Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer won't allow me to open tabs, increase volume,etc..

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer won't allow me to open tabs, increase volume,etc..

Unread postby kaypo » June 17th, 2013, 9:19 pm

Hello,

I am having difficulty with my computer running very slow. The tabs at the bottom of screen will not expand. I am forced to reopen all documents and new browser if I want to view them again. The volume control keeps sliding down each time I adjust to 100 it just slides back down to 0%.

Please find required logs below:

DDS Log:

DS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.21.2
Run by Kecia at 20:09:42 on 2013-06-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1015.320 [GMT -5:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\DllHost.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\OXPSConverter.exe
C:\Windows\System32\OXPSConverter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\15.2.0\ScriptHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=66
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\7.2\iobitappsToolbarIE.dll
BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\7.2\iobitappsToolbarIE.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.2.0.5\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare 6\browerprotect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.2.0.5\AVG Secure Search_toolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\7.2\iobitappsToolbarIE.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\kecia\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
TCP: NameServer = 172.16.0.1
TCP: Interfaces\{59283A96-564D-488B-8259-17C5D2B40DEF} : DHCPNameServer = 172.16.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-5-23 21576]
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2012-5-23 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2012-5-23 204784]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-20 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-20 174664]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2013-5-15 15672]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2012-5-23 104752]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-5-23 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-5-23 368944]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-4-11 302368]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-30 37664]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2013-5-15 574272]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2013-6-7 806776]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-5-23 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-5-23 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-18 46808]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-5-18 137960]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2013-5-15 20336]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\RegFilter.sys [2013-5-15 30640]
R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2013-5-15 19832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-5-18 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-5-18 49664]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2013-06-14 18:44:13 -------- d-----w- c:\program files\Application Updater
2013-06-14 18:44:04 -------- d-----w- c:\program files\IObit Apps Toolbar
2013-06-12 08:16:38 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-12 08:16:37 218112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-06-12 08:09:13 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-06-12 08:09:12 108032 ----a-w- c:\program files\internet explorer\jsdebuggeride.dll
2013-06-12 08:09:09 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-06-12 08:09:07 257536 ----a-w- c:\program files\internet explorer\ieproxy.dll
2013-06-12 08:09:05 235520 ----a-w- c:\program files\internet explorer\IEShims.dll
2013-06-12 08:09:01 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-12 08:09:01 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-12 08:08:48 817664 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-06-12 08:08:45 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-06-12 08:08:43 770648 ----a-w- c:\program files\internet explorer\iexplore.exe
2013-06-11 18:45:03 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-11 18:44:55 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-11 18:44:55 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-11 18:44:54 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-11 18:44:54 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-11 18:44:54 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-11 18:44:44 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-11 18:44:38 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-11 18:44:30 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-11 18:44:25 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-11 18:44:24 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-11 18:44:20 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2013-06-11 18:49:22 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-11 18:49:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-20 23:55:38 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-05-18 23:01:24 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-05-18 23:01:24 247808 ----a-w- c:\windows\system32\schannel.dll
2013-05-18 23:01:24 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-05-18 23:01:24 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-05-18 23:00:46 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-05-14 08:43:15 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-14 08:43:13 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-09 08:59:10 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59:10 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59:10 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59:10 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59:09 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59:09 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-05-09 08:59:09 204784 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-05-09 08:59:08 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr
2013-05-07 00:35:53 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-18 01:20:58 23872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-11 08:18:40 302368 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14:06 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 10:35:52 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-20 23:12:40 152576 ----a-w- c:\windows\system32\msclmd.dll
.
============= FINISH: 20:12:09.23 ===============




Attach Log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/15/2012 6:48:27 PM
System Uptime: 6/17/2013 7:30:14 AM (13 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Goldfish3
Processor: Intel(R) Pentium(R) 4 CPU 2.93GHz | CPU 1 | 2932/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 143 GiB total, 92.186 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 1.005 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP91: 5/14/2013 3:23:04 AM - Removed JavaFX 2.1.1
RP92: 5/14/2013 3:24:03 AM - Removed Java 7 Update 21
RP93: 5/14/2013 3:25:11 AM - Removed Java 7 Update 21
RP94: 5/14/2013 3:30:05 AM - Removed Java 7 Update 21
RP95: 5/14/2013 3:31:25 AM - Removed Java 7 Update 21
RP96: 5/14/2013 3:32:51 AM - Removed JavaFX 2.1.1
RP97: 5/14/2013 3:33:20 AM - Removed JavaFX 2.1.1
RP98: 5/14/2013 3:34:04 AM - Removed Java 7 Update 21
RP99: 5/14/2013 3:34:42 AM - Removed Java 7 Update 21
RP100: 5/14/2013 3:35:15 AM - Removed Java 7 Update 21
RP101: 5/14/2013 3:42:05 AM - Installed Java 7 Update 21
RP102: 5/15/2013 6:02:36 PM - Windows Update
RP103: 6/12/2013 3:01:19 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7)
Adobe Shockwave Player 11.6
Advanced SystemCare 6
avast! Internet Security
AVG 2012
AVG Security Toolbar
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
iMesh
IObit Apps Toolbar v7.2
IObit Malware Fighter
Java 7 Update 21
Java Auto Updater
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype™ 6.5
Smart Defrag 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
WinRAR 4.11 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
6/16/2013 12:56:54 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================


Each time I search a website in the header it states redirected. Can someone please help me.

Thank You
kaypo
Regular Member
 
Posts: 104
Joined: October 4th, 2007, 10:08 pm
Advertisement
Register to Remove

Re: Computer won't allow me to open tabs, increase volume,et

Unread postby nunped » June 22nd, 2013, 5:43 am

Hello kaypo, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems. I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Computer won't allow me to open tabs, increase volume,et

Unread postby nunped » June 22nd, 2013, 6:31 pm

Hi kaypo,

Multiple Antivirus Programs
You are running more than 1 Antivirus program!
avast! Internet Security
AVG Internet Security 2012

Running more than one antivirus program is not recommended because:
  1. They can conflict with each other.
  2. Report the other antivirus software as malicious.
  3. Antivirus programs use an enormous amount of computer's resources actively scanning your computer.
  4. Can cause your computer to run slowly, become unstable and crash.
I strongly suggest you uninstall one of them. You can choose which one.

IObit
I see you have some products installed from iObit:
Advanced SystemCare 6
IObit Apps Toolbar v7.2
IObit Malware Fighter

This company has been involved in some dubious activities, as you can see here.
I advise you to remove all the programs listed above.

After you decide which Anti-Virus to keep and if you uninstall iObit programs, please:
OTL
Please download OTL by Old Timer. Save it to your Desktop.
If you can't download the exe file, try these links:
http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
  • Right-click OTL.exe (or OTL.com or OTL.scr) and select "Run as Administrator" to launch the program.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Computer won't allow me to open tabs, increase volume,et

Unread postby kaypo » June 23rd, 2013, 6:17 pm

Hello Nunped,

Thank you for your response.

I removed the AVG software and all the components of the IObit software.

Please find the OTL log below.

OTL logfile created on: 6/23/2013 4:51:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kecia\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.37 Mb Total Physical Memory | 314.29 Mb Available Physical Memory | 30.95% Memory free
1.99 Gb Paging File | 1.09 Gb Available in Paging File | 54.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 94.32 Gb Free Space | 65.94% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 1.01 Gb Free Space | 16.79% Space Free | Partition Type: FAT32

