Redirect issues & DDS can't be downloaded

Hello jpatrick :),

Does your problem occur in IE? What sites did you surf and where did you get redirected?

Lets get a few things up to date and then check with the tools.

--------------------

Please update your Adobe Reader to the latest.
  • Open Adobe Reader.
  • Go to Help on the pull down menu, then select Check for Updates....
  • Continue accordingly and close it when done.
--------------------

Your Java Runtime Environment is outdated. Older versions have security vulnerabilities that can be exploited.

Please update JRE to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Java(TM) 6 Update 30

  • Go to the Java SE download page. Click here.
  • Look for Java SE 7u5. Click the Download button to the right below JRE.
  • Click on Accept License Agreement after reading Oracle Binary Code License Agreement for Java SE.
  • From a list of files for download, click on the link which says jre-7u5-windows-i586.exe besides Windows x86 Offline (32-bit) and save the file to your desktop.
  • For 64-bit machines, you may need to get the above as well as jre-7u5-windows-x64.exe besides Windows x64 (64-bit).
  • Close any programs you may have running, especially your web browser.
  • Then, from your desktop, double click on the download to install the newest version. Reboot your computer.
--------------------

Please run a scan with RogueKiller and OTL and post back the logs.

--------------------

Please post back:
1. the answers to my questions
2. fresh RogueKiller log
3. fresh OTL log
 
Next Steps, RK Report

Hello Jack&Jill,

I updated Adobe & did as you requested with Java.

YES, the redirect now works with IE9! Oh joy... I was redirected from Google & Yahoo.... again.

As to where I navigated, I took images of the history, but I can't attach them here because the limit on the size of files is 97k! No copy & paste option for the history either. Basically, I went to a the sites you recommended for security programs, a Hotmail account, logged out of hotmail which sent to MSN, my local newspaper site(Bennington Banner), Google search(which is where the redirect started), Google search link to newspaperarchive.com- I never made it to that site, redirect -. In the image of the FF history, which I can't post, it shows after the Bennington Banner site, something happens with Google:

www.google.com/setprefs?sig=0_eyqyfPEjGpwNIEJU3tCRAPukIAU=&submit2=Save+Preference.... I loose the rest of the detail.

I didn't request a change in preferences until 7 navigation lines above. I wanted more results per window.


RK Report:



RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Admin [Admin rights]
Mode: Scan -- Date: 07/17/2012 11:04:09

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : Programs (rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Programs\djdhrmx.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-4245015985-2778896149-1756623667-1000[...]\Run : Programs (rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Programs\djdhrmx.dll",CreateInstance) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AADS-00S9B SCSI Disk Device +++++
--- User ---
[MBR] 332b7a39b16aca7656fea55c2c2b9b19
[BSP] f9bcb8bee9782548fbff0e5de19b16f5 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt


Jpatrick
 
Last edited by a moderator:
OTL log

OTL logfile created on: 7/17/2012 11:17:10 AM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 63.34% Memory free
7.50 Gb Paging File | 5.86 Gb Available in Paging File | 78.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 351.24 Gb Free Space | 75.43% Space Free | Partition Type: NTFS
Drive D: | 634.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/15 05:23:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:56 | 000,493,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/04/28 18:17:04 | 000,512,000 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanCU.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/08 12:03:58 | 000,113,136 | ---- | M] () -- C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe


========== Modules (No Company Name) ==========

MOD - [2010/04/28 18:17:04 | 000,512,000 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanCU.exe
MOD - [2009/10/07 17:58:10 | 000,376,832 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WlanDll.dll
MOD - [2009/03/10 20:03:52 | 000,184,320 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\WPSCtrl.dll
MOD - [2008/09/08 12:03:58 | 000,113,136 | ---- | M] () -- C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/09 10:07:54 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/09/09 10:07:14 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/07/02 10:08:52 | 002,061,928 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/09/09 11:12:54 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/tenday/Bennington+VT+05201
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 60 BF 6A 0E D6 CC 01 [binary data]
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\..\SearchScopes,DefaultScope = {7C0FB11C-C21D-472D-BEB2-B7CEBE00D336}
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\..\SearchScopes\{7C0FB11C-C21D-472D-BEB2-B7CEBE00D336}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/17 10:11:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\flashcatch@flashcatch.com: C:\Program Files (x86)\FlashCatch\firefox [2012/03/19 01:34:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 09:19:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/14 11:22:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/14 11:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2012/07/16 17:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\01m5c2ag.default\extensions
[2012/07/14 11:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/19 23:58:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[1832/11/29 00:30:07 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\01M5C2AG.DEFAULT\EXTENSIONS\KYCXFNCUUG@KYCXFNCUUG.ORG.XPI
[2012/06/14 18:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/13 11:14:47 | 000,003,739 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/16 15:19:25 | 000,443,522 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15233 more lines...
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FlashCatchBHO Class) - {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files (x86)\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files (x86)\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000\..\Toolbar\WebBrowser: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files (x86)\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O4:64bit: - HKLM..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\Windows\SysNative\MSTMON_S.EXE (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000..\Run: [Programs] C:\Users\Admin\AppData\Local\Temp\Programs\djdhrmx.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27A76691-41C0-4E44-995C-D5AC9A99A256}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96B9080E-81CC-4304-A255-8ED57B92B0A3}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999/09/23 11:38:49 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{609edac7-3df9-11e1-b644-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{609edac7-3df9-11e1-b644-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [1999/09/23 11:58:15 | 000,025,600 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/17 11:04:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\RK_Quarantine
[2012/07/17 10:53:40 | 000,955,888 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/07/17 10:53:40 | 000,839,152 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/07/17 10:53:40 | 000,268,784 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/07/17 10:53:28 | 000,189,424 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/07/17 10:53:28 | 000,188,912 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/07/17 10:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/07/17 10:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/17 10:52:19 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/07/17 10:52:19 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/17 10:52:06 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/17 10:52:06 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/17 10:51:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/07/17 10:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/16 15:03:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/15 13:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/15 05:23:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/07/14 11:22:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2012/07/14 03:49:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2012/07/14 03:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/14 03:49:30 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/14 03:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/14 03:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/08 14:33:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/07/08 14:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/07/08 14:32:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/01/20 22:52:21 | 000,258,560 | ---- | C] (Quad-Lock) -- C:\Program Files\UnitConverter.exe
[2001/06/20 17:34:39 | 000,127,488 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\QuickTimeUpdater.exe
[2001/06/20 17:34:38 | 001,043,968 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\QuickTimePlayer.exe
[2001/06/20 17:34:38 | 000,303,616 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\PictureViewer.exe
[2001/06/20 17:34:38 | 000,225,792 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\QTInfo.exe

