PDA

View Full Version : question about ""oauth ? client"...



joselepiu
2013-02-02, 19:11
hello...
im back again, now i have a question about what i think is a web address that i think is a key logger or something like that...

a couple of days back i was on facebook & i clicked on a link for what i thought it was a youtube video, from a friend facebook page...

everything got mixed up, all the buttons on my desktop, toolbars, taskbar, quick launch, the bar where the clock is went blank, instead the icons & the names of files & folders everything was white...

i unplugged the cable from the modem as fast as i could, & the green light on front on my comp stood lit up for more than an hour, i could not do anything, not even move the mouse, after that i turn off the comp by pushing the power button on the comp...

when i turn the comp back on after let say 2 hours and try to do any thing on the internet i saw that when im loading / going to any page, above the start button there a bunch of web addresses that change very rapidly i have notice that there is this one ""https:// www. facebook .com/dialog /oauth?client _id=16995676698&response_ type=token%2C signed_request %2Cc"" (no spaces) that it stays on a bit longer that the others, even when im not logged in on face book...

with every different web site that i visit the numbers between the ""id="" & the ""&response"" part changes, i was told that it might be a key logger...

i have scan my computer with everything i can think of, (avg, spybot, kaspersky, Adaware, malwarebytes, avast free antivirus, spywareblaste, IObit Malware Fighter, SUPERAntiSpyware)... & they results vary but the most uncommon ones that they have report are these:...

the kaspersky...

1."Autorun from hard drives is allowed"
2."Autorun from network drives is enabled"
3."CD/DVD autorun is enabled"
4."Removable media autorun is enabled"
5."Microsoft Internet Explorer: clear history of typed URLs"
6."Microsoft Internet Explorer - disable caching data received via protected channel"
7."Microsoft Internet Explorer: disable sending error reports"
8."Microsoft Internet Explorer: delete cookies"
9."Microsoft Internet Explorer: clear the list of trusted domains"
10."Microsoft Internet Explorer: enable cache autocleanup on browser closing"
11."Microsoft Internet Explorer: start page reset"

the avg shows that all my excel & my word docs have macros in them, weird part about that is that i dont use that, i dont even know haw to use or create macros...

i open a new excel worksheet & i saved it empty, nothing on it, i scanned my comp after that & it showed that it had macros...

i dont remember that happening before...

please advice on what steps can i do / follow to fix or verified everything id ok...

in advance thanks again...

i posted a new thread @ http://forums.whatthetech.com with this url... http://forums.whatthetech.com/index.php?&act=post&do=reply_post&f=119&t=125524 & was told there to create new OTL & aswMBR scan logs, so here they are...

like i said before i could not run DDS, when i try i receive this...

i hope this helps to help me fix my comp...

thx...

""DDS not supported

This operating system is not supperted!
DDS only runs on:

*Windows 2000
*Windows XP (32 bit)
*Windows VIsta (32/64 bit)
*Windows 7 (32/64 bit)
*Windows 8 (32/64 bit)""...

aswMBR

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-12 16:04:24
-----------------------------
16:04:24.531 OS Version: Windows x64 5.2.3790 Service Pack 2
16:04:24.531 Number of processors: 2 586 0x2B01
16:04:24.531 ComputerName: FAM-PUTTER UserName: D J RAC
16:04:27.328 Initialize success
16:04:47.703 AVAST engine defs: 13021200
16:11:48.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-e
16:11:48.859 Disk 0 Vendor: WDC_WD5000AAKB-00H8A0 05.04E05 Size: 476940MB BusType: 3
16:11:48.921 Disk 0 MBR read successfully
16:11:48.921 Disk 0 MBR scan
16:11:48.968 Disk 0 Windows XP default MBR code
16:11:49.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
16:11:49.171 Disk 0 scanning C:\WINDOWS\system32\drivers
16:12:21.296 Service scanning
16:12:36.296 Modules scanning
16:12:36.296 Disk 0 trace - called modules:
16:12:36.312 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS hal.dll
16:12:36.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffadfa3efb060]
16:12:36.328 3 CLASSPNP.SYS[fffffadf98e0a8c9] -> nt!IofCallDriver -> \Device\00000068[0xfffffadfa3895060]
16:12:36.328 5 ACPI.sys[fffffadf98fa9e69] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-e[0xfffffadfa49d5c30]
16:12:38.406 AVAST engine scan C:\
19:45:30.765 Scan finished successfully
19:48:42.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\D J RAC\Desktop\MBR.dat"
19:48:42.015 The log file has been saved successfully to "C:\Documents and Settings\D J RAC\Desktop\C - AVG OFF aswMBR.txt"


OTL...

OTL logfile created on: 2/12/2013 9:41:41 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.69 Gb Total Physical Memory | 2.98 Gb Available Physical Memory | 80.97% Memory free
13.23 Gb Paging File | 12.74 Gb Available in Paging File | 96.34% Paging File free
Paging file location(s): c:\pagefile.sys 10000 10000

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 66.93 Gb Free Space | 14.37% Space Free | Partition Type: NTFS
Drive D: | 3.68 Gb Total Space | 3.66 Gb Free Space | 99.33% Space Free | Partition Type: FAT32

Computer Name: FAM-PUTTER | User Name: D J RAC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/12 07:12:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2013/01/22 19:42:20 | 000,945,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
PRC - [2013/01/19 19:55:02 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\D J RAC\Desktop\java temp & cache files\bin\jqs.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG AntiVirus 2013 Ver 2013 0 2742\avgui.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG AntiVirus 2013 Ver 2013 0 2742\avgwdsvc.exe
PRC - [2011/05/24 23:08:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2006/08/03 04:12:36 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2004/07/21 15:28:02 | 000,413,807 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2004/07/21 15:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC PowerChute Personal Edition\mainserv.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/22 19:42:20 | 000,945,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
MOD - [2011/05/04 23:03:28 | 001,123,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvwimg.dll
MOD - [2011/05/04 23:03:22 | 001,558,120 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll


========== Services (SafeList) ==========

SRV - [2013/01/22 19:42:20 | 000,945,328 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2013/01/19 19:55:02 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Documents and Settings\D J RAC\Desktop\java temp & cache files\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG AntiVirus 2013 Ver 2013 0 2742\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG AntiVirus 2013 Ver 2013 0 2742\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/14 22:15:34 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\IMAPI.EXE -- (ImapiService)
SRV - [2011/05/24 23:08:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/08/18 00:31:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/07/25 10:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/16 23:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2004/07/21 15:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


========== Driver Services (SafeList) ==========

DRV - [2006/10/31 00:25:02 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\Drivers\BIOS64.sys -- (BIOS)
DRV - [2006/03/29 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2006/03/29 05:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)
DRV - [2003/07/30 01:02:00 | 000,047,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\pxhelp64.sys -- (PxHelp64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:[B]64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\..\SearchScopes\{30BC77FE-4B53-41DD-9969-75CC51DDB96C}: "URL" = http://search.avg.com/route/?d=4dbb5d33&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={257645A7-55BB-4505-A86B-6DB2BBE2D7D6}&mid=42c70532a4de47d1a444d1a90bf8bb87-8d758629d5135f4470f57152dc116841b6490bd7&lang=en&ds=AVG&pr=fr&d=2012-11-07 19:46:09&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\..\SearchScopes\{9B9DB46E-1D45-4CF6-8145-BB8C8DB9A2E5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={257645A7-55BB-4505-A86B-6DB2BBE2D7D6}&mid=42c70532a4de47d1a444d1a90bf8bb87-8d758629d5135f4470f57152dc116841b6490bd7&lang=en&ds=AVG&pr=fr&d=2012-11-07 19:46:09&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1004\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={257645A7-55BB-4505-A86B-6DB2BBE2D7D6}&mid=42c70532a4de47d1a444d1a90bf8bb87-8d758629d5135f4470f57152dc116841b6490bd7&lang=en&ds=AVG&pr=fr&d=2012-11-07 19:46:09&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-334292207-2319730254-1780565897-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-334292207-2319730254-1780565897-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&seamless=novl&offerId=newmail-en-us-v2&authLev=0&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Amail.aol.com%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3A1b30170e-56cc-44aa-8034-7de57febc0fc&locale=us"
FF - prefs.js..extensions.enabledAddons: {2A1D5949-B519-4924-BF62-8522FE0D5274}:0.17
FF - prefs.js..extensions.enabledAddons: avg@toolbar:14.0.2.14
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={257645A7-55BB-4505-A86B-6DB2BBE2D7D6}&mid=42c70532a4de47d1a444d1a90bf8bb87-8d758629d5135f4470f57152dc116841b6490bd7&lang=en&ds=AVG&pr=fr&d=2012-11-07 19:46:09&pid=avg&sg=&v=14.0.2.14&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Documents and Settings\D J RAC\Desktop\java temp & cache files\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.0.2.14 [2013/01/22 19:43:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Firefox 4 0 1\components [2011/08/21 12:42:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Firefox 4 0 1\plugins [2013/01/13 13:14:46 | 000,000,000 | ---D | M]