Computer Name: KECIA-PC | User Name: Kecia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/23 16:49:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kecia\Desktop\OTL.exe
PRC - [2013/06/11 13:49:21 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 03:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/09 03:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/01/08 08:59:20 | 000,228,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/19 18:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2013/06/11 13:49:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/05/09 03:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/02/28 22:17:05 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2013/05/18 18:02:20 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/05/18 18:02:20 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2013/05/09 03:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/05/09 03:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 03:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 03:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 03:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 03:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 03:59:09 | 000,204,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/05/09 03:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 03:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/05/09 03:59:08 | 000,104,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2013/05/09 03:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 17:44:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 17:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=66
IE - HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 F8 A0 50 45 EC CC 01 [binary data]
IE - HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\..\SearchScopes,DefaultScope = {62E8AB31-D28F-4D0F-B8DF-F53BF358DE93}
IE - HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\..\SearchScopes\{1C7A2DF8-93DF-4597-A361-1EF3FE9CFF55}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\..\SearchScopes\{62E8AB31-D28F-4D0F-B8DF-F53BF358DE93}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =198484&p={searchTerms}
IE - HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={EC8A37DC-1FDA-442C-A4B5-8E20B6007131}&mid=e5d0434f545847d18ae8d15a9244fe19-e4c4487156906c5f102c39f3893d4e177462ec13&lang=en&ds=AVG&pr=fr&d=2012-05-23 11:19:54&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2013/05/14 10:38:56 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - Extension: No name found = C:\Users\Kecia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Kecia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59283A96-564D-488B-8259-17C5D2B40DEF}: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/23 16:49:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kecia\Desktop\OTL.exe
[2013/06/22 07:48:28 | 000,000,000 | ---D | C] -- C:\Users\Kecia\AppData\Local\FileTypeAssistant
[2013/06/22 07:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2013/06/22 07:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/06/22 07:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2013/06/22 07:46:55 | 000,000,000 | ---D | C] -- C:\Users\Kecia\AppData\Roaming\Yahoo!
[2013/06/22 07:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2013/06/22 07:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/06/12 03:16:38 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/06/12 03:16:36 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/06/12 03:09:13 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/06/12 03:09:11 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/06/12 03:09:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/06/12 03:09:03 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/06/12 03:09:03 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/06/12 03:09:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/06/12 03:09:01 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/06/12 03:09:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/06/11 13:45:03 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/06/11 13:44:55 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/06/11 13:44:54 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/06/11 13:44:38 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013/06/11 13:44:25 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/06/11 13:44:24 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[3 C:\Users\Kecia\Documents\*.tmp files -> C:\Users\Kecia\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/23 16:51:07 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/23 16:51:07 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/23 16:49:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kecia\Desktop\OTL.exe
[2013/06/23 16:49:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/23 16:42:25 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/06/23 16:42:25 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013/06/23 16:41:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/23 16:41:41 | 798,515,200 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/11 13:49:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/06/11 13:49:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/06/08 06:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/06/08 06:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/29 10:29:19 | 000,835,505 | ---- | M] () -- C:\Users\Kecia\Documents\FPA Kecia Yasser Pollo Halal Turkey tajakistan.pdf
[2013/05/29 10:23:04 | 000,334,776 | ---- | M] () -- C:\Users\Kecia\Documents\KP Awab Tajikistan Fee Agreement.jpg
[2013/05/29 10:20:17 | 000,346,733 | ---- | M] () -- C:\Users\Kecia\Documents\Yasser Tajikistan Fee Agreement.jpg
[3 C:\Users\Kecia\Documents\*.tmp files -> C:\Users\Kecia\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/11 13:34:09 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013/05/31 13:27:23 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/05/29 10:29:13 | 000,835,505 | ---- | C] () -- C:\Users\Kecia\Documents\FPA Kecia Yasser Pollo Halal Turkey tajakistan.pdf
[2013/05/29 10:23:00 | 000,334,776 | ---- | C] () -- C:\Users\Kecia\Documents\KP Awab Tajikistan Fee Agreement.jpg
[2013/05/29 10:20:16 | 000,346,733 | ---- | C] () -- C:\Users\Kecia\Documents\Yasser Tajikistan Fee Agreement.jpg
[2013/03/20 17:49:58 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/20 17:49:57 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/02/15 20:23:16 | 000,023,116 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\Medical Supply page 6.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\Medical Supply page 5.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\Medical Supply page 4.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\Medical Supply page 3.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\Medical Supply page 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\Medical Supply page 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP XINGU Page 5.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP XINGU Page 4.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP XINGU Page 3.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP XINGU Page 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP XINGU Page 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP Tank Quote Page 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP Tank Quote Page 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP Tank 2nd Quote.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP LSS Agreement 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP Goldman Commission.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP Goldman 5.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP Goldman 4.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP Goldman 3.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP Goldman 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP Goldman 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP Fernando NCND.tif:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\Copy W2.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

Please find the Extras.txt log below.

OTL Extras logfile created on: 6/23/2013 4:51:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kecia\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.37 Mb Total Physical Memory | 314.29 Mb Available Physical Memory | 30.95% Memory free
1.99 Gb Paging File | 1.09 Gb Available in Paging File | 54.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 94.32 Gb Free Space | 65.94% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 1.01 Gb Free Space | 16.79% Space Free | Partition Type: FAT32

Computer Name: KECIA-PC | User Name: Kecia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E6121C75-5E2A-46F4-AFBC-68C0FD524C85}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A506933-2275-428A-85A8-CB678F7CB32C}" = dir=in | app=c:\program files\file type assistant\tsassist.exe |
"{4962B80E-81B6-42E2-A0A0-716B30E3D9AF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{5BA34A61-58B7-45D9-9826-85B9DC772A92}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{68DFE363-C99D-41E7-BD4C-48AF4FF2D2B1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{74078F7B-AA30-4AEB-8974-83466040FB65}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{76FDF385-7525-43C4-AE6B-1EAE1FD0E96E}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{92F7FFCC-2C4A-4D39-97D0-4D96E6422761}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{A7309FBB-F09C-463C-90F4-CC89A57959DF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{AD554F63-9D4B-4C13-ACDE-19D0286502D9}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{AE1F4380-0D64-4D40-A0BA-748A00ECB4BC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{C5AC018C-E03E-48FA-982A-B4E67F444402}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CEB0F50A-84E7-434A-87C2-03F2F1E746C2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{DBEBABAC-ED6C-45EB-A41A-C7D15B40C2D0}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{DE6A4E6F-2B12-436A-86B3-35F3076B2FFB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{286C5BE9-7E61-4AC1-B674-BED333C35F73}" = AVG 2012
"{2F3A3B57-8AB4-4136-8FD2-96A77D5183C1}" = AVG 2012
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Internet Security
"AVG" = AVG 2012
"iMesh" = iMesh
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.SingleImage" = Microsoft Office Professional 2010
"Trusted Software Assistant_is1" = File Type Assistant
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/18/2013 8:31:31 AM | Computer Name = Kecia-PC | Source = ESENT | ID = 486
Description = taskhost (1624) WebCacheLocal: An attempt to move the file "C:\Users\Kecia\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log"
to "C:\Users\Kecia\AppData\Local\Microsoft\Windows\WebCache\V01.log" failed with
system error 2 (0x00000002): "The system cannot find the file specified. ". The
move file operation will fail with error -1811 (0xfffff8ed).

Error - 6/18/2013 8:31:31 AM | Computer Name = Kecia-PC | Source = ESENT | ID = 413
Description = taskhost (1624) WebCacheLocal: Unable to create a new logfile because
the database cannot write to the log drive. The drive may be read-only, out of
disk space, misconfigured, or corrupted. Error -1811.

Error - 6/18/2013 8:31:31 AM | Computer Name = Kecia-PC | Source = ESENT | ID = 454
Description = taskhost (1624) WebCacheLocal: Database recovery/restore failed with
unexpected error -1811.

Error - 6/18/2013 8:31:32 AM | Computer Name = Kecia-PC | Source = ESENT | ID = 452
Description = DllHost (1984) WebCacheLocal: Database C:\Users\Kecia\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
requires logfiles 87-91 in order to recover successfully. Recovery could only locate
logfiles starting at 88.

Error - 6/18/2013 8:31:32 AM | Computer Name = Kecia-PC | Source = ESENT | ID = 454
Description = DllHost (1984) WebCacheLocal: Database recovery/restore failed with
unexpected error -543.

Error - 6/18/2013 9:32:17 PM | Computer Name = Kecia-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 10.0.9200.16611 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 4cc Start
Time: 01ce6c4e88294713 Termination Time: 1028 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 6/19/2013 6:23:06 PM | Computer Name = Kecia-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 10.0.9200.16611 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 40c Start
Time: 01ce6d042f158241 Termination Time: 1160 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 6/20/2013 2:18:49 PM | Computer Name = Kecia-PC | Source = ESENT | ID = 489
Description = taskhost (1680) An attempt to open the file "C:\Users\Kecia\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 6/21/2013 9:33:44 AM | Computer Name = Kecia-PC | Source = ESENT | ID = 489
Description = taskhost (1620) An attempt to open the file "C:\Users\Kecia\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 6/23/2013 5:42:30 PM | Computer Name = Kecia-PC | Source = ESENT | ID = 489
Description = taskhost (1616) An attempt to open the file "C:\Users\Kecia\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

[ Media Center Events ]
Error - 5/19/2012 3:27:05 PM | Computer Name = Kecia-PC | Source = MCUpdate | ID = 0
Description = 2:27:00 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/20/2012 9:08:01 AM | Computer Name = Kecia-PC | Source = MCUpdate | ID = 0
Description = 8:08:00 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/21/2012 9:24:58 AM | Computer Name = Kecia-PC | Source = MCUpdate | ID = 0
Description = 8:24:58 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/21/2012 12:56:25 PM | Computer Name = Kecia-PC | Source = MCUpdate | ID = 0
Description = 11:56:18 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 7:23:16 AM | Computer Name = Kecia-PC | Source = MCUpdate | ID = 0
Description = 6:23:16 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 12:23:25 PM | Computer Name = Kecia-PC | Source = MCUpdate | ID = 0
Description = 11:23:16 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/23/2012 7:08:24 AM | Computer Name = Kecia-PC | Source = MCUpdate | ID = 0
Description = 6:08:24 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/23/2012 12:20:41 PM | Computer Name = Kecia-PC | Source = MCUpdate | ID = 0
Description = 11:18:12 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 1/10/2013 10:49:23 AM | Computer Name = Kecia-PC | Source = MCUpdate | ID = 0
Description = 8:49:22 AM - Error connecting to the internet. 8:49:23 AM - Unable
to contact server..