========== Files - Modified Within 30 Days ==========

[2012/07/17 10:53:19 | 000,955,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/07/17 10:53:19 | 000,839,152 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/07/17 10:53:19 | 000,268,784 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/07/17 10:53:19 | 000,189,424 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/07/17 10:53:19 | 000,188,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/07/17 10:51:55 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/07/17 10:51:55 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/07/17 10:51:55 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/17 10:51:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/17 10:51:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/17 10:50:43 | 000,120,474 | ---- | M] () -- C:\Users\Admin\Desktop\FF history 4.jpg
[2012/07/17 10:49:07 | 000,326,584 | ---- | M] () -- C:\Users\Admin\Desktop\FF history 3.jpg
[2012/07/17 10:48:04 | 000,254,688 | ---- | M] () -- C:\Users\Admin\Desktop\FF history 2.jpg
[2012/07/17 10:24:25 | 000,252,791 | ---- | M] () -- C:\Users\Admin\Desktop\FF History 1.jpg
[2012/07/17 10:22:05 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/17 10:22:05 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/17 10:19:02 | 000,792,118 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/17 10:19:02 | 000,668,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/17 10:19:02 | 000,125,022 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/17 10:19:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/17 10:14:54 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/17 10:14:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/17 10:14:44 | 3018,690,560 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/17 10:11:18 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/17 10:10:32 | 101,577,521 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/16 15:19:25 | 000,443,522 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/15 05:23:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/07/14 11:22:53 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/14 03:49:31 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/13 09:40:18 | 000,013,312 | -H-- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/13 04:01:29 | 001,558,016 | ---- | M] () -- C:\Users\Admin\Desktop\RogueKiller.exe
[2012/07/12 09:00:01 | 000,387,979 | ---- | M] () -- C:\Users\Admin\Desktop\2012-07-World-Detailed.pdf
[2012/07/12 08:58:01 | 000,088,275 | ---- | M] () -- C:\Users\Admin\Desktop\2012-07-World-Grid.pdf
[2012/07/12 08:57:05 | 000,108,656 | ---- | M] () -- C:\Users\Admin\Desktop\2012-07-Create-Grid.pdf
[2012/07/12 08:56:06 | 000,388,956 | ---- | M] () -- C:\Users\Admin\Desktop\2012-07-VPT-Detailed.pdf
[2012/07/11 22:19:57 | 000,443,522 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120716-151925.backup
[2012/07/11 22:14:54 | 000,000,938 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120711-221957.backup
[2012/07/11 22:13:58 | 000,443,522 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120711-221454.backup
[2012/07/11 12:32:41 | 000,007,611 | -H-- | M] () -- C:\Users\Admin\AppData\Local\resmon.resmoncfg
[2012/07/10 10:41:51 | 017,855,727 | ---- | M] () -- C:\Users\Admin\Documents\Styx The Grand Illusion with lyrics.wmv
[2012/07/10 10:40:02 | 023,780,647 | ---- | M] () -- C:\Users\Admin\Documents\Styx The Grand Illusion with lyrics.flv
[2012/07/10 10:24:02 | 015,478,199 | ---- | M] () -- C:\Users\Admin\Documents\Why America is NOT the greatest country in the world, anymore..wmv
[2012/07/10 10:21:24 | 015,722,051 | ---- | M] () -- C:\Users\Admin\Documents\Why America is NOT the greatest country in the world, anymore..flv
[2012/07/08 22:09:52 | 000,277,807 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/08 14:32:23 | 000,001,108 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/07/08 14:32:00 | 000,000,928 | ---- | M] () -- C:\Users\Admin\Desktop\NTREGOPT.lnk
[2012/07/08 14:32:00 | 000,000,909 | ---- | M] () -- C:\Users\Admin\Desktop\ERUNT.lnk
[2012/07/07 15:27:22 | 000,017,884 | ---- | M] () -- C:\Users\Admin\Documents\cc_20120707_152716.reg
[2012/07/06 20:38:29 | 000,443,048 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120711-221358.backup
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/02 17:00:16 | 000,001,369 | ---- | M] () -- C:\Windows\wininit.ini
[2012/07/02 11:43:12 | 000,442,922 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120706-203829.backup
[2012/07/02 11:39:37 | 000,046,270 | ---- | M] () -- C:\Users\Admin\Documents\cc_20120702_113920.reg
[2012/06/26 10:32:43 | 000,442,922 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120702-114312.backup

========== Files Created - No Company Name ==========

[2012/07/17 10:50:43 | 000,120,474 | ---- | C] () -- C:\Users\Admin\Desktop\FF history 4.jpg
[2012/07/17 10:49:07 | 000,326,584 | ---- | C] () -- C:\Users\Admin\Desktop\FF history 3.jpg
[2012/07/17 10:48:04 | 000,254,688 | ---- | C] () -- C:\Users\Admin\Desktop\FF history 2.jpg
[2012/07/17 10:24:25 | 000,252,791 | ---- | C] () -- C:\Users\Admin\Desktop\FF History 1.jpg
[2012/07/14 11:22:52 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/14 03:49:31 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/13 04:01:28 | 001,558,016 | ---- | C] () -- C:\Users\Admin\Desktop\RogueKiller.exe
[2012/07/12 09:00:01 | 000,387,979 | ---- | C] () -- C:\Users\Admin\Desktop\2012-07-World-Detailed.pdf
[2012/07/12 08:58:01 | 000,088,275 | ---- | C] () -- C:\Users\Admin\Desktop\2012-07-World-Grid.pdf
[2012/07/12 08:57:05 | 000,108,656 | ---- | C] () -- C:\Users\Admin\Desktop\2012-07-Create-Grid.pdf
[2012/07/12 08:56:06 | 000,388,956 | ---- | C] () -- C:\Users\Admin\Desktop\2012-07-VPT-Detailed.pdf
[2012/07/10 10:40:26 | 017,855,727 | ---- | C] () -- C:\Users\Admin\Documents\Styx The Grand Illusion with lyrics.wmv
[2012/07/10 10:35:42 | 023,780,647 | ---- | C] () -- C:\Users\Admin\Documents\Styx The Grand Illusion with lyrics.flv
[2012/07/10 10:22:49 | 015,478,199 | ---- | C] () -- C:\Users\Admin\Documents\Why America is NOT the greatest country in the world, anymore..wmv
[2012/07/10 10:17:46 | 015,722,051 | ---- | C] () -- C:\Users\Admin\Documents\Why America is NOT the greatest country in the world, anymore..flv
[2012/07/08 14:32:23 | 000,001,108 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/07/08 14:32:00 | 000,000,928 | ---- | C] () -- C:\Users\Admin\Desktop\NTREGOPT.lnk
[2012/07/08 14:32:00 | 000,000,909 | ---- | C] () -- C:\Users\Admin\Desktop\ERUNT.lnk
[2012/07/07 15:27:20 | 000,017,884 | ---- | C] () -- C:\Users\Admin\Documents\cc_20120707_152716.reg
[2012/07/02 17:00:11 | 000,001,369 | ---- | C] () -- C:\Windows\wininit.ini
[2012/07/02 11:39:31 | 000,046,270 | ---- | C] () -- C:\Users\Admin\Documents\cc_20120702_113920.reg
[2012/02/16 23:43:03 | 000,000,000 | -H-- | C] () -- C:\Users\Admin\AppData\Local\rx_image32.Cache
[2012/02/05 15:56:35 | 000,013,312 | -H-- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/02 20:43:30 | 000,007,611 | -H-- | C] () -- C:\Users\Admin\AppData\Local\resmon.resmoncfg
[2012/01/30 02:14:08 | 000,000,061 | ---- | C] () -- C:\Windows\avinstalled.ini
[2012/01/14 17:19:30 | 000,020,436 | ---- | C] () -- C:\Windows\W2BNEUnin.dat
[2012/01/13 19:14:43 | 000,019,632 | ---- | C] () -- C:\Windows\MSTMON_S.INI
[2012/01/13 19:14:43 | 000,019,472 | ---- | C] () -- C:\Windows\MSUMLT_S.INI
[2012/01/13 19:04:01 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2012/01/13 10:01:49 | 000,785,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/13 09:48:10 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2001/06/20 17:34:32 | 000,082,395 | ---- | C] () -- C:\Program Files\Sample.mov
[2001/06/20 17:34:32 | 000,029,363 | ---- | C] () -- C:\Program Files\Sample.qtif
[2001/06/20 17:34:32 | 000,004,653 | ---- | C] () -- C:\Program Files\readme.wri

========== LOP Check ==========

[2012/03/13 00:16:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Audacity
[2012/01/13 11:26:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVG2012
[2012/01/13 23:19:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2012/01/13 11:36:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2012/01/20 22:52:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\UnitConverter
[2009/07/14 01:08:49 | 000,012,386 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
 
