 000,017,884 | ---- | C] () -- C:\Users\Admin\Documents\cc_20120707_152716.reg
[2012/07/02 17:00:11 | 000,001,369 | ---- | C] () -- C:\Windows\wininit.ini
[2012/07/02 11:39:31 | 000,046,270 | ---- | C] () -- C:\Users\Admin\Documents\cc_20120702_113920.reg
[2012/02/16 23:43:03 | 000,000,000 | -H-- | C] () -- C:\Users\Admin\AppData\Local\rx_image32.Cache
[2012/02/05 15:56:35 | 000,013,312 | -H-- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/02 20:43:30 | 000,007,611 | -H-- | C] () -- C:\Users\Admin\AppData\Local\resmon.resmoncfg
[2012/01/30 02:14:08 | 000,000,061 | ---- | C] () -- C:\Windows\avinstalled.ini
[2012/01/14 17:19:30 | 000,020,436 | ---- | C] () -- C:\Windows\W2BNEUnin.dat
[2012/01/13 19:14:43 | 000,019,632 | ---- | C] () -- C:\Windows\MSTMON_S.INI
[2012/01/13 19:14:43 | 000,019,472 | ---- | C] () -- C:\Windows\MSUMLT_S.INI
[2012/01/13 19:04:01 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2012/01/13 10:01:49 | 000,785,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/13 09:48:10 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2001/06/20 17:34:32 | 000,082,395 | ---- | C] () -- C:\Program Files\Sample.mov
[2001/06/20 17:34:32 | 000,029,363 | ---- | C] () -- C:\Program Files\Sample.qtif
[2001/06/20 17:34:32 | 000,004,653 | ---- | C] () -- C:\Program Files\readme.wri
========== LOP Check ==========
[2012/03/13 00:16:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Audacity
[2012/01/13 11:26:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVG2012
[2012/01/13 23:19:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2012/01/13 11:36:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2012/01/20 22:52:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\UnitConverter
[2009/07/14 01:08:49 | 000,011,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
jpatrick
2012-07-15, 20:13
Jack&Jill,
The OTL EXTRAS log:
OTL Extras logfile created on: 7/15/2012 1:32:27 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 65.41% Memory free
7.50 Gb Paging File | 5.53 Gb Available in Paging File | 73.76% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 351.32 Gb Free Space | 75.45% Space Free | Partition Type: NTFS
Drive D: | 634.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0313D945-F3CA-4A16-BD78-89DF7D2F0F68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{050DABD9-4A75-4E2D-B1C8-CFD58A1BCA20}" = rport=445 | protocol=6 | dir=out | app=system |
"{21E3C675-D447-47CC-9B8F-886C6F1C61BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2E014DC4-D5D4-479D-A653-B1243CAC1708}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2E68E02A-77DE-4B71-8FAE-9577E33E9E46}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40E0EC41-9C56-4DD7-AF30-B29B4EEB3DE2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{546F77E4-5094-4585-A81E-B6453F3FC62C}" = rport=138 | protocol=17 | dir=out | app=system |
"{5C4A16DF-1703-4B1E-BA03-8F3AA19E3A40}" = rport=137 | protocol=17 | dir=out | app=system |
"{880992ED-1D4A-4977-B00A-5E38AC14C024}" = lport=10243 | protocol=6 | dir=in | app=system |
"{95FAAE37-E3E2-4DE8-8A70-A428A373578E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AC786BA4-6710-4AFF-ACE0-931D1B7B00F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{AD8C752E-CB35-49FF-A727-7525B5BC8C29}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B37C10B1-D8E5-4947-B3D4-FCD0156A897D}" = lport=138 | protocol=17 | dir=in | app=system |
"{B8CB82F6-4191-4F56-AC33-517F830DC390}" = lport=137 | protocol=17 | dir=in | app=system |
"{BA649EEA-4A4A-4BB6-9140-9D103140CD0F}" = lport=445 | protocol=6 | dir=in | app=system |
"{BB01630B-62FA-4407-8E43-A1889F28A3B3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C305C4F3-6B45-405F-BE6B-970FE95EDC0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2231BD0-CF34-46EF-B243-E2E6316BDAF9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D39A4952-41BF-430D-A129-E6298FFB2CF9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D96CC3DB-2F9B-4C62-91D9-A4840F653BAE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E390A330-17A6-4F41-B478-F541301832C9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F264C598-DEBB-4814-BB14-73966FF719E8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FDC38785-F232-4A8B-8AEF-9F1B6474C637}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C8BDA1-8C18-499A-92D8-F8EFFEEC28D9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{07426982-116A-4E74-A7B6-5C49B6EB9F07}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{0AF34461-C86A-4A00-8495-1FAC66BD8325}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{11854DCA-E797-428F-8941-0B8966D463DE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{20451FE7-1A62-4450-A362-636931BF15C9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{25ADB5D1-5A66-4C6F-AF62-D8D736C258A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28EA1FE0-5DE3-4AE7-8512-04B4CCD0CC3E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{2C7AAD98-C5BE-4831-9BF1-F6E459F804AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2F624ED8-FEA0-40B3-85E9-E5D4895D845B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2FD21A30-E388-478B-9BC2-05219A8C024F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3351907B-64BE-40B0-9456-9AFD61E5E9E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40242CD5-69F3-4CB8-A473-1C8122EB64A5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{474BDA8B-22C2-47B4-98D8-6ABF81964276}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{491962E1-44D2-4015-82F6-34413D18FD9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EE3A50E-F34D-4594-8EE6-1FD91AC2E030}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{61F4C2B7-D9B1-4B62-91C5-BBA7BA527E84}" = protocol=6 | dir=out | app=system |
"{6C862B35-73D7-40B5-BDF4-66B5AC2DF649}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FCF89EF-1D22-44AD-811A-4AA29D4C16EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{79A25403-6BCE-448F-91D6-D45BC3C1290A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{7C8422A9-2A8F-42D0-BF0D-0C0272BADBD5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7FDB253E-FD6D-4BE5-A7D2-7F2D36CBDE9F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8D9A7334-8751-4E72-8E6F-747E0EEF9EE1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{A16378D3-7E9D-4A9D-A039-BE1A8D28C83F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{AB565E20-D988-474F-9933-1D393374B8AB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AE31AF2C-BC48-4580-85A6-C3FE7E8AB566}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6690302-D785-491E-8473-C67B468866A9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{CE3562A2-C2B6-4B32-824C-C8E9CC45DD6F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E4010475-DDBA-420F-B548-DC4941205A8A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E55D9CB9-F7FF-4D00-A42B-9104497BD890}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E63B6197-4630-4DD1-93C0-3461DF0F738A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{E6FD7598-4A42-4489-924B-E0CBC1BE01E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E7E75174-4AE2-4E08-BE8E-20537A27AD1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E947FC74-0A10-4984-94A2-44FC93F20116}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{EDD3CFF4-8E2C-42E0-9AB0-194D6B5D6C18}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{F8B53D5C-E4DB-4A24-8A95-0B26B2A7D004}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{FBC1E7CB-C3D5-4531-9AB2-605147C9648A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{6B9CE44B-52D0-4B2F-BDFA-56FF4977A790}" = AVG 2012
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"1196D442E5ECB5E86948906FE5B87E4D58C27BA4" = Windows Driver Package - Realtek Semiconductor Corp (RTL85n64) Net (06/15/2010 6.1125.0615.2010)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"CCleaner" = CCleaner
"KONICA MINOLTA magicolor 2400W" = KONICA MINOLTA magicolor 2400W
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"VueScan" = VueScan
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{26E80502-72BB-4095-877F-44925A5D6B91}" = FrenchNow!
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator 10 CE
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7CFD02D2-44CF-4033-97E8-768A82C4C007}" = Roxio Plextor Driver Documentation
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{99024F9F-40ED-4CBF-9744-2015334006E0}" = GrammarPro!
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0AB2980-1FDD-4b6c-940C-FC87C84F05B7}_is1" = FlashCatch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B1BDEA80-95CE-4DFB-B9D3-DC800E7F87B4}" = TRENDnet 802.11g Wireless CardBus/PCI Adapter
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3C10B1-C8C2-4197-A687-0901064F68AB}" = Roxio Creator 10 CE
"{D533DC05-E776-4ABC-82E1-D8D733D2E6B3}" = AncestryView 2.6
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Digital Editions" = Adobe Digital Editions
"ERUNT_is1" = ERUNT 1.1j
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{D533DC05-E776-4ABC-82E1-D8D733D2E6B3}" = AncestryView 2.6
"IrfanView" = IrfanView (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"Legacy 6.0" = Legacy 6.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"QuickTime" = QuickTime
"Universal Extractor_is1" = Universal Extractor 1.6.1
"Warcraft II BNE" = Warcraft II BNE
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BandiZip" = BandiZip
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/10/2012 12:31:28 AM | Computer Name = Admin-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 7/12/2012 4:33:02 AM | Computer Name = Admin-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 7/12/2012 8:56:39 AM | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 13a0 Start
Time: 01cd6029b0c545b4 Termination Time: 47 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:
Error - 7/12/2012 8:58:22 AM | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x73b0c9f1 Faulting process id:
0xc98 Faulting application start time: 0x01cd602de556ed24 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 423d3674-cc21-11e1-9de3-50e5499d7e93
Error - 7/12/2012 9:00:07 AM | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00e05ab0 Faulting process id:
0x10c0 Faulting application start time: 0x01cd602e0fefa684 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 80cbb94c-cc21-11e1-9de3-50e5499d7e93
Error - 7/12/2012 1:57:28 PM | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1dc Start
Time: 01cd60527d3d2b70 Termination Time: 30 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:
Error - 7/13/2012 7:45:56 AM | Computer Name = Admin-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 7/14/2012 4:33:53 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/14/2012 11:20:00 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/15/2012 6:27:29 AM | Computer Name = Admin-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
[ System Events ]
Error - 7/9/2012 8:28:30 PM | Computer Name = Admin-PC | Source = DCOM | ID = 10016
Description =
Error - 7/13/2012 4:06:40 AM | Computer Name = Admin-PC | Source = DCOM | ID = 10016
Description =
Error - 7/13/2012 7:18:11 PM | Computer Name = Admin-PC | Source = DCOM | ID = 10016
Description =
Error - 7/14/2012 4:33:52 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%2
Error - 7/14/2012 4:34:02 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter
Error - 7/14/2012 7:40:55 AM | Computer Name = Admin-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.
Error - 7/14/2012 11:19:59 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%2
Error - 7/14/2012 11:20:06 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter
Error - 7/14/2012 11:21:23 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).
Error - 7/14/2012 11:03:54 PM | Computer Name = Admin-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.
< End of report >
jpatrick
2012-07-15, 20:51
Jack&Jill,
ESET LOG:
C:\Users\Admin\AppData\Local\VirtualStore\Temp\ggqkf.dll a variant of Win32/Kryptik.AIGG trojan
C:\Users\Admin\Desktop\RK_Quarantine\ggqkf.dll.vir a variant of Win32/Kryptik.AIGG trojan
C:\Users\Admin\Desktop\Various\Applications\IE7ProSetup_2.5.1.exe Win32/OpenCandy application
C:\Users\Admin\Desktop\Various\Applications\media.player.codec.pack.v3.9.1.setup.exe Win32/Toolbar.Widgi application
C:\Users\Admin\Desktop\Various\Applications\media.player.codec.pack.v3.9.9.setup.exe a variant of Win32/Toolbar.Widgi application
C:\Users\Admin\Desktop\Various\Applications\YouTubeDownloaderSetup272.exe a variant of Win32/Toolbar.Widgi application
C:\Users\Admin\Desktop\Various\Applications\YouTubeDownloaderSetup35.exe Win32/Toolbar.Widgi application
C:\Users\Admin\Desktop\Various\Applications\YouTubeDownloaderSetup35.exe.yc1ptij.partial Win32/Toolbar.Widgi application
C:\Utilities\produkey\produkey.zip a variant of Win32/PSWTool.ProductKey application
Jack&Jill
2012-07-16, 17:29
Hello jpatrick :),
Fix with OTL
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click on OTL.exe to run it.
