Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect?


  • This topic is locked This topic is locked
8 replies to this topic

#1 ryanlewiscmh

ryanlewiscmh

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 14 November 2011 - 06:11 PM

I stumbled upon Bleeping Computer after doing Google searches to try to remove this virus/rootkit issue. Ive run multiple virus scans, rootkit 'fixers' nothing seems to be working. I DID run ComboFix and I have a log file I have attached.

Symptoms:
-Firefox will not open at all (instead it runs hidden on the Task Manager) and automatically runs.
-Internet Explorer does the same but WILL Launch from the Start menu which is how Im online currently.
-Some of my Java uploader programs won't open (online photo lab uploader program).

I am only mildly knowledgable about knowing my way around a computer so be patient please. I have attached the log file below:

ComboFix 11-11-14.02 - Owner 11/14/2011 17:30:59.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1897 [GMT -5:00]
Running from: c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLWNIKHW\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
J:\Autorun.inf
J:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-14 22:38 . 2011-11-14 22:39 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-11-14 22:38 . 2011-11-14 22:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-14 19:32 . 2011-11-14 21:55 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2011-11-14 18:34 . 2011-11-14 18:34 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-11 16:46 . 2011-11-11 17:00 -------- d-----w- c:\users\Owner\AppData\Roaming\AVG
2011-11-11 07:59 . 2011-11-11 07:59 39192 ----a-w- c:\windows\system32\Partizan.exe
2011-11-11 07:59 . 2011-11-11 07:59 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2011-11-11 07:59 . 2011-11-03 17:58 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2011-11-11 07:13 . 2011-11-11 07:41 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-11 07:13 . 2011-11-11 07:13 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-11 07:13 . 2011-11-11 07:24 -------- d-----w- c:\programdata\Hitman Pro
2011-11-09 17:00 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 17:00 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 17:00 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-10-31 23:22 . 2011-11-11 08:10 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-18 23:11 . 2011-11-14 16:05 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-10-18 23:10 . 2011-11-09 20:55 -------- d-----w- c:\program files\AVG Secure Search
2011-10-18 23:08 . 2011-10-18 23:20 -------- d-----w- c:\programdata\AVG2012
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 07:59 . 2011-09-19 23:24 2 --shatr- c:\windows\winstart.bat
2011-10-31 17:09 . 2011-06-26 15:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 10:23 . 2011-10-07 10:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 10:21 . 2011-10-04 10:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-03 10:06 . 2010-09-27 00:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-19 23:37 . 2011-09-19 23:37 161792 ----a-w- c:\windows\system32\msls31.dll
2011-09-19 23:37 . 2011-09-19 23:37 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-19 23:37 . 2011-09-19 23:37 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-19 23:37 . 2011-09-19 23:37 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-19 23:37 . 2011-09-19 23:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-19 23:37 . 2011-09-19 23:37 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-09-19 23:37 . 2011-09-19 23:37 367104 ----a-w- c:\windows\system32\html.iec
2011-09-19 23:37 . 2011-09-19 23:37 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-09-19 23:37 . 2011-09-19 23:37 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-19 23:37 . 2011-09-19 23:37 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-19 23:37 . 2011-09-19 23:37 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-09-19 23:37 . 2011-09-19 23:37 152064 ----a-w- c:\windows\system32\wextract.exe
2011-09-19 23:37 . 2011-09-19 23:37 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-09-19 23:37 . 2011-09-19 23:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-19 23:37 . 2011-09-19 23:37 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-09-19 23:37 . 2011-09-19 23:37 11776 ----a-w- c:\windows\system32\mshta.exe
2011-09-19 23:37 . 2011-09-19 23:37 101888 ----a-w- c:\windows\system32\admparse.dll
2011-09-19 23:37 . 2011-09-19 23:37 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-13 10:30 . 2011-09-13 10:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:30 . 2011-10-12 22:49 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-25 16:15 . 2011-10-12 22:46 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-12 22:46 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 16:14 . 2011-10-12 22:46 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 13:31 . 2011-10-12 22:46 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-05 06:53 . 2011-11-11 15:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-11-09 20:55 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-11-09 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MSSOverlay]
@="{b75ab0c8-03d5-4592-9821-a48d54d66b14}"
[HKEY_CLASSES_ROOT\CLSID\{b75ab0c8-03d5-4592-9821-a48d54d66b14}]
2006-08-11 19:51 69632 ----a-w- c:\windows\System32\MssShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-10-18 218440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0Partizan
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1205116083\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 22:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]
2007-07-13 22:56 40072 ----a-w- c:\windows\SMINST\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spare Backup]
2007-09-14 00:22 5252936 ----a-w- c:\program files\Spare Backup\SpareBackup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-11-11 23624]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2008-10-08 3328]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2011-11-14 24416]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2009-02-05 212520]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-10-18 246600]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Partizan
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\51im312s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B980bd8b3-4a13-4f4b-9d9d-80ed6855764d%7D&mid=426205a1668b44b5357eecfd8e0395c3-9acc183282b452690e8f9b952a83e6ecafdb3ff7&ds=AVG&v=8.0.0.34.1&lang=en&pr=fr&d=2011-10-18%2019%3A11%3A09&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-14 17:39
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3720)
c:\windows\system32\MssShellExt.dll
c:\windows\system32\btncopy.dll
.
Completion time: 2011-11-14 17:41:31
ComboFix-quarantined-files.txt 2011-11-14 22:41
ComboFix2.txt 2011-11-14 19:54
ComboFix3.txt 2011-11-14 19:22
.
Pre-Run: 118,378,864,640 bytes free
Post-Run: 118,042,996,736 bytes free
.
- - End Of File - - 79C93927B8C24BA81F1E54BB2D9BED3E
Attached File  combofixlog11.14.11.txt   14.33KB   0 downloads

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:51 PM

Posted 19 November 2011 - 04:13 PM

Hi,

please run a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

As well as TDSSKiller:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 ryanlewiscmh

ryanlewiscmh
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 19 November 2011 - 07:32 PM

Hi Myrti,

This is the log file for GMER:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-19 19:26:18
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: 1ktoxtgb.exe; Driver: C:\Users\Owner\AppData\Local\Temp\pxldrpog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



And This is the log for TDSKiller:
19:26:29.0761 5940 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
19:26:29.0792 5940 ============================================================
19:26:29.0792 5940 Current date / time: 2011/11/19 19:26:29.0792
19:26:29.0792 5940 SystemInfo:
19:26:29.0792 5940
19:26:29.0792 5940 OS Version: 6.0.6002 ServicePack: 2.0
19:26:29.0792 5940 Product type: Workstation
19:26:29.0792 5940 ComputerName: RYAN
19:26:29.0792 5940 UserName: Owner
19:26:29.0792 5940 Windows directory: C:\Windows
19:26:29.0792 5940 System windows directory: C:\Windows
19:26:29.0792 5940 Processor architecture: Intel x86
19:26:29.0792 5940 Number of processors: 2
19:26:29.0792 5940 Page size: 0x1000
19:26:29.0792 5940 Boot type: Normal boot
19:26:29.0792 5940 ============================================================
19:26:30.0213 5940 Initialize success
19:26:33.0567 4432 ============================================================
19:26:33.0567 4432 Scan started
19:26:33.0567 4432 Mode: Manual;
19:26:33.0567 4432 ============================================================
19:26:34.0799 4432 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
19:26:34.0799 4432 ac97intc - ok
19:26:34.0924 4432 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:26:34.0924 4432 ACPI - ok
19:26:35.0065 4432 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:26:35.0080 4432 adp94xx - ok
19:26:35.0189 4432 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:26:35.0205 4432 adpahci - ok
19:26:35.0314 4432 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:26:35.0314 4432 adpu160m - ok
19:26:35.0423 4432 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:26:35.0423 4432 adpu320 - ok
19:26:35.0564 4432 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:26:35.0564 4432 AFD - ok
19:26:35.0720 4432 AgereSoftModem (9074e4d73bb8b06758e530a20c592dac) C:\Windows\system32\DRIVERS\AGRSM.sys
19:26:35.0767 4432 AgereSoftModem - ok
19:26:35.0876 4432 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
19:26:35.0876 4432 agp440 - ok
19:26:35.0985 4432 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:26:35.0985 4432 aic78xx - ok
19:26:36.0094 4432 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
19:26:36.0094 4432 aliide - ok
19:26:36.0188 4432 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
19:26:36.0203 4432 amdagp - ok
19:26:36.0297 4432 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
19:26:36.0297 4432 amdide - ok
19:26:36.0406 4432 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:26:36.0406 4432 AmdK7 - ok
19:26:36.0515 4432 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:26:36.0515 4432 AmdK8 - ok
19:26:36.0671 4432 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:26:36.0671 4432 arc - ok
19:26:36.0796 4432 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:26:36.0796 4432 arcsas - ok
19:26:36.0937 4432 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:26:36.0937 4432 AsyncMac - ok
19:26:37.0046 4432 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:26:37.0046 4432 atapi - ok
19:26:37.0202 4432 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
19:26:37.0217 4432 AVGIDSDriver - ok
19:26:37.0327 4432 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
19:26:37.0327 4432 AVGIDSEH - ok
19:26:37.0436 4432 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
19:26:37.0436 4432 AVGIDSFilter - ok
19:26:37.0576 4432 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
19:26:37.0576 4432 AVGIDSShim - ok
19:26:37.0701 4432 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
19:26:37.0701 4432 Avgldx86 - ok
19:26:37.0795 4432 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
19:26:37.0795 4432 Avgmfx86 - ok
19:26:37.0935 4432 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
19:26:37.0951 4432 Avgrkx86 - ok
19:26:38.0060 4432 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
19:26:38.0060 4432 Avgtdix - ok
19:26:38.0200 4432 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
19:26:38.0200 4432 bcm4sbxp - ok
19:26:38.0341 4432 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:26:38.0341 4432 Beep - ok
19:26:38.0434 4432 blbdrive - ok
19:26:38.0575 4432 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:26:38.0575 4432 bowser - ok
19:26:38.0684 4432 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:26:38.0684 4432 BrFiltLo - ok
19:26:38.0777 4432 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:26:38.0777 4432 BrFiltUp - ok
19:26:38.0902 4432 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:26:38.0902 4432 Brserid - ok
19:26:39.0011 4432 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:26:39.0011 4432 BrSerWdm - ok
19:26:39.0121 4432 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:26:39.0136 4432 BrUsbMdm - ok
19:26:39.0245 4432 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:26:39.0245 4432 BrUsbSer - ok
19:26:39.0370 4432 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
19:26:39.0370 4432 BthEnum - ok
19:26:39.0495 4432 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:26:39.0495 4432 BTHMODEM - ok
19:26:39.0635 4432 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
19:26:39.0635 4432 BthPan - ok
19:26:39.0807 4432 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
19:26:39.0823 4432 BTHPORT - ok
19:26:39.0933 4432 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
19:26:39.0933 4432 BTHUSB - ok
19:26:40.0058 4432 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
19:26:40.0058 4432 btwaudio - ok
19:26:40.0167 4432 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
19:26:40.0167 4432 btwavdt - ok
19:26:40.0463 4432 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
19:26:40.0479 4432 btwrchid - ok
19:26:40.0666 4432 catchme - ok
19:26:40.0900 4432 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:26:40.0900 4432 cdfs - ok
19:26:41.0072 4432 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:26:41.0072 4432 cdrom - ok
19:26:41.0212 4432 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
19:26:41.0228 4432 circlass - ok
19:26:41.0337 4432 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:26:41.0337 4432 CLFS - ok
19:26:41.0555 4432 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:26:41.0555 4432 CmBatt - ok
19:26:41.0696 4432 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
19:26:41.0696 4432 cmdide - ok
19:26:41.0805 4432 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:26:41.0805 4432 Compbatt - ok
19:26:41.0914 4432 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:26:41.0914 4432 crcdisk - ok
19:26:42.0023 4432 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:26:42.0023 4432 Crusoe - ok
19:26:42.0164 4432 cvspydr2 (c6644d1a70c050fdd7ecbe8c3ac05313) C:\Windows\system32\DRIVERS\cvspydr2.sys
19:26:42.0164 4432 cvspydr2 - ok
19:26:42.0288 4432 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:26:42.0288 4432 DfsC - ok
19:26:42.0444 4432 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:26:42.0444 4432 disk - ok
19:26:42.0678 4432 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
19:26:42.0678 4432 Dot4 - ok
19:26:42.0803 4432 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:26:42.0803 4432 Dot4Print - ok
19:26:42.0928 4432 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
19:26:42.0928 4432 dot4usb - ok
19:26:43.0053 4432 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:26:43.0053 4432 drmkaud - ok
19:26:43.0178 4432 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:26:43.0178 4432 DXGKrnl - ok
19:26:43.0287 4432 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:26:43.0287 4432 E1G60 - ok
19:26:43.0412 4432 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:26:43.0412 4432 Ecache - ok
19:26:43.0536 4432 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:26:43.0552 4432 elxstor - ok
19:26:43.0708 4432 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:26:43.0708 4432 exfat - ok
19:26:43.0817 4432 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:26:43.0817 4432 fastfat - ok
19:26:44.0004 4432 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
19:26:44.0004 4432 fdc - ok
19:26:44.0145 4432 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:26:44.0145 4432 FileInfo - ok
19:26:44.0316 4432 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:26:44.0316 4432 Filetrace - ok
19:26:44.0441 4432 FINEPIX_PCC (c05d16c1ef3f5519764fefdf281ca4d2) C:\Windows\system32\Drivers\V4CB012D.SYS
19:26:44.0441 4432 FINEPIX_PCC - ok
19:26:44.0675 4432 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
19:26:44.0691 4432 flpydisk - ok
19:26:44.0862 4432 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:26:44.0862 4432 FltMgr - ok
19:26:45.0096 4432 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:26:45.0096 4432 Fs_Rec - ok
19:26:45.0268 4432 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:26:45.0268 4432 gagp30kx - ok
19:26:45.0471 4432 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:26:45.0471 4432 GEARAspiWDM - ok
19:26:45.0674 4432 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:26:45.0674 4432 HdAudAddService - ok
19:26:45.0798 4432 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:26:45.0814 4432 HDAudBus - ok
19:26:45.0923 4432 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:26:45.0923 4432 HidBth - ok
19:26:46.0032 4432 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:26:46.0032 4432 HidIr - ok
19:26:46.0157 4432 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
19:26:46.0157 4432 HidUsb - ok
19:26:46.0298 4432 hitmanpro35 (72472b9ce5d02e443cff49a40355455d) C:\Windows\system32\drivers\hitmanpro35.sys
19:26:46.0298 4432 hitmanpro35 - ok
19:26:46.0422 4432 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:26:46.0422 4432 HpCISSs - ok
19:26:46.0547 4432 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:26:46.0547 4432 HTTP - ok
19:26:46.0656 4432 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:26:46.0656 4432 i2omp - ok
19:26:46.0781 4432 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:26:46.0797 4432 i8042prt - ok
19:26:46.0953 4432 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
19:26:46.0968 4432 ialm - ok
19:26:47.0093 4432 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
19:26:47.0093 4432 iaStor - ok
19:26:47.0202 4432 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:26:47.0202 4432 iaStorV - ok
19:26:47.0327 4432 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:26:47.0327 4432 iirsp - ok
19:26:47.0452 4432 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:26:47.0452 4432 intelide - ok
19:26:47.0561 4432 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:26:47.0561 4432 intelppm - ok
19:26:47.0686 4432 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:26:47.0686 4432 IpFilterDriver - ok
19:26:47.0780 4432 IpInIp - ok
19:26:47.0889 4432 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:26:47.0889 4432 IPMIDRV - ok
19:26:47.0998 4432 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:26:47.0998 4432 IPNAT - ok
19:26:48.0138 4432 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:26:48.0138 4432 IRENUM - ok
19:26:48.0248 4432 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
19:26:48.0248 4432 isapnp - ok
19:26:48.0357 4432 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:26:48.0357 4432 iScsiPrt - ok
19:26:48.0466 4432 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:26:48.0466 4432 iteatapi - ok
19:26:48.0575 4432 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:26:48.0575 4432 iteraid - ok
19:26:48.0684 4432 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:26:48.0684 4432 kbdclass - ok
19:26:48.0794 4432 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
19:26:48.0794 4432 kbdhid - ok
19:26:48.0934 4432 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
19:26:48.0934 4432 KSecDD - ok
19:26:49.0074 4432 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:26:49.0074 4432 lltdio - ok
19:26:49.0215 4432 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:26:49.0215 4432 LSI_FC - ok
19:26:49.0324 4432 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:26:49.0324 4432 LSI_SAS - ok
19:26:49.0433 4432 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
19:26:49.0433 4432 LSI_SCSI - ok
19:26:49.0542 4432 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:26:49.0558 4432 luafv - ok
19:26:49.0667 4432 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:26:49.0667 4432 megasas - ok
19:26:49.0792 4432 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:26:49.0792 4432 Modem - ok
19:26:49.0901 4432 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:26:49.0901 4432 monitor - ok
19:26:49.0979 4432 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:26:49.0979 4432 mouclass - ok
19:26:50.0073 4432 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
19:26:50.0073 4432 mouhid - ok
19:26:50.0182 4432 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:26:50.0198 4432 MountMgr - ok
19:26:50.0307 4432 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:26:50.0307 4432 mpio - ok
19:26:50.0432 4432 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:26:50.0432 4432 mpsdrv - ok
19:26:50.0556 4432 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:26:50.0556 4432 Mraid35x - ok
19:26:50.0666 4432 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:26:50.0666 4432 MRxDAV - ok
19:26:50.0759 4432 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:26:50.0759 4432 mrxsmb - ok
19:26:50.0868 4432 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:26:50.0884 4432 mrxsmb10 - ok
19:26:50.0993 4432 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:26:50.0993 4432 mrxsmb20 - ok
19:26:51.0102 4432 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
19:26:51.0102 4432 msahci - ok
19:26:51.0212 4432 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:26:51.0212 4432 msdsm - ok
19:26:51.0336 4432 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:26:51.0336 4432 Msfs - ok
19:26:51.0461 4432 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:26:51.0461 4432 msisadrv - ok
19:26:51.0602 4432 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:26:51.0602 4432 MSKSSRV - ok
19:26:51.0711 4432 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:26:51.0726 4432 MSPCLOCK - ok
19:26:51.0820 4432 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:26:51.0820 4432 MSPQM - ok
19:26:51.0929 4432 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:26:51.0929 4432 MsRPC - ok
19:26:52.0038 4432 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:26:52.0038 4432 mssmbios - ok
19:26:52.0163 4432 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:26:52.0163 4432 MSTEE - ok
19:26:52.0272 4432 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:26:52.0272 4432 Mup - ok
19:26:52.0397 4432 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:26:52.0397 4432 NativeWifiP - ok
19:26:52.0553 4432 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:26:52.0553 4432 NDIS - ok
19:26:52.0678 4432 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:26:52.0694 4432 NdisTapi - ok
19:26:52.0803 4432 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:26:52.0803 4432 Ndisuio - ok
19:26:52.0928 4432 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:26:52.0928 4432 NdisWan - ok
19:26:53.0037 4432 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:26:53.0052 4432 NDProxy - ok
19:26:53.0193 4432 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:26:53.0193 4432 NetBIOS - ok
19:26:53.0302 4432 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:26:53.0302 4432 netbt - ok
19:26:53.0520 4432 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
19:26:53.0536 4432 NETw2v32 - ok
19:26:53.0708 4432 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
19:26:53.0770 4432 NETw4v32 - ok
19:26:53.0973 4432 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
19:26:54.0020 4432 NETw5v32 - ok
19:26:54.0082 4432 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:26:54.0082 4432 nfrd960 - ok
19:26:54.0144 4432 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:26:54.0160 4432 Npfs - ok
19:26:54.0238 4432 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:26:54.0238 4432 nsiproxy - ok
19:26:54.0332 4432 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:26:54.0332 4432 Ntfs - ok
19:26:54.0425 4432 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:26:54.0425 4432 ntrigdigi - ok
19:26:54.0488 4432 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:26:54.0488 4432 Null - ok
19:26:54.0800 4432 nvlddmkm (16ea3dd7ca9f239381d44421a939a01e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:26:54.0878 4432 nvlddmkm - ok
19:26:54.0956 4432 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:26:54.0956 4432 nvraid - ok
19:26:54.0987 4432 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
19:26:54.0987 4432 nvstor - ok
19:26:55.0018 4432 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
19:26:55.0018 4432 nv_agp - ok
19:26:55.0034 4432 NwlnkFlt - ok
19:26:55.0049 4432 NwlnkFwd - ok
19:26:55.0127 4432 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:26:55.0127 4432 ohci1394 - ok
19:26:55.0205 4432 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:26:55.0205 4432 Parport - ok
19:26:55.0252 4432 Partizan - ok
19:26:55.0299 4432 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:26:55.0299 4432 partmgr - ok
19:26:55.0330 4432 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:26:55.0346 4432 Parvdm - ok
19:26:55.0408 4432 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:26:55.0424 4432 pci - ok
19:26:55.0486 4432 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
19:26:55.0486 4432 pciide - ok
19:26:55.0533 4432 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
19:26:55.0533 4432 pcmcia - ok
19:26:55.0626 4432 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:26:55.0658 4432 PEAUTH - ok
19:26:55.0751 4432 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:26:55.0751 4432 PptpMiniport - ok
19:26:55.0798 4432 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:26:55.0814 4432 Processor - ok
19:26:55.0860 4432 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:26:55.0876 4432 PSched - ok
19:26:55.0923 4432 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:26:55.0954 4432 ql2300 - ok
19:26:55.0985 4432 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:26:55.0985 4432 ql40xx - ok
19:26:56.0048 4432 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:26:56.0048 4432 QWAVEdrv - ok
19:26:56.0110 4432 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:26:56.0110 4432 RasAcd - ok
19:26:56.0172 4432 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:26:56.0172 4432 Rasl2tp - ok
19:26:56.0219 4432 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:26:56.0235 4432 RasPppoe - ok
19:26:56.0282 4432 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:26:56.0282 4432 RasSstp - ok
19:26:56.0344 4432 rcmirror (aa3eaac5827c73ce50eff2883f986144) C:\Windows\system32\DRIVERS\rcmirror.sys
19:26:56.0344 4432 rcmirror - ok
19:26:56.0391 4432 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:26:56.0391 4432 rdbss - ok
19:26:56.0438 4432 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:26:56.0453 4432 RDPCDD - ok
19:26:56.0500 4432 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
19:26:56.0500 4432 rdpdr - ok
19:26:56.0547 4432 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:26:56.0547 4432 RDPENCDD - ok
19:26:56.0609 4432 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:26:56.0609 4432 RDPWD - ok
19:26:56.0672 4432 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
19:26:56.0672 4432 RFCOMM - ok
19:26:56.0734 4432 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:26:56.0734 4432 rspndr - ok
19:26:56.0796 4432 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:26:56.0796 4432 RTL8169 - ok
19:26:56.0843 4432 RTSTOR (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
19:26:56.0843 4432 RTSTOR - ok
19:26:56.0890 4432 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:26:56.0890 4432 sbp2port - ok
19:26:56.0952 4432 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
19:26:56.0952 4432 sdbus - ok
19:26:56.0999 4432 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:26:56.0999 4432 secdrv - ok
19:26:57.0030 4432 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:26:57.0030 4432 Serenum - ok
19:26:57.0062 4432 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:26:57.0062 4432 Serial - ok
19:26:57.0124 4432 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:26:57.0124 4432 sermouse - ok
19:26:57.0155 4432 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
19:26:57.0155 4432 sffdisk - ok
19:26:57.0186 4432 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:26:57.0186 4432 sffp_mmc - ok
19:26:57.0202 4432 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
19:26:57.0218 4432 sffp_sd - ok
19:26:57.0233 4432 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:26:57.0233 4432 sfloppy - ok
19:26:57.0311 4432 Si3531 (93beacc3815a4653a655c8bd7622ff63) C:\Windows\system32\DRIVERS\Si3531.sys
19:26:57.0311 4432 Si3531 - ok
19:26:57.0342 4432 SiFilter (165448bc832d424b97270c8d1276e24a) C:\Windows\system32\DRIVERS\SiWinAcc.sys
19:26:57.0342 4432 SiFilter - ok
19:26:57.0389 4432 SiRemFil (9be8ea3a8c7e6d47e710f6fa14b7442b) C:\Windows\system32\DRIVERS\SiRemFil.sys
19:26:57.0389 4432 SiRemFil - ok
19:26:57.0436 4432 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
19:26:57.0436 4432 sisagp - ok
19:26:57.0467 4432 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:26:57.0467 4432 SiSRaid2 - ok
19:26:57.0483 4432 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:26:57.0498 4432 SiSRaid4 - ok
19:26:57.0545 4432 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:26:57.0545 4432 Smb - ok
19:26:57.0608 4432 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:26:57.0608 4432 spldr - ok
19:26:57.0670 4432 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:26:57.0670 4432 srv - ok
19:26:57.0717 4432 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:26:57.0717 4432 srv2 - ok
19:26:57.0764 4432 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:26:57.0764 4432 srvnet - ok
19:26:57.0842 4432 STHDA (18c3302cd9de4312d92ceff72a30a27b) C:\Windows\system32\DRIVERS\stwrt.sys
19:26:57.0842 4432 STHDA - ok
19:26:57.0888 4432 StillCam (7a95b5deb594616f1693486b8161411e) C:\Windows\system32\DRIVERS\serscan.sys
19:26:57.0888 4432 StillCam - ok
19:26:57.0935 4432 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:26:57.0935 4432 swenum - ok
19:26:58.0013 4432 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:26:58.0013 4432 Symc8xx - ok
19:26:58.0044 4432 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:26:58.0044 4432 Sym_hi - ok
19:26:58.0076 4432 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:26:58.0076 4432 Sym_u3 - ok
19:26:58.0122 4432 SynTP (3196c5df63d5e86fc0041ae0c816b80f) C:\Windows\system32\DRIVERS\SynTP.sys
19:26:58.0138 4432 SynTP - ok
19:26:58.0216 4432 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:26:58.0216 4432 Tcpip - ok
19:26:58.0263 4432 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:26:58.0278 4432 Tcpip6 - ok
19:26:58.0325 4432 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:26:58.0325 4432 tcpipreg - ok
19:26:58.0356 4432 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:26:58.0372 4432 TDPIPE - ok
19:26:58.0419 4432 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:26:58.0419 4432 TDTCP - ok
19:26:58.0466 4432 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:26:58.0466 4432 tdx - ok
19:26:58.0512 4432 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:26:58.0512 4432 TermDD - ok
19:26:58.0559 4432 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:26:58.0559 4432 tssecsrv - ok
19:26:58.0622 4432 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:26:58.0622 4432 tunmp - ok
19:26:58.0668 4432 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:26:58.0668 4432 tunnel - ok
19:26:58.0700 4432 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
19:26:58.0700 4432 uagp35 - ok
19:26:58.0746 4432 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:26:58.0746 4432 udfs - ok
19:26:58.0793 4432 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
19:26:58.0793 4432 uliagpkx - ok
19:26:58.0824 4432 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:26:58.0824 4432 uliahci - ok
19:26:58.0840 4432 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:26:58.0856 4432 UlSata - ok
19:26:58.0871 4432 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:26:58.0871 4432 ulsata2 - ok
19:26:58.0934 4432 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:26:58.0934 4432 umbus - ok
19:26:58.0996 4432 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
19:26:58.0996 4432 USBAAPL - ok
19:26:59.0043 4432 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:26:59.0043 4432 usbccgp - ok
19:26:59.0090 4432 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:26:59.0090 4432 usbcir - ok
19:26:59.0136 4432 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:26:59.0136 4432 usbehci - ok
19:26:59.0168 4432 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:26:59.0168 4432 usbhub - ok
19:26:59.0199 4432 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:26:59.0199 4432 usbohci - ok
19:26:59.0261 4432 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:26:59.0261 4432 usbprint - ok
19:26:59.0324 4432 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:26:59.0324 4432 usbscan - ok
19:26:59.0386 4432 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:26:59.0386 4432 USBSTOR - ok
19:26:59.0433 4432 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:26:59.0433 4432 usbuhci - ok
19:26:59.0495 4432 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:26:59.0495 4432 usbvideo - ok
19:26:59.0542 4432 UVCFTR (7b8424bbaafbc127c8f55ad6007d6d6b) C:\Windows\system32\Drivers\UVCFTR_S.SYS
19:26:59.0542 4432 UVCFTR - ok
19:26:59.0573 4432 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
19:26:59.0573 4432 vga - ok
19:26:59.0620 4432 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:26:59.0620 4432 VgaSave - ok
19:26:59.0651 4432 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
19:26:59.0651 4432 viaagp - ok
19:26:59.0682 4432 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:26:59.0682 4432 ViaC7 - ok
19:26:59.0714 4432 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
19:26:59.0714 4432 viaide - ok
19:26:59.0745 4432 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:26:59.0760 4432 volmgr - ok
19:26:59.0807 4432 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:26:59.0807 4432 volmgrx - ok
19:26:59.0870 4432 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:26:59.0870 4432 volsnap - ok
19:26:59.0916 4432 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:26:59.0916 4432 vsmraid - ok
19:26:59.0948 4432 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:26:59.0948 4432 WacomPen - ok
19:27:00.0010 4432 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:27:00.0010 4432 Wanarp - ok
19:27:00.0026 4432 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:27:00.0041 4432 Wanarpv6 - ok
19:27:00.0072 4432 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
19:27:00.0072 4432 wanatw - ok
19:27:00.0135 4432 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:27:00.0135 4432 Wd - ok
19:27:00.0197 4432 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:27:00.0197 4432 Wdf01000 - ok
19:27:00.0291 4432 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:27:00.0291 4432 WmiAcpi - ok
19:27:00.0353 4432 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:27:00.0353 4432 WpdUsb - ok
19:27:00.0416 4432 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:27:00.0416 4432 ws2ifsl - ok
19:27:00.0478 4432 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
19:27:00.0478 4432 WSDPrintDevice - ok
19:27:00.0540 4432 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:27:00.0540 4432 WUDFRd - ok
19:27:00.0618 4432 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:27:00.0618 4432 \Device\Harddisk0\DR0 - ok
19:27:00.0634 4432 Boot (0x1200) (bcaf832966d9a6ccf92e7fae5b7528b2) \Device\Harddisk0\DR0\Partition0
19:27:00.0634 4432 \Device\Harddisk0\DR0\Partition0 - ok
19:27:00.0634 4432 Boot (0x1200) (da70e1c2fcdd6a13e1aa2fbacfa67904) \Device\Harddisk0\DR0\Partition1
19:27:00.0634 4432 \Device\Harddisk0\DR0\Partition1 - ok
19:27:00.0634 4432 ============================================================
19:27:00.0634 4432 Scan finished
19:27:00.0634 4432 ============================================================
19:27:00.0650 5580 Detected object count: 0
19:27:00.0650 5580 Actual detected object count: 0


Thanks again for your help!
-Ryan

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:51 PM

Posted 19 November 2011 - 08:26 PM

Hi

do you have any linux experience at all? And by chance a linux live-cd?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 ryanlewiscmh

ryanlewiscmh
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 19 November 2011 - 08:53 PM

Hi

No, I dont have any Linux experience, nor do I have the Linux live cd.

-Ryan

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:51 PM

Posted 20 November 2011 - 06:16 AM

Hi,

ok, then for now please run a scan with OTL: We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please also do the following:
  • Goto Start and click on Control Panel
  • There click on System and Maintenance and select Administrative Tools in the list that opens.
  • Double click on Computer Management and select Disk Management in the window that opens.
  • Right click on Computer and select Manage.
A window will open, listing the partitions on your PC. Please note down the list of partitions and their status for me. (Or make a screenshot).

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 ryanlewiscmh

ryanlewiscmh
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 20 November 2011 - 12:54 PM

OTL Log:
OTL logfile created on: 11/20/2011 12:32:07 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 66.35% Memory free
2.90 Gb Paging File | 2.03 Gb Available in Paging File | 69.85% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.72 Gb Total Space | 104.83 Gb Free Space | 47.28% Space Free | Partition Type: NTFS
Drive D: | 11.16 Gb Total Space | 4.62 Gb Free Space | 41.40% Space Free | Partition Type: NTFS

Computer Name: RYAN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/20 12:31:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/10/24 19:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/18 18:11:04 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/10/18 18:11:00 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/08/02 05:08:34 | 000,967,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgscanx.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/11/09 17:24:28 | 000,212,992 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/26 00:24:42 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/02/12 16:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/18 18:11:00 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/18 18:11:04 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/09 17:54:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/04/16 11:14:30 | 000,181,312 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/09 17:24:28 | 000,212,992 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/09/26 00:24:42 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/02/12 16:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/11/11 02:41:18 | 000,023,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/02/05 18:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2009/02/05 18:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2009/02/05 18:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2008/11/17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/10/08 15:05:16 | 000,003,328 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rcmirror.sys -- (rcmirror)
DRV - [2008/01/19 01:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/11/14 22:03:00 | 008,234,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/11/09 17:25:56 | 000,356,352 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/30 01:54:04 | 001,201,632 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/08/07 19:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/05/23 20:37:40 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2006/11/29 17:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/02 02:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/05/07 08:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V4CB012D.SYS -- (FINEPIX_PCC)
DRV - [2002/04/02 15:30:16 | 000,033,024 | ---- | M] (Colorvision Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cvspydr2.sys -- (cvspydr2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6831FX
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6831FX
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2857160768-3149739328-402376366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2857160768-3149739328-402376366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2857160768-3149739328-402376366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2857160768-3149739328-402376366-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: identitychooser@janek.org:1.3
FF - prefs.js..extensions.enabledItems: {e2fda1a4-762b-4020-b5ad-a41df1933103}:1.0b2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/03 18:01:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/20 17:55:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files\AVG\AVG2012\Thunderbird\ [2011/11/03 18:01:07 | 000,000,000 | ---D | M]

[2011/11/14 18:36:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/06/09 19:14:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/04/16 13:43:21 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/11/14 18:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/09 19:10:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/11/14 11:23:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/08 15:51:08 | 000,000,000 | ---D | M] (Lightning) -- C:\USERS\OWNER\APPDATA\ROAMING\THUNDERBIRD\PROFILES\SIRFGJ5O.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\THUNDERBIRD\PROFILES\SIRFGJ5O.DEFAULT\EXTENSIONS\IDENTITYCHOOSER@JANEK.ORG.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\THUNDERBIRD\PROFILES\SIRFGJ5O.DEFAULT\EXTENSIONS\SENDLATER3@KAMENS.US.XPI
[2011/02/28 00:23:15 | 000,171,832 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/11/14 17:39:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-2857160768-3149739328-402376366-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2857160768-3149739328-402376366-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2857160768-3149739328-402376366-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2857160768-3149739328-402376366-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD5A98A0-B009-4058-85D5-0F6819E0CB3A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\Documents\STUDIO DESIGNS\rlslogoemail.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\Documents\STUDIO DESIGNS\rlslogoemail.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/20 12:31:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/11/19 19:24:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\tdsskiller
[2011/11/18 20:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2011/11/18 20:42:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\BitTorrent
[2011/11/14 17:41:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/14 17:41:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2011/11/14 17:39:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/14 13:59:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/14 13:59:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/14 13:59:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/14 13:59:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/14 13:55:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/14 13:34:29 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/11/14 11:23:14 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/11/14 11:23:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/11/14 11:23:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/11/11 11:46:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVG
[2011/11/11 02:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/11/11 02:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/11/10 21:10:58 | 014,753,912 | ---- | C] (Mozilla) -- C:\Users\Owner\Desktop\Firefox Setup 8.0.exe
[2011/10/31 18:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/10/31 17:43:17 | 039,401,336 | ---- | C] (Apple Inc.) -- C:\Users\Owner\Desktop\QuickTimeInstaller.exe
[2011/10/28 01:07:26 | 041,730,408 | ---- | C] (Apple Inc.) -- C:\Users\Owner\Desktop\iCloudSetup.exe

========== Files - Modified Within 30 Days ==========

[2011/11/20 12:31:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/11/20 12:30:59 | 000,656,106 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/20 12:30:59 | 000,124,666 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/20 12:29:59 | 110,299,221 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/20 12:24:20 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/20 12:24:20 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/20 12:24:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/20 12:22:45 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/19 20:32:40 | 000,138,027 | ---- | M] () -- C:\Users\Owner\Desktop\239324167667827731_ahxGHBzV_c.jpg
[2011/11/19 20:32:27 | 000,045,716 | ---- | M] () -- C:\Users\Owner\Desktop\134685845075661006_dKTdRiUm_c.jpg
[2011/11/19 19:24:58 | 000,302,592 | ---- | M] () -- C:\Users\Owner\Desktop\1ktoxtgb.exe
[2011/11/19 10:53:50 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/19 10:38:38 | 002,375,957 | ---- | M] () -- C:\Users\Owner\Desktop\3ab05a66-ca9b-4bb2-8eb3-22c49ad9975b.pdf
[2011/11/18 23:39:56 | 000,040,822 | ---- | M] () -- C:\Users\Owner\Desktop\party-fails-party-at-the-henhouse-party-rooster-morning-after.jpg
[2011/11/18 21:43:16 | 000,132,211 | ---- | M] () -- C:\Users\Owner\Desktop\257831147386446722_BiQJAGw9_c.jpg
[2011/11/18 20:42:55 | 000,000,732 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2011/11/18 20:41:14 | 000,058,095 | ---- | M] () -- C:\Users\Owner\Desktop\Adobe_CS5_Master_Collection_[MAC].5527120.TPB.torrent
[2011/11/17 18:54:17 | 000,437,526 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/11/17 18:21:17 | 004,927,971 | ---- | M] () -- C:\Users\Owner\Desktop\10917.mp4
[2011/11/17 08:04:58 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/14 17:39:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/14 17:13:54 | 000,040,248 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2011/11/14 16:12:30 | 000,094,720 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/14 11:25:15 | 000,001,840 | ---- | M] () -- C:\Users\Owner\Desktop\ROES.whcc.lnk
[2011/11/11 11:16:04 | 000,001,110 | ---- | M] () -- C:\Users\Owner\Desktop\suspiciouskey1.reg
[2011/11/11 02:59:21 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/11/11 02:59:21 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2011/11/11 02:59:21 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2011/11/11 02:41:18 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/11/11 02:24:43 | 000,002,268 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/11/11 01:42:18 | 000,001,356 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/11/10 21:12:31 | 014,753,912 | ---- | M] (Mozilla) -- C:\Users\Owner\Desktop\Firefox Setup 8.0.exe
[2011/11/08 14:00:52 | 000,154,579 | ---- | M] () -- C:\Users\Owner\Desktop\Credit Report.pdf
[2011/11/08 13:39:39 | 000,091,660 | ---- | M] () -- C:\Users\Owner\Desktop\CreditReportDisputeForm.pdf
[2011/11/02 14:51:27 | 000,147,763 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\nvModes.001
[2011/10/31 17:43:39 | 039,401,336 | ---- | M] (Apple Inc.) -- C:\Users\Owner\Desktop\QuickTimeInstaller.exe
[2011/10/28 01:08:59 | 000,000,628 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/10/28 01:07:46 | 041,730,408 | ---- | M] (Apple Inc.) -- C:\Users\Owner\Desktop\iCloudSetup.exe

========== Files Created - No Company Name ==========

[2011/11/19 20:39:36 | 000,138,027 | ---- | C] () -- C:\Users\Owner\Desktop\239324167667827731_ahxGHBzV_c.jpg
[2011/11/19 20:39:13 | 000,045,716 | ---- | C] () -- C:\Users\Owner\Desktop\134685845075661006_dKTdRiUm_c.jpg
[2011/11/19 19:24:58 | 000,302,592 | ---- | C] () -- C:\Users\Owner\Desktop\1ktoxtgb.exe
[2011/11/19 10:38:27 | 002,375,957 | ---- | C] () -- C:\Users\Owner\Desktop\3ab05a66-ca9b-4bb2-8eb3-22c49ad9975b.pdf
[2011/11/18 23:41:45 | 000,040,822 | ---- | C] () -- C:\Users\Owner\Desktop\party-fails-party-at-the-henhouse-party-rooster-morning-after.jpg
[2011/11/18 21:48:17 | 000,132,211 | ---- | C] () -- C:\Users\Owner\Desktop\257831147386446722_BiQJAGw9_c.jpg
[2011/11/18 20:42:55 | 000,000,732 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2011/11/18 20:41:14 | 000,058,095 | ---- | C] () -- C:\Users\Owner\Desktop\Adobe_CS5_Master_Collection_[MAC].5527120.TPB.torrent
[2011/11/17 18:21:16 | 004,927,971 | ---- | C] () -- C:\Users\Owner\Desktop\10917.mp4
[2011/11/14 13:59:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/14 13:59:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/14 13:59:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/14 13:59:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/14 13:59:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/11 11:16:04 | 000,001,110 | ---- | C] () -- C:\Users\Owner\Desktop\suspiciouskey1.reg
[2011/11/11 02:24:43 | 000,002,268 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/11/11 02:13:45 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/11/08 14:00:52 | 000,154,579 | ---- | C] () -- C:\Users\Owner\Desktop\Credit Report.pdf
[2011/11/08 13:39:37 | 000,091,660 | ---- | C] () -- C:\Users\Owner\Desktop\CreditReportDisputeForm.pdf
[2011/10/28 01:08:59 | 000,000,628 | ---- | C] () -- C:\Windows\System32\mapisvc.inf
[2011/04/04 20:25:19 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/02/08 22:40:39 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/06/30 01:36:19 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2010/06/04 01:42:37 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/09/30 00:33:48 | 000,444,968 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/09/24 02:20:43 | 000,018,073 | ---- | C] () -- C:\Windows\CSTBox.INI
[2009/09/17 13:51:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 13:51:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/03/24 04:01:42 | 000,562,366 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2009/03/24 04:01:42 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2008/12/07 22:55:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/07 21:09:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/08 15:05:06 | 000,010,752 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2008/10/08 01:18:14 | 000,057,257 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\ProSelect_Data_bk1.xml
[2008/10/08 01:15:51 | 000,012,156 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\proselect_prefs_4.xml
[2008/10/08 01:15:23 | 000,062,953 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\ProSelect_Data.xml
[2008/10/08 01:14:39 | 000,160,540 | ---- | C] () -- C:\Windows\ProSelect Uninstaller.exe
[2008/09/27 05:16:00 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/09/22 22:41:02 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/09/01 21:17:46 | 000,024,206 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2008/04/10 15:25:23 | 000,147,763 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\nvModes.001
[2008/04/10 13:24:07 | 000,147,763 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\nvModes.dat
[2008/03/09 21:27:26 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/03/08 12:37:40 | 000,040,248 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2008/02/28 04:13:18 | 000,094,720 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/28 04:11:20 | 000,000,048 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\system_ps3_settings.ini
[2007/12/14 04:39:47 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/12/14 03:57:13 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/11/14 20:24:14 | 000,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll
[2007/06/18 15:20:18 | 001,366,104 | ---- | C] () -- C:\Windows\System32\ltwen14n.dll
[2007/03/29 15:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 004,463,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,656,106 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,124,666 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 19:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2004/09/29 14:28:44 | 000,006,916 | ---- | C] () -- C:\Windows\System32\Millers.Comm.tlb
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >


Extras Log:
OTL Extras logfile created on: 11/20/2011 12:32:07 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 66.35% Memory free
2.90 Gb Paging File | 2.03 Gb Available in Paging File | 69.85% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.72 Gb Total Space | 104.83 Gb Free Space | 47.28% Space Free | Partition Type: NTFS
Drive D: | 11.16 Gb Total Space | 4.62 Gb Free Space | 41.40% Space Free | Partition Type: NTFS

Computer Name: RYAN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09E9964C-D586-4756-B304-74F9F847A3B4}" = lport=139 | protocol=6 | dir=in | app=system |
"{251955A2-D5A0-4A2D-AB65-815B30DD0E15}" = lport=5358 | protocol=6 | dir=in | app=system |
"{3908EEB3-2DCA-4369-8085-A53C4744B624}" = rport=445 | protocol=6 | dir=out | app=system |
"{39959FE0-627C-40D4-AD80-72291DF83BB8}" = rport=139 | protocol=6 | dir=out | app=system |
"{494FBF8B-5547-4AFC-AF60-98CBC9030090}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{553CE28F-36B5-4403-AFCD-483FB47CCFC1}" = lport=5357 | protocol=6 | dir=in | app=system |
"{60C5D13D-48C7-47B5-9B15-D7D60356CC48}" = lport=445 | protocol=6 | dir=in | app=system |
"{85E27C90-06F0-4FD3-B15E-C5FD0EF5836F}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{88519594-BFB5-409A-A326-F68C33E40F9F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8EB077B6-83E1-4397-9862-672B81F3D05A}" = lport=137 | protocol=17 | dir=in | app=system |
"{922596CD-EA9A-4458-A221-CF4CFB2A8BA6}" = rport=5358 | protocol=6 | dir=out | app=system |
"{92F5D854-8191-4064-A863-1E25376CDCA5}" = lport=138 | protocol=17 | dir=in | app=system |
"{96C8A877-0AA3-4FA1-8E55-490FEE836DF4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AFDB9811-AE27-44FF-8A82-C89DA83E4BF4}" = rport=138 | protocol=17 | dir=out | app=system |
"{BE7E4041-CD7F-484A-BE06-EFC375F73CA4}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{CC445200-6106-4D25-B107-2F93EE6BD97D}" = rport=5357 | protocol=6 | dir=out | app=system |
"{F048FC6F-DBF9-40B4-9CF8-0D803B78DD94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F68F971C-551C-42E9-BA0B-F86C6598F765}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059BF795-AA53-4547-9115-1F67FAFB9DD8}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{05AE2E07-C72D-4295-A26C-E464C8658E3F}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{0853D844-21FB-400D-96A2-DBE75426FC32}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{091C6535-FA1C-4EB6-9ABB-00B4AD75AD46}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{100A5B5D-4ECD-4BF1-BB35-4BAE19EE3F42}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{137FE418-2BC8-4DC6-BA94-C0A7CE41DC2F}" = protocol=6 | dir=in | app=c:\program files\hitman pro 3.5\hitmanpro35.exe |
"{1790529C-FEE2-4A7F-AAEF-4A60A90AA9CD}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{289A1F29-DFBB-495B-9836-72DDB84DDBF9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{2AF1875E-00A6-4C50-B0E2-2968023D9AB4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2CF8046A-3290-449E-8FD2-7F8850C77D6C}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{2D59EA8A-B9F6-4D96-B93D-F925CF6D04FB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{3D9446E0-2D7E-4CEF-AC51-BFE570D9222B}" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{3EA3C882-F79F-4FC4-8B8B-BCD42EF4B7A5}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{417C5A72-0F8B-410A-BAC9-8F8BD8431BE4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4276BDC6-EAC0-4FBC-91D1-4F56DBC7EC80}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{45CF177A-E113-49B2-9938-B8C236C8AD76}" = protocol=17 | dir=in | app=c:\program files\hitman pro 3.5\hitmanpro35.exe |
"{4E93F86B-C8A6-4413-BFFF-E4100E1100DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{56C3255A-B25C-47CE-B666-B9501262DF12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59784B88-C3F7-47F3-B4EE-83C8C6BB73EF}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{614FE98B-8AC2-4C3A-AC38-8CCF83A55D43}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{62738C98-A219-4A1A-9E17-B5D7E3E4C68C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6288707D-4C79-4C39-B6AF-66B3BC2AC343}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{63EC31C9-9A6E-4B5D-8A00-C4ACCEF1B430}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{645ACFE1-1CC1-40FD-A941-BDA5A4EF10DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{649F1C9B-500A-4E36-A677-35593D1ED875}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{65F50586-E63A-47AB-9781-91D931B5203C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1205116083\ee\aolsoftware.exe |
"{6D6DC985-7395-4988-8DE1-A412359266EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{779FEFC1-4EDD-4D8C-BE63-453F84B9D0CA}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{79ED26F4-ABA7-4A1D-9CA3-4BD85E388682}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7D900F98-E512-4442-9F64-142AE0751B7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7F13672B-A7AB-498F-98DB-A214605754E3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8023F630-14E6-4FE3-8868-21C6D4275337}" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{842AB12D-D982-4E71-B7D1-2816A208C730}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{8DDC5A8A-FEBB-46BD-883C-23EF9C70E299}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96BF2E0D-BFB0-4A9C-8AE7-0A0BDD245A41}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{9790D75B-CBD0-4CC1-B68E-51E898064320}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{9DBACB3D-B003-4E9E-BEF2-A04F204D844F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F8B8864-9812-4069-AF6B-AE8108532098}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A42CFFCE-6F88-4E26-A775-DF8528CE6DC8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{AFA044FD-C7A5-4BDF-84CA-ED2810C774E7}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{B8D5565F-6EFF-4DCD-98FA-8C5BC17FF1CC}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{BA926274-3F6E-4ED7-8020-E4658D16B2DB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{C029700E-C67C-4AC4-ABD1-950788EDFAB0}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{C35A13FB-B169-42A6-83A5-8F1589FA2D11}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C573D218-728C-4D5F-9FEF-D2A0CA3661B4}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C9976E48-0A23-41A3-9ADE-DFC957CB68EB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CE697127-3F3D-4445-86BA-545DE09EEBC0}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{CF3F19E4-CE78-464E-968B-67EB331CF122}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D36FC596-F773-4349-9536-E87CC9D0E5EF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC47C164-3E28-4B97-B426-A0E0F8FEF343}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1205116083\ee\aolsoftware.exe |
"{E09FCA78-F4CC-43CE-B85E-F8B3AFEF88AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E160BD2B-F85F-4A9B-BFC7-22DD34E18F50}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{E42A9607-E24A-4B40-9BF9-080AF255FF74}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{E5214803-6567-4EE7-B010-36BF55150E77}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E6EED232-6D25-4157-BF1D-75705116EEB3}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{E8F689C5-740C-41F6-8FD0-313FAC70D329}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ED812991-089D-4D90-811C-D108E6C995DC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{EECE5FBD-D842-4480-8512-2DB6F47B8FAA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5C800FB-65C3-4D1B-8093-F02979E96A41}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{F61A801E-2D9D-4081-822D-8E4BEE4D2F9F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F6CB45DB-5A7B-4495-84E9-B1A041680064}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"TCP Query User{4D30D018-0DF0-4B08-8E88-74C63DC4E423}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{627CF86C-7AFB-45A2-8758-8D1DF014A192}C:\program files\timeexposure\proselect.exe" = protocol=6 | dir=in | app=c:\program files\timeexposure\proselect.exe |
"TCP Query User{A2CE017C-93B2-42F3-B37A-EE7E6C3C8E48}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1061AFAF-E7BE-4F91-B268-9AB3CBA4D2EC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5C2DF42D-BAB2-4D24-A2AD-9C3A07C4DA5A}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{A0A3386E-FB0A-40E6-8FBB-5C8C9E2A2FCC}C:\program files\timeexposure\proselect.exe" = protocol=17 | dir=in | app=c:\program files\timeexposure\proselect.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{0ED5CE5D-8CA3-4F83-85E5-760982BD528B}" = Millers Remote Studio
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16DABD39-A174-4C6B-A2C4-A492E64933C8}" = AVG 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 29
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}" = Spare Backup
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B139DD51-C3F1-4583-98B4-D35F64EA847F}" = Windows Easy Transfer Companion (Beta)
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{BD1587F7-B8D0-4111-8F1F-3327628AB02F}" = 3531-W-D
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB083118-49ED-4CD7-8CE8-241C1F958E2C}" = PhotoPresets with One-Click WOW! for Adobe Camera Raw
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F7F65A45-5CA8-475E-9ADD-B18382D49B6D}" = ASUKABOOK Maker
"{FE96C49B-DB90-405E-A00E-09E38372F880}" = Camera Control Pro 2
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"BitTorrent" = BitTorrent
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ExtractNow_is1" = ExtractNow
"FILE RECOVERY for WindowsNSIS" = FILE RECOVERY for Windows
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{0ED5CE5D-8CA3-4F83-85E5-760982BD528B}" = Millers Remote Studio
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2007b" = Microsoft Money Essentials
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"NVIDIA Drivers" = NVIDIA Drivers
"Photodex Presenter" = Photodex Presenter
"PhotomatixPro3_is1" = Photomatix Pro version 3.0.3RC2
"ProSelect 4.0.7" = ProSelect
"ProShow Gold" = ProShow Gold
"Spyder2" = Spyder2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.2
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2857160768-3149739328-402376366-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ROES.whcc" = ROES.whcc
"Simply Canvas ROES" = Simply Canvas ROES
"Spotify" = Spotify
"WHCC PF ROES" = WHCC PF ROES

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/14/2011 11:44:41 AM | Computer Name = Ryan | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1198 Start Time: 01cca242dc69e815 Termination Time: 920

Error - 11/14/2011 2:19:53 PM | Computer Name = Ryan | Source = Application Error | ID = 1000
Description = Faulting application reanimator.exe, version 6.9.7.95, time stamp
0x00000000, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x00067249, process id 0xcac, application
start time 0x01cca2f9fb28ab00.

Error - 11/14/2011 3:31:47 PM | Computer Name = Ryan | Source = VSS | ID = 8194
Description =

Error - 11/14/2011 3:36:13 PM | Computer Name = Ryan | Source = Application Hang | ID = 1002
Description = The program reanimator.exe version 6.9.7.95 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: f04 Start Time: 01cca304625849f7 Termination Time: 16

Error - 11/14/2011 5:54:41 PM | Computer Name = Ryan | Source = VSS | ID = 8194
Description =

Error - 11/14/2011 7:30:26 PM | Computer Name = Ryan | Source = VSS | ID = 8194
Description =

Error - 11/14/2011 7:31:07 PM | Computer Name = Ryan | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e,
exception code 0xc0000005, fault offset 0x00047336, process id 0xd28, application
start time 0x01cca31ecb67e451.

Error - 11/14/2011 11:21:47 PM | Computer Name = Ryan | Source = Windows Search Service | ID = 3013
Description =

Error - 11/18/2011 8:09:00 PM | Computer Name = Ryan | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ce4 Start Time: 01cca5794b2532a8 Termination Time: 0

Error - 11/19/2011 12:06:42 AM | Computer Name = Ryan | Source = Application Error | ID = 1000
Description = Faulting application taskeng.exe, version 6.0.6002.18342, time stamp
0x4cd2e07b, faulting module CLMP3Enc.ACM, version 3.5.0.4113, time stamp 0x428496e9,
exception code 0xc0000005, fault offset 0x000020ae, process id 0xe24, application
start time 0x01cca53b58eb4bb8.

[ Media Center Events ]
Error - 10/7/2009 5:00:48 PM | Computer Name = Ryan | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 7:37:11 PM | Computer Name = Ryan | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/13/2009 1:51:39 AM | Computer Name = Ryan | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/31/2009 2:54:17 PM | Computer Name = Ryan | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/28/2010 8:42:26 PM | Computer Name = Ryan | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/23/2010 2:58:40 PM | Computer Name = Ryan | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/24/2010 1:05:18 AM | Computer Name = Ryan | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/1/2010 1:39:12 AM | Computer Name = Ryan | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/18/2010 2:02:34 AM | Computer Name = Ryan | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/23/2010 7:24:21 PM | Computer Name = Ryan | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 5/24/2010 7:22:52 PM | Computer Name = Ryan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 314 seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/24/2010 7:25:10 PM | Computer Name = Ryan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 130 seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/24/2010 7:28:32 PM | Computer Name = Ryan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 195 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/19/2011 11:53:15 AM | Computer Name = Ryan | Source = DCOM | ID = 10016
Description =

Error - 11/20/2011 8:00:05 AM | Computer Name = Ryan | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =

Error - 11/20/2011 8:00:34 AM | Computer Name = Ryan | Source = BROWSER | ID = 8007
Description =

Error - 11/20/2011 8:09:52 AM | Computer Name = Ryan | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =

Error - 11/20/2011 8:31:34 AM | Computer Name = Ryan | Source = BROWSER | ID = 8007
Description =

Error - 11/20/2011 8:35:42 AM | Computer Name = Ryan | Source = Service Control Manager | ID = 7034
Description =

Error - 11/20/2011 8:50:52 AM | Computer Name = Ryan | Source = Service Control Manager | ID = 7031
Description =

Error - 11/20/2011 8:50:52 AM | Computer Name = Ryan | Source = Service Control Manager | ID = 7009
Description =

Error - 11/20/2011 8:50:52 AM | Computer Name = Ryan | Source = Service Control Manager | ID = 7000
Description =

Error - 11/20/2011 1:25:42 PM | Computer Name = Ryan | Source = Service Control Manager | ID = 7000
Description =


< End of report >


Disk Management:
(see attached)

My AVG Virus software keeps calling the OTE software A Malware Treat... makes me nervous.

Attached Files



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:51 PM

Posted 20 November 2011 - 07:49 PM

Hi,

your logs look clean from within windows, I would like to run a scan from a windows live cd though:
Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Press Tool at the top
  • Choose Open Terminal
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:51 PM

Posted 03 December 2011 - 09:26 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users