Error - 1/10/2013 10:50:55 AM | Computer Name = Kecia-PC | Source = MCUpdate | ID = 0
Description = 8:49:53 AM - Error connecting to the internet. 8:49:53 AM - Unable
to contact server..

[ System Events ]
Error - 10/25/2012 10:48:49 AM | Computer Name = Kecia-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 10/25/2012 10:48:49 AM | Computer Name = Kecia-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 10/25/2012 10:48:50 AM | Computer Name = Kecia-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 10/25/2012 10:48:50 AM | Computer Name = Kecia-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 10/25/2012 10:48:50 AM | Computer Name = Kecia-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 10/25/2012 10:48:50 AM | Computer Name = Kecia-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 10/25/2012 10:48:50 AM | Computer Name = Kecia-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 10/25/2012 10:48:50 AM | Computer Name = Kecia-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 10/25/2012 10:48:50 AM | Computer Name = Kecia-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 10/25/2012 10:48:50 AM | Computer Name = Kecia-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.


< End of report >
kaypo
Regular Member
 
Posts: 104
Joined: October 4th, 2007, 10:08 pm

Re: Computer won't allow me to open tabs, increase volume,et

Unread postby nunped » June 24th, 2013, 4:53 am

Hi kaypo,

Step 1 - Fix with OTL
  • Right click OTL.exe and select "Run as Administrator" to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:commands
[createrestorepoint]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O3 - HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\Medical Supply page 6.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\Medical Supply page 5.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\Medical Supply page 4.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\Medical Supply page 3.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\Medical Supply page 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\Medical Supply page 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP XINGU Page 5.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP XINGU Page 4.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP XINGU Page 3.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP XINGU Page 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP XINGU Page 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP Tank Quote Page 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP Tank Quote Page 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP Tank 2nd Quote.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP LSS Agreement 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP Goldman Commission.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP Goldman 5.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP Goldman 4.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP Goldman 3.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP Goldman 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP Goldman 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\KP Fernando NCND.tif:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Kecia\Documents\Copy W2.jpeg:3or4kl4x13tuuug3Byamue2s4b

:commands
[emptytemp]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Step 2
Please tell me how is your computer behaving.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Computer won't allow me to open tabs, increase volume,et

Unread postby kaypo » June 24th, 2013, 5:09 pm

Hello Nunped,

It is still doing the same thing. The taskbar flashes when I try to open a minimized screen and the volume is still sliding down to zero.

Please find the log you requested below.

OTL Log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3744759751-1438785133-1174422313-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3744759751-1438785133-1174422313-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
ADS C:\Users\Kecia\Documents\Medical Supply page 6.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\Medical Supply page 5.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\Medical Supply page 4.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\Medical Supply page 3.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\Medical Supply page 2.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\Medical Supply page 1.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\KP XINGU Page 5.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\KP XINGU Page 4.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\KP XINGU Page 3.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\KP XINGU Page 2.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\KP XINGU Page 1.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\KP Tank Quote Page 2.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\KP Tank Quote Page 1.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\KP Tank 2nd Quote.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\KP LSS Agreement 2.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\KP Goldman Commission.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\KP Goldman 5.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\KP Goldman 4.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\KP Goldman 3.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\KP Goldman 2.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\KP Goldman 1.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\KP Fernando NCND.tif:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Kecia\Documents\Copy W2.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kecia
->Temp folder emptied: 65252322 bytes
->Temporary Internet Files folder emptied: 1899044872 bytes
->Java cache emptied: 177828 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 28708 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31965638 bytes
RecycleBin emptied: 93298858 bytes

Total Files Cleaned = 1,994.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06242013_153158

Files\Folders moved on Reboot...
File\Folder C:\Users\Kecia\AppData\Local\Temp\OICE_DD9B29EC-5035-4454-A267-D8A07F1B9E39.0\CE943B87. not found!
File\Folder C:\Users\Kecia\AppData\Local\Temp\OICE_D690E82C-12F1-4122-A29F-4A49BD4BCA79.0\25C1C849. not found!
File\Folder C:\Users\Kecia\AppData\Local\Temp\OICE_D690E82C-12F1-4122-A29F-4A49BD4BCA79.0\43A9EAD. not found!
File\Folder C:\Users\Kecia\AppData\Local\Temp\OICE_71E7CE68-ECE3-48E9-A67B-66E9FEE8EDB8.0\5CAD7850. not found!
File\Folder C:\Users\Kecia\AppData\Local\Temp\OICE_246A163A-EB59-40B8-9DC0-B07791299CD2.0\55E6168E. not found!
File\Folder C:\Users\Kecia\AppData\Local\Temp\OICE_18E6FFC9-3195-45CC-97F0-8B0312C0B338.0\8D4BBC8. not found!
File\Folder C:\Users\Kecia\AppData\Local\Temp\OICE_13583252-AE54-4C90-9F71-EE9C231C4F6A.0\5ED711B4. not found!
File\Folder C:\Users\Kecia\AppData\Local\Temp\OICE_12CEAF00-2B71-4160-87E9-2F44D48D0B1C.0\50669869. not found!
File\Folder C:\Users\Kecia\AppData\Local\Temp\OICE_06203A69-2D59-4C41-A8A9-90AC0C26D671.0\72CDBAE2. not found!
File\Folder C:\Users\Kecia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VCLHJ6HF\DroidSans[1].woff not found!
File\Folder C:\Users\Kecia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QSN0HNVT\sh119[2].htm not found!
File\Folder C:\Users\Kecia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L7L50OFA\viewtopic[2].htm not found!
C:\Users\Kecia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\Kecia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Kecia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Kecia\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
kaypo
Regular Member
 
Posts: 104
Joined: October 4th, 2007, 10:08 pm

Re: Computer won't allow me to open tabs, increase volume,et

Unread postby nunped » June 24th, 2013, 6:41 pm

Hi kaypo,

Let's run another scan:
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select "run as administrator" to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  • Click the Start Scan button. Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Computer won't allow me to open tabs, increase volume,et

Unread postby kaypo » June 25th, 2013, 8:50 am

Hello Nunped,

Please find the log for TDSSKiller below as requested.