Copy and paste the following text into the white box below Custom Scans/Fixes:
:otl
O15 - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
:files
C:\Users\Admin\AppData\Local\VirtualStore\Temp\ggqkf.dll
C:\Users\Admin\Desktop\Various\Applications\IE7ProSetup_2.5.1.exe
C:\Users\Admin\Desktop\Various\Applications\media.player.codec.pack.v3.9.1.setup.exe
C:\Users\Admin\Desktop\Various\Applications\media.player.codec.pack.v3.9.9.setup.exe
C:\Users\Admin\Desktop\Various\Applications\YouTubeDownloaderSetup272.exe
C:\Users\Admin\Desktop\Various\Applications\YouTubeDownloaderSetup35.exe
C:\Users\Admin\Desktop\Various\Applications\YouTubeDownloaderSetup35.exe.yc1ptij.partial
ipconfig /flushdns /c
:commands
[CREATERESTOREPOINT]
[EMPTYTEMP]
Click Run Fix. Everything on the desktop may disappear, this is normal. Please wait until the tool completes its routine.
Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
If requested to reboot, please do so. The log file will open after restart.
Enable back your security softwares as soon as you completed the OTL fix steps.
--------------------
Please post back:
1. the OTL fix log
2. any more problems?
jpatrick
2012-07-16, 21:40
Hello Jack&Jill,
The OTL fix log:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\oas.support\ deleted successfully.
========== FILES ==========
C:\Users\Admin\AppData\Local\VirtualStore\Temp\ggqkf.dll moved successfully.
C:\Users\Admin\Desktop\Various\Applications\IE7ProSetup_2.5.1.exe moved successfully.
C:\Users\Admin\Desktop\Various\Applications\media.player.codec.pack.v3.9.1.setup.exe moved successfully.
C:\Users\Admin\Desktop\Various\Applications\media.player.codec.pack.v3.9.9.setup.exe moved successfully.
C:\Users\Admin\Desktop\Various\Applications\YouTubeDownloaderSetup272.exe moved successfully.
C:\Users\Admin\Desktop\Various\Applications\YouTubeDownloaderSetup35.exe moved successfully.
C:\Users\Admin\Desktop\Various\Applications\YouTubeDownloaderSetup35.exe.yc1ptij.partial moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Admin\Desktop\cmd.bat deleted successfully.
C:\Users\Admin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 66048856 bytes
->Temporary Internet Files folder emptied: 33544541 bytes
->Java cache emptied: 5004506 bytes
->FireFox cache emptied: 65404611 bytes
->Flash cache emptied: 120955 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 747776 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 9533158 bytes
Total Files Cleaned = 172.00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07162012_150319
Files\Folders moved on Reboot...
C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
Jack&Jill,
FYI: After the fix/reboot, I noticed that an issue I had been having for a few months had been resolved. In windows 7, on the desktop, the tool bar at the bottom of the page allows you to "pin" application icon shortcuts. Two of those icons had "lost" their image and in their place was the unrecognized file icon. Strange how this was connected to the redirect infection.
I will post questions & concerns in the next post.
Thanks,
Jpatrick
jpatrick
2012-07-16, 23:12
Hello Jack&Jill,
Below are some questions/concerns that I have:
- What should I do with the programs: OTL, aswMBR, RogueKiller, mbam & ESET(this one I didn't delete after the online scan)?
- I use Spybot & AVG, but neither of these detected any problems. Should I keep mbam & bag one of the others?
- I noted that these program setup files were "infected":
C:\Users\Admin\Desktop\Various\Applications\IE7ProSetup_2.5.1.exe
C:\Users\Admin\Desktop\Various\Applications\media.player.codec.pack.v3.9.1.setup.exe
C:\Users\Admin\Desktop\Various\Applications\media.player.codec.pack.v3.9.9.setup.exe
C:\Users\Admin\Desktop\Various\Applications\YouTubeDownloaderSetup272.exe
C:\Users\Admin\Desktop\Various\Applications\YouTubeDownloaderSetup35.exe
C:\Users\Admin\Desktop\Various\Applications\YouTubeDownloaderSetup35.exe.yc1ptij.partial
Two issues: 1. Were these infected when I downloaded them from CNET, or where they infected by malware after I downloaded them, or were they not "infected", but just a vehicle for infections, PUP type programs? 2. I have backed up those files on an EXTERNAL hard drive. Can I go into that external hd and delete those files without reinfecting my system? Is it possible to scan the external drive with the programs you had me download?
- I have also used USB Flash drives to backup some files... none of those files. Is there a threat with those?
- The RogueKiller, -RK_Quarantine folder-, with contents, is still on my desktop. Should I delete the folder and/or the contents?
- Could this malware issue have made me vulnerable to identity theft? Do I need to change passwords or call my bank?
This is all I can think of right now.
Thank you for taking the time to answer the above.
Jpatrick
Jack&Jill
2012-07-17, 04:01
Hello jpatrick :),
Two issues: 1. Were these infected when I downloaded them from CNET, or where they infected by malware after I downloaded them, or were they not "infected", but just a vehicle for infections, PUP type programs? 2. I have backed up those files on an EXTERNAL hard drive. Can I go into that external hd and delete those files without reinfecting my system? Is it possible to scan the external drive with the programs you had me download?
- I have also used USB Flash drives to backup some files... none of those files. Is there a threat with those?
They are PUP or borderline type, basicaly from the source. Yes, you can go into the external drive and delete them. To be sure, you can try MBAM or ESET on any drives or USB device you have.
- Could this malware issue have made me vulnerable to identity theft? Do I need to change passwords or call my bank? As far as I can tell, the threat is not that severe, but with malware, you will never know. Due to this, better safe than sorry.
For the rest of your questions, the answers are below.
--------------------
Congratulations, you are All Clear to go. Glad to hear everything is good and running :). If you have any more problems, please let me know.
Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.
Run OTL by double clicking on OTL.exe. Click on CleanUp, proceed to reboot if prompted.
Delete the aswMBR and RogueKiller files on your desktop.
Delete any logs on the desktop.
Some tips to help you stay clean and safe:
1. Keep your Windows up to date. Enable Automatic Updates for Windows 7 (http://windows.microsoft.com/en-us/windows7/Turn-automatic-updating-on-or-off) to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.
2. Purge System Restore, for this one time only. A recovery feature will only be useful if it is clean from malwares. See Windows 7 System Restore Guide (http://www.sevenforums.com/tutorials/81500-system-restore-enable-disable.html) for some detail explanations.
3. Update your Antivirus program regularly, it is a must for constant protection against viruses. If you do not have one, Microsoft Security Essentials (http://www.microsoft.com/security_essentials/) and Avast (http://www.avast.com/eng/download-avast-home.html) are some great and free antivirus programs that you can try. For paid versions, Avast, ESET NOD32 (http://www.eset.com/products/nod32.php) and Kaspersky (http://www.kaspersky.com/kaspersky_anti-virus) are some good options. Please keep only one AV installed.
4. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool (http://www.malwarebytes.org/mbam.php), totally free but for real-time protection you will have to pay a small one-time fee.
5. Install WinPatrol, a great protection program (http://www.winpatrol.com/) that helps you monitor for unwanted files or applications. You need to choose between Spybot or Winpatrol.
6. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts (http://www.mvps.org/winhelp2002/hosts.htm) for this purpose. You don't need this if you have Spybot's immunization.
7. Install Web of Trust (WOT). WOT (http://www.mywot.com/) keeps you from dangerous websites with warnings and blockings.
8. Protect your computer from removable or USB drive infections with MCShield (http://amf.mycity.rs/programs/mc/mcshield/), an effective method to prevent malware from spreading.
9. Keep all your softwares updated. Visit Secunia Software Inspector (http://secunia.com/software_inspector/) to find out if any updates required.
10. Make full use of Windows 7 firewall to step up the defense (http://www.petri.co.il/windows-7-firewall.htm) against internet dangers.
11. Also look up:
Computer Security - a short guide to staying safer online (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=54766)
PC Safety and Security - What Do I Need? By Glaswegian (http://www.techsupportforum.com/security-center/general-computer-security/525915-pc-safety-security-what-do-i-need.html)
How to prevent malware: By miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
So how did I get infected in the first place? By Tony Klein (http://forums.spybot.info/showthread.php?t=279)
Microsoft Online Safety (http://www.microsoft.com/protect/default.aspx)
Stay safe.
Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)
jpatrick
2012-07-17, 08:19
Hello Jack&Jill,
This is getting ridiculous! I was using Firefox (I usually use IE9... I've heard/read the Firefox is more secure so I thought I use that more regularly.) and again, when I right click on a link to open it in a new tab I've been redirected!!
I ran MBAM and it found this:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.14.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: ADMIN-PC [administrator]
7/17/2012 1:01:05 AM
mbam-log-2012-07-17 (01-47-51).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 320813
Time elapsed: 30 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Admin\AppData\Local\Temp\0.8223045982200018 (Trojan.BHO) -> No action taken.
(end)
WTF!! :mad:
I didn't delete it... I wanted you to see it first.
I had an XP machine for 9 years.... that's right 9 years! I was infected once, in April 2011. I thought an 'upgrade' might be in order.... 1/2 a gigbyte of RAM memory was ridiculously slow, but the cost of this new operating system & newer IE is making me long XP Home & IE7!!
What could be causing this reinfection? I have NOT connected my external HD to deal with the PUP programs we deleted early yesterday nor have I used the flash drives. I just surfed in Firefox!
I checked the Add-on Manager in Firefox & the Java plug-in has issues but Firefox has blocked it's use. Spybot TeaTimer is running.
FYI: I haven't deleted any of the programs we used to diagnose these problems if we need to use the them again.
Now what?
Jpatrick
Jack&Jill
2012-07-17, 11:05
Hello jpatrick :),
Does your problem occur in IE? What sites did you surf and where did you get redirected?
Lets get a few things up to date and then check with the tools.
--------------------
Please update your Adobe Reader to the latest.
Open Adobe Reader.
Go to Help on the pull down menu, then select Check for Updates....
Continue accordingly and close it when done.
--------------------
Your Java Runtime Environment is outdated. Older versions have security vulnerabilities that can be exploited.
Please update JRE to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:
Java(TM) 6 Update 30
Go to the Java SE download page. Click here. (http://www.oracle.com/technetwork/java/javase/downloads/index.html)
Look for Java SE 7u5. Click the Download button to the right below JRE.
Click on Accept License Agreement after reading Oracle Binary Code License Agreement for Java SE.
From a list of files for download, click on the link which says jre-7u5-windows-i586.exe besides Windows x86 Offline (32-bit) and save the file to your desktop.
For 64-bit machines, you may need to get the above as well as jre-7u5-windows-x64.exe besides Windows x64 (64-bit).