Last edited by a moderator:
Otl extras log

OTL Extras logfile created on: 7/17/2012 11:17:10 AM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 63.34% Memory free
7.50 Gb Paging File | 5.86 Gb Available in Paging File | 78.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 351.24 Gb Free Space | 75.43% Space Free | Partition Type: NTFS
Drive D: | 634.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0313D945-F3CA-4A16-BD78-89DF7D2F0F68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{050DABD9-4A75-4E2D-B1C8-CFD58A1BCA20}" = rport=445 | protocol=6 | dir=out | app=system |
"{21E3C675-D447-47CC-9B8F-886C6F1C61BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2E014DC4-D5D4-479D-A653-B1243CAC1708}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2E68E02A-77DE-4B71-8FAE-9577E33E9E46}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40E0EC41-9C56-4DD7-AF30-B29B4EEB3DE2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{546F77E4-5094-4585-A81E-B6453F3FC62C}" = rport=138 | protocol=17 | dir=out | app=system |
"{5C4A16DF-1703-4B1E-BA03-8F3AA19E3A40}" = rport=137 | protocol=17 | dir=out | app=system |
"{880992ED-1D4A-4977-B00A-5E38AC14C024}" = lport=10243 | protocol=6 | dir=in | app=system |
"{95FAAE37-E3E2-4DE8-8A70-A428A373578E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AC786BA4-6710-4AFF-ACE0-931D1B7B00F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{AD8C752E-CB35-49FF-A727-7525B5BC8C29}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B37C10B1-D8E5-4947-B3D4-FCD0156A897D}" = lport=138 | protocol=17 | dir=in | app=system |
"{B8CB82F6-4191-4F56-AC33-517F830DC390}" = lport=137 | protocol=17 | dir=in | app=system |
"{BA649EEA-4A4A-4BB6-9140-9D103140CD0F}" = lport=445 | protocol=6 | dir=in | app=system |
"{BB01630B-62FA-4407-8E43-A1889F28A3B3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C305C4F3-6B45-405F-BE6B-970FE95EDC0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2231BD0-CF34-46EF-B243-E2E6316BDAF9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D39A4952-41BF-430D-A129-E6298FFB2CF9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D96CC3DB-2F9B-4C62-91D9-A4840F653BAE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E390A330-17A6-4F41-B478-F541301832C9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F264C598-DEBB-4814-BB14-73966FF719E8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FDC38785-F232-4A8B-8AEF-9F1B6474C637}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C8BDA1-8C18-499A-92D8-F8EFFEEC28D9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{07426982-116A-4E74-A7B6-5C49B6EB9F07}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{0AF34461-C86A-4A00-8495-1FAC66BD8325}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{11854DCA-E797-428F-8941-0B8966D463DE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{20451FE7-1A62-4450-A362-636931BF15C9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{25ADB5D1-5A66-4C6F-AF62-D8D736C258A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28EA1FE0-5DE3-4AE7-8512-04B4CCD0CC3E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{2C7AAD98-C5BE-4831-9BF1-F6E459F804AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2F624ED8-FEA0-40B3-85E9-E5D4895D845B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2FD21A30-E388-478B-9BC2-05219A8C024F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3351907B-64BE-40B0-9456-9AFD61E5E9E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40242CD5-69F3-4CB8-A473-1C8122EB64A5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{474BDA8B-22C2-47B4-98D8-6ABF81964276}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{491962E1-44D2-4015-82F6-34413D18FD9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EE3A50E-F34D-4594-8EE6-1FD91AC2E030}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{61F4C2B7-D9B1-4B62-91C5-BBA7BA527E84}" = protocol=6 | dir=out | app=system |
"{6C862B35-73D7-40B5-BDF4-66B5AC2DF649}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FCF89EF-1D22-44AD-811A-4AA29D4C16EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{79A25403-6BCE-448F-91D6-D45BC3C1290A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{7C8422A9-2A8F-42D0-BF0D-0C0272BADBD5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7FDB253E-FD6D-4BE5-A7D2-7F2D36CBDE9F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8D9A7334-8751-4E72-8E6F-747E0EEF9EE1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{A16378D3-7E9D-4A9D-A039-BE1A8D28C83F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{AB565E20-D988-474F-9933-1D393374B8AB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AE31AF2C-BC48-4580-85A6-C3FE7E8AB566}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6690302-D785-491E-8473-C67B468866A9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{CE3562A2-C2B6-4B32-824C-C8E9CC45DD6F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E4010475-DDBA-420F-B548-DC4941205A8A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E55D9CB9-F7FF-4D00-A42B-9104497BD890}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E63B6197-4630-4DD1-93C0-3461DF0F738A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{E6FD7598-4A42-4489-924B-E0CBC1BE01E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E7E75174-4AE2-4E08-BE8E-20537A27AD1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E947FC74-0A10-4984-94A2-44FC93F20116}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{EDD3CFF4-8E2C-42E0-9AB0-194D6B5D6C18}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{F8B53D5C-E4DB-4A24-8A95-0B26B2A7D004}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{FBC1E7CB-C3D5-4531-9AB2-605147C9648A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"1196D442E5ECB5E86948906FE5B87E4D58C27BA4" = Windows Driver Package - Realtek Semiconductor Corp (RTL85n64) Net (06/15/2010 6.1125.0615.2010)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"CCleaner" = CCleaner
"KONICA MINOLTA magicolor 2400W" = KONICA MINOLTA magicolor 2400W
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"VueScan" = VueScan

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{26E80502-72BB-4095-877F-44925A5D6B91}" = FrenchNow!
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator 10 CE
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7CFD02D2-44CF-4033-97E8-768A82C4C007}" = Roxio Plextor Driver Documentation
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{99024F9F-40ED-4CBF-9744-2015334006E0}" = GrammarPro!
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0AB2980-1FDD-4b6c-940C-FC87C84F05B7}_is1" = FlashCatch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B1BDEA80-95CE-4DFB-B9D3-DC800E7F87B4}" = TRENDnet 802.11g Wireless CardBus/PCI Adapter
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3C10B1-C8C2-4197-A687-0901064F68AB}" = Roxio Creator 10 CE
"{D533DC05-E776-4ABC-82E1-D8D733D2E6B3}" = AncestryView 2.6
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Digital Editions" = Adobe Digital Editions
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{D533DC05-E776-4ABC-82E1-D8D733D2E6B3}" = AncestryView 2.6
"IrfanView" = IrfanView (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"Legacy 6.0" = Legacy 6.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"QuickTime" = QuickTime
"Universal Extractor_is1" = Universal Extractor 1.6.1
"Warcraft II BNE" = Warcraft II BNE

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4245015985-2778896149-1756623667-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BandiZip" = BandiZip

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/12/2012 9:00:07 AM | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00e05ab0 Faulting process id:
0x10c0 Faulting application start time: 0x01cd602e0fefa684 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 80cbb94c-cc21-11e1-9de3-50e5499d7e93

Error - 7/12/2012 1:57:28 PM | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1dc Start
Time: 01cd60527d3d2b70 Termination Time: 30 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 7/13/2012 7:45:56 AM | Computer Name = Admin-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 7/14/2012 4:33:53 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/14/2012 11:20:00 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/15/2012 6:27:29 AM | Computer Name = Admin-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 7/15/2012 2:45:21 PM | Computer Name = Admin-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\ESET\ESET
Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 7/16/2012 3:06:33 PM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/17/2012 2:43:22 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/17/2012 10:14:53 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 7/16/2012 3:06:42 PM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 7/16/2012 3:09:26 PM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/16/2012 8:47:11 PM | Computer Name = Admin-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 7/17/2012 2:43:21 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%2

Error - 7/17/2012 2:43:32 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 7/17/2012 2:44:54 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/17/2012 4:43:27 AM | Computer Name = Admin-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 7/17/2012 10:14:52 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%2

Error - 7/17/2012 10:15:03 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 7/17/2012 10:15:58 AM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
 
Hello jpatrick :),

RogueKiller in action
  • Please rerun RogueKiller. Try a few times if it does not run.
  • Click on Scan.
  • Go to the Registry tab and uncheck (untick) the following:
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
  • Click Delete.
  • Get the result via the Report button and post back the contents of the log.
--------------------

Fix with OTL
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click on OTL.exe to run it.
  • Copy and paste the following text into the white box below Custom Scans/Fixes:
    Code:
    :otl
    O4 - HKU\S-1-5-21-4245015985-2778896149-1756623667-1000..\Run: [Programs] C:\Users\Admin\AppData\Local\Temp\Programs\djdhrmx.dll (Microsoft Corporation)
    [1832/11/29 00:30:07 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\01M5C2AG.DEFAULT\EXTENSIONS\KYCXFNCUUG@KYCXFNCUUG.ORG.XPI
    
    :files
    C:\Users\Admin\AppData\Local\Temp\Programs\djdhrmx.dll
    
    :commands
    [CREATERESTOREPOINT]
    [EMPTYTEMP]
  • Click Run Fix. Everything on the desktop may disappear, this is normal. Please wait until the tool completes its routine.
  • Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
  • If requested to reboot, please do so. The log file will open after restart.
  • Enable back your security softwares as soon as you completed the OTL fix steps.
--------------------

Please download TDSSKiller© from Kaspersky and save it to your desktop. Click here.
  • Alternatively, you may get the zip version and extract the file to the desktop.
  • Double click on TDSSKiller.exe to execute it.
  • Click OK and press Start scan to begin.
  • If anything is found, please change all the actions to Skip only. <-- Important, please select Skip only, DO NOT proceed other actions.
  • Then click on Continue at the lower right corner.
  • You may be prompted to reboot your computer, please consent.
  • Once complete, a log will be produced at C:\. It will be named TDSSKiller.Version_Date_Time_log.txt, for example, C:\TDSSKiller.2.4.12.0_26.12.2010_23.12.11_log.txt.
  • Please post the contents of this log.
--------------------

Do an online scan with Panda ActiveScan.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
  • Click here to go to Panda ActiveScan page.
  • Click on Scan now. The default setting is a Full scan.
  • You will be prompted to install an ActiveX Control from Panda. Please install.
  • Components of the scanner will be downloaded and updated as well. Then, scanning will commence.
  • When finished, the scan results will be shown. Click on the small icon besides Export to: and save the log to your desktop.
  • Post the contents of this log in your reply.
--------------------

Please post back:
1. RogueKiller report
2. the OTL fix log
3. TDSSKiller log
4. Panda ActiveScan result
 
RK delete results

RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Admin [Admin rights]
Mode: Remove -- Date: 07/17/2012 20:09:33

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : Programs (rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Programs\djdhrmx.dll",CreateInstance) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AADS-00S9B SCSI Disk Device +++++
--- User ---
[MBR] 332b7a39b16aca7656fea55c2c2b9b19
[BSP] f9bcb8bee9782548fbff0e5de19b16f5 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
 
Last edited by a moderator:
OTL fix log..... again.