07:46:59.0295 3932 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
07:47:01.0397 3932 ============================================================
07:47:01.0397 3932 Current date / time: 2013/06/25 07:47:01.0397
07:47:01.0397 3932 SystemInfo:
07:47:01.0397 3932
07:47:01.0397 3932 OS Version: 6.1.7601 ServicePack: 1.0
07:47:01.0397 3932 Product type: Workstation
07:47:01.0397 3932 ComputerName: KECIA-PC
07:47:01.0398 3932 UserName: Kecia
07:47:01.0398 3932 Windows directory: C:\Windows
07:47:01.0398 3932 System windows directory: C:\Windows
07:47:01.0398 3932 Processor architecture: Intel x86
07:47:01.0398 3932 Number of processors: 1
07:47:01.0398 3932 Page size: 0x1000
07:47:01.0398 3932 Boot type: Normal boot
07:47:01.0398 3932 ============================================================
07:47:04.0172 3932 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
07:47:04.0473 3932 ============================================================
07:47:04.0473 3932 \Device\Harddisk0\DR0:
07:47:04.0499 3932 MBR partitions:
07:47:04.0499 3932 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xBFF3C1
07:47:04.0499 3932 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xBFF400, BlocksNum 0x11E15800
07:47:04.0499 3932 ============================================================
07:47:04.0626 3932 C: <-> \Device\Harddisk0\DR0\Partition2
07:47:04.0649 3932 D: <-> \Device\Harddisk0\DR0\Partition1
07:47:04.0649 3932 ============================================================
07:47:04.0650 3932 Initialize success
07:47:04.0650 3932 ============================================================
07:47:25.0052 0164 ============================================================
07:47:25.0052 0164 Scan started
07:47:25.0052 0164 Mode: Manual;
07:47:25.0052 0164 ============================================================
07:47:25.0781 0164 ================ Scan system memory ========================
07:47:25.0781 0164 System memory - ok
07:47:25.0791 0164 ================ Scan services =============================
07:47:26.0135 0164 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
07:47:26.0143 0164 1394ohci - ok
07:47:26.0205 0164 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:47:26.0209 0164 ACPI - ok
07:47:26.0267 0164 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:47:26.0267 0164 AcpiPmi - ok
07:47:26.0478 0164 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
07:47:26.0494 0164 AdobeARMservice - ok
07:47:26.0595 0164 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:47:26.0603 0164 AdobeFlashPlayerUpdateSvc - ok
07:47:26.0666 0164 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
07:47:26.0673 0164 adp94xx - ok
07:47:26.0705 0164 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
07:47:26.0712 0164 adpahci - ok
07:47:26.0744 0164 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
07:47:26.0744 0164 adpu320 - ok
07:47:26.0814 0164 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:47:26.0822 0164 AeLookupSvc - ok
07:47:26.0892 0164 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
07:47:26.0900 0164 AFD - ok
07:47:26.0972 0164 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
07:47:27.0026 0164 AgereSoftModem - ok
07:47:27.0083 0164 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
07:47:27.0084 0164 agp440 - ok
07:47:27.0134 0164 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
07:47:27.0136 0164 aic78xx - ok
07:47:27.0204 0164 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
07:47:27.0207 0164 ALG - ok
07:47:27.0243 0164 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
07:47:27.0245 0164 aliide - ok
07:47:27.0285 0164 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
07:47:27.0287 0164 amdagp - ok
07:47:27.0312 0164 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
07:47:27.0315 0164 amdide - ok
07:47:27.0374 0164 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
07:47:27.0375 0164 AmdK8 - ok
07:47:27.0402 0164 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
07:47:27.0405 0164 AmdPPM - ok
07:47:27.0443 0164 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:47:27.0446 0164 amdsata - ok
07:47:27.0476 0164 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
07:47:27.0480 0164 amdsbs - ok
07:47:27.0508 0164 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:47:27.0510 0164 amdxata - ok
07:47:27.0562 0164 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
07:47:27.0564 0164 AppID - ok
07:47:27.0613 0164 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:47:27.0615 0164 AppIDSvc - ok
07:47:27.0667 0164 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
07:47:27.0670 0164 Appinfo - ok
07:47:27.0719 0164 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
07:47:27.0721 0164 arc - ok
07:47:27.0750 0164 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
07:47:27.0753 0164 arcsas - ok
07:47:27.0811 0164 [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
07:47:27.0814 0164 aswFsBlk - ok
07:47:27.0868 0164 [ EA235FC109D9B9FA7A602BA30888B2B9 ] aswFW C:\Windows\system32\drivers\aswFW.sys
07:47:27.0870 0164 aswFW - ok
07:47:27.0914 0164 [ 3FCA5C1A8F33CF9857220CC3A3076A3E ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
07:47:27.0916 0164 aswKbd - ok
07:47:27.0969 0164 [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
07:47:27.0969 0164 aswMonFlt - ok
07:47:27.0993 0164 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\Windows\system32\DRIVERS\aswNdis.sys
07:47:27.0993 0164 aswNdis - ok
07:47:28.0032 0164 [ 47DA17FD9C2F8B1B62A06DFB7AFDC8CA ] aswNdis2 C:\Windows\system32\drivers\aswNdis2.sys
07:47:28.0047 0164 aswNdis2 - ok
07:47:28.0086 0164 [ FFE9A993B3EC2908FECB1DF2C39148BB ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
07:47:28.0094 0164 aswRdr - ok
07:47:28.0157 0164 [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
07:47:28.0165 0164 aswRvrt - ok
07:47:28.0204 0164 [ 6CAB0A5991C5C0FC63F5E66593E71D7E ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
07:47:28.0227 0164 aswSnx - ok
07:47:28.0360 0164 [ 99102F60F344BEBAF4F6114514FD28D3 ] aswSP C:\Windows\system32\drivers\aswSP.sys
07:47:28.0368 0164 aswSP - ok
07:47:28.0399 0164 [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
07:47:28.0407 0164 aswTdi - ok
07:47:28.0454 0164 [ 16B8E3CD50A460EC32CA680C8210A0A9 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
07:47:28.0461 0164 aswVmm - ok
07:47:28.0493 0164 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:47:28.0493 0164 AsyncMac - ok
07:47:28.0540 0164 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
07:47:28.0540 0164 atapi - ok
07:47:28.0633 0164 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:47:28.0665 0164 AudioEndpointBuilder - ok
07:47:28.0680 0164 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
07:47:28.0688 0164 Audiosrv - ok
07:47:28.0836 0164 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:47:28.0836 0164 avast! Antivirus - ok
07:47:28.0887 0164 [ C2009C6A452BD07B30D773349589B762 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
07:47:28.0891 0164 avast! Firewall - ok
07:47:28.0963 0164 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
07:47:28.0968 0164 avgwd - ok
07:47:29.0020 0164 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:47:29.0027 0164 AxInstSV - ok
07:47:29.0154 0164 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
07:47:29.0165 0164 b06bdrv - ok
07:47:29.0214 0164 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
07:47:29.0219 0164 b57nd60x - ok
07:47:29.0284 0164 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
07:47:29.0288 0164 BDESVC - ok
07:47:29.0307 0164 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
07:47:29.0308 0164 Beep - ok
07:47:29.0377 0164 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
07:47:29.0387 0164 BFE - ok
07:47:29.0448 0164 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
07:47:29.0462 0164 BITS - ok
07:47:29.0491 0164 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
07:47:29.0493 0164 blbdrive - ok
07:47:29.0539 0164 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:47:29.0541 0164 bowser - ok
07:47:29.0707 0164 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:47:29.0737 0164 BrFiltLo - ok
07:47:29.0789 0164 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:47:29.0810 0164 BrFiltUp - ok
07:47:29.0862 0164 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
07:47:29.0865 0164 Browser - ok
07:47:29.0908 0164 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:47:29.0914 0164 Brserid - ok
07:47:29.0941 0164 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:47:29.0944 0164 BrSerWdm - ok
07:47:29.0970 0164 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:47:29.0972 0164 BrUsbMdm - ok
07:47:29.0999 0164 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:47:30.0000 0164 BrUsbSer - ok
07:47:30.0032 0164 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
07:47:30.0052 0164 BTHMODEM - ok
07:47:30.0204 0164 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
07:47:30.0208 0164 bthserv - ok
07:47:30.0253 0164 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:47:30.0256 0164 cdfs - ok
07:47:30.0332 0164 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
07:47:30.0334 0164 cdrom - ok
07:47:30.0399 0164 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
07:47:30.0402 0164 CertPropSvc - ok
07:47:30.0440 0164 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
07:47:30.0448 0164 circlass - ok
07:47:30.0498 0164 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
07:47:30.0503 0164 CLFS - ok
07:47:30.0614 0164 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:47:30.0620 0164 clr_optimization_v2.0.50727_32 - ok
07:47:30.0713 0164 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:47:30.0756 0164 clr_optimization_v4.0.30319_32 - ok
07:47:30.0788 0164 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:47:30.0790 0164 CmBatt - ok
07:47:30.0832 0164 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:47:30.0834 0164 cmdide - ok
07:47:30.0888 0164 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
07:47:30.0896 0164 CNG - ok
07:47:30.0941 0164 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:47:30.0942 0164 Compbatt - ok
07:47:31.0010 0164 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
07:47:31.0012 0164 CompositeBus - ok
07:47:31.0039 0164 COMSysApp - ok
07:47:31.0085 0164 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
07:47:31.0087 0164 crcdisk - ok
07:47:31.0151 0164 [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:47:31.0156 0164 CryptSvc - ok
07:47:31.0253 0164 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
07:47:31.0266 0164 DcomLaunch - ok
07:47:31.0321 0164 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
07:47:31.0327 0164 defragsvc - ok
07:47:31.0383 0164 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:47:31.0386 0164 DfsC - ok
07:47:31.0447 0164 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
07:47:31.0453 0164 Dhcp - ok
07:47:31.0499 0164 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
07:47:31.0502 0164 discache - ok
07:47:31.0620 0164 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
07:47:31.0623 0164 Disk - ok
07:47:31.0662 0164 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:47:31.0666 0164 Dnscache - ok