Close any programs you may have running, especially your web browser.
Then, from your desktop, double click on the download to install the newest version. Reboot your computer.
--------------------
Please run a scan with RogueKiller and OTL and post back the logs.
--------------------
Please post back:
1. the answers to my questions
2. fresh RogueKiller log
3. fresh OTL log
jpatrick
2012-07-17, 18:01
Hello Jack&Jill,
I updated Adobe & did as you requested with Java.
YES, the redirect now works with IE9! Oh joy... I was redirected from Google & Yahoo.... again.
As to where I navigated, I took images of the history, but I can't attach them here because the limit on the size of files is 97k! No copy & paste option for the history either. Basically, I went to a the sites you recommended for security programs, a Hotmail account, logged out of hotmail which sent to MSN, my local newspaper site(Bennington Banner), Google search(which is where the redirect started), Google search link to newspaperarchive.com- I never made it to that site, redirect -. In the image of the FF history, which I can't post, it shows after the Bennington Banner site, something happens with Google:
www.google.com/setprefs?sig=0_eyqyfPEjGpwNIEJU3tCRAPukIAU%3D&submit2=Save+Preference.... I loose the rest of the detail.
I didn't request a change in preferences until 7 navigation lines above. I wanted more results per window.
RK Report:
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Admin [Admin rights]
Mode: Scan -- Date: 07/17/2012 11:04:09
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 4 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : Programs (rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Programs\djdhrmx.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-4245015985-2778896149-1756623667-1000[...]\Run : Programs (rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Programs\djdhrmx.dll",CreateInstance) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD50 00AADS-00S9B SCSI Disk Device +++++
--- User ---
[MBR] 332b7a39b16aca7656fea55c2c2b9b19
[BSP] f9bcb8bee9782548fbff0e5de19b16f5 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt
Jpatrick
jpatrick
2012-07-17, 18:02
OTL logfile created on: 7/17/2012 11:17:10 AM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 63.34% Memory free
7.50 Gb Paging File | 5.86 Gb Available in Paging File | 78.13% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 351.24 Gb Free Space | 75.43% Space Free | Partition Type: NTFS
Drive D: | 634.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/15 05:23:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:56 | 000,493,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/04/28 18:17:04 | 000,512,000 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanCU.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/08 12:03:58 | 000,113,136 | ---- | M] () -- C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe
========== Modules (No Company Name) ==========
MOD - [2010/04/28 18:17:04 | 000,512,000 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanCU.exe
MOD - [2009/10/07 17:58:10 | 000,376,832 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanDll.dll
MOD - [2009/03/10 20:03:52 | 000,184,320 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WPSCtrl.dll
MOD - [2008/09/08 12:03:58 | 000,113,136 | ---- | M] () -- C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/09 10:07:54 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/09/09 10:07:14 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/07/02 10:08:52 | 002,061,928 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/09/09 11:12:54 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/tenday/Bennington+VT+05201
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 60 BF 6A 0E D6 CC 01 [binary data]
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\..\SearchScopes,DefaultScope = {7C0FB11C-C21D-472D-BEB2-B7CEBE00D336}
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\..\SearchScopes\{7C0FB11C-C21D-472D-BEB2-B7CEBE00D336}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/17 10:11:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\flashcatch@flashcatch.com: C:\Program Files (x86)\FlashCatch\firefox [2012/03/19 01:34:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 09:19:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/14 11:22:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/07/14 11:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2012/07/16 17:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\01m5c2ag.default\extensions
[2012/07/14 11:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/19 23:58:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[1832/11/29 00:30:07 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\01M5C2AG.DEFAULT\EXTENSIONS\KYCXFNCUUG@KYCXFNCUUG.ORG.XPI
[2012/06/14 18:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/13 11:14:47 | 000,003,739 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/07/16 15:19:25 | 000,443,522 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15233 more lines...
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FlashCatchBHO Class) - {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files (x86)\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files (x86)\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\..\Toolbar\WebBrowser: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files (x86)\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O4:64bit: - HKLM..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\Windows\SysNative\MSTMON_S.EXE (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000..\Run: [Programs] C:\Users\Admin\AppData\Local\Temp\Programs\djdhrmx.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27A76691-41C0-4E44-995C-D5AC9A99A256}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96B9080E-81CC-4304-A255-8ED57B92B0A3}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999/09/23 11:38:49 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{609edac7-3df9-11e1-b644-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{609edac7-3df9-11e1-b644-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [1999/09/23 11:58:15 | 000,025,600 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/17 11:04:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\RK_Quarantine
[2012/07/17 10:53:40 | 000,955,888 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/07/17 10:53:40 | 000,839,152 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/07/17 10:53:40 | 000,268,784 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/07/17 10:53:28 | 000,189,424 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/07/17 10:53:28 | 000,188,912 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/07/17 10:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/07/17 10:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/17 10:52:19 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/07/17 10:52:19 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/17 10:52:06 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/17 10:52:06 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/17 10:51:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/07/17 10:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/16 15:03:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/15 13:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/15 05:23:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/07/14 11:22:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2012/07/14 03:49:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2012/07/14 03:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/14 03:49:30 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/14 03:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/14 03:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/08 14:33:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/07/08 14:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/07/08 14:32:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/01/20 22:52:21 | 000,258,560 | ---- | C] (Quad-Lock) -- C:\Program Files\UnitConverter.exe
[2001/06/20 17:34:39 | 000,127,488 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\QuickTimeUpdater.exe
[2001/06/20 17:34:38 | 001,043,968 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\QuickTimePlayer.exe
[2001/06/20 17:34:38 | 000,303,616 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\PictureViewer.exe
[2001/06/20 17:34:38 | 000,225,792 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\QTInfo.exe
========== Files - Modified Within 30 Days ==========
[2012/07/17 10:53:19 | 000,955,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/07/17 10:53:19 | 000,839,152 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/07/17 10:53:19 | 000,268,784 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/07/17 10:53:19 | 000,189,424 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/07/17 10:53:19 | 000,188,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/07/17 10:51:55 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/07/17 10:51:55 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/07/17 10:51:55 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/17 10:51:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/17 10:51:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/17 10:50:43 | 000,120,474 | ---- | M] () -- C:\Users\Admin\Desktop\FF history 4.jpg
[2012/07/17 10:49:07 | 000,326,584 | ---- | M] () -- C:\Users\Admin\Desktop\FF history 3.jpg
[2012/07/17 10:48:04 | 000,254,688 | ---- | M] () -- C:\Users\Admin\Desktop\FF history 2.jpg
[2012/07/17 10:24:25 | 000,252,791 | ---- | M] () -- C:\Users\Admin\Desktop\FF History 1.jpg
[2012/07/17 10:22:05 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/17 10:22:05 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/17 10:19:02 | 000,792,118 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/17 10:19:02 | 000,668,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/17 10:19:02 | 000,125,022 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/17 10:19:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/17 10:14:54 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/17 10:14:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/17 10:14:44 | 3018,690,560 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/17 10:11:18 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/17 10:10:32 | 101,577,521 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/16 15:19:25 | 000,443,522 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/15 05:23:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/07/14 11:22:53 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/14 03:49:31 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/13 09:40:18 | 000,013,312 | -H-- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/13 04:01:29 | 001,558,016 | ---- | M] () -- C:\Users\Admin\Desktop\RogueKiller.exe
[2012/07/12 09:00:01 | 000,387,979 | ---- | M] () -- C:\Users\Admin\Desktop\2012-07-World-Detailed.pdf
[2012/07/12 08:58:01 | 000,088,275 | ---- | M] () -- C:\Users\Admin\Desktop\2012-07-World-Grid.pdf
[2012/07/12 08:57:05 | 000,108,656 | ---- | M] () -- C:\Users\Admin\Desktop\2012-07-Create-Grid.pdf
[2012/07/12 08:56:06 | 000,388,956 | ---- | M] () -- C:\Users\Admin\Desktop\2012-07-VPT-Detailed.pdf
[2012/07/11 22:19:57 | 000,443,522 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120716-151925.backup
[2012/07/11 22:14:54 | 000,000,938 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120711-221957.backup
[2012/07/11 22:13:58 | 000,443,522 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120711-221454.backup
[2012/07/11 12:32:41 | 000,007,611 | -H-- | M] () -- C:\Users\Admin\AppData\Local\resmon.resmoncfg
[2012/07/10 10:41:51 | 017,855,727 | ---- | M] () -- C:\Users\Admin\Documents\Styx The Grand Illusion with lyrics.wmv
[2012/07/10 10:40:02 | 023,780,647 | ---- | M] () -- C:\Users\Admin\Documents\Styx The Grand Illusion with lyrics.flv
[2012/07/10 10:24:02 | 015,478,199 | ---- | M] () -- C:\Users\Admin\Documents\Why America is NOT the greatest country in the world, anymore..wmv
[2012/07/10 10:21:24 | 015,722,051 | ---- | M] () -- C:\Users\Admin\Documents\Why America is NOT the greatest country in the world, anymore..flv
[2012/07/08 22:09:52 | 000,277,807 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/08 14:32:23 | 000,001,108 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/07/08 14:32:00 | 000,000,928 | ---- | M] () -- C:\Users\Admin\Desktop\NTREGOPT.lnk
[2012/07/08 14:32:00 | 000,000,909 | ---- | M] () -- C:\Users\Admin\Desktop\ERUNT.lnk
[2012/07/07 15:27:22 | 000,017,884 | ---- | M] () -- C:\Users\Admin\Documents\cc_20120707_152716.reg
[2012/07/06 20:38:29 | 000,443,048 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120711-221358.backup
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/02 17:00:16 | 000,001,369 | ---- | M] () -- C:\Windows\wininit.ini
[2012/07/02 11:43:12 | 000,442,922 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120706-203829.backup
[2012/07/02 11:39:37 | 000,046,270 | ---- | M] () -- C:\Users\Admin\Documents\cc_20120702_113920.reg
[2012/06/26 10:32:43 | 000,442,922 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120702-114312.backup
========== Files Created - No Company Name ==========
[2012/07/17 10:50:43 | 000,120,474 | ---- | C] () -- C:\Users\Admin\Desktop\FF history 4.jpg