[2011/04/29 21:58:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\D J RAC\Application Data\Mozilla\Extensions
[2012/09/21 08:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\D J RAC\Application Data\Mozilla\Firefox\Profiles\6c58iex6.default\extensions
[2012/01/24 07:50:55 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\D J RAC\Application Data\Mozilla\Firefox\Profiles\6c58iex6.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/12/16 02:32:54 | 001,096,733 | ---- | M] () (No name found) -- C:\Documents and Settings\D J RAC\Application Data\Mozilla\Firefox\Profiles\6c58iex6.default\extensions\friendlygamingsimplifier@flies.xpi
[2012/01/24 07:50:52 | 000,031,123 | ---- | M] () (No name found) -- C:\Documents and Settings\D J RAC\Application Data\Mozilla\Firefox\Profiles\6c58iex6.default\extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274}.xpi
[2012/03/07 00:08:46 | 000,550,037 | ---- | M] () (No name found) -- C:\Documents and Settings\D J RAC\Application Data\Mozilla\Firefox\Profiles\6c58iex6.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi
[2013/01/22 19:43:01 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\FIREFOXEXT\14.0.2.14

========== Chrome ==========

CHR - homepage: https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&seamless=novl&offerId=newmail-en-us-v2&authLev=0&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Amail.aol.com%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3A860c879f-cfa2-4481-8a7b-abebafec9ff8&locale=us
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={257645A7-55BB-4505-A86B-6DB2BBE2D7D6}&mid=42c70532a4de47d1a444d1a90bf8bb87-8d758629d5135f4470f57152dc116841b6490bd7&lang=en&ds=AVG&pr=fr&d=2012-11-07 19:46:09&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://isearch.avg.com/?cid={257645A7-55BB-4505-A86B-6DB2BBE2D7D6}&mid=42c70532a4de47d1a444d1a90bf8bb87-8d758629d5135f4470f57152dc116841b6490bd7&lang=en&ds=AVG&pr=fr&d=2012-11-07 19:46:09&v=14.0.2.14&pid=avg&sg=&sap=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google Chrome Ver 19 0 1084 56 m\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google Chrome Ver 19 0 1084 56 m\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google Chrome Ver 19 0 1084 56 m\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Firefox 4 0 1\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\WINDOWS\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Secure Search = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.0.2.14_0\
CHR - Extension: Gmail = C:\Documents and Settings\D J RAC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 1 6 2\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Documents and Settings\D J RAC\Desktop\java temp & cache files\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Documents and Settings\D J RAC\Desktop\java temp & cache files\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O3:64bit: - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKU\S-1-5-21-334292207-2319730254-1780565897-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKU\S-1-5-21-334292207-2319730254-1780565897-1004\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKU\S-1-5-21-334292207-2319730254-1780565897-500\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login File not found
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG AntiVirus 2013 Ver 2013 0 2742\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-334292207-2319730254-1780565897-1003..\Run: [ROC_JAN2013_TB] C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe ()
O4 - HKU\S-1-5-21-334292207-2319730254-1780565897-1004..\Run: [ROC_JAN2013_TB] C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe ()
O4 - HKU\S-1-5-21-334292207-2319730254-1780565897-1006..\Run: [ROC_JAN2013_TB] C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe ()
O4 - HKU\S-1-5-21-334292207-2319730254-1780565897-500..\Run: [ROC_JAN2013_TB] C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-21-334292207-2319730254-1780565897-1006..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files (x86)\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\D J RAC\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-500\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-334292207-2319730254-1780565897-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 1 6 2\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343725396718 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343725372703 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\termsrv: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\D J RAC\Desktop\pics all\el paso - cd juarez from space.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\D J RAC\Desktop\pics all\el paso - cd juarez from space.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/28 05:43:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{13f32b4a-303f-11e2-a8a1-00e04d1c5274}\Shell - "" = AutoRun
O33 - MountPoints2\{13f32b4a-303f-11e2-a8a1-00e04d1c5274}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{13f32b4a-303f-11e2-a8a1-00e04d1c5274}\Shell\AutoRun\command - "" = E:\UEZLink.exe
O33 - MountPoints2\{33184909-35c6-11e2-833a-00e04d1c5274}\Shell - "" = AutoRun
O33 - MountPoints2\{33184909-35c6-11e2-833a-00e04d1c5274}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33184909-35c6-11e2-833a-00e04d1c5274}\Shell\AutoRun\command - "" = G:\UEZLink.exe
O33 - MountPoints2\{d00ce060-8360-11e0-8e77-00e04d1c5274}\Shell - "" = AutoRun
O33 - MountPoints2\{d00ce060-8360-11e0-8e77-00e04d1c5274}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d00ce060-8360-11e0-8e77-00e04d1c5274}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{f3af2fff-75ae-11e0-942b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f3af2fff-75ae-11e0-942b-806e6f6e6963}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f3af2fff-75ae-11e0-942b-806e6f6e6963}\Shell\AutoRun\command - "" = Z:\splash.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVGANT~1\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/12 11:02:48 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\D J RAC\Desktop\aswMBR.exe
[2013/02/03 15:36:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\D J RAC\Recent
[2013/02/03 10:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\erunt back ups
[2013/02/03 10:21:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/02/03 10:21:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/02/03 10:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\dds
[2013/02/01 17:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\creds
[2013/01/25 23:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\mexichilen
[2013/01/19 19:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/01/19 19:55:35 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2013/01/19 19:55:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2013/01/19 19:55:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2013/01/19 19:55:15 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2013/01/19 19:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\java temp & cache files
[2013/01/18 02:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D J RAC\Desktop\utube

========== Files - Modified Within 30 Days ==========

[2013/02/12 21:33:10 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/02/12 21:30:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/12 19:48:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\MBR.dat
[2013/02/12 07:15:40 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\D J RAC\Desktop\aswMBR.exe
[2013/02/03 10:22:03 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\D J RAC\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/02/03 10:21:45 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\ERUNT.lnk
[2013/01/26 23:06:20 | 000,000,202 | ---- | M] () -- C:\WINDOWS\youtube2mp3.ini
[2013/01/26 00:15:48 | 012,816,744 | ---- | M] () -- C:\Documents and Settings\D J RAC\Desktop\Musica Nortena.flv
[2013/01/25 17:02:40 | 000,123,392 | ---- | M] () -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/24 18:41:32 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_Prisci & Vane.job
[2013/01/19 19:55:02 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2013/01/19 19:55:01 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll
[2013/01/19 19:55:01 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\deployJava1.dll
[2013/01/19 19:55:01 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2013/01/19 19:55:01 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2013/01/19 19:55:01 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2013/01/19 19:55:01 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl
[2013/01/18 00:25:00 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\d3d9caps.dat
[2013/01/15 13:05:15 | 000,000,085 | ---- | M] () -- C:\Documents and Settings\D J RAC\My Documents\Default.PLS