07:47:31.0717 0164 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
07:47:31.0724 0164 dot3svc - ok
07:47:31.0768 0164 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
07:47:31.0773 0164 DPS - ok
07:47:31.0831 0164 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:47:31.0833 0164 drmkaud - ok
07:47:31.0892 0164 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:47:31.0918 0164 DXGKrnl - ok
07:47:31.0961 0164 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
07:47:31.0966 0164 EapHost - ok
07:47:32.0151 0164 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
07:47:32.0238 0164 ebdrv - ok
07:47:32.0287 0164 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
07:47:32.0291 0164 EFS - ok
07:47:32.0377 0164 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:47:32.0389 0164 ehRecvr - ok
07:47:32.0438 0164 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
07:47:32.0441 0164 ehSched - ok
07:47:32.0512 0164 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
07:47:32.0524 0164 elxstor - ok
07:47:32.0560 0164 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:47:32.0563 0164 ErrDev - ok
07:47:32.0631 0164 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
07:47:32.0639 0164 EventSystem - ok
07:47:32.0671 0164 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
07:47:32.0676 0164 exfat - ok
07:47:32.0709 0164 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:47:32.0713 0164 fastfat - ok
07:47:32.0780 0164 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
07:47:32.0808 0164 Fax - ok
07:47:32.0833 0164 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:47:32.0836 0164 fdc - ok
07:47:32.0862 0164 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
07:47:32.0866 0164 fdPHost - ok
07:47:32.0889 0164 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
07:47:32.0893 0164 FDResPub - ok
07:47:32.0939 0164 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:47:32.0941 0164 FileInfo - ok
07:47:32.0960 0164 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:47:32.0962 0164 Filetrace - ok
07:47:32.0983 0164 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:47:32.0986 0164 flpydisk - ok
07:47:33.0035 0164 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:47:33.0040 0164 FltMgr - ok
07:47:33.0115 0164 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
07:47:33.0133 0164 FontCache - ok
07:47:33.0235 0164 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:47:33.0238 0164 FontCache3.0.0.0 - ok
07:47:33.0267 0164 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:47:33.0270 0164 FsDepends - ok
07:47:33.0314 0164 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:47:33.0317 0164 Fs_Rec - ok
07:47:33.0382 0164 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:47:33.0387 0164 fvevol - ok
07:47:33.0441 0164 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
07:47:33.0482 0164 gagp30kx - ok
07:47:33.0540 0164 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
07:47:33.0552 0164 gpsvc - ok
07:47:33.0578 0164 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:47:33.0580 0164 hcw85cir - ok
07:47:33.0645 0164 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:47:33.0652 0164 HdAudAddService - ok
07:47:33.0705 0164 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
07:47:33.0708 0164 HDAudBus - ok
07:47:33.0737 0164 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
07:47:33.0739 0164 HidBatt - ok
07:47:33.0766 0164 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
07:47:33.0769 0164 HidBth - ok
07:47:33.0889 0164 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
07:47:33.0891 0164 HidIr - ok
07:47:33.0936 0164 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
07:47:33.0941 0164 hidserv - ok
07:47:33.0985 0164 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
07:47:33.0989 0164 HidUsb - ok
07:47:34.0039 0164 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:47:34.0044 0164 hkmsvc - ok
07:47:34.0096 0164 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:47:34.0103 0164 HomeGroupListener - ok
07:47:34.0186 0164 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:47:34.0211 0164 HomeGroupProvider - ok
07:47:34.0263 0164 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:47:34.0266 0164 HpSAMD - ok
07:47:34.0378 0164 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:47:34.0402 0164 HTTP - ok
07:47:34.0453 0164 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:47:34.0455 0164 hwpolicy - ok
07:47:34.0507 0164 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
07:47:34.0510 0164 i8042prt - ok
07:47:34.0559 0164 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:47:34.0567 0164 iaStorV - ok
07:47:34.0665 0164 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:47:34.0680 0164 idsvc - ok
07:47:34.0728 0164 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
07:47:34.0731 0164 iirsp - ok
07:47:34.0841 0164 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
07:47:34.0865 0164 IKEEXT - ok
07:47:34.0919 0164 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
07:47:34.0919 0164 intelide - ok
07:47:34.0966 0164 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:47:34.0966 0164 intelppm - ok
07:47:35.0013 0164 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:47:35.0013 0164 IPBusEnum - ok
07:47:35.0060 0164 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:47:35.0060 0164 IpFilterDriver - ok
07:47:35.0115 0164 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:47:35.0123 0164 iphlpsvc - ok
07:47:35.0177 0164 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
07:47:35.0177 0164 IPMIDRV - ok
07:47:35.0224 0164 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:47:35.0224 0164 IPNAT - ok
07:47:35.0263 0164 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:47:35.0271 0164 IRENUM - ok
07:47:35.0302 0164 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:47:35.0302 0164 isapnp - ok
07:47:35.0333 0164 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
07:47:35.0341 0164 iScsiPrt - ok
07:47:35.0380 0164 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
07:47:35.0380 0164 kbdclass - ok
07:47:35.0443 0164 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
07:47:35.0443 0164 kbdhid - ok
07:47:35.0458 0164 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
07:47:35.0466 0164 KeyIso - ok
07:47:35.0521 0164 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:47:35.0521 0164 KSecDD - ok
07:47:35.0568 0164 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:47:35.0568 0164 KSecPkg - ok
07:47:35.0615 0164 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
07:47:35.0630 0164 KtmRm - ok
07:47:35.0677 0164 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
07:47:35.0693 0164 LanmanServer - ok
07:47:35.0732 0164 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:47:35.0748 0164 LanmanWorkstation - ok
07:47:35.0818 0164 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:47:35.0818 0164 lltdio - ok
07:47:35.0873 0164 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:47:35.0880 0164 lltdsvc - ok
07:47:35.0904 0164 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
07:47:35.0904 0164 lmhosts - ok
07:47:35.0966 0164 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
07:47:35.0974 0164 LSI_FC - ok
07:47:35.0998 0164 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
07:47:36.0005 0164 LSI_SAS - ok
07:47:36.0029 0164 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:47:36.0029 0164 LSI_SAS2 - ok
07:47:36.0052 0164 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:47:36.0052 0164 LSI_SCSI - ok
07:47:36.0091 0164 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
07:47:36.0099 0164 luafv - ok
07:47:36.0146 0164 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:47:36.0154 0164 Mcx2Svc - ok
07:47:36.0177 0164 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
07:47:36.0177 0164 megasas - ok
07:47:36.0216 0164 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
07:47:36.0224 0164 MegaSR - ok
07:47:36.0271 0164 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
07:47:36.0271 0164 MMCSS - ok
07:47:36.0294 0164 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
07:47:36.0302 0164 Modem - ok
07:47:36.0341 0164 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:47:36.0341 0164 monitor - ok
07:47:36.0388 0164 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:47:36.0388 0164 mouclass - ok
07:47:36.0435 0164 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:47:36.0435 0164 mouhid - ok
07:47:36.0482 0164 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:47:36.0490 0164 mountmgr - ok
07:47:36.0529 0164 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
07:47:36.0537 0164 mpio - ok
07:47:36.0560 0164 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:47:36.0568 0164 mpsdrv - ok
07:47:36.0623 0164 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:47:36.0638 0164 MpsSvc - ok
07:47:36.0685 0164 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:47:36.0685 0164 MRxDAV - ok
07:47:36.0732 0164 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:47:36.0732 0164 mrxsmb - ok
07:47:36.0763 0164 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:47:36.0763 0164 mrxsmb10 - ok
07:47:36.0787 0164 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:47:36.0794 0164 mrxsmb20 - ok
07:47:36.0826 0164 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
07:47:36.0833 0164 msahci - ok
07:47:36.0865 0164 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:47:36.0865 0164 msdsm - ok
07:47:36.0896 0164 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
07:47:36.0904 0164 MSDTC - ok
07:47:36.0966 0164 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:47:36.0974 0164 Msfs - ok
07:47:36.0998 0164 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:47:36.0998 0164 mshidkmdf - ok
07:47:37.0044 0164 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:47:37.0052 0164 msisadrv - ok
07:47:37.0091 0164 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:47:37.0099 0164 MSiSCSI - ok
07:47:37.0115 0164 msiserver - ok
07:47:37.0169 0164 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:47:37.0169 0164 MSKSSRV - ok
07:47:37.0201 0164 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:47:37.0201 0164 MSPCLOCK - ok
07:47:37.0248 0164 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:47:37.0255 0164 MSPQM - ok
07:47:37.0287 0164 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:47:37.0294 0164 MsRPC - ok
07:47:37.0349 0164 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
07:47:37.0349 0164 mssmbios - ok
07:47:37.0373 0164 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:47:37.0380 0164 MSTEE - ok
07:47:37.0404 0164 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
07:47:37.0404 0164 MTConfig - ok
07:47:37.0443 0164 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
07:47:37.0443 0164 Mup - ok
07:47:37.0498 0164 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
07:47:37.0513 0164 napagent - ok
07:47:37.0576 0164 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:47:37.0583 0164 NativeWifiP - ok
07:47:37.0646 0164 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
07:47:37.0654 0164 NDIS - ok