[2012/07/17 10:49:07 | 000,326,584 | ---- | C] () -- C:\Users\Admin\Desktop\FF history 3.jpg
[2012/07/17 10:48:04 | 000,254,688 | ---- | C] () -- C:\Users\Admin\Desktop\FF history 2.jpg
[2012/07/17 10:24:25 | 000,252,791 | ---- | C] () -- C:\Users\Admin\Desktop\FF History 1.jpg
[2012/07/14 11:22:52 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/14 03:49:31 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/13 04:01:28 | 001,558,016 | ---- | C] () -- C:\Users\Admin\Desktop\RogueKiller.exe
[2012/07/12 09:00:01 | 000,387,979 | ---- | C] () -- C:\Users\Admin\Desktop\2012-07-World-Detailed.pdf
[2012/07/12 08:58:01 | 000,088,275 | ---- | C] () -- C:\Users\Admin\Desktop\2012-07-World-Grid.pdf
[2012/07/12 08:57:05 | 000,108,656 | ---- | C] () -- C:\Users\Admin\Desktop\2012-07-Create-Grid.pdf
[2012/07/12 08:56:06 | 000,388,956 | ---- | C] () -- C:\Users\Admin\Desktop\2012-07-VPT-Detailed.pdf
[2012/07/10 10:40:26 | 017,855,727 | ---- | C] () -- C:\Users\Admin\Documents\Styx The Grand Illusion with lyrics.wmv
[2012/07/10 10:35:42 | 023,780,647 | ---- | C] () -- C:\Users\Admin\Documents\Styx The Grand Illusion with lyrics.flv
[2012/07/10 10:22:49 | 015,478,199 | ---- | C] () -- C:\Users\Admin\Documents\Why America is NOT the greatest country in the world, anymore..wmv
[2012/07/10 10:17:46 | 015,722,051 | ---- | C] () -- C:\Users\Admin\Documents\Why America is NOT the greatest country in the world, anymore..flv
[2012/07/08 14:32:23 | 000,001,108 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/07/08 14:32:00 | 000,000,928 | ---- | C] () -- C:\Users\Admin\Desktop\NTREGOPT.lnk
[2012/07/08 14:32:00 | 000,000,909 | ---- | C] () -- C:\Users\Admin\Desktop\ERUNT.lnk
[2012/07/07 15:27:20 | 000,017,884 | ---- | C] () -- C:\Users\Admin\Documents\cc_20120707_152716.reg
[2012/07/02 17:00:11 | 000,001,369 | ---- | C] () -- C:\Windows\wininit.ini
[2012/07/02 11:39:31 | 000,046,270 | ---- | C] () -- C:\Users\Admin\Documents\cc_20120702_113920.reg
[2012/02/16 23:43:03 | 000,000,000 | -H-- | C] () -- C:\Users\Admin\AppData\Local\rx_image32.Cache
[2012/02/05 15:56:35 | 000,013,312 | -H-- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/02 20:43:30 | 000,007,611 | -H-- | C] () -- C:\Users\Admin\AppData\Local\resmon.resmoncfg
[2012/01/30 02:14:08 | 000,000,061 | ---- | C] () -- C:\Windows\avinstalled.ini
[2012/01/14 17:19:30 | 000,020,436 | ---- | C] () -- C:\Windows\W2BNEUnin.dat
[2012/01/13 19:14:43 | 000,019,632 | ---- | C] () -- C:\Windows\MSTMON_S.INI
[2012/01/13 19:14:43 | 000,019,472 | ---- | C] () -- C:\Windows\MSUMLT_S.INI
[2012/01/13 19:04:01 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2012/01/13 10:01:49 | 000,785,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/13 09:48:10 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2001/06/20 17:34:32 | 000,082,395 | ---- | C] () -- C:\Program Files\Sample.mov
[2001/06/20 17:34:32 | 000,029,363 | ---- | C] () -- C:\Program Files\Sample.qtif
[2001/06/20 17:34:32 | 000,004,653 | ---- | C] () -- C:\Program Files\readme.wri
========== LOP Check ==========
[2012/03/13 00:16:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Audacity
[2012/01/13 11:26:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVG2012
[2012/01/13 23:19:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2012/01/13 11:36:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2012/01/20 22:52:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\UnitConverter
[2009/07/14 01:08:49 | 000,012,386 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
jpatrick
2012-07-17, 18:04
OTL Extras logfile created on: 7/17/2012 11:17:10 AM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 63.34% Memory free
7.50 Gb Paging File | 5.86 Gb Available in Paging File | 78.13% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 351.24 Gb Free Space | 75.43% Space Free | Partition Type: NTFS
Drive D: | 634.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0313D945-F3CA-4A16-BD78-89DF7D2F0F68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{050DABD9-4A75-4E2D-B1C8-CFD58A1BCA20}" = rport=445 | protocol=6 | dir=out | app=system |
"{21E3C675-D447-47CC-9B8F-886C6F1C61BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2E014DC4-D5D4-479D-A653-B1243CAC1708}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2E68E02A-77DE-4B71-8FAE-9577E33E9E46}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40E0EC41-9C56-4DD7-AF30-B29B4EEB3DE2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{546F77E4-5094-4585-A81E-B6453F3FC62C}" = rport=138 | protocol=17 | dir=out | app=system |
"{5C4A16DF-1703-4B1E-BA03-8F3AA19E3A40}" = rport=137 | protocol=17 | dir=out | app=system |
"{880992ED-1D4A-4977-B00A-5E38AC14C024}" = lport=10243 | protocol=6 | dir=in | app=system |
"{95FAAE37-E3E2-4DE8-8A70-A428A373578E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AC786BA4-6710-4AFF-ACE0-931D1B7B00F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{AD8C752E-CB35-49FF-A727-7525B5BC8C29}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B37C10B1-D8E5-4947-B3D4-FCD0156A897D}" = lport=138 | protocol=17 | dir=in | app=system |
"{B8CB82F6-4191-4F56-AC33-517F830DC390}" = lport=137 | protocol=17 | dir=in | app=system |
"{BA649EEA-4A4A-4BB6-9140-9D103140CD0F}" = lport=445 | protocol=6 | dir=in | app=system |
"{BB01630B-62FA-4407-8E43-A1889F28A3B3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C305C4F3-6B45-405F-BE6B-970FE95EDC0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2231BD0-CF34-46EF-B243-E2E6316BDAF9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D39A4952-41BF-430D-A129-E6298FFB2CF9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D96CC3DB-2F9B-4C62-91D9-A4840F653BAE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E390A330-17A6-4F41-B478-F541301832C9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F264C598-DEBB-4814-BB14-73966FF719E8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FDC38785-F232-4A8B-8AEF-9F1B6474C637}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C8BDA1-8C18-499A-92D8-F8EFFEEC28D9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{07426982-116A-4E74-A7B6-5C49B6EB9F07}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{0AF34461-C86A-4A00-8495-1FAC66BD8325}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{11854DCA-E797-428F-8941-0B8966D463DE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{20451FE7-1A62-4450-A362-636931BF15C9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{25ADB5D1-5A66-4C6F-AF62-D8D736C258A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28EA1FE0-5DE3-4AE7-8512-04B4CCD0CC3E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{2C7AAD98-C5BE-4831-9BF1-F6E459F804AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2F624ED8-FEA0-40B3-85E9-E5D4895D845B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2FD21A30-E388-478B-9BC2-05219A8C024F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3351907B-64BE-40B0-9456-9AFD61E5E9E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40242CD5-69F3-4CB8-A473-1C8122EB64A5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{474BDA8B-22C2-47B4-98D8-6ABF81964276}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{491962E1-44D2-4015-82F6-34413D18FD9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EE3A50E-F34D-4594-8EE6-1FD91AC2E030}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{61F4C2B7-D9B1-4B62-91C5-BBA7BA527E84}" = protocol=6 | dir=out | app=system |
"{6C862B35-73D7-40B5-BDF4-66B5AC2DF649}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FCF89EF-1D22-44AD-811A-4AA29D4C16EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{79A25403-6BCE-448F-91D6-D45BC3C1290A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{7C8422A9-2A8F-42D0-BF0D-0C0272BADBD5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7FDB253E-FD6D-4BE5-A7D2-7F2D36CBDE9F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8D9A7334-8751-4E72-8E6F-747E0EEF9EE1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{A16378D3-7E9D-4A9D-A039-BE1A8D28C83F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{AB565E20-D988-474F-9933-1D393374B8AB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AE31AF2C-BC48-4580-85A6-C3FE7E8AB566}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6690302-D785-491E-8473-C67B468866A9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{CE3562A2-C2B6-4B32-824C-C8E9CC45DD6F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E4010475-DDBA-420F-B548-DC4941205A8A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E55D9CB9-F7FF-4D00-A42B-9104497BD890}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E63B6197-4630-4DD1-93C0-3461DF0F738A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{E6FD7598-4A42-4489-924B-E0CBC1BE01E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E7E75174-4AE2-4E08-BE8E-20537A27AD1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E947FC74-0A10-4984-94A2-44FC93F20116}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{EDD3CFF4-8E2C-42E0-9AB0-194D6B5D6C18}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{F8B53D5C-E4DB-4A24-8A95-0B26B2A7D004}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{FBC1E7CB-C3D5-4531-9AB2-605147C9648A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"1196D442E5ECB5E86948906FE5B87E4D58C27BA4" = Windows Driver Package - Realtek Semiconductor Corp (RTL85n64) Net (06/15/2010 6.1125.0615.2010)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"CCleaner" = CCleaner
"KONICA MINOLTA magicolor 2400W" = KONICA MINOLTA magicolor 2400W
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"VueScan" = VueScan
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{26E80502-72BB-4095-877F-44925A5D6B91}" = FrenchNow!
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator 10 CE
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7CFD02D2-44CF-4033-97E8-768A82C4C007}" = Roxio Plextor Driver Documentation
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{99024F9F-40ED-4CBF-9744-2015334006E0}" = GrammarPro!
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0AB2980-1FDD-4b6c-940C-FC87C84F05B7}_is1" = FlashCatch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B1BDEA80-95CE-4DFB-B9D3-DC800E7F87B4}" = TRENDnet 802.11g Wireless CardBus/PCI Adapter
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3C10B1-C8C2-4197-A687-0901064F68AB}" = Roxio Creator 10 CE
"{D533DC05-E776-4ABC-82E1-D8D733D2E6B3}" = AncestryView 2.6
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Digital Editions" = Adobe Digital Editions
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{D533DC05-E776-4ABC-82E1-D8D733D2E6B3}" = AncestryView 2.6
"IrfanView" = IrfanView (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"Legacy 6.0" = Legacy 6.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"QuickTime" = QuickTime
"Universal Extractor_is1" = Universal Extractor 1.6.1
"Warcraft II BNE" = Warcraft II BNE
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BandiZip" = BandiZip
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/12/2012 9:00:07 AM | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00e05ab0 Faulting process id:
0x10c0 Faulting application start time: 0x01cd602e0fefa684 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 80cbb94c-cc21-11e1-9de3-50e5499d7e93
Error - 7/12/2012 1:57:28 PM | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1dc Start
Time: 01cd60527d3d2b70 Termination Time: 30 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:
Error - 7/13/2012 7:45:56 AM | Computer Name = Admin-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 7/14/2012 4:33:53 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/14/2012 11:20:00 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/15/2012 6:27:29 AM | Computer Name = Admin-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 7/15/2012 2:45:21 PM | Computer Name = Admin-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\ESET\ESET
Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 7/16/2012 3:06:33 PM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/17/2012 2:43:22 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/17/2012 10:14:53 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 7/16/2012 3:06:42 PM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter
Error - 7/16/2012 3:09:26 PM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).
Error - 7/16/2012 8:47:11 PM | Computer Name = Admin-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.
Error - 7/17/2012 2:43:21 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%2
Error - 7/17/2012 2:43:32 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter
Error - 7/17/2012 2:44:54 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).
Error - 7/17/2012 4:43:27 AM | Computer Name = Admin-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.
Error - 7/17/2012 10:14:52 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%2
Error - 7/17/2012 10:15:03 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter
Error - 7/17/2012 10:15:58 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).
< End of report >
Jack&Jill
2012-07-18, 02:03
Hello jpatrick :),
RogueKiller in action
Please rerun RogueKiller. Try a few times if it does not run.
Click on Scan.
Go to the Registry tab and uncheck (untick) the following:
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
Click Delete.
Get the result via the Report button and post back the contents of the log.
--------------------
Fix with OTL
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click on OTL.exe to run it.