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-4245015985-2778896149-1756623667-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Programs not found.
C:\Users\Admin\AppData\Local\Temp\Programs\djdhrmx.dll moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\01m5c2ag.default\extensions\kycxfncuug@kycxfncuug.org.xpi moved successfully.
========== FILES ==========
File\Folder C:\Users\Admin\AppData\Local\Temp\Programs\djdhrmx.dll not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 621872 bytes
->Temporary Internet Files folder emptied: 109786480 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54748493 bytes
->Flash cache emptied: 470 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2048 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3144958 bytes

Total Files Cleaned = 161.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07172012_202132

Files\Folders moved on Reboot...
C:\Users\Admin\AppData\Local\Temp\Low\REG20CF.tmp moved successfully.
C:\Users\Admin\AppData\Local\Temp\Low\REG651B.tmp moved successfully.
C:\Users\Admin\AppData\Local\Temp\Low\REG66CF.tmp moved successfully.
C:\Users\Admin\AppData\Local\Temp\Low\REG70.tmp moved successfully.
C:\Users\Admin\AppData\Local\Temp\Low\REG89EC.tmp moved successfully.
C:\Users\Admin\AppData\Local\Temp\Low\REGA318.tmp moved successfully.
C:\Users\Admin\AppData\Local\Temp\Low\REGD110.tmp moved successfully.
C:\Users\Admin\AppData\Local\Temp\Low\REGFF68.tmp moved successfully.
C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JBIUAIDU\showthread[4].htm moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...
File C:\Users\Admin\AppData\Local\Temp\Low\REG20CF.tmp not found!
File C:\Users\Admin\AppData\Local\Temp\Low\REG651B.tmp not found!
File C:\Users\Admin\AppData\Local\Temp\Low\REG66CF.tmp not found!
File C:\Users\Admin\AppData\Local\Temp\Low\REG70.tmp not found!
File C:\Users\Admin\AppData\Local\Temp\Low\REG89EC.tmp not found!
File C:\Users\Admin\AppData\Local\Temp\Low\REGA318.tmp not found!
File C:\Users\Admin\AppData\Local\Temp\Low\REGD110.tmp not found!
File C:\Users\Admin\AppData\Local\Temp\Low\REGFF68.tmp not found!
File C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JBIUAIDU\showthread[4].htm not found!
File C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!

Registry entries deleted on Reboot...
 