07:47:37.0685 0164 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:47:37.0685 0164 NdisCap - ok
07:47:37.0724 0164 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:47:37.0724 0164 NdisTapi - ok
07:47:37.0779 0164 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:47:37.0787 0164 Ndisuio - ok
07:47:37.0826 0164 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:47:37.0826 0164 NdisWan - ok
07:47:37.0888 0164 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:47:37.0888 0164 NDProxy - ok
07:47:37.0943 0164 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:47:37.0943 0164 NetBIOS - ok
07:47:37.0990 0164 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:47:37.0998 0164 NetBT - ok
07:47:38.0021 0164 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
07:47:38.0029 0164 Netlogon - ok
07:47:38.0091 0164 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
07:47:38.0099 0164 Netman - ok
07:47:38.0138 0164 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
07:47:38.0154 0164 netprofm - ok
07:47:38.0216 0164 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:47:38.0224 0164 NetTcpPortSharing - ok
07:47:38.0279 0164 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
07:47:38.0279 0164 nfrd960 - ok
07:47:38.0333 0164 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
07:47:38.0341 0164 NlaSvc - ok
07:47:38.0365 0164 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:47:38.0373 0164 Npfs - ok
07:47:38.0427 0164 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
07:47:38.0427 0164 nsi - ok
07:47:38.0451 0164 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:47:38.0451 0164 nsiproxy - ok
07:47:38.0529 0164 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:47:38.0560 0164 Ntfs - ok
07:47:38.0620 0164 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
07:47:38.0620 0164 Null - ok
07:47:38.0651 0164 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:47:38.0651 0164 nvraid - ok
07:47:38.0698 0164 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:47:38.0706 0164 nvstor - ok
07:47:38.0729 0164 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:47:38.0737 0164 nv_agp - ok
07:47:38.0784 0164 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:47:38.0784 0164 ohci1394 - ok
07:47:38.0870 0164 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:47:38.0870 0164 ose - ok
07:47:39.0049 0164 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:47:39.0186 0164 osppsvc - ok
07:47:39.0247 0164 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:47:39.0259 0164 p2pimsvc - ok
07:47:39.0292 0164 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
07:47:39.0305 0164 p2psvc - ok
07:47:39.0347 0164 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
07:47:39.0350 0164 Parport - ok
07:47:39.0400 0164 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:47:39.0408 0164 partmgr - ok
07:47:39.0423 0164 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
07:47:39.0423 0164 Parvdm - ok
07:47:39.0455 0164 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
07:47:39.0462 0164 PcaSvc - ok
07:47:39.0494 0164 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
07:47:39.0494 0164 pci - ok
07:47:39.0525 0164 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
07:47:39.0525 0164 pciide - ok
07:47:39.0556 0164 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
07:47:39.0564 0164 pcmcia - ok
07:47:39.0587 0164 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
07:47:39.0595 0164 pcw - ok
07:47:39.0626 0164 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:47:39.0642 0164 PEAUTH - ok
07:47:39.0775 0164 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
07:47:39.0822 0164 pla - ok
07:47:39.0947 0164 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:47:39.0962 0164 PlugPlay - ok
07:47:40.0025 0164 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:47:40.0033 0164 PNRPAutoReg - ok
07:47:40.0056 0164 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:47:40.0064 0164 PNRPsvc - ok
07:47:40.0119 0164 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:47:40.0128 0164 PolicyAgent - ok
07:47:40.0183 0164 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
07:47:40.0195 0164 Power - ok
07:47:40.0268 0164 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:47:40.0268 0164 PptpMiniport - ok
07:47:40.0299 0164 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
07:47:40.0299 0164 Processor - ok
07:47:40.0385 0164 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
07:47:40.0401 0164 ProfSvc - ok
07:47:40.0424 0164 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:47:40.0424 0164 ProtectedStorage - ok
07:47:40.0484 0164 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:47:40.0484 0164 Psched - ok
07:47:40.0757 0164 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
07:47:40.0796 0164 ql2300 - ok
07:47:40.0835 0164 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
07:47:40.0851 0164 ql40xx - ok
07:47:40.0890 0164 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
07:47:40.0898 0164 QWAVE - ok
07:47:40.0937 0164 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:47:40.0953 0164 QWAVEdrv - ok
07:47:41.0000 0164 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:47:41.0000 0164 RasAcd - ok
07:47:41.0046 0164 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:47:41.0046 0164 RasAgileVpn - ok
07:47:41.0062 0164 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
07:47:41.0078 0164 RasAuto - ok
07:47:41.0100 0164 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:47:41.0103 0164 Rasl2tp - ok
07:47:41.0168 0164 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
07:47:41.0192 0164 RasMan - ok
07:47:41.0223 0164 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:47:41.0231 0164 RasPppoe - ok
07:47:41.0278 0164 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:47:41.0286 0164 RasSstp - ok
07:47:41.0340 0164 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:47:41.0356 0164 rdbss - ok
07:47:41.0387 0164 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
07:47:41.0395 0164 rdpbus - ok
07:47:41.0434 0164 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:47:41.0450 0164 RDPCDD - ok
07:47:41.0504 0164 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:47:41.0504 0164 RDPENCDD - ok
07:47:41.0528 0164 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:47:41.0528 0164 RDPREFMP - ok
07:47:41.0606 0164 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
07:47:41.0606 0164 RdpVideoMiniport - ok
07:47:41.0676 0164 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:47:41.0684 0164 RDPWD - ok
07:47:41.0770 0164 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:47:41.0778 0164 rdyboost - ok
07:47:41.0833 0164 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
07:47:41.0840 0164 RemoteAccess - ok
07:47:41.0887 0164 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:47:41.0895 0164 RemoteRegistry - ok
07:47:41.0942 0164 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:47:41.0950 0164 RpcEptMapper - ok
07:47:41.0997 0164 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
07:47:42.0004 0164 RpcLocator - ok
07:47:42.0036 0164 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
07:47:42.0043 0164 RpcSs - ok
07:47:42.0114 0164 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:47:42.0114 0164 rspndr - ok
07:47:42.0176 0164 [ 4E20765744BFBC16F6D6E5BD5598786B ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys
07:47:42.0184 0164 RTL8023xp - ok
07:47:42.0200 0164 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
07:47:42.0208 0164 SamSs - ok
07:47:42.0275 0164 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:47:42.0283 0164 sbp2port - ok
07:47:42.0322 0164 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:47:42.0337 0164 SCardSvr - ok
07:47:42.0361 0164 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:47:42.0361 0164 scfilter - ok
07:47:42.0423 0164 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
07:47:42.0447 0164 Schedule - ok
07:47:42.0470 0164 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
07:47:42.0478 0164 SCPolicySvc - ok
07:47:42.0533 0164 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:47:42.0541 0164 SDRSVC - ok
07:47:42.0595 0164 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:47:42.0595 0164 secdrv - ok
07:47:42.0642 0164 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
07:47:42.0650 0164 seclogon - ok
07:47:42.0697 0164 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
07:47:42.0705 0164 SENS - ok
07:47:42.0767 0164 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:47:42.0775 0164 SensrSvc - ok
07:47:42.0814 0164 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
07:47:42.0814 0164 Serenum - ok
07:47:42.0845 0164 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
07:47:42.0853 0164 Serial - ok
07:47:42.0892 0164 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
07:47:42.0892 0164 sermouse - ok
07:47:42.0966 0164 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
07:47:42.0975 0164 SessionEnv - ok
07:47:43.0030 0164 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:47:43.0030 0164 sffdisk - ok
07:47:43.0053 0164 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:47:43.0053 0164 sffp_mmc - ok
07:47:43.0084 0164 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:47:43.0084 0164 sffp_sd - ok
07:47:43.0124 0164 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
07:47:43.0131 0164 sfloppy - ok
07:47:43.0178 0164 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:47:43.0186 0164 SharedAccess - ok
07:47:43.0217 0164 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:47:43.0233 0164 ShellHWDetection - ok
07:47:43.0280 0164 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
07:47:43.0288 0164 sisagp - ok
07:47:43.0327 0164 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:47:43.0327 0164 SiSRaid2 - ok
07:47:43.0350 0164 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
07:47:43.0358 0164 SiSRaid4 - ok
07:47:43.0428 0164 [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
07:47:43.0428 0164 SkypeUpdate - ok
07:47:43.0475 0164 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:47:43.0483 0164 Smb - ok
07:47:43.0538 0164 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:47:43.0545 0164 SNMPTRAP - ok
07:47:43.0569 0164 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
07:47:43.0569 0164 spldr - ok
07:47:43.0624 0164 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
07:47:43.0639 0164 Spooler - ok
07:47:43.0764 0164 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
07:47:43.0850 0164 sppsvc - ok
07:47:43.0910 0164 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:47:43.0925 0164 sppuinotify - ok
07:47:43.0980 0164 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
07:47:43.0988 0164 srv - ok
07:47:44.0035 0164 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:47:44.0050 0164 srv2 - ok
07:47:44.0082 0164 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:47:44.0082 0164 srvnet - ok
07:47:44.0128 0164 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:47:44.0144 0164 SSDPSRV - ok
07:47:44.0175 0164 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:47:44.0183 0164 SstpSvc - ok