Copy and paste the following text into the white box below Custom Scans/Fixes:
:otl
O4 - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000..\Run: [Programs] C:\Users\Admin\AppData\Local\Temp\Programs\djdhrmx.dll (Microsoft Corporation)
[1832/11/29 00:30:07 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\01M5C2AG.DEFAULT\EXTENSIONS\KYCXFNCUUG@KYCXFNCUUG.ORG.XPI
:files
C:\Users\Admin\AppData\Local\Temp\Programs\djdhrmx.dll
:commands
[CREATERESTOREPOINT]
[EMPTYTEMP]
Click Run Fix. Everything on the desktop may disappear, this is normal. Please wait until the tool completes its routine.
Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
If requested to reboot, please do so. The log file will open after restart.
Enable back your security softwares as soon as you completed the OTL fix steps.
--------------------
Please download TDSSKiller© from Kaspersky and save it to your desktop. Click here. (http://support.kaspersky.com/downloads/utils/tdsskiller.exe)
Alternatively, you may get the zip version (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract the file to the desktop.
Double click on TDSSKiller.exe to execute it.
Click OK and press Start scan to begin.
If anything is found, please change all the actions to Skip only. <-- Important, please select Skip only, DO NOT proceed other actions.
Then click on Continue at the lower right corner.
You may be prompted to reboot your computer, please consent.
Once complete, a log will be produced at C:\. It will be named TDSSKiller.Version_Date_Time_log.txt, for example, C:\TDSSKiller.2.4.12.0_26.12.2010_23.12.11_log.txt.
Please post the contents of this log.
--------------------
Do an online scan with Panda ActiveScan.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
Click here (http://www.pandasecurity.com/activescan/index/) to go to Panda ActiveScan page.
Click on Scan now. The default setting is a Full scan.
You will be prompted to install an ActiveX Control from Panda. Please install.
Components of the scanner will be downloaded and updated as well. Then, scanning will commence.
When finished, the scan results will be shown. Click on the small icon besides Export to: and save the log to your desktop.
Post the contents of this log in your reply.
--------------------
Please post back:
1. RogueKiller report
2. the OTL fix log
3. TDSSKiller log
4. Panda ActiveScan result
jpatrick
2012-07-18, 02:12
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Admin [Admin rights]
Mode: Remove -- Date: 07/17/2012 20:09:33
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 3 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : Programs (rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Programs\djdhrmx.dll",CreateInstance) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD50 00AADS-00S9B SCSI Disk Device +++++
--- User ---
[MBR] 332b7a39b16aca7656fea55c2c2b9b19
[BSP] f9bcb8bee9782548fbff0e5de19b16f5 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
jpatrick
2012-07-18, 02:28
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-4245015985-2778896149-1756623667-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Programs not found.
C:\Users\Admin\AppData\Local\Temp\Programs\djdhrmx.dll moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\01m5c2ag.default\extensions\kycxfncuug@kycxfncuug.org.xpi moved successfully.
========== FILES ==========
File\Folder C:\Users\Admin\AppData\Local\Temp\Programs\djdhrmx.dll not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 621872 bytes
->Temporary Internet Files folder emptied: 109786480 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54748493 bytes
->Flash cache emptied: 470 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2048 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3144958 bytes
Total Files Cleaned = 161.00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07172012_202132
Files\Folders moved on Reboot...
C:\Users\Admin\AppData\Local\Temp\Low\REG20CF.tmp moved successfully.
C:\Users\Admin\AppData\Local\Temp\Low\REG651B.tmp moved successfully.
C:\Users\Admin\AppData\Local\Temp\Low\REG66CF.tmp moved successfully.
C:\Users\Admin\AppData\Local\Temp\Low\REG70.tmp moved successfully.
C:\Users\Admin\AppData\Local\Temp\Low\REG89EC.tmp moved successfully.
C:\Users\Admin\AppData\Local\Temp\Low\REGA318.tmp moved successfully.
C:\Users\Admin\AppData\Local\Temp\Low\REGD110.tmp moved successfully.
C:\Users\Admin\AppData\Local\Temp\Low\REGFF68.tmp moved successfully.
C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JBIUAIDU\showthread[4].htm moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
PendingFileRenameOperations files...
File C:\Users\Admin\AppData\Local\Temp\Low\REG20CF.tmp not found!
File C:\Users\Admin\AppData\Local\Temp\Low\REG651B.tmp not found!
File C:\Users\Admin\AppData\Local\Temp\Low\REG66CF.tmp not found!
File C:\Users\Admin\AppData\Local\Temp\Low\REG70.tmp not found!
File C:\Users\Admin\AppData\Local\Temp\Low\REG89EC.tmp not found!
File C:\Users\Admin\AppData\Local\Temp\Low\REGA318.tmp not found!
File C:\Users\Admin\AppData\Local\Temp\Low\REGD110.tmp not found!
File C:\Users\Admin\AppData\Local\Temp\Low\REGFF68.tmp not found!
File C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JBIUAIDU\showthread[4].htm not found!
File C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
Registry entries deleted on Reboot...
jpatrick
2012-07-18, 02:33
20:29:38.0223 3512 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
20:29:38.0597 3512 ============================================================
20:29:38.0597 3512 Current date / time: 2012/07/17 20:29:38.0597
20:29:38.0597 3512 SystemInfo:
20:29:38.0597 3512
20:29:38.0597 3512 OS Version: 6.1.7601 ServicePack: 1.0
20:29:38.0597 3512 Product type: Workstation
20:29:38.0597 3512 ComputerName: ADMIN-PC
20:29:38.0597 3512 UserName: Admin
20:29:38.0597 3512 Windows directory: C:\Windows
20:29:38.0597 3512 System windows directory: C:\Windows
20:29:38.0597 3512 Running under WOW64
20:29:38.0597 3512 Processor architecture: Intel x64
20:29:38.0597 3512 Number of processors: 3
20:29:38.0597 3512 Page size: 0x1000
20:29:38.0597 3512 Boot type: Normal boot
20:29:38.0597 3512 ============================================================
20:29:40.0329 3512 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:29:40.0329 3512 ============================================================
20:29:40.0329 3512 \Device\Harddisk0\DR0:
20:29:40.0329 3512 MBR partitions:
20:29:40.0329 3512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:29:40.0329 3512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
20:29:40.0329 3512 ============================================================
20:29:40.0360 3512 C: <-> \Device\Harddisk0\DR0\Partition1
20:29:40.0360 3512 ============================================================
20:29:40.0360 3512 Initialize success
20:29:40.0360 3512 ============================================================
20:30:13.0978 1600 ============================================================
20:30:13.0978 1600 Scan started
20:30:13.0978 1600 Mode: Manual;
20:30:13.0978 1600 ============================================================
20:30:17.0114 1600 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:30:17.0129 1600 1394ohci - ok
20:30:17.0223 1600 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:30:17.0223 1600 ACPI - ok
20:30:17.0270 1600 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:30:17.0270 1600 AcpiPmi - ok
20:30:17.0363 1600 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:30:17.0363 1600 AdobeARMservice - ok
20:30:17.0426 1600 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:30:17.0441 1600 adp94xx - ok
20:30:17.0472 1600 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:30:17.0472 1600 adpahci - ok
20:30:17.0504 1600 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:30:17.0519 1600 adpu320 - ok
20:30:17.0535 1600 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:30:17.0535 1600 AeLookupSvc - ok
20:30:17.0597 1600 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:30:17.0613 1600 AFD - ok
20:30:17.0628 1600 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:30:17.0628 1600 agp440 - ok
20:30:17.0660 1600 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:30:17.0660 1600 ALG - ok
20:30:17.0691 1600 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:30:17.0691 1600 aliide - ok
20:30:17.0706 1600 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:30:17.0706 1600 amdide - ok
20:30:17.0722 1600 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:30:17.0722 1600 AmdK8 - ok
20:30:17.0738 1600 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:30:17.0738 1600 AmdPPM - ok
20:30:17.0769 1600 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:30:17.0769 1600 amdsata - ok
20:30:17.0784 1600 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:30:17.0784 1600 amdsbs - ok
20:30:17.0816 1600 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:30:17.0816 1600 amdxata - ok
20:30:17.0831 1600 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:30:17.0831 1600 AppID - ok
20:30:17.0862 1600 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:30:17.0862 1600 AppIDSvc - ok
20:30:17.0878 1600 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:30:17.0878 1600 Appinfo - ok
20:30:17.0894 1600 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:30:17.0894 1600 arc - ok
20:30:17.0909 1600 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:30:17.0925 1600 arcsas - ok
20:30:18.0128 1600 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:30:18.0174 1600 aspnet_state - ok
20:30:18.0206 1600 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:30:18.0206 1600 AsyncMac - ok
20:30:18.0237 1600 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:30:18.0237 1600 atapi - ok
20:30:18.0315 1600 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:30:18.0330 1600 AudioEndpointBuilder - ok
20:30:18.0330 1600 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:30:18.0330 1600 AudioSrv - ok
20:30:21.0185 1600 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
20:30:21.0216 1600 AVGIDSAgent - ok
20:30:21.0653 1600 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
20:30:21.0653 1600 AVGIDSDriver - ok
20:30:21.0669 1600 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
20:30:21.0669 1600 AVGIDSFilter - ok
20:30:21.0747 1600 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
20:30:21.0747 1600 AVGIDSHA - ok
20:30:21.0809 1600 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
20:30:21.0809 1600 Avgldx64 - ok
20:30:21.0903 1600 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
20:30:21.0903 1600 Avgmfx64 - ok
20:30:21.0981 1600 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
20:30:21.0981 1600 Avgrkx64 - ok
20:30:22.0683 1600 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
20:30:22.0683 1600 Avgtdia - ok
20:30:22.0870 1600 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:30:22.0870 1600 avgwd - ok
20:30:22.0917 1600 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:30:22.0917 1600 AxInstSV - ok
20:30:23.0026 1600 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:30:23.0073 1600 b06bdrv - ok
20:30:23.0135 1600 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:30:23.0151 1600 b57nd60a - ok
20:30:23.0166 1600 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:30:23.0182 1600 BDESVC - ok
20:30:23.0198 1600 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:30:23.0198 1600 Beep - ok
20:30:23.0322 1600 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:30:23.0338 1600 BFE - ok
20:30:23.0666 1600 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:30:23.0712 1600 BITS - ok
20:30:23.0806 1600 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:30:23.0806 1600 blbdrive - ok
20:30:23.0837 1600 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:30:23.0837 1600 bowser - ok
20:30:23.0853 1600 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:30:23.0868 1600 BrFiltLo - ok
20:30:23.0884 1600 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:30:23.0884 1600 BrFiltUp - ok
20:30:23.0900 1600 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:30:23.0900 1600 Browser - ok
20:30:23.0931 1600 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:30:23.0946 1600 Brserid - ok
20:30:23.0962 1600 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:30:23.0962 1600 BrSerWdm - ok
20:30:23.0962 1600 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:30:23.0962 1600 BrUsbMdm - ok
20:30:23.0978 1600 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:30:23.0978 1600 BrUsbSer - ok
20:30:24.0009 1600 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:30:24.0024 1600 BTHMODEM - ok
20:30:24.0056 1600 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:30:24.0056 1600 bthserv - ok
20:30:24.0087 1600 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:30:24.0087 1600 cdfs - ok
20:30:24.0118 1600 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:30:24.0134 1600 cdrom - ok
20:30:24.0165 1600 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:30:24.0180 1600 CertPropSvc - ok
20:30:24.0180 1600 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:30:24.0180 1600 circlass - ok
20:30:24.0227 1600 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:30:24.0227 1600 CLFS - ok
20:30:24.0477 1600 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:30:24.0492 1600 clr_optimization_v2.0.50727_32 - ok
20:30:24.0617 1600 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:30:24.0633 1600 clr_optimization_v2.0.50727_64 - ok
20:30:24.0836 1600 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:30:24.0867 1600 clr_optimization_v4.0.30319_32 - ok
20:30:24.0929 1600 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:30:24.0929 1600 clr_optimization_v4.0.30319_64 - ok
20:30:24.0992 1600 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:30:24.0992 1600 CmBatt - ok
20:30:25.0007 1600 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:30:25.0007 1600 cmdide - ok
20:30:25.0070 1600 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:30:25.0085 1600 CNG - ok
20:30:25.0085 1600 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:30:25.0085 1600 Compbatt - ok
20:30:25.0148 1600 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:30:25.0148 1600 CompositeBus - ok
20:30:25.0163 1600 COMSysApp - ok
20:30:25.0163 1600 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:30:25.0179 1600 crcdisk - ok
20:30:25.0226 1600 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:30:25.0226 1600 CryptSvc - ok
20:30:25.0288 1600 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:30:25.0304 1600 DcomLaunch - ok
20:30:25.0335 1600 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:30:25.0335 1600 defragsvc - ok
20:30:25.0350 1600 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:30:25.0366 1600 DfsC - ok
20:30:25.0397 1600 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:30:25.0397 1600 Dhcp - ok
20:30:25.0397 1600 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:30:25.0397 1600 discache - ok
20:30:25.0413 1600 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:30:25.0413 1600 Disk - ok
20:30:25.0460 1600 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:30:25.0460 1600 Dnscache - ok
20:30:25.0491 1600 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:30:25.0506 1600 dot3svc - ok
20:30:25.0631 1600 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:30:25.0631 1600 DPS - ok
20:30:25.0678 1600 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:30:25.0678 1600 drmkaud - ok
20:30:25.0787 1600 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:30:25.0803 1600 DXGKrnl - ok
20:30:26.0052 1600 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:30:26.0052 1600 EapHost - ok
20:30:26.0973 1600 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:30:27.0066 1600 ebdrv - ok
20:30:27.0784 1600 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:30:27.0784 1600 EFS - ok
20:30:28.0860 1600 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:30:28.0876 1600 ehRecvr - ok
20:30:28.0954 1600 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:30:28.0970 1600 ehSched - ok
20:30:29.0750 1600 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:30:29.0796 1600 elxstor - ok
20:30:29.0812 1600 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:30:29.0812 1600 ErrDev - ok
20:30:30.0654 1600 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:30:30.0654 1600 EventSystem - ok
20:30:30.0857 1600 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:30:30.0873 1600 exfat - ok
20:30:31.0325 1600 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:30:31.0341 1600 fastfat - ok
20:30:31.0481 1600 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:30:31.0512 1600 Fax - ok
20:30:31.0544 1600 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:30:31.0544 1600 fdc - ok
20:30:31.0575 1600 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:30:31.0575 1600 fdPHost - ok
20:30:31.0590 1600 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:30:31.0590 1600 FDResPub - ok
20:30:31.0606 1600 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:30:31.0622 1600 FileInfo - ok
20:30:31.0622 1600 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:30:31.0637 1600 Filetrace - ok
20:30:31.0653 1600 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:30:31.0668 1600 flpydisk - ok
20:30:31.0731 1600 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:30:31.0731 1600 FltMgr - ok
20:30:32.0682 1600 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:30:32.0698 1600 FontCache - ok
20:30:32.0885 1600 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:30:32.0885 1600 FontCache3.0.0.0 - ok
20:30:32.0948 1600 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:30:32.0948 1600 FsDepends - ok
20:30:33.0026 1600 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:30:33.0026 1600 Fs_Rec - ok
20:30:33.0104 1600 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:30:33.0119 1600 fvevol - ok
20:30:33.0197 1600 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:30:33.0213 1600 gagp30kx - ok
20:30:33.0228 1600 gdrv - ok
20:30:33.0369 1600 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:30:33.0384 1600 gpsvc - ok
20:30:33.0728 1600 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:30:33.0759 1600 gupdate - ok
20:30:33.0774 1600 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:30:33.0774 1600 gupdatem - ok
20:30:33.0868 1600 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:30:33.0868 1600 hcw85cir - ok
20:30:34.0024 1600 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:30:34.0040 1600 HdAudAddService - ok
20:30:34.0086 1600 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:30:34.0086 1600 HDAudBus - ok
20:30:34.0102 1600 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:30:34.0118 1600 HidBatt - ok
20:30:34.0133 1600 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:30:34.0149 1600 HidBth - ok
20:30:34.0149 1600 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:30:34.0149 1600 HidIr - ok
20:30:34.0180 1600 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:30:34.0180 1600 hidserv - ok
20:30:34.0211 1600 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:30:34.0211 1600 HidUsb - ok
20:30:34.0258 1600 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:30:34.0258 1600 hkmsvc - ok
20:30:34.0305 1600 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:30:34.0305 1600 HomeGroupListener - ok
20:30:34.0476 1600 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:30:34.0492 1600 HomeGroupProvider - ok
20:30:34.0648 1600 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:30:34.0679 1600 HpSAMD - ok
20:30:34.0773 1600 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:30:34.0788 1600 HTTP - ok
20:30:34.0835 1600 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:30:34.0835 1600 hwpolicy - ok
20:30:34.0882 1600 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:30:34.0882 1600 i8042prt - ok
20:30:34.0960 1600 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:30:35.0007 1600 iaStorV - ok
20:30:35.0678 1600 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:30:35.0787 1600 idsvc - ok
20:30:35.0834 1600 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:30:35.0834 1600 iirsp - ok
20:30:36.0442 1600 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:30:36.0458 1600 IKEEXT - ok
20:30:37.0284 1600 IntcAzAudAddService (ddfadf2fa49c078a9c8270f29d6958b1) C:\Windows\system32\drivers\RTKVHD64.sys
20:30:37.0300 1600 IntcAzAudAddService - ok
20:30:37.0674 1600 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:30:37.0674 1600 intelide - ok
20:30:37.0706 1600 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
20:30:37.0721 1600 intelppm - ok
20:30:37.0752 1600 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:30:37.0768 1600 IPBusEnum - ok
20:30:37.0784 1600 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:30:37.0799 1600 IpFilterDriver - ok
20:30:37.0846 1600 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:30:37.0846 1600 iphlpsvc - ok
20:30:37.0893 1600 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:30:37.0893 1600 IPMIDRV - ok
20:30:37.0908 1600 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:30:37.0908 1600 IPNAT - ok
20:30:37.0955 1600 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:30:37.0955 1600 IRENUM - ok
20:30:37.0971 1600 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:30:37.0971 1600 isapnp - ok
20:30:38.0002 1600 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:30:38.0018 1600 iScsiPrt - ok
20:30:38.0033 1600 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:30:38.0033 1600 kbdclass - ok
20:30:38.0049 1600 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:30:38.0049 1600 kbdhid - ok
20:30:38.0080 1600 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:30:38.0096 1600 KeyIso - ok
20:30:38.0111 1600 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:30:38.0111 1600 KSecDD - ok
20:30:38.0236 1600 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:30:38.0236 1600 KSecPkg - ok
20:30:38.0283 1600 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:30:38.0283 1600 ksthunk - ok
20:30:38.0330 1600 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:30:38.0345 1600 KtmRm - ok
20:30:38.0408 1600 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:30:38.0423 1600 LanmanServer - ok
20:30:38.0439 1600 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:30:38.0439 1600 LanmanWorkstation - ok
20:30:38.0564 1600 LightScribeService (dfeff67508d3a9aeb1a85d7b0f513b24) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:30:38.0564 1600 LightScribeService - ok
20:30:38.0626 1600 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:30:38.0626 1600 lltdio - ok
20:30:38.0704 1600 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:30:38.0720 1600 lltdsvc - ok
20:30:38.0751 1600 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:30:38.0766 1600 lmhosts - ok
20:30:38.0813 1600 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:30:38.0813 1600 LSI_FC - ok
20:30:38.0844 1600 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:30:38.0844 1600 LSI_SAS - ok
20:30:38.0860 1600 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:30:38.0860 1600 LSI_SAS2 - ok
20:30:38.0891 1600 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:30:38.0891 1600 LSI_SCSI - ok
20:30:38.0922 1600 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:30:38.0938 1600 luafv - ok
20:30:38.0969 1600 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:30:38.0969 1600 Mcx2Svc - ok
20:30:38.0985 1600 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:30:38.0985 1600 megasas - ok
20:30:39.0032 1600 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:30:39.0047 1600 MegaSR - ok
20:30:39.0110 1600 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:30:39.0125 1600 MMCSS - ok
20:30:39.0141 1600 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:30:39.0141 1600 Modem - ok
20:30:39.0172 1600 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:30:39.0172 1600 monitor - ok
20:30:39.0219 1600 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:30:39.0219 1600 mouclass - ok
20:30:39.0234 1600 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
20:30:39.0250 1600 mouhid - ok
20:30:39.0266 1600 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:30:39.0266 1600 mountmgr - ok
20:30:39.0281 1600 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:30:39.0297 1600 mpio - ok
20:30:39.0312 1600 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:30:39.0312 1600 mpsdrv - ok
20:30:39.0406 1600 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:30:39.0406 1600 MpsSvc - ok
20:30:39.0531 1600 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:30:39.0546 1600 MRxDAV - ok
20:30:39.0578 1600 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:30:39.0593 1600 mrxsmb - ok
20:30:39.0796 1600 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:30:39.0812 1600 mrxsmb10 - ok
20:30:39.0843 1600 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:30:39.0843 1600 mrxsmb20 - ok
20:30:39.0874 1600 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:30:39.0890 1600 msahci - ok
20:30:39.0921 1600 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:30:39.0921 1600 msdsm - ok
20:30:39.0952 1600 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:30:39.0968 1600 MSDTC - ok
20:30:39.0983 1600 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:30:39.0983 1600 Msfs - ok
20:30:39.0983 1600 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:30:39.0983 1600 mshidkmdf - ok
20:30:39.0999 1600 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:30:39.0999 1600 msisadrv - ok
20:30:40.0061 1600 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:30:40.0061 1600 MSiSCSI - ok
20:30:40.0077 1600 msiserver - ok
20:30:40.0108 1600 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:30:40.0108 1600 MSKSSRV - ok
20:30:40.0124 1600 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:30:40.0124 1600 MSPCLOCK - ok
20:30:40.0139 1600 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:30:40.0139 1600 MSPQM - ok
20:30:40.0186 1600 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:30:40.0186 1600 MsRPC - ok
20:30:40.0217 1600 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:30:40.0217 1600 mssmbios - ok
20:30:40.0217 1600 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:30:40.0217 1600 MSTEE - ok
20:30:40.0233 1600 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:30:40.0233 1600 MTConfig - ok
20:30:40.0248 1600 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:30:40.0248 1600 Mup - ok
20:30:40.0280 1600 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:30:40.0295 1600 napagent - ok
20:30:40.0358 1600 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:30:40.0373 1600 NativeWifiP - ok
20:30:40.0436 1600 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:30:40.0436 1600 NDIS - ok
20:30:40.0451 1600 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:30:40.0451 1600 NdisCap - ok