========== Files Created - No Company Name ==========

[2013/02/12 16:03:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\MBR.dat
[2013/02/03 10:22:03 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\D J RAC\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/02/03 10:21:45 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\ERUNT.lnk
[2013/01/26 00:11:57 | 012,816,744 | ---- | C] () -- C:\Documents and Settings\D J RAC\Desktop\Musica Nortena.flv
[2013/01/24 18:41:31 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_Prisci & Vane.job
[2013/01/22 19:43:01 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2012/12/30 20:03:13 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\d3d9caps.dat
[2012/12/27 23:23:48 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2012/12/03 20:41:46 | 000,291,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/11/02 12:04:58 | 000,000,173 | ---- | C] () -- C:\WINDOWS\muma7.INI
[2012/11/02 12:00:17 | 000,000,175 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2012/11/02 11:58:02 | 000,056,832 | ---- | C] () -- C:\WINDOWS\SysWow64\Iyvu9_32.dll
[2012/11/02 11:57:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\SysWow64\vidx16.dll
[2012/11/02 11:54:49 | 000,000,086 | ---- | C] () -- C:\WINDOWS\magix.ini
[2012/10/27 20:55:54 | 000,000,202 | ---- | C] () -- C:\WINDOWS\youtube2mp3.ini
[2012/10/17 18:21:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\NVCPL.DLL
[2012/10/14 22:15:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\IMAPI.EXE
[2012/08/29 08:48:37 | 000,000,241 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2012/08/29 08:48:37 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2012/08/29 08:48:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2012/08/29 08:46:04 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2012/08/23 02:53:01 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\dt.dat
[2012/01/25 17:29:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/12/24 14:08:44 | 000,123,392 | ---- | C] () -- C:\Documents and Settings\D J RAC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/06 18:20:31 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/05/06 18:20:31 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/04/30 22:55:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/04/29 21:57:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/29 13:52:03 | 000,593,378 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011/04/28 07:20:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SysWow64\ChCfg.exe
[2011/04/28 07:20:26 | 000,143,360 | ---- | C] () -- C:\WINDOWS\SysWow64\RtlCPAPI.dll
[2011/04/28 07:20:25 | 000,037,376 | ---- | C] () -- C:\WINDOWS\CPLUtl64.exe
[2011/04/28 05:48:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/04/27 21:48:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== ZeroAccess Check ==========

[2011/04/29 13:51:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = %SystemRoot%\system32\shdocvw.dll
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2007/02/18 10:05:50 | 001,508,352 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\fastprox.dll
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2009/03/19 18:51:22 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\wbemess.dll
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5547042D
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE

< End of report >

shelf life
2013-02-17, 16:26
I believe the list you posted from Kaspersky are nothing more than suggestions for you generated by the software based on your current set up.

You can disable macros (http://www.bc.edu/offices/help/security/virus/macrovirus.html) in your office tools/preferences etc. sounds like another suggestion from the software.

joselepiu
2013-02-18, 07:52
any word on the log scans?...

joselepiu
2013-02-18, 07:55
or on the "" https:// www. facebook .com/dialog /oauth?client _id ""?...

shelf life
2013-02-19, 01:38
any word on the log scans?...
Logs look ok.


or on the "" https:// www. facebook .com/dialog /oauth?client _id ""?..
All good
https is more secure than standard http
oauth is a client-server authentication model

joselepiu
2013-02-19, 17:22
so is my comp infected with a virus, malware, trojans or something or not?... what about what happen when all of my problems started?...


everything got mixed up, all the buttons on my desktop, toolbars, taskbar, quick launch, the bar where the clock is went blank, instead of the icons & the names of files & folders everything was white...

i unplugged the cable from the modem as fast as i could, & the green light on front on my comp stood lit up for more than an hour, i could not do anything, not even move the mouse, after that, i turn off the comp by pushing the power button on the comp...

& still takes up to 8 mins to turn on after i push the power button...

or off after i click on the turn off button on the start menu...

please advice...

thx...

shelf life
2013-02-20, 00:49
so is my comp infected with a virus, malware, trojans or something or not?
Not that I can tell. Plus you have run several antimalware apps yourself:

i have scan my computer with everything i can think of, (avg, spybot, kaspersky, Adaware, malwarebytes, avast free antivirus, spywareblaste, IObit Malware Fighter, SUPERAntiSpyware) And I assume these are all coming up clean.

If you click crtl-alt-delete on your desktop to bring up task manager. Under the process tab you can click on Image Name to sort a-z. Do you see a explorer.exe listed? File>exit to close task manager.

joselepiu
2013-02-20, 03:04
yes, the explorer.exe is there... is it supposed to be there?... & what about the long time for it to boot up & shut off?... i dont remember it to be that long...


& still takes up to 8 mins to turn on & off after i push the power button...

or off after i click on the turn off button on the start menu...

please advice...

thx...

shelf life
2013-02-20, 04:34
Yes it is supposed to be there. Trying to account for the task bar problem. Maybe a corrupt user profile, you can try creating a new user account (http://support.microsoft.com/kb/279783) as a experiment and see if the desktop behaves any better.
Not sure if that link is the correct way to create a account for Server 2003. May be similar to XP. Maybe you already know how to do it, in any case once you create it log out of your account then back in on the new one you just made. See if its any better. Then we will go from there based on the results. The shutdown/start will be a separate issue.

joselepiu
2013-02-20, 23:47
""task bar problem""... what task bar problem?... any way i did that and the problem is the same... it still takes a lot of time to boot up & shut down... even with the new user account... now what can we do?... whats the next step?...

shelf life
2013-02-21, 00:42
""task bar problem""... what task bar problem?


everything got mixed up, all the buttons on my desktop, toolbars, taskbar, quick launch, the bar where the clock is went blank,

Dosnt look like a malware issue so I would just continue in the post you had started over at the WTT forum.

joselepiu
2013-02-21, 22:54
a couple of days back i was on facebook & i clicked on a link for what i thought it was a youtube video, from a friend facebook page...

everything got mixed up, all the buttons on my desktop, toolbars, taskbar, quick launch, the bar where the clock is went blank, instead the icons & the names of files & folders everything was white...


that happen when i clicked on the link for the video...

but i dont have that problem anymore, that was just @ that moment...

my problems right now are...

1-. it takes a lot longer to boot up & to shut down than before i tried to watch that video, about 8 minutes now versus 2 or 3 @ the most before that...

2-. the issue with the ""https:// www. facebook .com/dialog /oauth?client _id=16995676698&response_ type=token%2C signed_request %2Cc""

that just kind of hangs for a few seconds, even if i not logged in in facebook...

i guess there was a misunderstanding from the begining...

so what can i do to solve these issues?...

please advice...

shelf life
2013-02-22, 02:01
We can get another look for malware. See if this will run on your machine:

Download TDSSkiller.exe to your desktop

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Click the icon, then on Change Parameters. Check the option: Detect TDLFS file system, then click ok and Start Scan

Once the scan is done you will find a .txt file in your root drive Local Disk, usually (C) labeled as: TDSSKILLER.2.8.13.0_15.10.2012_17.34.06_log.txt (version,date, time)

Please copy/paste the log file in your reply.