07:47:44.0230 0164 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
07:47:44.0230 0164 stexstor - ok
07:47:44.0292 0164 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
07:47:44.0308 0164 StiSvc - ok
07:47:44.0367 0164 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
07:47:44.0369 0164 swenum - ok
07:47:44.0398 0164 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
07:47:44.0410 0164 swprv - ok
07:47:44.0495 0164 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
07:47:44.0534 0164 SysMain - ok
07:47:44.0581 0164 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:47:44.0588 0164 TabletInputService - ok
07:47:44.0651 0164 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
07:47:44.0666 0164 TapiSrv - ok
07:47:44.0729 0164 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
07:47:44.0737 0164 TBS - ok
07:47:44.0815 0164 [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:47:44.0854 0164 Tcpip - ok
07:47:44.0932 0164 [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:47:44.0940 0164 TCPIP6 - ok
07:47:44.0990 0164 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:47:44.0993 0164 tcpipreg - ok
07:47:45.0062 0164 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:47:45.0062 0164 TDPIPE - ok
07:47:45.0093 0164 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:47:45.0101 0164 TDTCP - ok
07:47:45.0140 0164 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:47:45.0148 0164 tdx - ok
07:47:45.0187 0164 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
07:47:45.0195 0164 TermDD - ok
07:47:45.0250 0164 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
07:47:45.0265 0164 TermService - ok
07:47:45.0312 0164 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
07:47:45.0320 0164 Themes - ok
07:47:45.0335 0164 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
07:47:45.0343 0164 THREADORDER - ok
07:47:45.0390 0164 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
07:47:45.0398 0164 TrkWks - ok
07:47:45.0468 0164 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:47:45.0476 0164 TrustedInstaller - ok
07:47:45.0523 0164 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:47:45.0523 0164 tssecsrv - ok
07:47:45.0562 0164 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
07:47:45.0570 0164 TsUsbFlt - ok
07:47:45.0632 0164 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:47:45.0632 0164 tunnel - ok
07:47:45.0679 0164 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
07:47:45.0679 0164 uagp35 - ok
07:47:45.0718 0164 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:47:45.0726 0164 udfs - ok
07:47:45.0782 0164 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:47:45.0792 0164 UI0Detect - ok
07:47:45.0825 0164 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:47:45.0825 0164 uliagpkx - ok
07:47:45.0872 0164 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
07:47:45.0872 0164 umbus - ok
07:47:45.0903 0164 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
07:47:45.0903 0164 UmPass - ok
07:47:45.0942 0164 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
07:47:45.0950 0164 upnphost - ok
07:47:46.0012 0164 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
07:47:46.0012 0164 usbaudio - ok
07:47:46.0067 0164 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:47:46.0067 0164 usbccgp - ok
07:47:46.0106 0164 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:47:46.0106 0164 usbcir - ok
07:47:46.0145 0164 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
07:47:46.0145 0164 usbehci - ok
07:47:46.0200 0164 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:47:46.0200 0164 usbhub - ok
07:47:46.0223 0164 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
07:47:46.0231 0164 usbohci - ok
07:47:46.0278 0164 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:47:46.0278 0164 usbprint - ok
07:47:46.0333 0164 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
07:47:46.0333 0164 usbscan - ok
07:47:46.0356 0164 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:47:46.0356 0164 USBSTOR - ok
07:47:46.0379 0164 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
07:47:46.0379 0164 usbuhci - ok
07:47:46.0426 0164 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
07:47:46.0434 0164 UxSms - ok
07:47:46.0458 0164 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
07:47:46.0465 0164 VaultSvc - ok
07:47:46.0504 0164 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
07:47:46.0504 0164 vdrvroot - ok
07:47:46.0567 0164 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
07:47:46.0583 0164 vds - ok
07:47:46.0637 0164 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:47:46.0645 0164 vga - ok
07:47:46.0661 0164 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
07:47:46.0661 0164 VgaSave - ok
07:47:46.0715 0164 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
07:47:46.0723 0164 vhdmp - ok
07:47:46.0770 0164 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
07:47:46.0770 0164 viaagp - ok
07:47:46.0825 0164 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
07:47:46.0825 0164 ViaC7 - ok
07:47:46.0848 0164 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
07:47:46.0856 0164 viaide - ok
07:47:46.0879 0164 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:47:46.0887 0164 volmgr - ok
07:47:46.0942 0164 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:47:46.0965 0164 volmgrx - ok
07:47:47.0004 0164 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:47:47.0020 0164 volsnap - ok
07:47:47.0059 0164 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
07:47:47.0067 0164 vsmraid - ok
07:47:47.0145 0164 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
07:47:47.0176 0164 VSS - ok
07:47:47.0208 0164 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
07:47:47.0215 0164 vwifibus - ok
07:47:47.0325 0164 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
07:47:47.0348 0164 W32Time - ok
07:47:47.0411 0164 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
07:47:47.0426 0164 WacomPen - ok
07:47:47.0489 0164 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:47:47.0489 0164 WANARP - ok
07:47:47.0504 0164 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:47:47.0504 0164 Wanarpv6 - ok
07:47:47.0629 0164 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
07:47:47.0668 0164 WatAdminSvc - ok
07:47:47.0950 0164 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
07:47:47.0989 0164 wbengine - ok
07:47:48.0043 0164 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:47:48.0051 0164 WbioSrvc - ok
07:47:48.0114 0164 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:47:48.0129 0164 wcncsvc - ok
07:47:48.0145 0164 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:47:48.0161 0164 WcsPlugInService - ok
07:47:48.0200 0164 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
07:47:48.0200 0164 Wd - ok
07:47:48.0254 0164 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
07:47:48.0270 0164 WDC_SAM - ok
07:47:48.0364 0164 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:47:48.0379 0164 Wdf01000 - ok
07:47:48.0426 0164 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:47:48.0434 0164 WdiServiceHost - ok
07:47:48.0450 0164 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:47:48.0458 0164 WdiSystemHost - ok
07:47:48.0536 0164 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
07:47:48.0551 0164 WebClient - ok
07:47:48.0611 0164 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:47:48.0634 0164 Wecsvc - ok
07:47:48.0666 0164 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:47:48.0673 0164 wercplsupport - ok
07:47:48.0705 0164 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
07:47:48.0720 0164 WerSvc - ok
07:47:48.0775 0164 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:47:48.0775 0164 WfpLwf - ok
07:47:48.0822 0164 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:47:48.0822 0164 WIMMount - ok
07:47:48.0908 0164 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
07:47:48.0939 0164 WinDefend - ok
07:47:48.0962 0164 WinHttpAutoProxySvc - ok
07:47:49.0041 0164 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:47:49.0041 0164 Winmgmt - ok
07:47:49.0119 0164 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
07:47:49.0166 0164 WinRM - ok
07:47:49.0236 0164 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
07:47:49.0236 0164 WinUsb - ok
07:47:49.0306 0164 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
07:47:49.0337 0164 Wlansvc - ok
07:47:49.0369 0164 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
07:47:49.0369 0164 WmiAcpi - ok
07:47:49.0408 0164 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:47:49.0416 0164 wmiApSrv - ok
07:47:49.0504 0164 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
07:47:49.0540 0164 WMPNetworkSvc - ok
07:47:49.0569 0164 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:47:49.0578 0164 WPCSvc - ok
07:47:49.0633 0164 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:47:49.0641 0164 WPDBusEnum - ok
07:47:49.0688 0164 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:47:49.0688 0164 ws2ifsl - ok
07:47:49.0711 0164 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
07:47:49.0727 0164 wscsvc - ok
07:47:49.0743 0164 WSearch - ok
07:47:49.0844 0164 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
07:47:49.0907 0164 wuauserv - ok
07:47:49.0957 0164 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:47:49.0959 0164 WudfPf - ok
07:47:50.0029 0164 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:47:50.0037 0164 WUDFRd - ok
07:47:50.0083 0164 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:47:50.0091 0164 wudfsvc - ok
07:47:50.0138 0164 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
07:47:50.0154 0164 WwanSvc - ok
07:47:50.0263 0164 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
07:47:50.0271 0164 YahooAUService - ok
07:47:50.0310 0164 ================ Scan global ===============================
07:47:50.0357 0164 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
07:47:50.0404 0164 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
07:47:50.0427 0164 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
07:47:50.0474 0164 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
07:47:50.0529 0164 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
07:47:50.0537 0164 [Global] - ok
07:47:50.0544 0164 ================ Scan MBR ==================================
07:47:50.0560 0164 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:47:50.0794 0164 \Device\Harddisk0\DR0 - ok
07:47:50.0802 0164 ================ Scan VBR ==================================
07:47:50.0810 0164 [ 76E84C39118624ABA31E23ACB978FA02 ] \Device\Harddisk0\DR0\Partition1
07:47:50.0810 0164 \Device\Harddisk0\DR0\Partition1 - ok
07:47:50.0818 0164 [ BF6AA41623EB0484D43C1208477C49A3 ] \Device\Harddisk0\DR0\Partition2
07:47:50.0826 0164 \Device\Harddisk0\DR0\Partition2 - ok
07:47:50.0826 0164 ============================================================
07:47:50.0826 0164 Scan finished
07:47:50.0826 0164 ============================================================
07:47:50.0857 3824 Detected object count: 0
07:47:50.0857 3824 Actual detected object count: 0
07:48:06.0029 3684 Deinitialize success
kaypo
Regular Member
 