20:30:40.0482 1600 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:30:40.0482 1600 NdisTapi - ok
20:30:40.0498 1600 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:30:40.0498 1600 Ndisuio - ok
20:30:40.0529 1600 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:30:40.0529 1600 NdisWan - ok
20:30:40.0545 1600 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:30:40.0545 1600 NDProxy - ok
20:30:40.0560 1600 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:30:40.0560 1600 NetBIOS - ok
20:30:40.0592 1600 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:30:40.0592 1600 NetBT - ok
20:30:40.0623 1600 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:30:40.0623 1600 Netlogon - ok
20:30:40.0685 1600 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:30:40.0701 1600 Netman - ok
20:30:41.0122 1600 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:30:41.0153 1600 NetMsmqActivator - ok
20:30:41.0169 1600 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:30:41.0169 1600 NetPipeActivator - ok
20:30:41.0590 1600 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:30:41.0606 1600 netprofm - ok
20:30:41.0621 1600 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:30:41.0621 1600 NetTcpActivator - ok
20:30:41.0621 1600 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:30:41.0637 1600 NetTcpPortSharing - ok
20:30:41.0684 1600 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:30:41.0684 1600 nfrd960 - ok
20:30:41.0824 1600 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:30:41.0840 1600 NlaSvc - ok
20:30:41.0855 1600 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:30:41.0855 1600 Npfs - ok
20:30:41.0871 1600 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:30:41.0871 1600 nsi - ok
20:30:41.0886 1600 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:30:41.0886 1600 nsiproxy - ok
20:30:42.0869 1600 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:30:42.0900 1600 Ntfs - ok
20:30:43.0821 1600 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:30:43.0821 1600 Null - ok
20:30:43.0930 1600 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
20:30:43.0930 1600 NVENETFD - ok
20:30:44.0710 1600 nvlddmkm (c47d6b7299ba80a210bcafa81ac978a1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:30:44.0772 1600 nvlddmkm - ok
20:30:44.0944 1600 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
20:30:44.0960 1600 NVNET - ok
20:30:45.0006 1600 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:30:45.0006 1600 nvraid - ok
20:30:45.0038 1600 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:30:45.0038 1600 nvstor - ok
20:30:45.0069 1600 nvsvc (522845124da947b2372c6f606cd105a8) C:\Windows\system32\nvvsvc.exe
20:30:45.0069 1600 nvsvc - ok
20:30:45.0100 1600 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:30:45.0100 1600 nv_agp - ok
20:30:45.0131 1600 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:30:45.0131 1600 ohci1394 - ok
20:30:45.0162 1600 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:30:45.0178 1600 p2pimsvc - ok
20:30:45.0209 1600 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:30:45.0209 1600 p2psvc - ok
20:30:45.0240 1600 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:30:45.0256 1600 Parport - ok
20:30:45.0272 1600 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:30:45.0272 1600 partmgr - ok
20:30:45.0287 1600 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:30:45.0287 1600 PcaSvc - ok
20:30:45.0303 1600 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:30:45.0303 1600 pci - ok
20:30:45.0334 1600 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:30:45.0334 1600 pciide - ok
20:30:45.0365 1600 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:30:45.0365 1600 pcmcia - ok
20:30:45.0396 1600 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:30:45.0396 1600 pcw - ok
20:30:45.0443 1600 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:30:45.0443 1600 PEAUTH - ok
20:30:45.0521 1600 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:30:45.0521 1600 PerfHost - ok
20:30:45.0615 1600 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:30:45.0615 1600 pla - ok
20:30:45.0693 1600 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:30:45.0693 1600 PlugPlay - ok
20:30:45.0708 1600 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:30:45.0708 1600 PNRPAutoReg - ok
20:30:45.0740 1600 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:30:45.0740 1600 PNRPsvc - ok
20:30:45.0802 1600 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:30:45.0818 1600 PolicyAgent - ok
20:30:45.0864 1600 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:30:45.0864 1600 Power - ok
20:30:45.0958 1600 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:30:45.0958 1600 PptpMiniport - ok
20:30:45.0989 1600 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:30:45.0989 1600 Processor - ok
20:30:46.0052 1600 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:30:46.0052 1600 ProfSvc - ok
20:30:46.0114 1600 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:30:46.0114 1600 ProtectedStorage - ok
20:30:46.0145 1600 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:30:46.0145 1600 Psched - ok
20:30:46.0239 1600 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
20:30:46.0239 1600 PxHlpa64 - ok
20:30:47.0596 1600 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:30:47.0658 1600 ql2300 - ok
20:30:48.0048 1600 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:30:48.0080 1600 ql40xx - ok
20:30:48.0142 1600 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:30:48.0142 1600 QWAVE - ok
20:30:48.0173 1600 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:30:48.0173 1600 QWAVEdrv - ok
20:30:48.0204 1600 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:30:48.0220 1600 RasAcd - ok
20:30:48.0251 1600 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:30:48.0251 1600 RasAgileVpn - ok
20:30:48.0267 1600 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:30:48.0282 1600 RasAuto - ok
20:30:48.0298 1600 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:30:48.0298 1600 Rasl2tp - ok
20:30:48.0329 1600 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:30:48.0345 1600 RasMan - ok
20:30:48.0360 1600 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:30:48.0360 1600 RasPppoe - ok
20:30:48.0376 1600 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:30:48.0376 1600 RasSstp - ok
20:30:48.0407 1600 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:30:48.0407 1600 rdbss - ok
20:30:48.0423 1600 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
20:30:48.0423 1600 rdpbus - ok
20:30:48.0423 1600 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:30:48.0423 1600 RDPCDD - ok
20:30:48.0438 1600 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:30:48.0454 1600 RDPENCDD - ok
20:30:48.0454 1600 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:30:48.0454 1600 RDPREFMP - ok
20:30:48.0594 1600 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:30:48.0610 1600 RDPWD - ok
20:30:48.0657 1600 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:30:48.0672 1600 rdyboost - ok
20:30:48.0704 1600 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:30:48.0704 1600 RemoteAccess - ok
20:30:48.0735 1600 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:30:48.0750 1600 RemoteRegistry - ok
20:30:48.0891 1600 RichVideo (bd517c7fb119997effbe39d5e4b37b05) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
20:30:48.0906 1600 RichVideo - ok
20:30:49.0000 1600 RoxLiveShare10 (146ae73403f2e3a923c055e163c69213) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
20:30:49.0000 1600 RoxLiveShare10 - ok
20:30:49.0140 1600 RoxMediaDB10 (2dcc8b71718978613647fa9523bf485c) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
20:30:49.0187 1600 RoxMediaDB10 - ok
20:30:49.0312 1600 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:30:49.0328 1600 RpcEptMapper - ok
20:30:49.0343 1600 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:30:49.0343 1600 RpcLocator - ok
20:30:49.0421 1600 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:30:49.0421 1600 RpcSs - ok
20:30:49.0484 1600 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:30:49.0484 1600 rspndr - ok
20:30:49.0702 1600 RTL85n64 (bf12bef1f005d0fe1dcf00c39c1796aa) C:\Windows\system32\DRIVERS\RTL85n64.sys
20:30:49.0718 1600 RTL85n64 - ok
20:30:49.0764 1600 RxFilter - ok
20:30:49.0796 1600 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:30:49.0796 1600 SamSs - ok
20:30:49.0811 1600 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:30:49.0827 1600 sbp2port - ok
20:30:51.0605 1600 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:30:51.0621 1600 SBSDWSCService - ok
20:30:51.0839 1600 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:30:51.0839 1600 SCardSvr - ok
20:30:52.0026 1600 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:30:52.0026 1600 scfilter - ok
20:30:53.0072 1600 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:30:53.0103 1600 Schedule - ok
20:30:53.0259 1600 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:30:53.0259 1600 SCPolicySvc - ok
20:30:53.0446 1600 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:30:53.0462 1600 SDRSVC - ok
20:30:53.0524 1600 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:30:53.0524 1600 secdrv - ok
20:30:53.0555 1600 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:30:53.0555 1600 seclogon - ok
20:30:53.0602 1600 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:30:53.0602 1600 SENS - ok
20:30:53.0633 1600 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:30:53.0633 1600 SensrSvc - ok
20:30:53.0664 1600 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:30:53.0680 1600 Serenum - ok
20:30:53.0696 1600 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:30:53.0711 1600 Serial - ok
20:30:53.0727 1600 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:30:53.0727 1600 sermouse - ok
20:30:53.0774 1600 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:30:53.0774 1600 SessionEnv - ok
20:30:53.0852 1600 SessionLauncher - ok
20:30:53.0867 1600 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:30:53.0867 1600 sffdisk - ok
20:30:53.0867 1600 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:30:53.0867 1600 sffp_mmc - ok
20:30:53.0867 1600 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:30:53.0867 1600 sffp_sd - ok
20:30:53.0898 1600 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:30:53.0898 1600 sfloppy - ok
20:30:53.0930 1600 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:30:53.0930 1600 SharedAccess - ok
20:30:53.0961 1600 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:30:53.0961 1600 ShellHWDetection - ok
20:30:53.0976 1600 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:30:53.0976 1600 SiSRaid2 - ok
20:30:54.0008 1600 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:30:54.0008 1600 SiSRaid4 - ok
20:30:54.0039 1600 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:30:54.0039 1600 Smb - ok
20:30:54.0070 1600 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:30:54.0070 1600 SNMPTRAP - ok
20:30:54.0086 1600 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:30:54.0086 1600 spldr - ok
20:30:54.0226 1600 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:30:54.0242 1600 Spooler - ok
20:30:54.0788 1600 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:30:54.0803 1600 sppsvc - ok
20:30:54.0928 1600 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:30:54.0928 1600 sppuinotify - ok
20:30:54.0990 1600 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:30:55.0006 1600 srv - ok
20:30:55.0053 1600 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:30:55.0084 1600 srv2 - ok
20:30:55.0115 1600 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:30:55.0115 1600 srvnet - ok
20:30:55.0131 1600 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:30:55.0146 1600 SSDPSRV - ok
20:30:55.0162 1600 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:30:55.0162 1600 SstpSvc - ok
20:30:55.0178 1600 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:30:55.0178 1600 stexstor - ok
20:30:55.0271 1600 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:30:55.0287 1600 stisvc - ok
20:30:55.0365 1600 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:30:55.0365 1600 stllssvr - ok
20:30:55.0396 1600 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:30:55.0396 1600 swenum - ok
20:30:55.0427 1600 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:30:55.0427 1600 swprv - ok
20:30:55.0536 1600 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:30:55.0536 1600 SysMain - ok
20:30:55.0661 1600 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:30:55.0661 1600 TabletInputService - ok
20:30:55.0724 1600 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:30:55.0739 1600 TapiSrv - ok
20:30:55.0755 1600 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:30:55.0755 1600 TBS - ok
20:30:56.0660 1600 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:30:56.0675 1600 Tcpip - ok
20:30:57.0876 1600 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:30:57.0892 1600 TCPIP6 - ok
20:30:59.0000 1600 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:30:59.0000 1600 tcpipreg - ok
20:30:59.0031 1600 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:30:59.0031 1600 TDPIPE - ok
20:30:59.0062 1600 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:30:59.0062 1600 TDTCP - ok
20:30:59.0093 1600 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:30:59.0093 1600 tdx - ok