joselepiu
2013-02-23, 01:45
15:24:32.0265 2404 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:24:32.0328 2404 ============================================================
15:24:32.0328 2404 Current date / time: 2013/02/22 15:24:32.0328
15:24:32.0328 2404 SystemInfo:
15:24:32.0328 2404
15:24:32.0328 2404 OS Version: 5.2.3790 ServicePack: 2.0
15:24:32.0328 2404 Product type: Workstation
15:24:32.0328 2404 ComputerName: FAM-PUTTER
15:24:32.0328 2404 UserName: D J RAC
15:24:32.0328 2404 Windows directory: C:\WINDOWS
15:24:32.0328 2404 System windows directory: C:\WINDOWS
15:24:32.0328 2404 Running under WOW64
15:24:32.0328 2404 Processor architecture: Intel x64
15:24:32.0328 2404 Number of processors: 2
15:24:32.0328 2404 Page size: 0x1000
15:24:32.0328 2404 Boot type: Normal boot
15:24:32.0328 2404 ============================================================
15:24:33.0531 2404 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
15:24:33.0531 2404 Drive \Device\Harddisk1\DR2 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:24:33.0546 2404 ============================================================
15:24:33.0546 2404 \Device\Harddisk0\DR0:
15:24:33.0546 2404 MBR partitions:
15:24:33.0546 2404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
15:24:33.0546 2404 \Device\Harddisk1\DR2:
15:24:33.0546 2404 MBR partitions:
15:24:33.0546 2404 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760000
15:24:33.0546 2404 ============================================================
15:24:33.0578 2404 C: <-> \Device\Harddisk0\DR0\Partition1
15:24:33.0578 2404 ============================================================
15:24:33.0578 2404 Initialize success
15:24:33.0578 2404 ============================================================
15:25:24.0656 1440 ============================================================
15:25:24.0656 1440 Scan started
15:25:24.0656 1440 Mode: Manual; TDLFS;
15:25:24.0656 1440 ============================================================
15:25:24.0890 1440 ================ Scan system memory ========================
15:25:24.0890 1440 System memory - ok
15:25:24.0890 1440 ================ Scan services =============================
15:25:24.0968 1440 Abiosdsk - ok
15:25:25.0031 1440 [ 0CC42D1FB637112DE6F6196DDAF83DEC ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:25:25.0031 1440 ACPI - ok
15:25:25.0062 1440 [ A4D4F508BC6613442B0C32CDE443E382 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:25:25.0078 1440 ACPIEC - ok
15:25:25.0078 1440 adpu160m - ok
15:25:25.0093 1440 adpu320 - ok
15:25:25.0125 1440 [ 92500BC3A6E241BBC357F532DD500A75 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:25:25.0140 1440 aec - ok
15:25:25.0187 1440 [ AC7010DDE9111A1C65D7391ADA5C7257 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
15:25:25.0187 1440 AeLookupSvc - ok
15:25:25.0250 1440 [ 886C37D055020D0D02C35AC5B84E76AB ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:25:25.0250 1440 AFD - ok
15:25:25.0265 1440 aic78u2 - ok
15:25:25.0281 1440 aic78xx - ok
15:25:25.0390 1440 [ E355C9E7D0BD98C4D6356A2B61DAADEC ] ALCXWDM C:\WINDOWS\system32\drivers\ALCWDM64.SYS
15:25:25.0484 1440 ALCXWDM - ok
15:25:25.0515 1440 [ AFA2CF7CB731CA177CCCFFFFE5D88776 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:25:25.0515 1440 Alerter - ok
15:25:25.0546 1440 [ 2D21FF6D4CD30E679F1A294D5BA3D97B ] ALG C:\WINDOWS\System32\alg.exe
15:25:25.0546 1440 ALG - ok
15:25:25.0562 1440 AliIde - ok
15:25:25.0578 1440 AmdIde - ok
15:25:25.0593 1440 [ 2540324C0C4DFCA1D942050FBDA55C92 ] AmdK8 C:\WINDOWS\system32\DRIVERS\amdk8.sys
15:25:25.0593 1440 AmdK8 - ok
15:25:25.0656 1440 [ 29DEB59DE57EA97553B1566F04B39D11 ] APC UPS Service C:\Program Files (x86)\APC PowerChute Personal Edition\mainserv.exe
15:25:25.0656 1440 APC UPS Service - ok
15:25:25.0703 1440 [ 4F6B2DE8BC199C542F174844BB64485A ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:25:25.0703 1440 AppMgmt - ok
15:25:25.0718 1440 arc - ok
15:25:25.0859 1440 [ F9F0F095586009E5DA0C32E648AA99FA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
15:25:25.0859 1440 aspnet_state - ok
15:25:25.0890 1440 [ 7380ACDD2D8E6621392E56D9A0467FE4 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:25:25.0890 1440 AsyncMac - ok
15:25:25.0906 1440 [ 7A1814D0D112F50F828E25557A1ED29F ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:25:25.0906 1440 atapi - ok
15:25:25.0906 1440 Atdisk - ok
15:25:25.0968 1440 [ 0DAD7395184B8C7ABC9F596FD0AF9704 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
15:25:26.0000 1440 Ati HotKey Poller - ok
15:25:26.0187 1440 [ B73DDB154E45D4A0AE8F91A5B490FD5F ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:25:26.0359 1440 ati2mtag - ok
15:25:26.0406 1440 [ 62D65FCE5695B53A2DDF92E83111EA06 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:25:26.0406 1440 Atmarpc - ok
15:25:26.0437 1440 [ 0DA015AB1EE54988572CFC4B7644556A ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:25:26.0437 1440 AudioSrv - ok
15:25:26.0484 1440 [ 1437089F59DBA75FEE4ED959077A938E ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:25:26.0500 1440 audstub - ok
15:25:26.0718 1440 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG AntiVirus 2013 Ver 2013 0 2742\avgidsagent.exe
15:25:26.0875 1440 AVGIDSAgent - ok
15:25:26.0921 1440 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdrivera.sys
15:25:26.0921 1440 AVGIDSDriver - ok
15:25:26.0937 1440 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\WINDOWS\system32\DRIVERS\avgidsha.sys
15:25:26.0953 1440 AVGIDSHA - ok
15:25:26.0984 1440 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\WINDOWS\system32\DRIVERS\avgldx64.sys
15:25:27.0000 1440 Avgldx64 - ok
15:25:27.0031 1440 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\WINDOWS\system32\DRIVERS\avgloga.sys
15:25:27.0031 1440 Avgloga - ok
15:25:27.0046 1440 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\WINDOWS\system32\DRIVERS\avgmfx64.sys
15:25:27.0046 1440 Avgmfx64 - ok
15:25:27.0093 1440 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\WINDOWS\system32\DRIVERS\avgrkx64.sys
15:25:27.0093 1440 Avgrkx64 - ok
15:25:27.0140 1440 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\WINDOWS\system32\DRIVERS\avgtdia.sys
15:25:27.0140 1440 Avgtdia - ok
15:25:27.0187 1440 [ 95AED7BB68CF3381AF19DA81BC7DD3FB ] avgtp C:\WINDOWS\system32\drivers\avgtpx64.sys
15:25:27.0187 1440 avgtp - ok
15:25:27.0234 1440 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG AntiVirus 2013 Ver 2013 0 2742\avgwdsvc.exe
15:25:27.0250 1440 avgwd - ok
15:25:27.0296 1440 [ 8BA2E5CDFDE406DC4646AFB894804844 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:25:27.0296 1440 Beep - ok
15:25:27.0359 1440 [ 00CADB1BC2D0030F0B2A1063618B6BD7 ] BIOS C:\WINDOWS\system32\drivers\BIOS64.sys
15:25:27.0359 1440 BIOS - ok
15:25:27.0406 1440 [ 749C15323919984A6E08BAD427D89936 ] BITS C:\WINDOWS\system32\qmgr.dll
15:25:27.0437 1440 BITS - ok
15:25:27.0484 1440 [ 3F12A27C914C83CACA78B6DBF4C39FA2 ] Browser C:\WINDOWS\System32\browser.dll
15:25:27.0484 1440 Browser - ok
15:25:27.0531 1440 [ 982563CF02CD6D4E5D8E0F4B5CBB9B6A ] CdaC15BA C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys
15:25:27.0531 1440 CdaC15BA - ok
15:25:27.0562 1440 [ 9067D96899D98CA4535A76E8C8B2E3A5 ] CdaD10BA C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys
15:25:27.0578 1440 CdaD10BA - ok
15:25:27.0593 1440 [ 4D99E36322FB51A8D1B2B6D6B69D9889 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:25:27.0593 1440 Cdfs - ok
15:25:27.0625 1440 [ 11663FE50E499FFEE77979542B285F38 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:25:27.0625 1440 Cdrom - ok
15:25:27.0656 1440 [ 46C54F209031AFA0F100D0703FC346DA ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:25:27.0671 1440 CiSvc - ok
15:25:27.0687 1440 [ 74F11D0323666D9F615A2D3692590122 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:25:27.0687 1440 ClipSrv - ok
15:25:27.0812 1440 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:25:27.0828 1440 clr_optimization_v2.0.50727_32 - ok
15:25:27.0843 1440 [ FA58B51ED71C9133E141164EAA7C54EB ] clr_optimization_v2.0.50727_64 c:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:25:27.0875 1440 clr_optimization_v2.0.50727_64 - ok
15:25:27.0906 1440 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:25:27.0921 1440 clr_optimization_v4.0.30319_32 - ok
15:25:27.0984 1440 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:25:27.0984 1440 clr_optimization_v4.0.30319_64 - ok
15:25:28.0000 1440 CmdIde - ok
15:25:28.0015 1440 [ 35F6977863F97D80D3E30F8FF0C293A4 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:25:28.0015 1440 Compbatt - ok
15:25:28.0015 1440 COMSysApp - ok
15:25:28.0062 1440 [ 423F7A6E3AF4C2A73C8C8AD945F72CBA ] crcdisk C:\WINDOWS\system32\DRIVERS\crcdisk.sys
15:25:28.0062 1440 crcdisk - ok