TDSS log

20:29:38.0223 3512 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
20:29:38.0597 3512 ============================================================
20:29:38.0597 3512 Current date / time: 2012/07/17 20:29:38.0597
20:29:38.0597 3512 SystemInfo:
20:29:38.0597 3512
20:29:38.0597 3512 OS Version: 6.1.7601 ServicePack: 1.0
20:29:38.0597 3512 Product type: Workstation
20:29:38.0597 3512 ComputerName: ADMIN-PC
20:29:38.0597 3512 UserName: Admin
20:29:38.0597 3512 Windows directory: C:\Windows
20:29:38.0597 3512 System windows directory: C:\Windows
20:29:38.0597 3512 Running under WOW64
20:29:38.0597 3512 Processor architecture: Intel x64
20:29:38.0597 3512 Number of processors: 3
20:29:38.0597 3512 Page size: 0x1000
20:29:38.0597 3512 Boot type: Normal boot
20:29:38.0597 3512 ============================================================
20:29:40.0329 3512 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:29:40.0329 3512 ============================================================
20:29:40.0329 3512 \Device\Harddisk0\DR0:
20:29:40.0329 3512 MBR partitions:
20:29:40.0329 3512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:29:40.0329 3512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
20:29:40.0329 3512 ============================================================
20:29:40.0360 3512 C: <-> \Device\Harddisk0\DR0\Partition1
20:29:40.0360 3512 ============================================================
20:29:40.0360 3512 Initialize success
20:29:40.0360 3512 ============================================================
20:30:13.0978 1600 ============================================================
20:30:13.0978 1600 Scan started
20:30:13.0978 1600 Mode: Manual;
20:30:13.0978 1600 ============================================================
20:30:17.0114 1600 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:30:17.0129 1600 1394ohci - ok
20:30:17.0223 1600 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:30:17.0223 1600 ACPI - ok
20:30:17.0270 1600 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:30:17.0270 1600 AcpiPmi - ok
20:30:17.0363 1600 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:30:17.0363 1600 AdobeARMservice - ok
20:30:17.0426 1600 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:30:17.0441 1600 adp94xx - ok
20:30:17.0472 1600 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:30:17.0472 1600 adpahci - ok
20:30:17.0504 1600 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:30:17.0519 1600 adpu320 - ok
20:30:17.0535 1600 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:30:17.0535 1600 AeLookupSvc - ok
20:30:17.0597 1600 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:30:17.0613 1600 AFD - ok
20:30:17.0628 1600 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:30:17.0628 1600 agp440 - ok
20:30:17.0660 1600 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:30:17.0660 1600 ALG - ok
20:30:17.0691 1600 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:30:17.0691 1600 aliide - ok
20:30:17.0706 1600 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:30:17.0706 1600 amdide - ok
20:30:17.0722 1600 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:30:17.0722 1600 AmdK8 - ok
20:30:17.0738 1600 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:30:17.0738 1600 AmdPPM - ok
20:30:17.0769 1600 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:30:17.0769 1600 amdsata - ok
20:30:17.0784 1600 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:30:17.0784 1600 amdsbs - ok
20:30:17.0816 1600 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:30:17.0816 1600 amdxata - ok
20:30:17.0831 1600 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:30:17.0831 1600 AppID - ok
20:30:17.0862 1600 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:30:17.0862 1600 AppIDSvc - ok
20:30:17.0878 1600 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:30:17.0878 1600 Appinfo - ok
20:30:17.0894 1600 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:30:17.0894 1600 arc - ok
20:30:17.0909 1600 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:30:17.0925 1600 arcsas - ok
20:30:18.0128 1600 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:30:18.0174 1600 aspnet_state - ok
20:30:18.0206 1600 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:30:18.0206 1600 AsyncMac - ok
20:30:18.0237 1600 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:30:18.0237 1600 atapi - ok
20:30:18.0315 1600 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:30:18.0330 1600 AudioEndpointBuilder - ok
20:30:18.0330 1600 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:30:18.0330 1600 AudioSrv - ok
20:30:21.0185 1600 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
20:30:21.0216 1600 AVGIDSAgent - ok
20:30:21.0653 1600 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
20:30:21.0653 1600 AVGIDSDriver - ok
20:30:21.0669 1600 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
20:30:21.0669 1600 AVGIDSFilter - ok
20:30:21.0747 1600 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
20:30:21.0747 1600 AVGIDSHA - ok
20:30:21.0809 1600 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
20:30:21.0809 1600 Avgldx64 - ok
20:30:21.0903 1600 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
20:30:21.0903 1600 Avgmfx64 - ok
20:30:21.0981 1600 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
20:30:21.0981 1600 Avgrkx64 - ok
20:30:22.0683 1600 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
20:30:22.0683 1600 Avgtdia - ok
20:30:22.0870 1600 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:30:22.0870 1600 avgwd - ok
20:30:22.0917 1600 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:30:22.0917 1600 AxInstSV - ok
20:30:23.0026 1600 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:30:23.0073 1600 b06bdrv - ok
20:30:23.0135 1600 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:30:23.0151 1600 b57nd60a - ok
20:30:23.0166 1600 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:30:23.0182 1600 BDESVC - ok
20:30:23.0198 1600 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:30:23.0198 1600 Beep - ok
20:30:23.0322 1600 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:30:23.0338 1600 BFE - ok
20:30:23.0666 1600 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:30:23.0712 1600 BITS - ok
20:30:23.0806 1600 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:30:23.0806 1600 blbdrive - ok
20:30:23.0837 1600 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:30:23.0837 1600 bowser - ok
20:30:23.0853 1600 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:30:23.0868 1600 BrFiltLo - ok
20:30:23.0884 1600 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:30:23.0884 1600 BrFiltUp - ok
20:30:23.0900 1600 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:30:23.0900 1600 Browser - ok
20:30:23.0931 1600 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:30:23.0946 1600 Brserid - ok
20:30:23.0962 1600 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:30:23.0962 1600 BrSerWdm - ok
20:30:23.0962 1600 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:30:23.0962 1600 BrUsbMdm - ok
20:30:23.0978 1600 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:30:23.0978 1600 BrUsbSer - ok
20:30:24.0009 1600 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:30:24.0024 1600 BTHMODEM - ok
20:30:24.0056 1600 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:30:24.0056 1600 bthserv - ok
20:30:24.0087 1600 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:30:24.0087 1600 cdfs - ok
20:30:24.0118 1600 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:30:24.0134 1600 cdrom - ok
20:30:24.0165 1600 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:30:24.0180 1600 CertPropSvc - ok
20:30:24.0180 1600 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:30:24.0180 1600 circlass - ok
20:30:24.0227 1600 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:30:24.0227 1600 CLFS - ok
20:30:24.0477 1600 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:30:24.0492 1600 clr_optimization_v2.0.50727_32 - ok
20:30:24.0617 1600 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:30:24.0633 1600 clr_optimization_v2.0.50727_64 - ok
20:30:24.0836 1600 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:30:24.0867 1600 clr_optimization_v4.0.30319_32 - ok
20:30:24.0929 1600 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:30:24.0929 1600 clr_optimization_v4.0.30319_64 - ok
20:30:24.0992 1600 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:30:24.0992 1600 CmBatt - ok
20:30:25.0007 1600 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:30:25.0007 1600 cmdide - ok
20:30:25.0070 1600 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:30:25.0085 1600 CNG - ok
20:30:25.0085 1600 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:30:25.0085 1600 Compbatt - ok
20:30:25.0148 1600 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:30:25.0148 1600 CompositeBus - ok
20:30:25.0163 1600 COMSysApp - ok
20:30:25.0163 1600 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:30:25.0179 1600 crcdisk - ok
20:30:25.0226 1600 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:30:25.0226 1600 CryptSvc - ok
20:30:25.0288 1600 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:30:25.0304 1600 DcomLaunch - ok
20:30:25.0335 1600 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:30:25.0335 1600 defragsvc - ok
20:30:25.0350 1600 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:30:25.0366 1600 DfsC - ok
20:30:25.0397 1600 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:30:25.0397 1600 Dhcp - ok
20:30:25.0397 1600 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:30:25.0397 1600 discache - ok
20:30:25.0413 1600 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:30:25.0413 1600 Disk - ok
20:30:25.0460 1600 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:30:25.0460 1600 Dnscache - ok
20:30:25.0491 1600 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:30:25.0506 1600 dot3svc - ok
20:30:25.0631 1600 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:30:25.0631 1600 DPS - ok
20:30:25.0678 1600 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:30:25.0678 1600 drmkaud - ok
20:30:25.0787 1600 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:30:25.0803 1600 DXGKrnl - ok
20:30:26.0052 1600 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:30:26.0052 1600 EapHost - ok
20:30:26.0973 1600 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:30:27.0066 1600 ebdrv - ok
20:30:27.0784 1600 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:30:27.0784 1600 EFS - ok
20:30:28.0860 1600 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:30:28.0876 1600 ehRecvr - ok
20:30:28.0954 1600 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:30:28.0970 1600 ehSched - ok
20:30:29.0750 1600 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:30:29.0796 1600 elxstor - ok
20:30:29.0812 1600 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:30:29.0812 1600 ErrDev - ok
20:30:30.0654 1600 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:30:30.0654 1600 EventSystem - ok
20:30:30.0857 1600 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:30:30.0873 1600 exfat - ok
20:30:31.0325 1600 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:30:31.0341 1600 fastfat - ok
20:30:31.0481 1600 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:30:31.0512 1600 Fax - ok
20:30:31.0544 1600 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:30:31.0544 1600 fdc - ok
20:30:31.0575 1600 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:30:31.0575 1600 fdPHost - ok
20:30:31.0590 1600 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:30:31.0590 1600 FDResPub - ok
20:30:31.0606 1600 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:30:31.0622 1600 FileInfo - ok
20:30:31.0622 1600 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:30:31.0637 1600 Filetrace - ok
20:30:31.0653 1600 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:30:31.0668 1600 flpydisk - ok
20:30:31.0731 1600 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:30:31.0731 1600 FltMgr - ok
20:30:32.0682 1600 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:30:32.0698 1600 FontCache - ok
20:30:32.0885 1600 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:30:32.0885 1600 FontCache3.0.0.0 - ok
20:30:32.0948 1600 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:30:32.0948 1600 FsDepends - ok
20:30:33.0026 1600 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:30:33.0026 1600 Fs_Rec - ok
20:30:33.0104 1600 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:30:33.0119 1600 fvevol - ok
20:30:33.0197 1600 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:30:33.0213 1600 gagp30kx - ok
20:30:33.0228 1600 gdrv - ok
20:30:33.0369 1600 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:30:33.0384 1600 gpsvc - ok
20:30:33.0728 1600 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:30:33.0759 1600 gupdate - ok
20:30:33.0774 1600 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:30:33.0774 1600 gupdatem - ok
20:30:33.0868 1600 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:30:33.0868 1600 hcw85cir - ok
20:30:34.0024 1600 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:30:34.0040 1600 HdAudAddService - ok
20:30:34.0086 1600 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:30:34.0086 1600 HDAudBus - ok
20:30:34.0102 1600 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:30:34.0118 1600 HidBatt - ok
20:30:34.0133 1600 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:30:34.0149 1600 HidBth - ok
20:30:34.0149 1600 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:30:34.0149 1600 HidIr - ok
20:30:34.0180 1600 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:30:34.0180 1600 hidserv - ok
20:30:34.0211 1600 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:30:34.0211 1600 HidUsb - ok
20:30:34.0258 1600 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:30:34.0258 1600 hkmsvc - ok
20:30:34.0305 1600 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:30:34.0305 1600 HomeGroupListener - ok
20:30:34.0476 1600 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:30:34.0492 1600 HomeGroupProvider - ok
20:30:34.0648 1600 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:30:34.0679 1600 HpSAMD - ok
20:30:34.0773 1600 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:30:34.0788 1600 HTTP - ok
20:30:34.0835 1600 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:30:34.0835 1600 hwpolicy - ok
20:30:34.0882 1600 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:30:34.0882 1600 i8042prt - ok
20:30:34.0960 1600 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:30:35.0007 1600 iaStorV - ok
20:30:35.0678 1600 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:30:35.0787 1600 idsvc - ok
20:30:35.0834 1600 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:30:35.0834 1600 iirsp - ok
20:30:36.0442 1600 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:30:36.0458 1600 IKEEXT - ok
20:30:37.0284 1600 IntcAzAudAddService (ddfadf2fa49c078a9c8270f29d6958b1) C:\Windows\system32\drivers\RTKVHD64.sys
20:30:37.0300 1600 IntcAzAudAddService - ok
20:30:37.0674 1600 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:30:37.0674 1600 intelide - ok
20:30:37.0706 1600 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
20:30:37.0721 1600 intelppm - ok
20:30:37.0752 1600 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:30:37.0768 1600 IPBusEnum - ok
20:30:37.0784 1600 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:30:37.0799 1600 IpFilterDriver - ok
20:30:37.0846 1600 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:30:37.0846 1600 iphlpsvc - ok
20:30:37.0893 1600 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:30:37.0893 1600 IPMIDRV - ok
20:30:37.0908 1600 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:30:37.0908 1600 IPNAT - ok
20:30:37.0955 1600 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:30:37.0955 1600 IRENUM - ok
20:30:37.0971 1600 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:30:37.0971 1600 isapnp - ok
20:30:38.0002 1600 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:30:38.0018 1600 iScsiPrt - ok
20:30:38.0033 1600 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:30:38.0033 1600 kbdclass - ok
20:30:38.0049 1600 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:30:38.0049 1600 kbdhid - ok
20:30:38.0080 1600 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:30:38.0096 1600 KeyIso - ok
20:30:38.0111 1600 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:30:38.0111 1600 KSecDD - ok
20:30:38.0236 1600 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:30:38.0236 1600 KSecPkg - ok
20:30:38.0283 1600 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:30:38.0283 1600 ksthunk - ok
20:30:38.0330 1600 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:30:38.0345 1600 KtmRm - ok
20:30:38.0408 1600 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:30:38.0423 1600 LanmanServer - ok
20:30:38.0439 1600 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:30:38.0439 1600 LanmanWorkstation - ok
20:30:38.0564 1600 LightScribeService (dfeff67508d3a9aeb1a85d7b0f513b24) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:30:38.0564 1600 LightScribeService - ok
20:30:38.0626 1600 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:30:38.0626 1600 lltdio - ok
20:30:38.0704 1600 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:30:38.0720 1600 lltdsvc - ok
20:30:38.0751 1600 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:30:38.0766 1600 lmhosts - ok
20:30:38.0813 1600 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:30:38.0813 1600 LSI_FC - ok
20:30:38.0844 1600 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:30:38.0844 1600 LSI_SAS - ok
20:30:38.0860 1600 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:30:38.0860 1600 LSI_SAS2 - ok
20:30:38.0891 1600 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:30:38.0891 1600 LSI_SCSI - ok
20:30:38.0922 1600 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:30:38.0938 1600 luafv - ok
20:30:38.0969 1600 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:30:38.0969 1600 Mcx2Svc - ok
20:30:38.0985 1600 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:30:38.0985 1600 megasas - ok
20:30:39.0032 1600 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:30:39.0047 1600 MegaSR - ok
20:30:39.0110 1600 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:30:39.0125 1600 MMCSS - ok
20:30:39.0141 1600 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:30:39.0141 1600 Modem - ok
20:30:39.0172 1600 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:30:39.0172 1600 monitor - ok
20:30:39.0219 1600 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:30:39.0219 1600 mouclass - ok
20:30:39.0234 1600 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
20:30:39.0250 1600 mouhid - ok
20:30:39.0266 1600 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:30:39.0266 1600 mountmgr - ok
20:30:39.0281 1600 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:30:39.0297 1600 mpio - ok
20:30:39.0312 1600 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:30:39.0312 1600 mpsdrv - ok
20:30:39.0406 1600 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:30:39.0406 1600 MpsSvc - ok
20:30:39.0531 1600 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:30:39.0546 1600 MRxDAV - ok
20:30:39.0578 1600 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:30:39.0593 1600 mrxsmb - ok
20:30:39.0796 1600 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:30:39.0812 1600 mrxsmb10 - ok
20:30:39.0843 1600 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:30:39.0843 1600 mrxsmb20 - ok
20:30:39.0874 1600 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:30:39.0890 1600 msahci - ok
20:30:39.0921 1600 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:30:39.0921 1600 msdsm - ok
20:30:39.0952 1600 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:30:39.0968 1600 MSDTC - ok
20:30:39.0983 1600 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:30:39.0983 1600 Msfs - ok
20:30:39.0983 1600 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:30:39.0983 1600 mshidkmdf - ok
20:30:39.0999 1600 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:30:39.0999 1600 msisadrv - ok
20:30:40.0061 1600 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:30:40.0061 1600 MSiSCSI - ok
20:30:40.0077 1600 msiserver - ok
20:30:40.0108 1600 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:30:40.0108 1600 MSKSSRV - ok
20:30:40.0124 1600 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:30:40.0124 1600 MSPCLOCK - ok
20:30:40.0139 1600 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:30:40.0139 1600 MSPQM - ok
20:30:40.0186 1600 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:30:40.0186 1600 MsRPC - ok
20:30:40.0217 1600 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:30:40.0217 1600 mssmbios - ok
20:30:40.0217 1600 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:30:40.0217 1600 MSTEE - ok
20:30:40.0233 1600 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:30:40.0233 1600 MTConfig - ok
20:30:40.0248 1600 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:30:40.0248 1600 Mup - ok
20:30:40.0280 1600 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:30:40.0295 1600 napagent - ok
20:30:40.0358 1600 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:30:40.0373 1600 NativeWifiP - ok
20:30:40.0436 1600 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:30:40.0436 1600 NDIS - ok
20:30:40.0451 1600 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:30:40.0451 1600 NdisCap - ok
20:30:40.0482 1600 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:30:40.0482 1600 NdisTapi - ok
20:30:40.0498 1600 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:30:40.0498 1600 Ndisuio - ok
20:30:40.0529 1600 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:30:40.0529 1600 NdisWan - ok
20:30:40.0545 1600 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:30:40.0545 1600 NDProxy - ok
20:30:40.0560 1600 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:30:40.0560 1600 NetBIOS - ok
20:30:40.0592 1600 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:30:40.0592 1600 NetBT - ok
20:30:40.0623 1600 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:30:40.0623 1600 Netlogon - ok
20:30:40.0685 1600 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:30:40.0701 1600 Netman - ok
20:30:41.0122 1600 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:30:41.0153 1600 NetMsmqActivator - ok
20:30:41.0169 1600 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:30:41.0169 1600 NetPipeActivator - ok
20:30:41.0590 1600 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:30:41.0606 1600 netprofm - ok
20:30:41.0621 1600 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:30:41.0621 1600 NetTcpActivator - ok
20:30:41.0621 1600 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:30:41.0637 1600 NetTcpPortSharing - ok
20:30:41.0684 1600 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:30:41.0684 1600 nfrd960 - ok
20:30:41.0824 1600 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:30:41.0840 1600 NlaSvc - ok
20:30:41.0855 1600 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:30:41.0855 1600 Npfs - ok
20:30:41.0871 1600 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:30:41.0871 1600 nsi - ok
20:30:41.0886 1600 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:30:41.0886 1600 nsiproxy - ok
20:30:42.0869 1600 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:30:42.0900 1600 Ntfs - ok
20:30:43.0821 1600 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:30:43.0821 1600 Null - ok
20:30:43.0930 1600 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
20:30:43.0930 1600 NVENETFD - ok
20:30:44.0710 1600 nvlddmkm (c47d6b7299ba80a210bcafa81ac978a1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:30:44.0772 1600 nvlddmkm - ok
20:30:44.0944 1600 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
20:30:44.0960 1600 NVNET - ok
20:30:45.0006 1600 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:30:45.0006 1600 nvraid - ok
20:30:45.0038 1600 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:30:45.0038 1600 nvstor - ok
20:30:45.0069 1600 nvsvc (522845124da947b2372c6f606cd105a8) C:\Windows\system32\nvvsvc.exe
20:30:45.0069 1600 nvsvc - ok
20:30:45.0100 1600 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:30:45.0100 1600 nv_agp - ok
20:30:45.0131 1600 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:30:45.0131 1600 ohci1394 - ok
20:30:45.0162 1600 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:30:45.0178 1600 p2pimsvc - ok
20:30:45.0209 1600 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:30:45.0209 1600 p2psvc - ok
20:30:45.0240 1600 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:30:45.0256 1600 Parport - ok
20:30:45.0272 1600 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:30:45.0272 1600 partmgr - ok
20:30:45.0287 1600 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:30:45.0287 1600 PcaSvc - ok
20:30:45.0303 1600 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:30:45.0303 1600 pci - ok
20:30:45.0334 1600 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:30:45.0334 1600 pciide - ok
20:30:45.0365 1600 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:30:45.0365 1600 pcmcia - ok
20:30:45.0396 1600 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:30:45.0396 1600 pcw - ok
20:30:45.0443 1600 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:30:45.0443 1600 PEAUTH - ok
20:30:45.0521 1600 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:30:45.0521 1600 PerfHost - ok
20:30:45.0615 1600 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:30:45.0615 1600 pla - ok
20:30:45.0693 1600 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:30:45.0693 1600 PlugPlay - ok
20:30:45.0708 1600 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:30:45.0708 1600 PNRPAutoReg - ok
20:30:45.0740 1600 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:30:45.0740 1600 PNRPsvc - ok
20:30:45.0802 1600 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:30:45.0818 1600 PolicyAgent - ok
20:30:45.0864 1600 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:30:45.0864 1600 Power - ok
20:30:45.0958 1600 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:30:45.0958 1600 PptpMiniport - ok
20:30:45.0989 1600 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:30:45.0989 1600 Processor - ok
20:30:46.0052 1600 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:30:46.0052 1600 ProfSvc - ok
20:30:46.0114 1600 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:30:46.0114 1600 ProtectedStorage - ok
20:30:46.0145 1600 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:30:46.0145 1600 Psched - ok
20:30:46.0239 1600 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
20:30:46.0239 1600 PxHlpa64 - ok
20:30:47.0596 1600 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:30:47.0658 1600 ql2300 - ok
20:30:48.0048 1600 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:30:48.0080 1600 ql40xx - ok
20:30:48.0142 1600 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:30:48.0142 1600 QWAVE - ok
20:30:48.0173 1600 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:30:48.0173 1600 QWAVEdrv - ok
20:30:48.0204 1600 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:30:48.0220 1600 RasAcd - ok
20:30:48.0251 1600 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:30:48.0251 1600 RasAgileVpn - ok
20:30:48.0267 1600 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:30:48.0282 1600 RasAuto - ok
20:30:48.0298 1600 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:30:48.0298 1600 Rasl2tp - ok
20:30:48.0329 1600 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:30:48.0345 1600 RasMan - ok
20:30:48.0360 1600 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:30:48.0360 1600 RasPppoe - ok
20:30:48.0376 1600 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:30:48.0376 1600 RasSstp - ok
20:30:48.0407 1600 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:30:48.0407 1600 rdbss - ok
20:30:48.0423 1600 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
20:30:48.0423 1600 rdpbus - ok
20:30:48.0423 1600 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:30:48.0423 1600 RDPCDD - ok
20:30:48.0438 1600 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:30:48.0454 1600 RDPENCDD - ok
20:30:48.0454 1600 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:30:48.0454 1600 RDPREFMP - ok
20:30:48.0594 1600 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:30:48.0610 1600 RDPWD - ok
20:30:48.0657 1600 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:30:48.0672 1600 rdyboost - ok
20:30:48.0704 1600 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:30:48.0704 1600 RemoteAccess - ok
20:30:48.0735 1600 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:30:48.0750 1600 RemoteRegistry - ok
20:30:48.0891 1600 RichVideo (bd517c7fb119997effbe39d5e4b37b05) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
20:30:48.0906 1600 RichVideo - ok
20:30:49.0000 1600 RoxLiveShare10 (146ae73403f2e3a923c055e163c69213) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
20:30:49.0000 1600 RoxLiveShare10 - ok
20:30:49.0140 1600 RoxMediaDB10 (2dcc8b71718978613647fa9523bf485c) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
20:30:49.0187 1600 RoxMediaDB10 - ok
20:30:49.0312 1600 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:30:49.0328 1600 RpcEptMapper - ok
20:30:49.0343 1600 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:30:49.0343 1600 RpcLocator - ok
20:30:49.0421 1600 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:30:49.0421 1600 RpcSs - ok
20:30:49.0484 1600 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:30:49.0484 1600 rspndr - ok
20:30:49.0702 1600 RTL85n64 (bf12bef1f005d0fe1dcf00c39c1796aa) C:\Windows\system32\DRIVERS\RTL85n64.sys
20:30:49.0718 1600 RTL85n64 - ok
20:30:49.0764 1600 RxFilter - ok
20:30:49.0796 1600 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:30:49.0796 1600 SamSs - ok
20:30:49.0811 1600 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:30:49.0827 1600 sbp2port - ok
20:30:51.0605 1600 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:30:51.0621 1600 SBSDWSCService - ok
20:30:51.0839 1600 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:30:51.0839 1600 SCardSvr - ok
20:30:52.0026 1600 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:30:52.0026 1600 scfilter - ok
20:30:53.0072 1600 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:30:53.0103 1600 Schedule - ok
20:30:53.0259 1600 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:30:53.0259 1600 SCPolicySvc - ok
20:30:53.0446 1600 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:30:53.0462 1600 SDRSVC - ok
20:30:53.0524 1600 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:30:53.0524 1600 secdrv - ok
20:30:53.0555 1600 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:30:53.0555 1600 seclogon - ok
20:30:53.0602 1600 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:30:53.0602 1600 SENS - ok
20:30:53.0633 1600 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:30:53.0633 1600 SensrSvc - ok
20:30:53.0664 1600 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:30:53.0680 1600 Serenum - ok
20:30:53.0696 1600 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:30:53.0711 1600 Serial - ok
20:30:53.0727 1600 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:30:53.0727 1600 sermouse - ok
20:30:53.0774 1600 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:30:53.0774 1600 SessionEnv - ok
20:30:53.0852 1600 SessionLauncher - ok
20:30:53.0867 1600 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:30:53.0867 1600 sffdisk - ok
20:30:53.0867 1600 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:30:53.0867 1600 sffp_mmc - ok
20:30:53.0867 1600 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:30:53.0867 1600 sffp_sd - ok
20:30:53.0898 1600 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:30:53.0898 1600 sfloppy - ok
20:30:53.0930 1600 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:30:53.0930 1600 SharedAccess - ok
20:30:53.0961 1600 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:30:53.0961 1600 ShellHWDetection - ok
20:30:53.0976 1600 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:30:53.0976 1600 SiSRaid2 - ok
20:30:54.0008 1600 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:30:54.0008 1600 SiSRaid4 - ok
20:30:54.0039 1600 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:30:54.0039 1600 Smb - ok
20:30:54.0070 1600 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:30:54.0070 1600 SNMPTRAP - ok
20:30:54.0086 1600 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:30:54.0086 1600 spldr - ok
20:30:54.0226 1600 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:30:54.0242 1600 Spooler - ok
20:30:54.0788 1600 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:30:54.0803 1600 sppsvc - ok
20:30:54.0928 1600 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:30:54.0928 1600 sppuinotify - ok
20:30:54.0990 1600 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:30:55.0006 1600 srv - ok
20:30:55.0053 1600 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:30:55.0084 1600 srv2 - ok
20:30:55.0115 1600 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:30:55.0115 1600 srvnet - ok
20:30:55.0131 1600 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:30:55.0146 1600 SSDPSRV - ok
20:30:55.0162 1600 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:30:55.0162 1600 SstpSvc - ok
20:30:55.0178 1600 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:30:55.0178 1600 stexstor - ok
20:30:55.0271 1600 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:30:55.0287 1600 stisvc - ok
20:30:55.0365 1600 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:30:55.0365 1600 stllssvr - ok
20:30:55.0396 1600 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:30:55.0396 1600 swenum - ok
20:30:55.0427 1600 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:30:55.0427 1600 swprv - ok
20:30:55.0536 1600 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:30:55.0536 1600 SysMain - ok
20:30:55.0661 1600 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:30:55.0661 1600 TabletInputService - ok
20:30:55.0724 1600 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:30:55.0739 1600 TapiSrv - ok
20:30:55.0755 1600 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:30:55.0755 1600 TBS - ok
20:30:56.0660 1600 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:30:56.0675 1600 Tcpip - ok
20:30:57.0876 1600 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:30:57.0892 1600 TCPIP6 - ok
20:30:59.0000 1600 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:30:59.0000 1600 tcpipreg - ok
20:30:59.0031 1600 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:30:59.0031 1600 TDPIPE - ok
20:30:59.0062 1600 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:30:59.0062 1600 TDTCP - ok
20:30:59.0093 1600 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:30:59.0093 1600 tdx - ok
20:30:59.0109 1600 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
20:30:59.0109 1600 TermDD - ok
20:30:59.0187 1600 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:30:59.0202 1600 TermService - ok
20:30:59.0280 1600 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:30:59.0296 1600 Themes - ok
20:30:59.0468 1600 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:30:59.0483 1600 THREADORDER - ok
20:30:59.0733 1600 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:30:59.0733 1600 TrkWks - ok
20:30:59.0873 1600 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:30:59.0873 1600 TrustedInstaller - ok
20:30:59.0873 1600 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:30:59.0889 1600 tssecsrv - ok
20:30:59.0936 1600 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:30:59.0936 1600 TsUsbFlt - ok
20:30:59.0967 1600 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:30:59.0967 1600 TsUsbGD - ok
20:31:00.0014 1600 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:31:00.0014 1600 tunnel - ok
20:31:00.0045 1600 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:31:00.0060 1600 uagp35 - ok
20:31:00.0107 1600 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:31:00.0123 1600 udfs - ok
20:31:00.0170 1600 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:31:00.0185 1600 UI0Detect - ok
20:31:00.0216 1600 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:31:00.0216 1600 uliagpkx - ok
20:31:00.0232 1600 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:31:00.0248 1600 umbus - ok
20:31:00.0263 1600 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:31:00.0263 1600 UmPass - ok
20:31:00.0310 1600 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:31:00.0326 1600 upnphost - ok
20:31:00.0404 1600 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:31:00.0404 1600 usbaudio - ok
20:31:00.0435 1600 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:31:00.0435 1600 usbccgp - ok
20:31:00.0482 1600 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:31:00.0482 1600 usbcir - ok
20:31:00.0513 1600 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:31:00.0513 1600 usbehci - ok
20:31:00.0560 1600 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:31:00.0560 1600 usbhub - ok
20:31:00.0575 1600 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:31:00.0575 1600 usbohci - ok
20:31:00.0638 1600 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:31:00.0638 1600 usbprint - ok
20:31:00.0653 1600 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:31:00.0669 1600 usbscan - ok
20:31:00.0684 1600 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:31:00.0684 1600 USBSTOR - ok
20:31:00.0700 1600 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:31:00.0700 1600 usbuhci - ok
20:31:00.0716 1600 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:31:00.0716 1600 UxSms - ok
20:31:00.0731 1600 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:31:00.0747 1600 VaultSvc - ok
20:31:00.0778 1600 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:31:00.0778 1600 vdrvroot - ok
20:31:00.0856 1600 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:31:00.0872 1600 vds - ok
20:31:00.0887 1600 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:31:00.0887 1600 vga - ok
20:31:00.0903 1600 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:31:00.0903 1600 VgaSave - ok
20:31:00.0934 1600 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:31:00.0934 1600 vhdmp - ok
20:31:00.0950 1600 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:31:00.0950 1600 viaide - ok
20:31:00.0981 1600 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:31:00.0981 1600 volmgr - ok
20:31:01.0106 1600 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:31:01.0106 1600 volmgrx - ok
20:31:01.0449 1600 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:31:01.0464 1600 volsnap - ok
20:31:01.0776 1600 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:31:01.0808 1600 vsmraid - ok
20:31:02.0135 1600 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:31:02.0166 1600 VSS - ok
20:31:03.0134 1600 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:31:03.0134 1600 vwifibus - ok
20:31:03.0336 1600 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:31:03.0352 1600 W32Time - ok
20:31:03.0383 1600 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:31:03.0383 1600 WacomPen - ok
20:31:03.0430 1600 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:31:03.0430 1600 WANARP - ok
20:31:03.0446 1600 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:31:03.0446 1600 Wanarpv6 - ok
20:31:03.0742 1600 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:31:03.0758 1600 WatAdminSvc - ok
20:31:03.0867 1600 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:31:03.0867 1600 wbengine - ok
20:31:04.0179 1600 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:31:04.0194 1600 WbioSrvc - ok
20:31:04.0241 1600 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:31:04.0241 1600 wcncsvc - ok
20:31:04.0272 1600 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:31:04.0272 1600 WcsPlugInService - ok
20:31:04.0319 1600 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:31:04.0335 1600 Wd - ok
20:31:04.0397 1600 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:31:04.0413 1600 Wdf01000 - ok
20:31:04.0428 1600 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:31:04.0428 1600 WdiServiceHost - ok
20:31:04.0444 1600 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:31:04.0444 1600 WdiSystemHost - ok
20:31:04.0460 1600 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:31:04.0460 1600 WebClient - ok
20:31:04.0475 1600 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:31:04.0491 1600 Wecsvc - ok
20:31:04.0506 1600 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:31:04.0506 1600 wercplsupport - ok
20:31:04.0522 1600 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:31:04.0522 1600 WerSvc - ok
20:31:04.0569 1600 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:31:04.0569 1600 WfpLwf - ok
20:31:04.0584 1600 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:31:04.0600 1600 WIMMount - ok
20:31:04.0631 1600 WinDefend - ok
20:31:04.0647 1600 WinHttpAutoProxySvc - ok
20:31:04.0709 1600 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:31:04.0709 1600 Winmgmt - ok
20:31:04.0959 1600 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:31:04.0974 1600 WinRM - ok
20:31:05.0099 1600 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:31:05.0099 1600 WinUsb - ok
20:31:05.0255 1600 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:31:05.0271 1600 Wlansvc - ok
20:31:05.0286 1600 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:31:05.0302 1600 WmiAcpi - ok
20:31:05.0396 1600 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:31:05.0396 1600 wmiApSrv - ok
20:31:05.0442 1600 WMPNetworkSvc - ok
20:31:05.0458 1600 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:31:05.0458 1600 WPCSvc - ok
20:31:05.0474 1600 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:31:05.0489 1600 WPDBusEnum - ok
20:31:05.0505 1600 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:31:05.0505 1600 ws2ifsl - ok
20:31:05.0520 1600 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:31:05.0520 1600 wscsvc - ok
20:31:05.0536 1600 WSearch - ok
20:31:06.0784 1600 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:31:06.0831 1600 wuauserv - ok
20:31:07.0112 1600 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:31:07.0127 1600 WudfPf - ok
20:31:07.0174 1600 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:31:07.0190 1600 WUDFRd - ok
20:31:07.0236 1600 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:31:07.0236 1600 wudfsvc - ok
20:31:07.0533 1600 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:31:07.0548 1600 WwanSvc - ok
20:31:07.0595 1600 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:31:10.0934 1600 \Device\Harddisk0\DR0 - ok
20:31:10.0965 1600 Boot (0x1200) (57a6da37ad96be545fc49461250627f5) \Device\Harddisk0\DR0\Partition0
20:31:10.0965 1600 \Device\Harddisk0\DR0\Partition0 - ok
20:31:10.0980 1600 Boot (0x1200) (52981a1525e92307c216c02773b897aa) \Device\Harddisk0\DR0\Partition1
20:31:11.0012 1600 \Device\Harddisk0\DR0\Partition1 - ok
20:31:11.0012 1600 ============================================================
20:31:11.0012 1600 Scan finished
20:31:11.0012 1600 ============================================================
20:31:11.0043 3484 Detected object count: 0
20:31:11.0043 3484 Actual detected object count: 0
 
Panda scan log

;***********************************************************************************************************************************************************************************
ANALYSIS: 2012-07-17 21:44:52
PROTECTIONS: 1
MALWARE: 2
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free Edition 2012 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00147806 Cookie/7search TrackingCookie No 0 Yes No c:\users\admin\appdata\roaming\microsoft\windows\cookies\low\uetelhoo.txt
03946645 Application/ProduKey HackTools No 0 Yes No c:\utilities\produkey\produkey.zip[produkey.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\_otl\movedfiles\07162012_150319\c_users\admin\appdata\local\virtualstore\temp\ggqkf.dll
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
 
Hello jpatrick :),

It appears we got the baddies this round, please monitor a while the situation.

Please zip up the images you took and upload it for analysis. Click here.

You will be taken to a new post page (at a different forum). Please fill in the necessary details and provide a link to this topic.

Click on Send File.
 
Panda scan results?

Hello Jack&Jill,

Ummm... What do I do with the 3 issues that the Panda scan found? You never said to let Panda fix those issue.

What's more pressing is why I was infected again SO quickly! There must be a program on my computer that is allowing these infections. What do you think?

I have uninstalled FlashCatch because it was an Add-on as was the YouTube downloader. It was already disabled but..... I'm grasping at straws. :confused:

I'm going to surf this morning and see if end up infected again.

All for now,

Jpatrick
 
Hello jpatrick :),

Reinfection could be caused by bad files that are not seen by the scanners and we did not get all of them, not up to date programs, compromised sites, etc. How are things now?

Thanks for the images, but unfortunately no lead from there.

Of the findings from the Panda ActiveScan, they are harmless. You can delete the first two if you want. The last one is a backup of the previous fix we did.
 
Update

Hello Jack&Jill,

I haven't had any issues the last 24 hours.... and I've used the computer a lot to give it a good testing.

I did a windows update, since I hadn't done that in a while and as mentioned yesterday I got rid of FlashCatch, an Add-on.

The otl backup of the fix we did yesterday can or cannot be deleted? When I see the file location "virtualstore" I get jittery. :fear:

I will say thank you again.... this time much more cautiously. :yes: I appreciate your help. I will go back to your post and follow the instructions for getting rid otl & the other programs....... in a FEW DAYS. Just to be safe.

If there is a recurrence of similar issues after this is archived, is there a way to request your help specifically? Since you're familiar with my system and the issues?

Best wishes,

Jpatrick

PS Remember Jack&Jill, if you ever go "up the hill to fetch a pail of water"..... beeee CAREFUL!
 
Hello jpatrick :),

You are welcome :).

Good to hear things are positive so far. I will keep this topic open for a few days.

The OTL backup will be addressed when you click the Cleanup button.


PS Remember Jack&Jill, if you ever go "up the hill to fetch a pail of water"..... beeee CAREFUL!
:rotfl:
 
Looking good!

Hello Jack&Jill,

Three days out & no redirect issues!:yahoo:

Spybot did find a Widgi Toolbar. It fixed 3 issues associated with that. I noted that "Spigot" was in the name of two of the issues that were fixed. Spigot was connected to that YouTube Downloader which I've deleted.

I admit, I've been gun shy..... running scans at the smallest provocation...... they've all been clear for the past three days.

I ran the OTL clean up & it removed RogueKiller & TDSSKiller as well.... that's what it was supposed to do right?

You mentioned "purging system restore" in an earlier post. I've read a little about it, but if you could clarify: Does my creating a new restore point automatically "purge system restore" of the old restore point/s? If not, how do I actually purge system restore.... the link you gave didn't make it clear.... at least I didn't see it.

Thanks,

Jpatrick
 
Back
Top