20:30:59.0109 1600 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
20:30:59.0109 1600 TermDD - ok
20:30:59.0187 1600 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:30:59.0202 1600 TermService - ok
20:30:59.0280 1600 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:30:59.0296 1600 Themes - ok
20:30:59.0468 1600 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:30:59.0483 1600 THREADORDER - ok
20:30:59.0733 1600 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:30:59.0733 1600 TrkWks - ok
20:30:59.0873 1600 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:30:59.0873 1600 TrustedInstaller - ok
20:30:59.0873 1600 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:30:59.0889 1600 tssecsrv - ok
20:30:59.0936 1600 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:30:59.0936 1600 TsUsbFlt - ok
20:30:59.0967 1600 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:30:59.0967 1600 TsUsbGD - ok
20:31:00.0014 1600 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:31:00.0014 1600 tunnel - ok
20:31:00.0045 1600 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:31:00.0060 1600 uagp35 - ok
20:31:00.0107 1600 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:31:00.0123 1600 udfs - ok
20:31:00.0170 1600 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:31:00.0185 1600 UI0Detect - ok
20:31:00.0216 1600 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:31:00.0216 1600 uliagpkx - ok
20:31:00.0232 1600 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:31:00.0248 1600 umbus - ok
20:31:00.0263 1600 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:31:00.0263 1600 UmPass - ok
20:31:00.0310 1600 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:31:00.0326 1600 upnphost - ok
20:31:00.0404 1600 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:31:00.0404 1600 usbaudio - ok
20:31:00.0435 1600 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:31:00.0435 1600 usbccgp - ok
20:31:00.0482 1600 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:31:00.0482 1600 usbcir - ok
20:31:00.0513 1600 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:31:00.0513 1600 usbehci - ok
20:31:00.0560 1600 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:31:00.0560 1600 usbhub - ok
20:31:00.0575 1600 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:31:00.0575 1600 usbohci - ok
20:31:00.0638 1600 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:31:00.0638 1600 usbprint - ok
20:31:00.0653 1600 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:31:00.0669 1600 usbscan - ok
20:31:00.0684 1600 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:31:00.0684 1600 USBSTOR - ok
20:31:00.0700 1600 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:31:00.0700 1600 usbuhci - ok
20:31:00.0716 1600 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:31:00.0716 1600 UxSms - ok
20:31:00.0731 1600 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:31:00.0747 1600 VaultSvc - ok
20:31:00.0778 1600 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:31:00.0778 1600 vdrvroot - ok
20:31:00.0856 1600 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:31:00.0872 1600 vds - ok
20:31:00.0887 1600 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:31:00.0887 1600 vga - ok
20:31:00.0903 1600 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:31:00.0903 1600 VgaSave - ok
20:31:00.0934 1600 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:31:00.0934 1600 vhdmp - ok
20:31:00.0950 1600 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:31:00.0950 1600 viaide - ok
20:31:00.0981 1600 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:31:00.0981 1600 volmgr - ok
20:31:01.0106 1600 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:31:01.0106 1600 volmgrx - ok
20:31:01.0449 1600 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:31:01.0464 1600 volsnap - ok
20:31:01.0776 1600 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:31:01.0808 1600 vsmraid - ok
20:31:02.0135 1600 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:31:02.0166 1600 VSS - ok
20:31:03.0134 1600 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:31:03.0134 1600 vwifibus - ok
20:31:03.0336 1600 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:31:03.0352 1600 W32Time - ok
20:31:03.0383 1600 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:31:03.0383 1600 WacomPen - ok
20:31:03.0430 1600 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:31:03.0430 1600 WANARP - ok
20:31:03.0446 1600 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:31:03.0446 1600 Wanarpv6 - ok
20:31:03.0742 1600 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:31:03.0758 1600 WatAdminSvc - ok
20:31:03.0867 1600 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:31:03.0867 1600 wbengine - ok
20:31:04.0179 1600 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:31:04.0194 1600 WbioSrvc - ok
20:31:04.0241 1600 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:31:04.0241 1600 wcncsvc - ok
20:31:04.0272 1600 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:31:04.0272 1600 WcsPlugInService - ok
20:31:04.0319 1600 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:31:04.0335 1600 Wd - ok
20:31:04.0397 1600 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:31:04.0413 1600 Wdf01000 - ok
20:31:04.0428 1600 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:31:04.0428 1600 WdiServiceHost - ok
20:31:04.0444 1600 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:31:04.0444 1600 WdiSystemHost - ok
20:31:04.0460 1600 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:31:04.0460 1600 WebClient - ok
20:31:04.0475 1600 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:31:04.0491 1600 Wecsvc - ok
20:31:04.0506 1600 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:31:04.0506 1600 wercplsupport - ok
20:31:04.0522 1600 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:31:04.0522 1600 WerSvc - ok
20:31:04.0569 1600 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:31:04.0569 1600 WfpLwf - ok
20:31:04.0584 1600 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:31:04.0600 1600 WIMMount - ok
20:31:04.0631 1600 WinDefend - ok
20:31:04.0647 1600 WinHttpAutoProxySvc - ok
20:31:04.0709 1600 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:31:04.0709 1600 Winmgmt - ok
20:31:04.0959 1600 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:31:04.0974 1600 WinRM - ok
20:31:05.0099 1600 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:31:05.0099 1600 WinUsb - ok
20:31:05.0255 1600 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:31:05.0271 1600 Wlansvc - ok
20:31:05.0286 1600 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:31:05.0302 1600 WmiAcpi - ok
20:31:05.0396 1600 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:31:05.0396 1600 wmiApSrv - ok
20:31:05.0442 1600 WMPNetworkSvc - ok
20:31:05.0458 1600 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:31:05.0458 1600 WPCSvc - ok
20:31:05.0474 1600 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:31:05.0489 1600 WPDBusEnum - ok
20:31:05.0505 1600 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:31:05.0505 1600 ws2ifsl - ok
20:31:05.0520 1600 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:31:05.0520 1600 wscsvc - ok
20:31:05.0536 1600 WSearch - ok
20:31:06.0784 1600 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:31:06.0831 1600 wuauserv - ok
20:31:07.0112 1600 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:31:07.0127 1600 WudfPf - ok
20:31:07.0174 1600 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:31:07.0190 1600 WUDFRd - ok
20:31:07.0236 1600 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:31:07.0236 1600 wudfsvc - ok
20:31:07.0533 1600 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:31:07.0548 1600 WwanSvc - ok
20:31:07.0595 1600 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:31:10.0934 1600 \Device\Harddisk0\DR0 - ok
20:31:10.0965 1600 Boot (0x1200) (57a6da37ad96be545fc49461250627f5) \Device\Harddisk0\DR0\Partition0
20:31:10.0965 1600 \Device\Harddisk0\DR0\Partition0 - ok
20:31:10.0980 1600 Boot (0x1200) (52981a1525e92307c216c02773b897aa) \Device\Harddisk0\DR0\Partition1
20:31:11.0012 1600 \Device\Harddisk0\DR0\Partition1 - ok
20:31:11.0012 1600 ============================================================
20:31:11.0012 1600 Scan finished
20:31:11.0012 1600 ============================================================
20:31:11.0043 3484 Detected object count: 0
20:31:11.0043 3484 Actual detected object count: 0
jpatrick
2012-07-18, 03:46
;***********************************************************************************************************************************************************************************
ANALYSIS: 2012-07-17 21:44:52
PROTECTIONS: 1
MALWARE: 2
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free Edition 2012 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00147806 Cookie/7search TrackingCookie No 0 Yes No c:\users\admin\appdata\roaming\microsoft\windows\cookies\low\uetelhoo.txt
03946645 Application/ProduKey HackTools No 0 Yes No c:\utilities\produkey\produkey.zip[produkey.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\_otl\movedfiles\07162012_150319\c_users\admin\appdata\local\virtualstore\temp\ggqkf.dll
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Jack&Jill
2012-07-18, 07:17
Hello jpatrick :),
It appears we got the baddies this round, please monitor a while the situation.
Please zip up the images you took and upload it for analysis. Click here. (http://www.bleepingcomputer.com/submit-malware.php?channel=126)
You will be taken to a new post page (at a different forum). Please fill in the necessary details and provide a link to this topic.
Click on Send File.
jpatrick
2012-07-18, 13:11
Hello Jack&Jill,
Ummm... What do I do with the 3 issues that the Panda scan found? You never said to let Panda fix those issue.
What's more pressing is why I was infected again SO quickly! There must be a program on my computer that is allowing these infections. What do you think?
I have uninstalled FlashCatch because it was an Add-on as was the YouTube downloader. It was already disabled but..... I'm grasping at straws. :confused:
I'm going to surf this morning and see if end up infected again.
All for now,
Jpatrick
Jack&Jill
2012-07-19, 15:53
Hello jpatrick :),
Reinfection could be caused by bad files that are not seen by the scanners and we did not get all of them, not up to date programs, compromised sites, etc. How are things now?
Thanks for the images, but unfortunately no lead from there.
Of the findings from the Panda ActiveScan, they are harmless. You can delete the first two if you want. The last one is a backup of the previous fix we did.
jpatrick
2012-07-19, 16:23
Hello Jack&Jill,
I haven't had any issues the last 24 hours.... and I've used the computer a lot to give it a good testing.
I did a windows update, since I hadn't done that in a while and as mentioned yesterday I got rid of FlashCatch, an Add-on.
The otl backup of the fix we did yesterday can or cannot be deleted? When I see the file location "virtualstore" I get jittery. :fear:
I will say thank you again.... this time much more cautiously. :yes: I appreciate your help. I will go back to your post and follow the instructions for getting rid otl & the other programs....... in a FEW DAYS. Just to be safe.
If there is a recurrence of similar issues after this is archived, is there a way to request your help specifically? Since you're familiar with my system and the issues?
Best wishes,
Jpatrick
PS Remember Jack&Jill, if you ever go "up the hill to fetch a pail of water"..... beeee CAREFUL!
Jack&Jill
2012-07-19, 16:29
Hello jpatrick :),
You are welcome :).
Good to hear things are positive so far. I will keep this topic open for a few days.
The OTL backup will be addressed when you click the Cleanup button.
PS Remember Jack&Jill, if you ever go "up the hill to fetch a pail of water"..... beeee CAREFUL! :rotfl:
jpatrick
2012-07-23, 00:30
Hello Jack&Jill,
Three days out & no redirect issues!:yahoo:
Spybot did find a Widgi Toolbar. It fixed 3 issues associated with that. I noted that "Spigot" was in the name of two of the issues that were fixed. Spigot was connected to that YouTube Downloader which I've deleted.
I admit, I've been gun shy..... running scans at the smallest provocation...... they've all been clear for the past three days.
I ran the OTL clean up & it removed RogueKiller & TDSSKiller as well.... that's what it was supposed to do right?
You mentioned "purging system restore" in an earlier post. I've read a little about it, but if you could clarify: Does my creating a new restore point automatically "purge system restore" of the old restore point/s? If not, how do I actually purge system restore.... the link you gave didn't make it clear.... at least I didn't see it.
Thanks,
Jpatrick
Jack&Jill
2012-07-23, 02:15
Hello jpatrick :),
Glad to hear there is no more problem.
If OTL cleanup took care of the other files, just leave them be.
System restore can be purged by disabling it. That shall delete all the old restore points. The following Vista guide is similar to what you have for Windows 7.
http://www.bleepingcomputer.com/tutorials/windows-vista-system-restore-guide/
Jack&Jill
2012-07-26, 12:06
As your problems appear to have been resolved, this topic is now closed.
We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read:
Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)