15:25:28.0109 1440 [ 8B0B3744C60936ACAE31012799DB3982 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:25:28.0109 1440 CryptSvc - ok
15:25:28.0187 1440 [ A6130365606F3D6332B014FC3DA931AA ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:25:28.0218 1440 DcomLaunch - ok
15:25:28.0250 1440 [ DE4C841DDA8D5800515A5CA908580A36 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:25:28.0250 1440 Dhcp - ok
15:25:28.0265 1440 [ 417D7B9C6F36685A417E54690F8BD7B2 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:25:28.0265 1440 Disk - ok
15:25:28.0281 1440 dmadmin - ok
15:25:28.0312 1440 [ 19D704C92C2E2BD4DC99DB18A3523918 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:25:28.0343 1440 dmboot - ok
15:25:28.0375 1440 [ B293CE1C9243219F6B9E5DBCAA75B962 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:25:28.0375 1440 dmio - ok
15:25:28.0390 1440 [ C294E31D6CB7407A43C96EC1FEC1F8A4 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:25:28.0390 1440 dmload - ok
15:25:28.0406 1440 [ 76F7E7922F428BE040F800920BB8FF3B ] dmserver C:\WINDOWS\System32\dmserver.dll
15:25:28.0406 1440 dmserver - ok
15:25:28.0453 1440 [ 19C1612C4F5D828935D2270C7AF13E6E ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:25:28.0453 1440 Dnscache - ok
15:25:28.0468 1440 dpti2o - ok
15:25:28.0515 1440 [ B063A36E4E027A9DBE2B019EBBBEAE86 ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:25:28.0515 1440 ERSvc - ok
15:25:28.0578 1440 [ 1E07EE3F50DFF2FE9B0A9D196E82698F ] Eventlog C:\WINDOWS\system32\services.exe
15:25:28.0578 1440 Eventlog - ok
15:25:28.0625 1440 [ CDEF30A1DCFFCAF6A4E8B7812AE79C95 ] EventSystem C:\WINDOWS\system32\es.dll
15:25:28.0640 1440 EventSystem - ok
15:25:28.0703 1440 [ 7C713B9F6F968F135D3D819492882CDD ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:25:28.0718 1440 Fastfat - ok
15:25:28.0734 1440 [ 7E35D423FF10AB5B8AF1D3DE86236690 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:25:28.0734 1440 Fdc - ok
15:25:28.0750 1440 [ 73EA9000F8FB2E060954EB7C3377A3C7 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:25:28.0750 1440 Fips - ok
15:25:28.0781 1440 [ 8AC77974378EAC3548330951A5DEEEBF ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:25:28.0781 1440 Flpydisk - ok
15:25:28.0828 1440 [ 087DB260F98056AC40261ACAE4240882 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:25:28.0828 1440 FltMgr - ok
15:25:28.0875 1440 [ 8A4DCD28D2BE12946F6D5D308B0942A6 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
15:25:28.0875 1440 FontCache3.0.0.0 - ok
15:25:28.0906 1440 [ 70DF80567A55A97894B4E8952EC5E7FC ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:25:28.0906 1440 Fs_Rec - ok
15:25:28.0937 1440 [ E90AA7C073519DD8571670818CB85CCB ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:25:28.0937 1440 Ftdisk - ok
15:25:28.0953 1440 [ 865D4D0B4E3730EF8040000CFB846D9F ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:25:28.0953 1440 Gpc - ok
15:25:29.0000 1440 [ D36E47728CDBC8D17A77D36A6CBC29BB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:25:29.0015 1440 HDAudBus - ok
15:25:29.0093 1440 [ 40E274B64843813A81C42687592339D7 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:25:29.0093 1440 helpsvc - ok
15:25:29.0125 1440 [ DDD74D94D018BCB66CA31E4533925695 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
15:25:29.0125 1440 HidBatt - ok
15:25:29.0171 1440 [ 9648AD494BE12B39ACC2DB638E2340A0 ] HidServ C:\WINDOWS\System32\hidserv.dll
15:25:29.0171 1440 HidServ - ok
15:25:29.0203 1440 [ F32BEC5614A61BBB2BEDE070D279F88B ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:25:29.0203 1440 hidusb - ok
15:25:29.0250 1440 [ B54738DF11D0E06072BF9C332DB1D254 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:25:29.0265 1440 HTTP - ok
15:25:29.0312 1440 [ 1A782D5CA033F553F0BE54546EBF3B4F ] HTTPFilter C:\WINDOWS\System32\lsass.exe
15:25:29.0312 1440 HTTPFilter - ok
15:25:29.0328 1440 [ 50FD608643D9B56C4C75C0784513F77E ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:25:29.0328 1440 i8042prt - ok
15:25:29.0390 1440 IASJet - ok
15:25:29.0453 1440 [ 501CF65702D7F64C38DB360F7EB07ADC ] idsvc c:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:25:29.0484 1440 idsvc - ok
15:25:29.0500 1440 iirsp - ok
15:25:29.0546 1440 [ D2E541613B72FF9FCEDF37B166930706 ] imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:25:29.0546 1440 imapi - ok
15:25:29.0609 1440 [ 9014C144CD95EEE1F5884664A4BFB4D8 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:25:29.0609 1440 ImapiService - ok
15:25:29.0640 1440 IntelIde - ok
15:25:29.0656 1440 [ 6601A43EE389D0ADB11AAEDE9A98036B ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:25:29.0671 1440 Ip6Fw - ok
15:25:29.0687 1440 [ 1B1B4654A5492A42D2E1BF5B2B22D32B ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:25:29.0687 1440 IpFilterDriver - ok
15:25:29.0734 1440 [ 088ECB04137DF1F52EC10C29D57A8CCA ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:25:29.0734 1440 IpNat - ok
15:25:29.0750 1440 [ DB841EC6F027C780002EF47AABFDDF86 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:25:29.0765 1440 IPSec - ok
15:25:29.0796 1440 [ 8B7015EA0171242CCA03C2FB48CCC771 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:25:29.0796 1440 IRENUM - ok
15:25:29.0828 1440 [ D994162E4D8E931FC16A892A87852BBB ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:25:29.0828 1440 isapnp - ok
15:25:30.0000 1440 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Documents and Settings\D J RAC\Desktop\java temp & cache files\bin\jqs.exe
15:25:30.0000 1440 JavaQuickStarterService - ok
15:25:30.0015 1440 [ E85095372008A9194C7ED6206CB782DA ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:25:30.0015 1440 Kbdclass - ok
15:25:30.0031 1440 [ 1B280B3B4C10CC2E3EC3AEC17EB6B658 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:25:30.0046 1440 kmixer - ok
15:25:30.0078 1440 [ EDCDC587073AC4BE72C5A66FE30ACA00 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:25:30.0078 1440 KSecDD - ok
15:25:30.0109 1440 [ 5CB302B6CAACE41AF70C34B56EB3DB23 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
15:25:30.0109 1440 ksthunk - ok
15:25:30.0171 1440 [ 4D8E9A805ADD244B5C511147A5D9BB8C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:25:30.0171 1440 lanmanserver - ok
15:25:30.0218 1440 [ BF4105D3EB357652A4EA73F170715ACD ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:25:30.0234 1440 lanmanworkstation - ok
15:25:30.0265 1440 [ 80DB42573F8EF6CBB6A7A0FF6966A352 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:25:30.0265 1440 LmHosts - ok
15:25:30.0390 1440 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:25:30.0390 1440 MDM - ok
15:25:30.0421 1440 [ 34EF8CBEA95EF5108A1349FC22D87513 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:25:30.0421 1440 Messenger - ok
15:25:30.0453 1440 [ AD6BC1EFA0C1B53409947F06DE87FC89 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:25:30.0453 1440 mnmdd - ok
15:25:30.0468 1440 mnmsrvc - ok
15:25:30.0500 1440 [ 9A67A96A0CBC2BC658ABF8C9B5EE065A ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:25:30.0500 1440 Modem - ok
15:25:30.0531 1440 [ 12ACF32EDF03E46805347817ACB9F64C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:25:30.0531 1440 Mouclass - ok
15:25:30.0578 1440 [ A0C4E4A79C5D6F418315C33177F2B5BC ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:25:30.0578 1440 mouhid - ok
15:25:30.0593 1440 [ 7E9CC7E4282A8E7A480560A6F817C177 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:25:30.0593 1440 MountMgr - ok
15:25:30.0609 1440 mraid35x - ok
15:25:30.0671 1440 [ 3D33208E5A7414D8633D34D24F119173 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:25:30.0671 1440 MRxDAV - ok
15:25:30.0750 1440 [ 9385E695B33068B90CF419186ECAA3DE ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:25:30.0781 1440 MRxSmb - ok
15:25:30.0812 1440 [ D42976785BA169C2361F97CC6A20681F ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:25:30.0812 1440 MSDTC - ok
15:25:30.0859 1440 [ 983F4AB7A50D56CD33E2061EE733BD55 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:25:30.0859 1440 Msfs - ok
15:25:30.0875 1440 MSIServer - ok
15:25:30.0906 1440 [ 308EC6FBEF38871CB2C4CACE9C8F4808 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:25:30.0906 1440 MSKSSRV - ok
15:25:30.0921 1440 [ 8D3226738479719AAB3B6D2617D7A55C ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:25:30.0921 1440 MSPCLOCK - ok
15:25:30.0937 1440 [ 058D63E8D000AE678D4549BFA8EB0DEB ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:25:30.0937 1440 MSPQM - ok
15:25:30.0953 1440 [ 5992D1F9ED64017A76AFEE2B79F5CFB9 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:25:30.0953 1440 mssmbios - ok
15:25:30.0968 1440 [ 5902C8E565FE346076786F43103EF02E ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:25:30.0968 1440 Mup - ok
15:25:31.0015 1440 [ 6FE83D05AEBEF7930D7CE91568DC99DF ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:25:31.0015 1440 NDIS - ok
15:25:31.0031 1440 [ 389CFAB53AA9807EA4536CB0B03609C3 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:25:31.0031 1440 NdisTapi - ok
15:25:31.0062 1440 [ 49C1207C1AE8C6958F1C1747132814C2 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:25:31.0062 1440 Ndisuio - ok
15:25:31.0062 1440 [ 6157A7AEAE6D2B948FF2E872FFAC765B ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:25:31.0078 1440 NdisWan - ok
15:25:31.0093 1440 [ 01B8ACF7C9AFA9005DB6378077137BCE ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:25:31.0109 1440 NDProxy - ok
15:25:31.0109 1440 [ B1CEE06471A069149B11FADA23FF00FD ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:25:31.0125 1440 NetBIOS - ok
15:25:31.0156 1440 [ FEDAAFB6CD700B9E0787C94D81C07DB5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:25:31.0171 1440 NetBT - ok
15:25:31.0203 1440 [ FB13279D8C89ADD5B0F7497C45BCF1C3 ] NetDDE C:\WINDOWS\system32\netdde.exe
15:25:31.0203 1440 NetDDE - ok
15:25:31.0218 1440 [ FB13279D8C89ADD5B0F7497C45BCF1C3 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:25:31.0218 1440 NetDDEdsdm - ok
15:25:31.0250 1440 [ 1A782D5CA033F553F0BE54546EBF3B4F ] Netlogon C:\WINDOWS\system32\lsass.exe
15:25:31.0250 1440 Netlogon - ok
15:25:31.0312 1440 [ F28FD9DBA68A85D6EE4225A83F127D2B ] Netman C:\WINDOWS\System32\netman.dll
15:25:31.0328 1440 Netman - ok
15:25:31.0359 1440 [ 8BC776595238AB62072AA6BEB17DDF59 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:25:31.0359 1440 NetTcpPortSharing - ok
15:25:31.0421 1440 [ BA13C3C32A69DC37653C9543E065950E ] Nla C:\WINDOWS\System32\mswsock.dll
15:25:31.0437 1440 Nla - ok
15:25:31.0437 1440 [ 81819038621A2C524781EC503D400287 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:25:31.0437 1440 Npfs - ok
15:25:31.0484 1440 [ C8904B5F90AB2236692E83D491C4D426 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:25:31.0500 1440 Ntfs - ok
15:25:31.0515 1440 [ 1A782D5CA033F553F0BE54546EBF3B4F ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:25:31.0515 1440 NtLmSsp - ok
15:25:31.0562 1440 [ A398462077F68A41B4DFF9FB7E8FC7B8 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:25:31.0593 1440 NtmsSvc - ok
15:25:31.0609 1440 [ 501039187C444FA7AB9D97B6A6C667B3 ] Null C:\WINDOWS\system32\drivers\Null.sys
15:25:31.0609 1440 Null - ok
15:25:31.0984 1440 [ B8444DB3041357C47CAB0B107ED7074B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:25:32.0343 1440 nv - ok
15:25:32.0390 1440 [ 6B92B28C34904E157CA6FBF31F64E5F5 ] nvata64 C:\WINDOWS\system32\DRIVERS\nvata64.sys
15:25:32.0390 1440 nvata64 - ok
15:25:32.0406 1440 [ C52746064DF36EDC4B8FDA49321EF481 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:25:32.0406 1440 NVENETFD - ok
15:25:32.0437 1440 [ F32F7A0CC1D3633098B470AB8BA9DCC0 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:25:32.0437 1440 nvnetbus - ok
15:25:32.0468 1440 [ 4730E76C3AFDBC57FFD6A8F164615EEF ] NVSvc C:\WINDOWS\system32\nvsvc64.exe
15:25:32.0468 1440 NVSvc - ok
15:25:32.0546 1440 [ E424D08E2DC7F788BC8597573E642B90 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:25:32.0625 1440 nvUpdatusService - ok
15:25:32.0656 1440 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:25:32.0656 1440 ose - ok
15:25:32.0703 1440 [ 7DDAA09186DA9F1D304E819B5A6BBC5A ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:25:32.0703 1440 Parport - ok
15:25:32.0734 1440 [ 5F9A703240468A0C35A629D17FFCA847 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:25:32.0734 1440 PartMgr - ok
15:25:32.0750 1440 [ 5B2C8D6971D8DF4937C2FA013CD4C00D ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:25:32.0750 1440 PCI - ok
15:25:32.0765 1440 [ F1978C7849A0047306DB3B8BB94F0764 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:25:32.0765 1440 PCIIde - ok
15:25:32.0781 1440 [ 037F3A19F49A4C6A320C4154EBD6EE9D ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:25:32.0796 1440 Pcmcia - ok
15:25:32.0843 1440 [ 1E07EE3F50DFF2FE9B0A9D196E82698F ] PlugPlay C:\WINDOWS\system32\services.exe
15:25:32.0843 1440 PlugPlay - ok
15:25:32.0859 1440 [ 1A782D5CA033F553F0BE54546EBF3B4F ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:25:32.0875 1440 PolicyAgent - ok
15:25:32.0890 1440 [ E176F640EE6BF550F61FAA9CE9A683F4 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:25:32.0906 1440 PptpMiniport - ok
15:25:32.0906 1440 [ 1A782D5CA033F553F0BE54546EBF3B4F ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:25:32.0906 1440 ProtectedStorage - ok
15:25:32.0953 1440 [ 01AAE06E543C0956AC247546A8F2DAFE ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:25:32.0953 1440 PSched - ok
15:25:32.0984 1440 [ 35E39A969D227C2A56C1DC98361D8E35 ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:25:32.0984 1440 Ptilink - ok
15:25:32.0984 1440 PxHelp64 - ok
15:25:33.0015 1440 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\WINDOWS\system32\Drivers\PxHlpa64.sys
15:25:33.0015 1440 PxHlpa64 - ok
15:25:33.0046 1440 [ D646A315E6386DAC1D96C8CE8A4BFEE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:25:33.0046 1440 RasAcd - ok
15:25:33.0078 1440 [ 3F573D0C001B982C3180860366783BC0 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:25:33.0078 1440 RasAuto - ok
15:25:33.0093 1440 [ D81FDC53EE9C0F68D709E504342D1D74 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:25:33.0093 1440 Rasl2tp - ok
15:25:33.0140 1440 [ 47F7838F77A42F85C763899AB1B77D14 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:25:33.0140 1440 RasMan - ok
15:25:33.0156 1440 [ 31FA5AB662C58CC5CF92396224F6B29A ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:25:33.0156 1440 RasPppoe - ok
15:25:33.0171 1440 [ 701493F9A6EDE759AF8D3FA7C08BAB3B ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:25:33.0171 1440 Raspti - ok
15:25:33.0203 1440 [ 251A8B39645C5B3DC7DCBBD03A3140CB ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:25:33.0203 1440 Rdbss - ok
15:25:33.0218 1440 [ C013379D04060318C3B2E4967D82739A ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:25:33.0218 1440 RDPCDD - ok
15:25:33.0234 1440 [ 0482A9BE0BE2098A12A61464306BF24B ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:25:33.0250 1440 rdpdr - ok
15:25:33.0296 1440 [ 7B586DB3E86E407F6A43E83586AF4F32 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:25:33.0296 1440 RDPWD - ok
15:25:33.0328 1440 [ A72BE0B07655141AB4EABECF0D66528A ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:25:33.0328 1440 RDSessMgr - ok
15:25:33.0359 1440 [ 1D793394201000D2D56E848C18FE9A62 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:25:33.0359 1440 redbook - ok
15:25:33.0390 1440 [ 60C8A5D4954CCE7D280369DFF5068019 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:25:33.0406 1440 RemoteAccess - ok
15:25:33.0437 1440 [ B2D55CE8C7C946C625B687F75040AD3F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:25:33.0437 1440 RemoteRegistry - ok
15:25:33.0484 1440 [ 809785CF7BE1B857F3B52D9B1AF10817 ] RpcLocator C:\WINDOWS\system32\locator.exe
15:25:33.0484 1440 RpcLocator - ok
15:25:33.0531 1440 [ A6130365606F3D6332B014FC3DA931AA ] RpcSs C:\WINDOWS\system32\rpcss.dll
15:25:33.0546 1440 RpcSs - ok
15:25:33.0562 1440 [ 1A782D5CA033F553F0BE54546EBF3B4F ] SamSs C:\WINDOWS\system32\lsass.exe
15:25:33.0562 1440 SamSs - ok
15:25:33.0593 1440 [ A2069FFA2A6FEBB3818F180373C84A89 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:25:33.0609 1440 SCardSvr - ok
15:25:33.0640 1440 [ 71CD398385835C08613C65E5BF91E7FA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:25:33.0656 1440 Schedule - ok
15:25:33.0703 1440 [ 3EA8A16169C26AFBEB544E0E48421186 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:25:33.0703 1440 Secdrv - ok
15:25:33.0734 1440 [ B4E054549321372D995E4DB9A5304E77 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:25:33.0734 1440 seclogon - ok
15:25:33.0750 1440 [ 222C0A6C354D6A90700956C60574A09A ] SENS C:\WINDOWS\system32\sens.dll
15:25:33.0750 1440 SENS - ok
15:25:33.0765 1440 [ 111B29F3FCF9FB61C903A01E3706F7DC ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:25:33.0765 1440 serenum - ok
15:25:33.0781 1440 [ C0DC97399576FCCFF5FE877EC2D8DACC ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:25:33.0796 1440 Serial - ok
15:25:33.0843 1440 [ C6EACC8920A31B8D5842D1F7A28E2113 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:25:33.0843 1440 Sfloppy - ok
15:25:33.0875 1440 [ D71A8153D3CF0ED527F6BA1F087FAA22 ] SharedAccess C:\WINDOWS\system32\ipnathlp.dll
15:25:33.0890 1440 SharedAccess - ok
15:25:33.0953 1440 [ 15DE8EAE99A0F4E313E83ABA5B849FAA ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:25:33.0953 1440 ShellHWDetection - ok
15:25:33.0968 1440 Simbad - ok
15:25:34.0031 1440 [ 17EC29105989101DB536C49E1279A0EB ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:25:34.0031 1440 splitter - ok
15:25:34.0078 1440 [ 206FD327B4AAD3AEAA8E0D7D03F2044A ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:25:34.0093 1440 Spooler - ok
15:25:34.0140 1440 [ DAE1D5553D42A06034001D6EF4F5CB36 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:25:34.0140 1440 sr - ok
15:25:34.0203 1440 [ 7B6DA719973755BD091131E53AD6EC23 ] srservice C:\WINDOWS\system32\srsvc.dll
15:25:34.0203 1440 srservice - ok
15:25:34.0265 1440 [ 2A08328562D0BA596B699EEB90B511D1 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:25:34.0281 1440 Srv - ok
15:25:34.0296 1440 [ 94AD81C8EE2385EDDB08C7E34FEDB7A8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:25:34.0312 1440 SSDPSRV - ok
15:25:34.0343 1440 [ F6D4F452DB507820F726525A1425F0CC ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:25:34.0343 1440 stisvc - ok
15:25:34.0406 1440 [ B6536185FEEB8F0C86AD3BF2FBAB4F2F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:25:34.0406 1440 swenum - ok
15:25:34.0453 1440 [ 8E9E35B36A27AD154A5F92397CDE343C ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:25:34.0468 1440 swmidi - ok
15:25:34.0500 1440 [ 2E54746998139CB708B83974F1AC09F3 ] swprv C:\WINDOWS\System32\swprv.dll
15:25:34.0531 1440 swprv - ok
15:25:34.0531 1440 symc8xx - ok
15:25:34.0546 1440 symmpi - ok
15:25:34.0562 1440 sym_hi - ok
15:25:34.0578 1440 sym_u3 - ok
15:25:34.0609 1440 [ 2E843F129DAF4C789DF7ACD40E26208F ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:25:34.0609 1440 sysaudio - ok
15:25:34.0625 1440 [ D3FFFEA8C94BA3C1CEAC9694AC390472 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:25:34.0640 1440 SysmonLog - ok
15:25:34.0671 1440 [ FAFEFC85FC929B81571BFF315C93E299 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:25:34.0671 1440 TapiSrv - ok
15:25:34.0750 1440 [ 34D970B38E9E835009E1AD07C5422B58 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:25:34.0765 1440 Tcpip - ok
15:25:34.0812 1440 [ DA1E9CD22238FA4DB565EF41C7312E1B ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:25:34.0812 1440 TDPIPE - ok
15:25:34.0828 1440 [ 47D24EBB1C442DCC18D89B8B89BAFB49 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:25:34.0828 1440 TDTCP - ok
15:25:34.0859 1440 [ 8AB9AD44907D4C57AD10E175C8720ECF ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:25:34.0875 1440 TermDD - ok
15:25:34.0890 1440 [ F4849A4962779132B02CA4BBF696F434 ] TermService C:\WINDOWS\System32\termsrv.dll
15:25:34.0906 1440 TermService - ok
15:25:34.0921 1440 [ 15DE8EAE99A0F4E313E83ABA5B849FAA ] Themes C:\WINDOWS\System32\shsvcs.dll
15:25:34.0937 1440 Themes - ok
15:25:34.0953 1440 [ 0FDF294D30CA53391485132854151B26 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
15:25:34.0968 1440 TlntSvr - ok
15:25:34.0968 1440 TosIde - ok
15:25:35.0015 1440 [ 483FFCD8E5080198D87EEED44246E6A9 ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:25:35.0015 1440 TrkWks - ok
15:25:35.0046 1440 [ A6DD2DFCC44EC61D18AA645620CD8F63 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:25:35.0046 1440 Udfs - ok
15:25:35.0062 1440 ultra - ok
15:25:35.0078 1440 [ 70CA9DB8119FFF67D9938F2AB2B8D50C ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:25:35.0078 1440 Update - ok
15:25:35.0125 1440 [ 78C605CB6E0CE966D3347FF7CAF3F8AC ] upnphost C:\WINDOWS\System32\upnphost.dll
15:25:35.0140 1440 upnphost - ok
15:25:35.0171 1440 [ 3EC1501AA03CECD66ED093428FBC8B0E ] UPS C:\WINDOWS\System32\ups.exe
15:25:35.0171 1440 UPS - ok
15:25:35.0203 1440 [ 3421B0691A0E365A020836369A296F0C ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:25:35.0218 1440 usbccgp - ok
15:25:35.0265 1440 [ AE6521A1C79FC955FF26BE9CA5521B51 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:25:35.0265 1440 usbehci - ok
15:25:35.0281 1440 [ D63CB1B59D54F9C2BB8A4107584A664F ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:25:35.0281 1440 usbhub - ok
15:25:35.0296 1440 [ FA9C0D7C2DC899D3E7C2A8721D17A3F8 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:25:35.0296 1440 usbohci - ok
15:25:35.0312 1440 [ 040F6F425A6CC4FB156470502CAFB31B ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:25:35.0312 1440 usbprint - ok
15:25:35.0343 1440 [ 280894F834F5B9910DADFF7568F37B31 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:25:35.0343 1440 usbscan - ok
15:25:35.0375 1440 [ EDCE8A162E8023FD1751E08E23E41948 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:25:35.0375 1440 usbstor - ok
15:25:35.0421 1440 [ B1E327AEA4ECF42DDF7C579B0FB0DE4C ] vds C:\WINDOWS\System32\vds.exe
15:25:35.0437 1440 vds - ok
15:25:35.0453 1440 [ B40CFD2FFDD838B0CE0C35EE449407BD ] vga C:\WINDOWS\system32\DRIVERS\vgapnp.sys
15:25:35.0453 1440 vga - ok
15:25:35.0468 1440 [ 78EBFE6F11F10DB8237B910E9158CA91 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:25:35.0468 1440 VgaSave - ok
15:25:35.0484 1440 ViaIde - ok
15:25:35.0515 1440 [ FD6D28D1BBF31C719D9C5EC2D20FB5C2 ] VolSnap C:\WINDOWS\system32\DRIVERS\volsnap.sys
15:25:35.0531 1440 VolSnap - ok
15:25:35.0609 1440 [ 0A05DE966B412D6289632AC05FC6ADA2 ] VSS C:\WINDOWS\System32\vssvc.exe
15:25:35.0656 1440 VSS - ok
15:25:35.0765 1440 [ 50D3941555FEFDF46424431702EC5FB6 ] vToolbarUpdater14.0.1 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
15:25:35.0796 1440 vToolbarUpdater14.0.1 - ok
15:25:35.0875 1440 [ 6FE371026674BAF189F7A81746A67C87 ] W32Time C:\WINDOWS\system32\w32time.dll
15:25:35.0890 1440 W32Time - ok
15:25:35.0953 1440 [ D2A01D73FE4A455C1D741B48C56763B2 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:25:35.0953 1440 Wanarp - ok
15:25:35.0968 1440 [ DAFF7E89C84079022B9606F83E1BD29A ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:25:35.0984 1440 wdmaud - ok
15:25:36.0000 1440 [ FE8590FA0367A29BC7ED7BFC4962AD1C ] WebClient C:\WINDOWS\System32\webclnt.dll
15:25:36.0000 1440 WebClient - ok
15:25:36.0109 1440 [ 881271D649E778690A365D73B8958509 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:25:36.0109 1440 winmgmt - ok
15:25:36.0171 1440 [ BEEE2C812019D6D8E7E22F37E6F1F560 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
15:25:36.0171 1440 WmdmPmSN - ok
15:25:36.0218 1440 [ B51966DB20D5C700228DFE222FDF9E67 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:25:36.0250 1440 Wmi - ok
15:25:36.0296 1440 [ 56980BE8B5A6861B5D9175EABA8AC7DC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:25:36.0312 1440 WmiApSrv - ok
15:25:36.0375 1440 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe
15:25:36.0406 1440 WMPNetworkSvc - ok
15:25:36.0484 1440 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:25:36.0515 1440 WPFFontCache_v0400 - ok
15:25:36.0546 1440 [ 82960CE97C1898C28D7AE62BA6721D27 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:25:36.0546 1440 wscsvc - ok
15:25:36.0593 1440 [ EF7576AF44B484F7A3E6072D633BAB34 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:25:36.0593 1440 wuauserv - ok
15:25:36.0625 1440 [ 3F98A4E57933963CF2A941BB48F9D47A ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:25:36.0640 1440 WudfPf - ok
15:25:36.0656 1440 [ 881C0C35CDD09077B0E95EC2269CB44C ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:25:36.0656 1440 WudfRd - ok
15:25:36.0687 1440 [ 9DCF6C499773B709DE8F70CD5013CB38 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:25:36.0687 1440 WudfSvc - ok
15:25:36.0734 1440 [ F4EC5C736BBA9A27F9C36412C930B386 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:25:36.0765 1440 WZCSVC - ok
15:25:36.0781 1440 [ A1ABA5A0B4F1FF9B83C50F92F8C080A2 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:25:36.0796 1440 xmlprov - ok
15:25:36.0812 1440 ================ Scan global ===============================
15:25:36.0843 1440 [ 2AE60E46216266CDC9E20886E4CE3281 ] C:\WINDOWS\system32\basesrv.dll
15:25:36.0890 1440 [ 7233204EBC55628D6A160F9829304E2A ] C:\WINDOWS\system32\winsrv.dll
15:25:36.0921 1440 [ 7233204EBC55628D6A160F9829304E2A ] C:\WINDOWS\system32\winsrv.dll
15:25:36.0953 1440 [ 1E07EE3F50DFF2FE9B0A9D196E82698F ] C:\WINDOWS\system32\services.exe
15:25:36.0953 1440 [Global] - ok
15:25:36.0953 1440 ================ Scan MBR ==================================
15:25:36.0984 1440 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:25:37.0234 1440 \Device\Harddisk0\DR0 - ok
15:25:37.0250 1440 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR2
15:25:37.0812 1440 \Device\Harddisk1\DR2 - ok
15:25:37.0812 1440 ================ Scan VBR ==================================
15:25:37.0812 1440 [ 0DC385E3C246B64C3E52197DF3379532 ] \Device\Harddisk0\DR0\Partition1
15:25:37.0812 1440 \Device\Harddisk0\DR0\Partition1 - ok
15:25:37.0828 1440 [ 98E27769FCC00F1DB61E1650E2867A70 ] \Device\Harddisk1\DR2\Partition1
15:25:37.0828 1440 \Device\Harddisk1\DR2\Partition1 - ok
15:25:37.0828 1440 ============================================================
15:25:37.0828 1440 Scan finished
15:25:37.0828 1440 ============================================================
15:25:37.0859 2436 Detected object count: 0
15:25:37.0859 2436 Actual detected object count: 0


...

shelf life
2013-02-23, 17:04
Nothing wrong with that log. One more download to get, not sure if it will be totally functional on a 64bit OS, but you can try it anyway. After this you should continue your thread at WTT because I'm not seeing any malware issue.
Where are you seeing the https, in your browser or in the start>run box?

RogueKiller:

Download & SAVE to RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) to your desktop.
Double click to start
For Vista or Windows 7, right-click and select run as Admin
Once the Prescan has finished click the Scan button
Once the scan is done a report.txt will be generated on your desktop.
Exit Rougekiller by going to File>Quit.
copy/paste the RKreport saved to your DeskTop

joselepiu
2013-02-24, 23:24
Where are you seeing the https, in your browser or in the start>run box?

is above the start icon, in the browser, every time you go to a web site you can see a lot of (what i guess) web addresses flashing really rapidly, really fast...

but when it gets to """"https:// www. facebook .com/dialog /oauth?client _id=16995676698&response_ type=token%2C signed_request %2Cc"" it gets like stuck for about 5 or 10 seconds & i can not do anything, not even move the mouse...


not sure if it will be totally functional on a 64bit OS, but you can try it anyway.

it did, here is the scan log...


RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP 64 / Windows Home Server / Windows Server 2003 (5.2.3790 Service Pack 2) 32 bits version
Started in : Normal mode
User : D J RAC [Admin rights]
Mode : Scan -- Date : 02/24/2013 13:50:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKB-00H8A0 +++++
--- User ---
[MBR] 42e73d1f529d554abbbaa5c3089cd8df
[BSP] 487c3655588e5670140d40dd4ad97d51 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Generic STORAGE DEVICE USB Device +++++
--- User ---
[MBR] e1081c0feb0c15b931ef016b4c9f1ce1
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3776 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_02242013_02d1350.txt >>
RKreport[1]_S_02242013_02d1350.txt

shelf life
2013-02-25, 00:20
From the logs your machine appears to be malware free. Roguekiller did appear to run in reduced functionality (driver not loaded) but thats ok.
For that URL i would try dumping your browsers history. For IE:



Quit Internet Explorer and make sure all browsing windows are closed.

Click "Start" and select "Settings." then "Control Panel" from the Windows "Start" menu.

Double-click "Internet Options" in the Control Panel.
Select the "General" tab and click "Clear History."

Click "Yes" when asked if you want to clear your Internet history. Click "OK" to exit Internet Options.

FF:
Click "Tools" in the menu bar and select "Clear Recent History."

Select how much of your browsing history to delete from the "Time range to clear" drop-down menu. To clear all history, select "Everything."

Click the check box next to "Browsing and Download History" to remove all URLs typed in the address bar. Click the check boxes next to the other options as desired.

Click the "Clear Now" button once your selections have been made.

A excellent tool for even more wiping of Windows tracks, has a free version:

http://www.piriform.com/ccleaner/download