Posts: 104
Joined: October 4th, 2007, 10:08 pm

Re: Computer won't allow me to open tabs, increase volume,et

Unread postby nunped » June 25th, 2013, 7:04 pm

Hi kaypo,

Last scans look clean...

Please run the following one:
ESET NOD32 Online Scan
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then right click on it and select "run as administrator" to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Do NOT use the computer while the scan is running... make sure all other programs and windows are closed!


Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
  • Click the [Run ESET Online Scanner] button.
  • Read the End User License Agreement and check the box: [Yes, I accept the terms of use].
  • Click the green [Start] button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
    If your browser blocks or halts a download, please allow it to download any required files.
  • Under scan settings:
    • Check "Scan archives"
    • Remove found threats is UNCHECKED
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the [Start] button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running.
  • When the scan completes, press the text: Image
  • Press the text: Image ... then save the file to your desktop as ESETScan.txt.
  • Press the [Back] button, then press the [Finish] button.
  • Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Remember to enable your Anti-virus protection before continuing!
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Computer won't allow me to open tabs, increase volume,et

Unread postby kaypo » June 25th, 2013, 7:59 pm

Hello Nunped,

I have tried several times to run ESET scan. Once I click start a popup window appears but nothing happens. I am using Internet Explorer.

Regards
Kaypo
kaypo
Regular Member
 
Posts: 104
Joined: October 4th, 2007, 10:08 pm

Re: Computer won't allow me to open tabs, increase volume,et

Unread postby nunped » June 26th, 2013, 2:08 pm

Hi kaypo,

No problem.
Can you get it to work with Firefox?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Computer won't allow me to open tabs, increase volume,et

Unread postby kaypo » June 26th, 2013, 10:37 pm

Hello Nunped,

I was able to download the program by installing Firefox. Please find log below as instructed.

C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z Win32/Bundled.Toolbar.Ask.B application
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll Win32/Bundled.Toolbar.Ask.B application
C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.7z Win32/Bundled.Toolbar.Ask.B application
C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll Win32/Bundled.Toolbar.Ask.B application
C:\Users\Kecia\.frostwire5\updates\frostwire-5.1.5.windows.exe multiple threats
C:\Users\Kecia\Downloads\FreeFileViewer2012Setup.exe a variant of Win32/InstallIQ.A application
C:\Windows.old\Documents and Settings\Compaq_Owner\.frostwire5\updates\frostwire-5.1.5.windows.exe multiple threats
C:\Windows.old\Documents and Settings\Compaq_Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110804101541359.rsc Java/TrojanDownloader.OpenStream.NBS trojan
C:\Windows.old\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AskToolbar\setup.exe a variant of Win32/Bundled.Toolbar.Ask application

Regards
Kaypo
kaypo
Regular Member
 
Posts: 104
Joined: October 4th, 2007, 10:08 pm

Re: Computer won't allow me to open tabs, increase volume,et

Unread postby nunped » June 27th, 2013, 6:43 am

Hi Kaypo,

We'll clean the threats found:


OTL fix
  • Right click OTL.exe and select "Run as Administrator" to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:commands
[createrestorepoint]

:files
C:\ProgramData\APN\APN-Stub\W3IV6-G
C:\Users\Kecia\Downloads\FreeFileViewer2012Setup.exe
C:\Users\Kecia\.frostwire5\updates\frostwire-5.1.5.windows.exe
C:\Windows.old\Documents and Settings\Compaq_Owner\.frostwire5\updates\frostwire-5.1.5.windows.exe
C:\Windows.old\Documents and Settings\Compaq_Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110804101541359.rsc 
C:\Windows.old\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AskToolbar

:commands
[emptytemp]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.


Any changes with your computer behaviour?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Computer won't allow me to open tabs, increase volume,et

Unread postby kaypo » June 27th, 2013, 11:00 am

Hello Nunped,

Unfortunately, that did not work. Volume is still sliding down to zero, can't click on some links on search page without page automatically going to top of page of searches, screen on monitor doesn't go into power save mode it stays up all day, and the task bar still flashing when I attempt to open current tabs whether for the internet or documents.

Please find OTL.exe log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\ProgramData\APN\APN-Stub\W3IV6-G folder moved successfully.
C:\Users\Kecia\Downloads\FreeFileViewer2012Setup.exe moved successfully.
C:\Users\Kecia\.frostwire5\updates\frostwire-5.1.5.windows.exe moved successfully.
C:\Windows.old\Documents and Settings\Compaq_Owner\.frostwire5\updates\frostwire-5.1.5.windows.exe moved successfully.
C:\Windows.old\Documents and Settings\Compaq_Owner\Application Data\AVG\Rescue\PC Tuneup 2011\110804101541359.rsc moved successfully.
C:\Windows.old\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AskToolbar\APNU folder moved successfully.
C:\Windows.old\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AskToolbar folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kecia
->Temp folder emptied: 2567226 bytes
->Temporary Internet Files folder emptied: 262110129 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16162027 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 13873 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 529992 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 268.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06272013_094522

Files\Folders moved on Reboot...
File\Folder C:\Users\Kecia\AppData\Local\Temp\OICE_DD9B29EC-5035-4454-A267-D8A07F1B9E39.0\CE943B87. not found!
File\Folder C:\Users\Kecia\AppData\Local\Temp\OICE_D690E82C-12F1-4122-A29F-4A49BD4BCA79.0\25C1C849. not found!
File\Folder C:\Users\Kecia\AppData\Local\Temp\OICE_D690E82C-12F1-4122-A29F-4A49BD4BCA79.0\43A9EAD. not found!
File\Folder C:\Users\Kecia\AppData\Local\Temp\OICE_71E7CE68-ECE3-48E9-A67B-66E9FEE8EDB8.0\5CAD7850. not found!
File\Folder C:\Users\Kecia\AppData\Local\Temp\OICE_246A163A-EB59-40B8-9DC0-B07791299CD2.0\55E6168E. not found!
File\Folder C:\Users\Kecia\AppData\Local\Temp\OICE_18E6FFC9-3195-45CC-97F0-8B0312C0B338.0\8D4BBC8. not found!
File\Folder C:\Users\Kecia\AppData\Local\Temp\OICE_13583252-AE54-4C90-9F71-EE9C231C4F6A.0\5ED711B4. not found!
File\Folder C:\Users\Kecia\AppData\Local\Temp\OICE_12CEAF00-2B71-4160-87E9-2F44D48D0B1C.0\50669869. not found!
File\Folder C:\Users\Kecia\AppData\Local\Temp\OICE_06203A69-2D59-4C41-A8A9-90AC0C26D671.0\72CDBAE2. not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
kaypo
Regular Member
 
Posts: 104
Joined: October 4th, 2007, 10:08 pm

Re: Computer won't allow me to open tabs, increase volume,et

Unread postby nunped » June 27th, 2013, 1:09 pm

Hi kaypo,

Your issues are most probably not-malware related. We cleaned everything showing in your scans, and there was nothing capable of causing the type of problems you are experiencing.
I'd like to refer you to a technical support forum like:
Tech Support Guy
Feel free to refer to this topic if malware gets mentioned during the helping process.

A few last clean-up steps:

Uninstall Programs
  1. Click on Start
  2. Copy and paste the value below, into the Start Search entry box:
    appwiz.cpl
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  3. Locate the following programs:
    Java 7 Update 21
    Adobe Reader X (10.1.7)

  4. Select the program and click on Uninstall to uninstall it.
  5. Repeat steps 3 - 4 for each program in the list.
  6. Reboot your computer after this.

Java SE Runtime Environment (JRE).
Please download from HERE
  • Find Java SE 7u25.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Update Adobe Reader
  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (11.0.03).
  • Note: Uncheck install McAfee Security Scan Plus


OTL-Cleanup
You should still have this on your desktop, if so, please ignore the download instructions.
Please download OTL Save it to your Desktop.
  1. Double click on OTL.exe to run it.
    Vista-W7 users: Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal... please select OK to reboot your computer.
If you did not reboot your computer normally, please do so now, before continuing.

Update your Antivirus programs and other programs regularly. This is one good way to avoid new threats. The following websites can be used to check if you need any update.
Secunia Personal Software Inspector
F-secure Health Check
FileHippo.com Update Checker - © Copyright FileHippo.com

Some free programs that can improve your computer security:
Malwarebytes Anti-malware
This is a great anti-malware application that can remove a good percentage of infections. You should run a scan with it at least once week, after you download the latest updates.
You can find information and Download it from HERE

SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

Stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

Please reply to this post so I know you have read it. If you don't have any further questions this thread will be closed.

Safe surfing! ;)
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware