Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Computer Google Redirect to 63.209.69.107


  • This topic is locked This topic is locked
20 replies to this topic

#1 JMo_0812

JMo_0812

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 02 July 2012 - 04:51 PM

Got infected with a google redirect, its redirect my searches to IP address: 63.209.69.107
I've done Full Scans with Malwarebytes, AVG, and TDSSkiller and nothing is being found.
I'm normally a FireFox user, but I also got random commercial ads being opened through Internet Explorer without a window popping up but can hear the sound.
DDS log below...

Thanks in advanced for the help,
Jon

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by JMo at 16:41:43 on 2012-07-02
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16367.13166 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Ventrilo\Ventrilo.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\sppsvc.exe
C:\Users\JMo\Downloads\aswMBR.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://tera.hangame.com/common/activex/HanSetup1040.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{38B3E089-4412-46E5-BD19-6A207C7CC123} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8EB23FAC-8C4A-4359-9DCE-2B3FEDA4DFEC} : DhcpNameServer = 7.254.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JMo\AppData\Roaming\Mozilla\Firefox\Profiles\4z6t1h3w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|hotmail.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=616163&p=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-6-13 5161080]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-17 8704]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-2-1 214896]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-28 2358656]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-12 116648]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 AVP;AVP;"C:\Users\JMo\AppData\Local\Temp\MRI_TEMP\Kaspersky Antivirus\AVP\Scanner\AVP.exe" -r --> C:\Users\JMo\AppData\Local\Temp\MRI_TEMP\Kaspersky Antivirus\AVP\Scanner\AVP.exe [?]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-12 116648]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys --> C:\Windows\system32\DRIVERS\motodrv.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys --> C:\Windows\system32\DRIVERS\motport.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 113120]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-4-7 736104]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem [2012-2-19 670816]
.
=============== Created Last 30 ================
.
2012-07-02 20:57:57 -------- d-----w- C:\Users\JMo\AppData\Local\{AF792520-62AB-4132-A7E3-C758F69906B8}
2012-07-02 20:57:45 -------- d-----w- C:\Users\JMo\AppData\Local\{7A47F76E-B5CC-4B19-AA06-42690E860310}
2012-07-01 18:50:02 -------- d-----w- C:\Program Files (x86)\Overwolf
2012-07-01 18:47:45 -------- d-----w- C:\Users\JMo\AppData\Local\Overwolf
2012-07-01 18:41:01 -------- d-----w- C:\Program Files (x86)\WEBZEN
2012-07-01 17:42:07 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-01 17:26:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-01 17:00:27 -------- d-----w- C:\Users\JMo\AppData\Local\{0181FE0B-8210-454C-800C-A07C63EB56AB}
2012-07-01 17:00:16 -------- d-----w- C:\Users\JMo\AppData\Local\{3004B1F8-4F51-4BA3-9023-2C2D584ACB4E}
2012-06-30 05:48:54 98816 ----a-w- C:\Windows\sed.exe
2012-06-30 05:48:54 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-30 05:48:54 256000 ----a-w- C:\Windows\PEV.exe
2012-06-30 05:48:54 208896 ----a-w- C:\Windows\MBR.exe
2012-06-30 05:27:59 -------- d-----w- C:\Program Files\HitmanPro
2012-06-30 05:27:52 -------- d-----w- C:\ProgramData\HitmanPro
2012-06-30 05:05:00 -------- d-----w- C:\Users\JMo\AppData\Local\{E2925BFC-2B15-46FA-92BC-F84EFBF4F89A}
2012-06-30 05:04:48 -------- d-----w- C:\Users\JMo\AppData\Local\{06134409-A26E-4946-B770-AEB7E24C97F9}
2012-06-29 17:10:47 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-06-29 17:10:45 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-06-29 17:04:22 -------- d-----w- C:\Users\JMo\AppData\Local\{A53D5DAA-9097-443E-AC02-84FC0E9EAA3D}
2012-06-29 17:04:10 -------- d-----w- C:\Users\JMo\AppData\Local\{C5CAD3BE-5383-4078-ABFB-80DB97B6249E}
2012-06-28 13:35:58 -------- d-----w- C:\Users\JMo\AppData\Local\{AEB8C5EC-EA8D-4C64-A24B-18DEBAAF9701}
2012-06-28 13:35:47 -------- d-----w- C:\Users\JMo\AppData\Local\{3490ABDD-585B-4DE7-914C-A529C0C2FDE1}
2012-06-28 01:35:35 -------- d-----w- C:\Users\JMo\AppData\Local\{492CBA2B-7B99-477B-9B03-242B6A6F031B}
2012-06-28 01:35:24 -------- d-----w- C:\Users\JMo\AppData\Local\{86D7CE81-634B-4842-A920-8853497B6D66}
2012-06-27 13:35:11 -------- d-----w- C:\Users\JMo\AppData\Local\{D4DCE21A-A2FE-4575-9A9E-ADAE008B2F87}
2012-06-27 13:35:00 -------- d-----w- C:\Users\JMo\AppData\Local\{CA32BC9C-8DDB-4FEC-8D70-0930FA56AC2A}
2012-06-27 01:34:48 -------- d-----w- C:\Users\JMo\AppData\Local\{E94DD567-EE80-4BDB-BC67-1855238AF170}
2012-06-27 01:34:37 -------- d-----w- C:\Users\JMo\AppData\Local\{CC82B9DF-DD7B-4B39-9E54-242BCF60BD39}
2012-06-26 13:34:24 -------- d-----w- C:\Users\JMo\AppData\Local\{F51C0D7F-A9C5-4403-B299-A3E56B35F2AF}
2012-06-26 13:34:13 -------- d-----w- C:\Users\JMo\AppData\Local\{36520C43-D865-4465-B460-C92CD4911EA6}
2012-06-26 01:34:01 -------- d-----w- C:\Users\JMo\AppData\Local\{D135B335-DD6E-4A9B-87DD-BAA3496632AC}
2012-06-26 01:33:50 -------- d-----w- C:\Users\JMo\AppData\Local\{A5D8EBB8-ACB3-44BE-9D19-D2D3DEDB58F8}
2012-06-25 13:33:38 -------- d-----w- C:\Users\JMo\AppData\Local\{32B61E3D-86D8-4931-8B43-47C1213B05CF}
2012-06-25 13:33:26 -------- d-----w- C:\Users\JMo\AppData\Local\{3EDD7826-487E-45B1-AA17-027BFE4D3235}
2012-06-25 01:33:12 -------- d-----w- C:\Users\JMo\AppData\Local\{A436F2A7-4528-4CCC-B7AE-00940AECEC9E}
2012-06-25 01:32:58 -------- d-----w- C:\Users\JMo\AppData\Local\{0BD22AB6-2864-41FA-A96B-3771401309F4}
2012-06-24 03:25:15 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-24 03:25:15 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-24 02:49:44 -------- d-----w- C:\Users\JMo\AppData\Roaming\Ubisoft
2012-06-23 19:30:43 -------- d-----w- C:\Users\JMo\AppData\Local\{1F9CCB8C-E2DC-4B6C-B3E1-1720E19B61ED}
2012-06-23 19:30:25 -------- d-----w- C:\Users\JMo\AppData\Local\{E030F69F-E903-4DBC-8C9E-2CA12B498210}
2012-06-23 07:30:07 -------- d-----w- C:\Users\JMo\AppData\Local\{CEAC258C-53F8-4EDE-A72F-36013DF9E58D}
2012-06-23 07:29:53 -------- d-----w- C:\Users\JMo\AppData\Local\{159DE48D-3F75-4727-A09D-7C7E2E3488B3}
2012-06-22 19:29:37 -------- d-----w- C:\Users\JMo\AppData\Local\{52336716-7029-4698-BCC1-D785998B7484}
2012-06-22 19:29:19 -------- d-----w- C:\Users\JMo\AppData\Local\{8D85FF14-ACF7-4250-82A3-47B5A234542E}
2012-06-22 16:45:36 40960 ----a-w- C:\Windows\SysWow64\eax.dll
2012-06-22 16:45:36 -------- d-----w- C:\Program Files (x86)\Creative Labs
2012-06-22 16:44:59 -------- d-----w- C:\Program Files (x86)\Square Soft, Inc
2012-06-22 16:44:14 306688 ----a-w- C:\Windows\IsUninst.exe
2012-06-22 07:29:07 -------- d-----w- C:\Users\JMo\AppData\Local\{798C6710-7F1B-4110-8123-DCB55C37C45A}
2012-06-22 07:28:56 -------- d-----w- C:\Users\JMo\AppData\Local\{686470D1-4E85-42AB-BD16-2FD7EC3972CB}
2012-06-21 19:28:44 -------- d-----w- C:\Users\JMo\AppData\Local\{527E6135-0ECB-4724-9782-AC7D30A46DD8}
2012-06-21 19:28:26 -------- d-----w- C:\Users\JMo\AppData\Local\{8989E4E6-9D45-4C26-BBEE-3B9086257A4E}
2012-06-21 08:37:14 3166792 ------w- C:\Windows\SysWow64\pbsvc.exe
2012-06-21 07:28:08 -------- d-----w- C:\Users\JMo\AppData\Local\{D04C03E1-3D6D-4693-9B9B-AA3E37D64441}
2012-06-21 07:27:57 -------- d-----w- C:\Users\JMo\AppData\Local\{76836989-B08B-4A1D-A4ED-819299961FDE}
2012-06-20 19:27:45 -------- d-----w- C:\Users\JMo\AppData\Local\{9CEA3838-798B-4B21-9D7A-D84E337D8AF7}
2012-06-20 19:27:30 -------- d-----w- C:\Users\JMo\AppData\Local\{497FA7B0-12FF-49EF-81C6-2B927EC3E23C}
2012-06-20 07:27:15 -------- d-----w- C:\Users\JMo\AppData\Local\{BA80C99D-F1DB-4661-B0ED-B1927F593649}
2012-06-20 07:26:49 -------- d-----w- C:\Users\JMo\AppData\Local\{F42E680C-A2D3-4736-86E0-1EDC73A4587D}
2012-06-19 19:26:37 -------- d-----w- C:\Users\JMo\AppData\Local\{2D6CDF1A-2118-4078-A2E2-69CFC97FD0BF}
2012-06-19 19:26:26 -------- d-----w- C:\Users\JMo\AppData\Local\{39CD0D6B-9CAD-4965-BA80-319F07621376}
2012-06-19 07:25:58 -------- d-----w- C:\Users\JMo\AppData\Local\{D2B96489-49DA-4F44-AC8F-75FBC7BBF00E}
2012-06-19 07:25:44 -------- d-----w- C:\Users\JMo\AppData\Local\{572CEF0C-6D1C-4EAF-9A86-87027A8DB175}
2012-06-18 19:25:31 -------- d-----w- C:\Users\JMo\AppData\Local\{B537B2AA-BAB7-41E9-A775-FA9A217DB73C}
2012-06-18 07:25:19 -------- d-----w- C:\Users\JMo\AppData\Local\{952DAB76-CE80-4C66-9B6B-110CF3A85F41}
2012-06-17 19:46:45 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios
2012-06-17 19:25:07 -------- d-----w- C:\Users\JMo\AppData\Local\{ACC37D83-50FF-4CD7-B3E2-169077922DB6}
2012-06-17 07:24:40 -------- d-----w- C:\Users\JMo\AppData\Local\{D092CBDE-1EAB-4A84-A6EF-F8AFE3DAD3D9}
2012-06-16 19:24:19 -------- d-----w- C:\Users\JMo\AppData\Local\{BCF6173C-5670-4143-A031-3F952E08318B}
2012-06-16 07:23:55 -------- d-----w- C:\Users\JMo\AppData\Local\{B0D82F47-844B-40D1-B6E9-886C3DB5C3E1}
2012-06-16 03:50:09 -------- d-----w- C:\Program Files (x86)\Guild Wars 2
2012-06-15 19:23:37 -------- d-----w- C:\Users\JMo\AppData\Local\{B4B9A871-D5D9-4CDB-8AA8-CA261B2C7922}
2012-06-15 07:23:18 -------- d-----w- C:\Users\JMo\AppData\Local\{6123FF99-4D6F-4826-ADD9-70A055F29C54}
2012-06-14 19:23:06 -------- d-----w- C:\Users\JMo\AppData\Local\{318A70FB-D0BB-4C08-B620-1260D485C5B2}
2012-06-14 19:22:55 -------- d-----w- C:\Users\JMo\AppData\Local\{2EEAA83C-5D71-4869-80CD-0BF5C97F51F8}
2012-06-14 07:22:43 -------- d-----w- C:\Users\JMo\AppData\Local\{E5B2A53A-8090-471A-951D-FAF919907791}
2012-06-14 07:22:31 -------- d-----w- C:\Users\JMo\AppData\Local\{D31A0DA5-74AF-4FB2-A59A-E530D3151038}
2012-06-13 19:22:19 -------- d-----w- C:\Users\JMo\AppData\Local\{78AE248F-29B0-4A57-AC48-BF53471DC112}
2012-06-13 19:22:08 -------- d-----w- C:\Users\JMo\AppData\Local\{AEF00B8C-69BF-46D6-AF90-11C2D6D1B826}
2012-06-13 07:21:55 -------- d-----w- C:\Users\JMo\AppData\Local\{8D2A8CC3-9AD5-4FF2-AEAE-25EAC3067045}
2012-06-13 07:21:44 -------- d-----w- C:\Users\JMo\AppData\Local\{8CDB0F22-065D-46FA-A3FB-39AA516ABE1D}
2012-06-12 19:21:19 -------- d-----w- C:\Users\JMo\AppData\Local\{FF2FE9F7-A085-474C-A8FF-9ED8082EBC19}
2012-06-12 19:21:07 -------- d-----w- C:\Users\JMo\AppData\Local\{F13A850D-4BC9-4C1F-AA1E-127982B2B365}
2012-06-12 07:20:55 -------- d-----w- C:\Users\JMo\AppData\Local\{5827275C-7401-472B-AAF0-53030B02C61B}
2012-06-12 07:20:43 -------- d-----w- C:\Users\JMo\AppData\Local\{B5617A08-9BDE-4AA4-ADB8-2C3543A6CA81}
2012-06-11 19:20:24 -------- d-----w- C:\Users\JMo\AppData\Local\{F0F5EB17-C6E4-429E-AD6F-815B494EBF8B}
2012-06-11 19:20:06 -------- d-----w- C:\Users\JMo\AppData\Local\{E7B8FCFE-98DF-491B-8D39-0CFFC1A813C8}
2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-06-11 18:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-06-11 18:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-06-11 18:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-06-11 18:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-06-11 18:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-06-11 18:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll
2012-06-11 18:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll
2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll
2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe
2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll
2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-06-11 07:19:54 -------- d-----w- C:\Users\JMo\AppData\Local\{837BEB43-16A0-43A2-B4D8-84FA5C33C178}
2012-06-11 07:19:43 -------- d-----w- C:\Users\JMo\AppData\Local\{2B42CAEC-736D-4EA9-826A-BB4385F13DAC}
2012-06-10 19:19:24 -------- d-----w- C:\Users\JMo\AppData\Local\{5F2CC334-1724-43B1-87BB-074FB586E201}
2012-06-10 19:19:06 -------- d-----w- C:\Users\JMo\AppData\Local\{A7E417DD-A6FF-47D1-B82E-F6C366CF9682}
2012-06-10 07:18:51 -------- d-----w- C:\Users\JMo\AppData\Local\{45D18F5A-F0AE-43D8-9415-A8E5198EB3D8}
2012-06-10 07:18:39 -------- d-----w- C:\Users\JMo\AppData\Local\{1B7D4C28-4CCD-4E2E-9121-E948E0685421}
2012-06-09 19:18:20 -------- d-----w- C:\Users\JMo\AppData\Local\{B947B478-AF34-49CA-BC81-AE86DA5E0308}
2012-06-09 19:18:05 -------- d-----w- C:\Users\JMo\AppData\Local\{F9446DA4-4C5D-4A57-9159-097CDC6DC45C}
2012-06-09 07:17:53 -------- d-----w- C:\Users\JMo\AppData\Local\{05C77F65-3D7E-418E-824B-762DF54E906D}
2012-06-09 07:17:41 -------- d-----w- C:\Users\JMo\AppData\Local\{390101E4-F18F-4106-B82B-BC93D1F0328A}
2012-06-09 05:36:27 -------- d-----w- C:\Users\JMo\AppData\Local\SKIDROW
2012-06-08 19:17:16 -------- d-----w- C:\Users\JMo\AppData\Local\{E6D19FBB-8581-49EC-8106-10BA520ACAB2}
2012-06-08 19:17:02 -------- d-----w- C:\Users\JMo\AppData\Local\{5FF4D22C-CC28-48F1-87D9-42AA89AB4B4A}
2012-06-08 07:16:37 -------- d-----w- C:\Users\JMo\AppData\Local\{699FD645-461E-47F4-8CE9-600E08621E3E}
2012-06-07 19:16:13 -------- d-----w- C:\Users\JMo\AppData\Local\{42352C3B-C5B7-4BBE-A326-D87247EEBA34}
2012-06-07 19:16:01 -------- d-----w- C:\Users\JMo\AppData\Local\{524E4368-C6D1-4CBA-BB64-AC9285EC9859}
2012-06-07 00:19:34 -------- d-----w- C:\Fraps
2012-06-06 19:04:45 -------- d-----w- C:\Users\JMo\AppData\Local\LogiShrd
2012-06-06 19:04:39 53248 ----a-r- C:\Users\JMo\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-06-06 19:04:30 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-06-06 19:03:22 -------- d-----w- C:\Users\JMo\AppData\Roaming\Logishrd
2012-06-06 18:59:30 -------- d-----w- C:\Users\JMo\AppData\Local\{DF68FFAF-6FE0-447D-8993-524F388C7CB3}
2012-06-06 18:59:08 -------- d-----w- C:\Users\JMo\AppData\Local\{6B59F967-71D6-464D-BCE5-F2DA34F63FC5}
2012-06-06 02:31:22 -------- d-----w- C:\Users\JMo\AppData\Local\{DDE0D9A0-3CA0-451E-86F6-88BC29677F4D}
2012-06-05 20:17:39 -------- d-----w- C:\ProgramData\Rockstar Games
2012-06-05 20:17:39 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2012-06-05 14:30:58 -------- d-----w- C:\Users\JMo\AppData\Local\{53313F3F-E7E9-4CA0-9B45-D3EB97E6A35A}
2012-06-05 02:30:34 -------- d-----w- C:\Users\JMo\AppData\Local\{FDFC5287-1087-4CE3-94A3-51498257C0A8}
2012-06-04 19:37:39 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-04 19:37:17 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-04 19:37:16 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-04 14:30:09 -------- d-----w- C:\Users\JMo\AppData\Local\{8B8CAA78-EAD8-4D9E-813B-6485985555D6}
2012-06-04 02:29:46 -------- d-----w- C:\Users\JMo\AppData\Local\{A840585E-3825-4FF0-8CE1-D5BEFE65846E}
2012-06-03 14:29:17 -------- d-----w- C:\Users\JMo\AppData\Local\{A9A9FBC0-CAFE-4821-899F-153BE5F8D37C}
2012-06-03 14:29:01 -------- d-----w- C:\Users\JMo\AppData\Local\{BA26F82B-8F4E-4728-AF8F-918B84B82F2D}
2012-06-03 00:30:19 -------- d-----w- C:\Users\JMo\AppData\Local\{132B5F14-DA46-4439-8BD5-46B04CD979B1}
.
==================== Find3M ====================
.
2012-07-02 02:13:02 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-02 02:13:02 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-01 19:01:09 670816 ----a-w- C:\Windows\SysWow64\xsherlock.xem
2012-06-30 13:50:25 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-24 02:59:12 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll
2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll
2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-05-30 06:29:18 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2012-05-30 06:29:14 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2012-05-10 21:35:16 43520 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-05-10 21:35:16 29184 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2012-05-06 14:07:45 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 14:07:45 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-19 09:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 16:42:02.25 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 02 July 2012 - 11:35 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 JMo_0812

JMo_0812
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 03 July 2012 - 12:03 PM

No problems running either scan. Google still redirecting. No internet explorer processes opening.
Logs from Security check and combofix below:

ga Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.1.0
Java™ 7 Update 4
Java version out of Date!
Adobe Flash Player 11.2.202.235 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````








ComboFix 12-07-02.01 - JMo 07/03/2012 11:47:07.3.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16367.13391 [GMT -5:00]
Running from: c:\users\JMo\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-03 16:49 . 2012-07-03 16:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-01 18:50 . 2012-07-02 00:01 -------- d-----w- c:\program files (x86)\Overwolf
2012-07-01 18:47 . 2012-07-02 00:00 -------- d-----w- c:\users\JMo\AppData\Local\Overwolf
2012-07-01 18:41 . 2012-07-02 00:01 -------- d-----w- c:\program files (x86)\WEBZEN
2012-07-01 17:26 . 2012-07-01 17:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-30 05:27 . 2012-06-30 05:27 -------- d-----w- c:\program files\HitmanPro
2012-06-30 05:27 . 2012-06-30 05:29 -------- d-----w- c:\programdata\HitmanPro
2012-06-29 17:10 . 2012-06-29 17:10 -------- d-----w- c:\programdata\ATI
2012-06-29 17:10 . 2012-06-29 17:10 -------- d-----w- c:\program files (x86)\AMD AVT
2012-06-29 17:10 . 2012-06-29 17:10 -------- d-----w- c:\program files (x86)\AMD APP
2012-06-26 01:46 . 2012-06-26 01:46 -------- d-----w- c:\windows\Sun
2012-06-24 03:25 . 2012-06-24 03:25 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-24 03:25 . 2012-06-24 03:25 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-24 02:49 . 2012-06-24 02:49 -------- d-----w- c:\users\JMo\AppData\Roaming\Ubisoft
2012-06-24 02:45 . 2012-06-24 02:57 -------- d-----w- c:\program files (x86)\Ubisoft
2012-06-22 16:45 . 2012-06-22 16:45 -------- d-----w- c:\program files (x86)\Creative Labs
2012-06-22 16:45 . 1999-07-06 19:13 40960 ----a-w- c:\windows\SysWow64\eax.dll
2012-06-22 16:44 . 2012-06-22 16:44 -------- d-----w- c:\program files (x86)\Square Soft, Inc
2012-06-22 16:44 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-06-21 08:37 . 2012-06-21 08:37 3166792 ------w- c:\windows\SysWow64\pbsvc.exe
2012-06-17 19:46 . 2012-06-26 20:25 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
2012-06-16 03:50 . 2012-07-02 02:09 -------- d-----w- c:\program files (x86)\Guild Wars 2
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:50 . 2012-06-11 18:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 18:50 . 2012-06-11 18:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 18:50 . 2012-06-11 18:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 18:50 . 2012-06-11 18:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 18:50 . 2012-06-11 18:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 18:50 . 2012-06-11 18:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 18:49 . 2012-06-11 18:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-09 05:36 . 2012-06-09 05:36 -------- d-----w- c:\users\JMo\AppData\Local\SKIDROW
2012-06-07 00:19 . 2012-06-07 00:19 -------- d-----w- C:\Fraps
2012-06-06 19:04 . 2012-06-06 19:04 -------- d-----w- c:\users\JMo\AppData\Local\LogiShrd
2012-06-06 19:04 . 2012-06-06 19:04 -------- d-----w- c:\users\JMo\AppData\Roaming\Leadertech
2012-06-06 19:04 . 2012-06-06 19:04 53248 ----a-r- c:\users\JMo\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-06-06 19:04 . 2012-06-06 19:04 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-06-06 19:04 . 2012-06-17 15:08 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-06-06 19:03 . 2012-06-06 19:04 -------- d-----w- c:\programdata\Logishrd
2012-06-06 19:03 . 2012-06-06 19:03 -------- d-----w- c:\program files\Logitech
2012-06-06 19:03 . 2012-06-06 19:04 -------- d-----w- c:\program files\Common Files\Logishrd
2012-06-06 19:03 . 2012-06-06 19:04 -------- d-----w- c:\users\JMo\AppData\Roaming\Logitech
2012-06-06 19:03 . 2012-06-06 19:03 -------- d-----w- c:\users\JMo\AppData\Roaming\Logishrd
2012-06-05 20:17 . 2012-06-05 20:47 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-06-05 20:17 . 2012-06-05 20:17 -------- d-----w- c:\programdata\Rockstar Games
2012-06-04 19:37 . 2012-06-04 19:37 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-04 19:37 . 2012-06-04 19:37 -------- d-----w- c:\program files (x86)\Oracle
2012-06-04 19:37 . 2012-04-04 23:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-04 19:37 . 2012-04-04 23:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-04 19:37 . 2012-06-04 19:37 -------- d-----w- c:\program files (x86)\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-02 02:13 . 2011-11-25 16:07 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-02 02:13 . 2011-11-23 21:05 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-01 19:01 . 2012-02-19 18:02 670816 ----a-w- c:\windows\SysWow64\xsherlock.xem
2012-06-30 13:50 . 2011-11-23 21:05 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-24 02:59 . 2011-11-23 21:05 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-06-11 17:24 . 2011-10-26 02:05 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2011-10-26 02:04 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:16 . 2011-10-26 01:55 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2011-10-26 01:46 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:45 . 2011-11-10 02:33 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:43 . 2011-11-10 02:29 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:25 . 2011-10-26 01:21 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2011-10-26 01:21 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:24 . 2011-10-26 01:20 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-05-30 06:29 . 2012-05-30 06:29 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-05-30 06:29 . 2012-05-30 06:29 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-05-10 21:35 . 2012-05-10 21:35 43520 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-05-10 21:35 . 2012-05-10 21:35 29184 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-05-06 14:07 . 2012-04-15 01:41 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 14:07 . 2011-11-21 20:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-04 20:56 . 2011-11-21 20:07 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-11-21 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-11-21 . 4B5CA6D987A545C093CAF4CD5A360BD4 . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-06-30_05.53.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-02 20:33 44340 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-06-30 05:21 33354 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-02 20:33 33354 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-21 11:20 . 2012-07-02 20:33 10290 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2845292073-1220794304-876079315-1000_UserData.bin
- 2011-11-21 07:47 . 2012-06-30 05:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-21 07:47 . 2012-07-02 01:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-21 07:47 . 2012-06-30 05:21 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-21 07:47 . 2012-07-02 01:03 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-02 01:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-30 05:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-07-03 16:50 99272 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-07-03 16:51 . 2012-07-03 16:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-30 05:53 . 2012-06-30 05:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-03 16:51 . 2012-07-03 16:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-30 05:53 . 2012-06-30 05:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-07-03 16:50 470756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-30 05:25 470756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-11-27 07:30 . 2012-06-30 05:25 1569112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-27 07:30 . 2012-07-03 16:50 1569112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-06-29 18:12 . 2012-06-29 18:12 1694712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-06-29 18:12 . 2012-07-02 02:34 1694712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-07-02 20:37 . 2012-07-02 20:37 8451584 c:\windows\Installer\6506a.msi
+ 2011-11-21 20:14 . 2012-07-03 16:50 12367028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2845292073-1220794304-876079315-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-11-23 270128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-22 233984]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SASDIFSV;SASDIFSV;c:\users\JMo\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\JMo\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-13 116648]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-02-18 82112]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-13 116648]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-01-25 22016]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 53632]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-01-25 27136]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2012-01-25 30720]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-02-18 202560]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-06-01 736104]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-21 1255736]
R3 X6va006;X6va006;c:\users\JMo\AppData\Local\Temp\0068751.tmp [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-11 21104]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-23 279616]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-06-13 5161080]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-06-24 8704]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-03-07 40832]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-03-07 65280]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2010-09-08 28928]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-13 01:07]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-13 01:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.0.1
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://tera.hangame.com/common/activex/HanSetup1040.cab
FF - ProfilePath - c:\users\JMo\AppData\Roaming\Mozilla\Firefox\Profiles\4z6t1h3w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|hotmail.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=616163&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Overwolf - c:\program files (x86)\Overwolf\Overwolf.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\JMo\AppData\Local\Temp\0068751.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:5d,28,ad,bf,19,56,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,72,fe,66,c0,09,5c,d8,40,ac,5a,95,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,72,fe,66,c0,09,5c,d8,40,ac,5a,95,\
.
[HKEY_USERS\S-1-5-21-2845292073-1220794304-876079315-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:98,f5,64,0a,c0,94,61,b1,43,8c,18,09,b6,e7,2a,d5,52,52,12,d7,9d,9f,45,
98,27,71,4c,46,7f,a8,62,d0,d7,6e,01,7b,5d,af,fe,2e,71,2e,7b,22,d5,78,9b,03,\
"??"=hex:d2,8a,3d,7f,d6,ee,ff,ab,38,51,7b,8c,dc,d7,d2,0c
.
[HKEY_USERS\S-1-5-21-2845292073-1220794304-876079315-1000\Software\SecuROM\License information*]
"datasecu"=hex:60,98,90,02,71,f0,e8,43,40,7a,92,f7,f7,c8,e7,8b,0b,6d,af,d9,d5,
a3,7f,bf,46,18,be,86,bf,76,38,1a,da,26,cc,ba,59,fb,ef,3d,0f,a4,9b,a2,d4,41,\
"rkeysecu"=hex:06,ab,0e,1f,ab,7f,8f,e6,b9,69,cf,6d,90,e1,b6,0c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Razer\Razer Lycosa\razertra.exe
.
**************************************************************************
.
Completion time: 2012-07-03 11:55:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-03 16:55
ComboFix2.txt 2012-07-01 17:46
ComboFix3.txt 2012-06-30 05:58
.
Pre-Run: 118,346,887,168 bytes free
Post-Run: 118,584,053,760 bytes free
.
- - End Of File - - 6BC9DE55DF76BED463E2FFBCAFBF207D

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 03 July 2012 - 01:02 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 JMo_0812

JMo_0812
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 03 July 2012 - 01:46 PM

EDIT: Still being redirected


13:31:26.0704 7092 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
13:31:27.0196 7092 ============================================================
13:31:27.0196 7092 Current date / time: 2012/07/03 13:31:27.0196
13:31:27.0196 7092 SystemInfo:
13:31:27.0196 7092
13:31:27.0196 7092 OS Version: 6.1.7601 ServicePack: 1.0
13:31:27.0196 7092 Product type: Workstation
13:31:27.0196 7092 ComputerName: JMO-PC
13:31:27.0196 7092 UserName: JMo
13:31:27.0196 7092 Windows directory: C:\Windows
13:31:27.0196 7092 System windows directory: C:\Windows
13:31:27.0196 7092 Running under WOW64
13:31:27.0196 7092 Processor architecture: Intel x64
13:31:27.0196 7092 Number of processors: 8
13:31:27.0196 7092 Page size: 0x1000
13:31:27.0196 7092 Boot type: Normal boot
13:31:27.0196 7092 ============================================================
13:31:27.0908 7092 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
13:31:27.0914 7092 ============================================================
13:31:27.0914 7092 \Device\Harddisk0\DR0:
13:31:27.0914 7092 MBR partitions:
13:31:27.0914 7092 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:31:27.0914 7092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6176000
13:31:27.0914 7092 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61A8800, BlocksNum 0x341DD000
13:31:27.0914 7092 ============================================================
13:31:27.0944 7092 C: <-> \Device\Harddisk0\DR0\Partition2
13:31:27.0958 7092 D: <-> \Device\Harddisk0\DR0\Partition1
13:31:27.0959 7092 ============================================================
13:31:27.0959 7092 Initialize success
13:31:27.0959 7092 ============================================================
13:31:29.0356 5640 ============================================================
13:31:29.0356 5640 Scan started
13:31:29.0356 5640 Mode: Manual;
13:31:29.0357 5640 ============================================================
13:31:30.0206 5640 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
13:31:30.0209 5640 1394ohci - ok
13:31:30.0235 5640 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:31:30.0239 5640 ACPI - ok
13:31:30.0253 5640 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:31:30.0254 5640 AcpiPmi - ok
13:31:30.0294 5640 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:31:30.0305 5640 adp94xx - ok
13:31:30.0332 5640 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:31:30.0338 5640 adpahci - ok
13:31:30.0357 5640 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:31:30.0359 5640 adpu320 - ok
13:31:30.0388 5640 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:31:30.0389 5640 AeLookupSvc - ok
13:31:30.0433 5640 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
13:31:30.0436 5640 AFD - ok
13:31:30.0447 5640 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:31:30.0448 5640 agp440 - ok
13:31:30.0471 5640 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:31:30.0472 5640 ALG - ok
13:31:30.0479 5640 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:31:30.0480 5640 aliide - ok
13:31:30.0510 5640 AMD External Events Utility (9c616ba191b80f5cd1a1b9553e107100) C:\Windows\system32\atiesrxx.exe
13:31:30.0512 5640 AMD External Events Utility - ok
13:31:30.0519 5640 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:31:30.0520 5640 amdide - ok
13:31:30.0534 5640 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:31:30.0535 5640 AmdK8 - ok
13:31:30.0865 5640 amdkmdag (5165e83751b8ff40e5e4925996fcc506) C:\Windows\system32\DRIVERS\atikmdag.sys
13:31:30.0903 5640 amdkmdag - ok
13:31:30.0999 5640 amdkmdap (86ab3cf484260c4318f3a6e8b035f422) C:\Windows\system32\DRIVERS\atikmpag.sys
13:31:31.0001 5640 amdkmdap - ok
13:31:31.0006 5640 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:31:31.0007 5640 AmdPPM - ok
13:31:31.0029 5640 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
13:31:31.0031 5640 amdsata - ok
13:31:31.0063 5640 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:31:31.0065 5640 amdsbs - ok
13:31:31.0073 5640 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
13:31:31.0074 5640 amdxata - ok
13:31:31.0098 5640 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:31:31.0100 5640 AppID - ok
13:31:31.0128 5640 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:31:31.0129 5640 AppIDSvc - ok
13:31:31.0146 5640 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:31:31.0146 5640 Appinfo - ok
13:31:31.0187 5640 AppleCharger (6be11ad81d4527d299f0cb5f3731aabc) C:\Windows\system32\DRIVERS\AppleCharger.sys
13:31:31.0187 5640 AppleCharger - ok
13:31:31.0195 5640 AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\Windows\system32\AppleChargerSrv.exe
13:31:31.0196 5640 AppleChargerSrv - ok
13:31:31.0233 5640 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:31:31.0235 5640 AppMgmt - ok
13:31:31.0248 5640 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:31:31.0250 5640 arc - ok
13:31:31.0260 5640 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:31:31.0262 5640 arcsas - ok
13:31:31.0366 5640 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:31:31.0367 5640 aspnet_state - ok
13:31:31.0391 5640 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:31:31.0392 5640 AsyncMac - ok
13:31:31.0414 5640 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:31:31.0415 5640 atapi - ok
13:31:31.0470 5640 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
13:31:31.0472 5640 AtiHDAudioService - ok
13:31:31.0532 5640 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:31:31.0536 5640 AudioEndpointBuilder - ok
13:31:31.0542 5640 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:31:31.0546 5640 AudioSrv - ok
13:31:31.0789 5640 AVGIDSAgent (55893fff154ffd7c29919d2b9218210c) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
13:31:31.0808 5640 AVGIDSAgent - ok
13:31:31.0921 5640 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
13:31:31.0923 5640 AVGIDSDriver - ok
13:31:31.0954 5640 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
13:31:31.0955 5640 AVGIDSFilter - ok
13:31:32.0001 5640 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
13:31:32.0002 5640 AVGIDSHA - ok
13:31:32.0041 5640 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
13:31:32.0044 5640 Avgldx64 - ok
13:31:32.0062 5640 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
13:31:32.0063 5640 Avgmfx64 - ok
13:31:32.0097 5640 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
13:31:32.0098 5640 Avgrkx64 - ok
13:31:32.0151 5640 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
13:31:32.0154 5640 Avgtdia - ok
13:31:32.0246 5640 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
13:31:32.0248 5640 avgwd - ok
13:31:32.0311 5640 AVP - ok
13:31:32.0351 5640 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:31:32.0352 5640 AxInstSV - ok
13:31:32.0398 5640 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:31:32.0409 5640 b06bdrv - ok
13:31:32.0447 5640 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:31:32.0455 5640 b57nd60a - ok
13:31:32.0478 5640 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:31:32.0479 5640 BDESVC - ok
13:31:32.0494 5640 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:31:32.0495 5640 Beep - ok
13:31:32.0544 5640 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:31:32.0557 5640 BFE - ok
13:31:32.0617 5640 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
13:31:32.0623 5640 BITS - ok
13:31:32.0671 5640 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:31:32.0672 5640 blbdrive - ok
13:31:32.0696 5640 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
13:31:32.0697 5640 bowser - ok
13:31:32.0717 5640 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:31:32.0719 5640 BrFiltLo - ok
13:31:32.0725 5640 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:31:32.0726 5640 BrFiltUp - ok
13:31:32.0750 5640 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:31:32.0751 5640 BridgeMP - ok
13:31:32.0786 5640 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:31:32.0788 5640 Browser - ok
13:31:32.0812 5640 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:31:32.0815 5640 Brserid - ok
13:31:32.0819 5640 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:31:32.0820 5640 BrSerWdm - ok
13:31:32.0827 5640 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:31:32.0829 5640 BrUsbMdm - ok
13:31:32.0831 5640 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:31:32.0832 5640 BrUsbSer - ok
13:31:32.0859 5640 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
13:31:32.0860 5640 BTCFilterService - ok
13:31:32.0864 5640 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:31:32.0865 5640 BTHMODEM - ok
13:31:32.0883 5640 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:31:32.0884 5640 bthserv - ok
13:31:32.0901 5640 catchme - ok
13:31:32.0919 5640 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:31:32.0921 5640 cdfs - ok
13:31:32.0950 5640 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:31:32.0952 5640 cdrom - ok
13:31:32.0977 5640 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:31:32.0978 5640 CertPropSvc - ok
13:31:32.0997 5640 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:31:32.0998 5640 circlass - ok
13:31:33.0022 5640 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:31:33.0024 5640 CLFS - ok
13:31:33.0085 5640 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:31:33.0087 5640 clr_optimization_v2.0.50727_32 - ok
13:31:33.0116 5640 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:31:33.0117 5640 clr_optimization_v2.0.50727_64 - ok
13:31:33.0195 5640 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:31:33.0197 5640 clr_optimization_v4.0.30319_32 - ok
13:31:33.0243 5640 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:31:33.0245 5640 clr_optimization_v4.0.30319_64 - ok
13:31:33.0273 5640 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:31:33.0275 5640 CmBatt - ok
13:31:33.0294 5640 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:31:33.0295 5640 cmdide - ok
13:31:33.0335 5640 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
13:31:33.0341 5640 CNG - ok
13:31:33.0344 5640 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:31:33.0345 5640 Compbatt - ok
13:31:33.0371 5640 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:31:33.0372 5640 CompositeBus - ok
13:31:33.0381 5640 COMSysApp - ok
13:31:33.0443 5640 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
13:31:33.0444 5640 cpuz135 - ok
13:31:33.0458 5640 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:31:33.0459 5640 crcdisk - ok
13:31:33.0496 5640 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:31:33.0498 5640 CryptSvc - ok
13:31:33.0539 5640 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:31:33.0556 5640 CSC - ok
13:31:33.0596 5640 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:31:33.0601 5640 CscService - ok
13:31:33.0645 5640 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:31:33.0649 5640 DcomLaunch - ok
13:31:33.0672 5640 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:31:33.0674 5640 defragsvc - ok
13:31:33.0730 5640 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:31:33.0731 5640 DfsC - ok
13:31:33.0777 5640 dg_ssudbus (a64cc0b5d93f25bf5d052a1febe71e68) C:\Windows\system32\DRIVERS\ssudbus.sys
13:31:33.0779 5640 dg_ssudbus - ok
13:31:33.0814 5640 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:31:33.0817 5640 Dhcp - ok
13:31:33.0829 5640 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:31:33.0830 5640 discache - ok
13:31:33.0858 5640 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:31:33.0859 5640 Disk - ok
13:31:33.0887 5640 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
13:31:33.0888 5640 dmvsc - ok
13:31:33.0906 5640 Dnscache (cd55f5355d8f55d44c9f4ed875705bd6) C:\Windows\System32\dnsrslvr.dll
13:31:33.0908 5640 Dnscache - ok
13:31:33.0929 5640 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:31:33.0931 5640 dot3svc - ok
13:31:33.0947 5640 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:31:33.0948 5640 DPS - ok
13:31:33.0970 5640 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:31:33.0971 5640 drmkaud - ok
13:31:34.0018 5640 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:31:34.0020 5640 dtsoftbus01 - ok
13:31:34.0068 5640 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:31:34.0074 5640 DXGKrnl - ok
13:31:34.0086 5640 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:31:34.0087 5640 EapHost - ok
13:31:34.0195 5640 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:31:34.0240 5640 ebdrv - ok
13:31:34.0310 5640 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
13:31:34.0311 5640 EFS - ok
13:31:34.0361 5640 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:31:34.0365 5640 ehRecvr - ok
13:31:34.0372 5640 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:31:34.0373 5640 ehSched - ok
13:31:34.0421 5640 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:31:34.0430 5640 elxstor - ok
13:31:34.0442 5640 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:31:34.0443 5640 ErrDev - ok
13:31:34.0471 5640 EtronHub3 (3663291d0d26001a2bb67678ab61d14c) C:\Windows\system32\Drivers\EtronHub3.sys
13:31:34.0472 5640 EtronHub3 - ok
13:31:34.0489 5640 EtronXHCI (744420d6c062c38f7361870f010d6d4b) C:\Windows\system32\Drivers\EtronXHCI.sys
13:31:34.0491 5640 EtronXHCI - ok
13:31:34.0518 5640 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:31:34.0521 5640 EventSystem - ok
13:31:34.0545 5640 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:31:34.0547 5640 exfat - ok
13:31:34.0566 5640 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:31:34.0568 5640 fastfat - ok
13:31:34.0604 5640 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:31:34.0617 5640 Fax - ok
13:31:34.0621 5640 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:31:34.0622 5640 fdc - ok
13:31:34.0631 5640 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:31:34.0632 5640 fdPHost - ok
13:31:34.0637 5640 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:31:34.0638 5640 FDResPub - ok
13:31:34.0652 5640 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:31:34.0653 5640 FileInfo - ok
13:31:34.0662 5640 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:31:34.0662 5640 Filetrace - ok
13:31:34.0671 5640 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:31:34.0672 5640 flpydisk - ok
13:31:34.0695 5640 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:31:34.0697 5640 FltMgr - ok
13:31:34.0744 5640 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
13:31:34.0751 5640 FontCache - ok
13:31:34.0795 5640 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:31:34.0797 5640 FontCache3.0.0.0 - ok
13:31:34.0828 5640 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:31:34.0829 5640 FsDepends - ok
13:31:34.0851 5640 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:31:34.0852 5640 Fs_Rec - ok
13:31:34.0875 5640 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:31:34.0876 5640 fvevol - ok
13:31:34.0901 5640 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:31:34.0903 5640 gagp30kx - ok
13:31:34.0916 5640 gdrv - ok
13:31:34.0963 5640 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:31:34.0967 5640 gpsvc - ok
13:31:35.0063 5640 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:31:35.0065 5640 gupdate - ok
13:31:35.0076 5640 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:31:35.0078 5640 gupdatem - ok
13:31:35.0117 5640 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
13:31:35.0118 5640 hamachi - ok
13:31:35.0123 5640 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:31:35.0124 5640 hcw85cir - ok
13:31:35.0160 5640 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:31:35.0182 5640 HdAudAddService - ok
13:31:35.0212 5640 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:31:35.0214 5640 HDAudBus - ok
13:31:35.0218 5640 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:31:35.0219 5640 HidBatt - ok
13:31:35.0225 5640 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:31:35.0227 5640 HidBth - ok
13:31:35.0231 5640 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:31:35.0234 5640 HidIr - ok
13:31:35.0252 5640 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:31:35.0253 5640 hidserv - ok
13:31:35.0276 5640 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:31:35.0277 5640 HidUsb - ok
13:31:35.0362 5640 HiPatchService (7388756bc5f9fe857c400e340b878af2) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
13:31:35.0362 5640 HiPatchService - ok
13:31:35.0378 5640 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:31:35.0380 5640 hkmsvc - ok
13:31:35.0410 5640 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:31:35.0413 5640 HomeGroupListener - ok
13:31:35.0441 5640 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:31:35.0443 5640 HomeGroupProvider - ok
13:31:35.0465 5640 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:31:35.0466 5640 HpSAMD - ok
13:31:35.0530 5640 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:31:35.0535 5640 HTTP - ok
13:31:35.0555 5640 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:31:35.0556 5640 hwpolicy - ok
13:31:35.0569 5640 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:31:35.0571 5640 i8042prt - ok
13:31:35.0602 5640 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
13:31:35.0623 5640 iaStorV - ok
13:31:35.0867 5640 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:31:35.0881 5640 idsvc - ok
13:31:35.0890 5640 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:31:35.0891 5640 iirsp - ok
13:31:35.0949 5640 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:31:35.0960 5640 IKEEXT - ok
13:31:36.0061 5640 IntcAzAudAddService (2cc2f7c5990bb76767038f4b16d17a56) C:\Windows\system32\drivers\RTKVHD64.sys
13:31:36.0074 5640 IntcAzAudAddService - ok
13:31:36.0156 5640 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:31:36.0157 5640 intelide - ok
13:31:36.0179 5640 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:31:36.0180 5640 intelppm - ok
13:31:36.0208 5640 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:31:36.0210 5640 IPBusEnum - ok
13:31:36.0228 5640 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:31:36.0230 5640 IpFilterDriver - ok
13:31:36.0286 5640 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:31:36.0289 5640 iphlpsvc - ok
13:31:36.0309 5640 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:31:36.0311 5640 IPMIDRV - ok
13:31:36.0327 5640 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:31:36.0329 5640 IPNAT - ok
13:31:36.0345 5640 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:31:36.0346 5640 IRENUM - ok
13:31:36.0354 5640 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:31:36.0356 5640 isapnp - ok
13:31:36.0378 5640 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:31:36.0386 5640 iScsiPrt - ok
13:31:36.0396 5640 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:31:36.0397 5640 kbdclass - ok
13:31:36.0420 5640 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:31:36.0421 5640 kbdhid - ok
13:31:36.0443 5640 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:31:36.0444 5640 KeyIso - ok
13:31:36.0464 5640 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
13:31:36.0465 5640 KSecDD - ok
13:31:36.0481 5640 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
13:31:36.0483 5640 KSecPkg - ok
13:31:36.0494 5640 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:31:36.0495 5640 ksthunk - ok
13:31:36.0520 5640 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:31:36.0533 5640 KtmRm - ok
13:31:36.0566 5640 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:31:36.0570 5640 LanmanServer - ok
13:31:36.0599 5640 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:31:36.0601 5640 LanmanWorkstation - ok
13:31:36.0735 5640 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
13:31:36.0749 5640 LBTServ - ok
13:31:36.0793 5640 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:31:36.0794 5640 LHidFilt - ok
13:31:36.0812 5640 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:31:36.0813 5640 lltdio - ok
13:31:36.0855 5640 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:31:36.0862 5640 lltdsvc - ok
13:31:36.0879 5640 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:31:36.0881 5640 lmhosts - ok
13:31:36.0894 5640 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:31:36.0895 5640 LMouFilt - ok
13:31:36.0919 5640 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:31:36.0921 5640 LSI_FC - ok
13:31:36.0944 5640 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:31:36.0946 5640 LSI_SAS - ok
13:31:36.0959 5640 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:31:36.0961 5640 LSI_SAS2 - ok
13:31:36.0977 5640 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:31:36.0979 5640 LSI_SCSI - ok
13:31:36.0996 5640 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:31:36.0997 5640 luafv - ok
13:31:37.0028 5640 Lycosa (beb897ce49f7c991845d3aea0d298e53) C:\Windows\system32\drivers\Lycosa.sys
13:31:37.0029 5640 Lycosa - ok
13:31:37.0053 5640 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:31:37.0055 5640 Mcx2Svc - ok
13:31:37.0064 5640 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:31:37.0065 5640 megasas - ok
13:31:37.0085 5640 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:31:37.0088 5640 MegaSR - ok
13:31:37.0105 5640 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
13:31:37.0106 5640 MEIx64 - ok
13:31:37.0127 5640 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:31:37.0129 5640 MMCSS - ok
13:31:37.0140 5640 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:31:37.0141 5640 Modem - ok
13:31:37.0160 5640 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:31:37.0161 5640 monitor - ok
13:31:37.0212 5640 motccgp (85198fb1e5cc4a9db03443a385ea0ad2) C:\Windows\system32\DRIVERS\motccgp.sys
13:31:37.0213 5640 motccgp - ok
13:31:37.0227 5640 motccgpfl (577399c75cf85ac68e7830eb150f45ef) C:\Windows\system32\DRIVERS\motccgpfl.sys
13:31:37.0228 5640 motccgpfl - ok
13:31:37.0264 5640 MotDev (3cc500c9b0e4d476802d277353cb2c89) C:\Windows\system32\DRIVERS\motodrv.sys
13:31:37.0265 5640 MotDev - ok
13:31:37.0313 5640 motmodem (0ef6b989af403c1c1b6ebcbd2a280612) C:\Windows\system32\DRIVERS\motmodem.sys
13:31:37.0315 5640 motmodem - ok
13:31:37.0417 5640 MotoHelper (290750346f5937b02f62594b8eb03215) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
13:31:37.0420 5640 MotoHelper - ok
13:31:37.0431 5640 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
13:31:37.0432 5640 MotoSwitchService - ok
13:31:37.0466 5640 Motousbnet (7e1bd35249f4d5a745144b3c77f9fb85) C:\Windows\system32\DRIVERS\Motousbnet.sys
13:31:37.0468 5640 Motousbnet - ok
13:31:37.0505 5640 motport (0ef6b989af403c1c1b6ebcbd2a280612) C:\Windows\system32\DRIVERS\motport.sys
13:31:37.0506 5640 motport - ok
13:31:37.0537 5640 motusbdevice (d075b1d964a314d240f5498773ee89df) C:\Windows\system32\DRIVERS\motusbdevice.sys
13:31:37.0538 5640 motusbdevice - ok
13:31:37.0568 5640 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:31:37.0569 5640 mouclass - ok
13:31:37.0591 5640 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:31:37.0592 5640 mouhid - ok
13:31:37.0602 5640 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:31:37.0604 5640 mountmgr - ok
13:31:37.0673 5640 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:31:37.0675 5640 MozillaMaintenance - ok
13:31:37.0693 5640 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:31:37.0695 5640 mpio - ok
13:31:37.0708 5640 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:31:37.0709 5640 mpsdrv - ok
13:31:37.0775 5640 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:31:37.0780 5640 MpsSvc - ok
13:31:37.0807 5640 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:31:37.0809 5640 MRxDAV - ok
13:31:37.0826 5640 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:31:37.0827 5640 mrxsmb - ok
13:31:37.0848 5640 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:31:37.0850 5640 mrxsmb10 - ok
13:31:37.0889 5640 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:31:37.0890 5640 mrxsmb20 - ok
13:31:37.0905 5640 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:31:37.0906 5640 msahci - ok
13:31:37.0924 5640 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:31:37.0926 5640 msdsm - ok
13:31:37.0944 5640 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:31:37.0947 5640 MSDTC - ok
13:31:37.0962 5640 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:31:37.0963 5640 Msfs - ok
13:31:37.0986 5640 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:31:37.0987 5640 mshidkmdf - ok
13:31:37.0995 5640 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:31:37.0995 5640 msisadrv - ok
13:31:38.0024 5640 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:31:38.0027 5640 MSiSCSI - ok
13:31:38.0029 5640 msiserver - ok
13:31:38.0048 5640 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:31:38.0049 5640 MSKSSRV - ok
13:31:38.0055 5640 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:31:38.0056 5640 MSPCLOCK - ok
13:31:38.0067 5640 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:31:38.0068 5640 MSPQM - ok
13:31:38.0092 5640 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:31:38.0094 5640 MsRPC - ok
13:31:38.0102 5640 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:31:38.0102 5640 mssmbios - ok
13:31:38.0112 5640 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:31:38.0113 5640 MSTEE - ok
13:31:38.0126 5640 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:31:38.0126 5640 MTConfig - ok
13:31:38.0141 5640 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:31:38.0142 5640 Mup - ok
13:31:38.0175 5640 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:31:38.0187 5640 napagent - ok
13:31:38.0217 5640 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:31:38.0224 5640 NativeWifiP - ok
13:31:38.0280 5640 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:31:38.0284 5640 NDIS - ok
13:31:38.0305 5640 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:31:38.0306 5640 NdisCap - ok
13:31:38.0318 5640 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:31:38.0319 5640 NdisTapi - ok
13:31:38.0327 5640 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:31:38.0329 5640 Ndisuio - ok
13:31:38.0349 5640 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:31:38.0350 5640 NdisWan - ok
13:31:38.0364 5640 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:31:38.0365 5640 NDProxy - ok
13:31:38.0378 5640 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:31:38.0379 5640 NetBIOS - ok
13:31:38.0401 5640 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:31:38.0402 5640 NetBT - ok
13:31:38.0417 5640 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:31:38.0418 5640 Netlogon - ok
13:31:38.0469 5640 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:31:38.0471 5640 Netman - ok
13:31:38.0561 5640 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:31:38.0563 5640 NetMsmqActivator - ok
13:31:38.0565 5640 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:31:38.0565 5640 NetPipeActivator - ok
13:31:38.0596 5640 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:31:38.0598 5640 netprofm - ok
13:31:38.0601 5640 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:31:38.0602 5640 NetTcpActivator - ok
13:31:38.0603 5640 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:31:38.0604 5640 NetTcpPortSharing - ok
13:31:38.0667 5640 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:31:38.0669 5640 nfrd960 - ok
13:31:38.0698 5640 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:31:38.0701 5640 NlaSvc - ok
13:31:38.0712 5640 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:31:38.0713 5640 Npfs - ok
13:31:38.0726 5640 npggsvc - ok
13:31:38.0728 5640 NPPTNT2 - ok
13:31:38.0740 5640 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:31:38.0741 5640 nsi - ok
13:31:38.0746 5640 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:31:38.0747 5640 nsiproxy - ok
13:31:38.0819 5640 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
13:31:38.0829 5640 Ntfs - ok
13:31:38.0903 5640 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:31:38.0904 5640 Null - ok
13:31:38.0926 5640 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
13:31:38.0928 5640 nvraid - ok
13:31:38.0940 5640 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
13:31:38.0942 5640 nvstor - ok
13:31:38.0967 5640 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:31:38.0969 5640 nv_agp - ok
13:31:38.0983 5640 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:31:38.0985 5640 ohci1394 - ok
13:31:39.0062 5640 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:31:39.0064 5640 ose - ok
13:31:39.0253 5640 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:31:39.0314 5640 osppsvc - ok
13:31:39.0494 5640 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:31:39.0497 5640 p2pimsvc - ok
13:31:39.0526 5640 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:31:39.0529 5640 p2psvc - ok
13:31:39.0571 5640 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:31:39.0572 5640 Parport - ok
13:31:39.0586 5640 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:31:39.0587 5640 partmgr - ok
13:31:39.0601 5640 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:31:39.0603 5640 PcaSvc - ok
13:31:39.0620 5640 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:31:39.0622 5640 pci - ok
13:31:39.0627 5640 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:31:39.0627 5640 pciide - ok
13:31:39.0637 5640 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:31:39.0639 5640 pcmcia - ok
13:31:39.0644 5640 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:31:39.0645 5640 pcw - ok
13:31:39.0674 5640 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:31:39.0681 5640 PEAUTH - ok
13:31:39.0755 5640 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:31:39.0764 5640 PeerDistSvc - ok
13:31:39.0834 5640 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:31:39.0835 5640 PerfHost - ok
13:31:39.0943 5640 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:31:39.0952 5640 pla - ok
13:31:39.0987 5640 PlugPlay (b806e50427511bcf4ad8e8239c3e25fa) C:\Windows\system32\umpnpmgr.dll
13:31:39.0991 5640 PlugPlay - ok
13:31:40.0014 5640 PnkBstrA - ok
13:31:40.0027 5640 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:31:40.0028 5640 PNRPAutoReg - ok
13:31:40.0052 5640 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:31:40.0055 5640 PNRPsvc - ok
13:31:40.0089 5640 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:31:40.0100 5640 PolicyAgent - ok
13:31:40.0119 5640 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:31:40.0122 5640 Power - ok
13:31:40.0177 5640 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:31:40.0179 5640 PptpMiniport - ok
13:31:40.0202 5640 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:31:40.0204 5640 Processor - ok
13:31:40.0232 5640 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:31:40.0235 5640 ProfSvc - ok
13:31:40.0251 5640 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:31:40.0252 5640 ProtectedStorage - ok
13:31:40.0266 5640 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:31:40.0267 5640 Psched - ok
13:31:40.0348 5640 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:31:40.0363 5640 ql2300 - ok
13:31:40.0469 5640 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:31:40.0470 5640 ql40xx - ok
13:31:40.0500 5640 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:31:40.0504 5640 QWAVE - ok
13:31:40.0521 5640 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:31:40.0522 5640 QWAVEdrv - ok
13:31:40.0536 5640 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:31:40.0537 5640 RasAcd - ok
13:31:40.0565 5640 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:31:40.0566 5640 RasAgileVpn - ok
13:31:40.0572 5640 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:31:40.0574 5640 RasAuto - ok
13:31:40.0589 5640 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:31:40.0591 5640 Rasl2tp - ok
13:31:40.0615 5640 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:31:40.0618 5640 RasMan - ok
13:31:40.0653 5640 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:31:40.0655 5640 RasPppoe - ok
13:31:40.0670 5640 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:31:40.0672 5640 RasSstp - ok
13:31:40.0697 5640 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:31:40.0704 5640 rdbss - ok
13:31:40.0712 5640 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:31:40.0713 5640 rdpbus - ok
13:31:40.0720 5640 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:31:40.0721 5640 RDPCDD - ok
13:31:40.0745 5640 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:31:40.0747 5640 RDPDR - ok
13:31:40.0772 5640 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:31:40.0773 5640 RDPENCDD - ok
13:31:40.0777 5640 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:31:40.0777 5640 RDPREFMP - ok
13:31:40.0798 5640 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
13:31:40.0799 5640 RdpVideoMiniport - ok
13:31:40.0818 5640 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:31:40.0821 5640 RDPWD - ok
13:31:41.0027 5640 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:31:41.0030 5640 rdyboost - ok
13:31:41.0062 5640 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:31:41.0063 5640 RemoteAccess - ok
13:31:41.0090 5640 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:31:41.0092 5640 RemoteRegistry - ok
13:31:41.0106 5640 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:31:41.0108 5640 RpcEptMapper - ok
13:31:41.0127 5640 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:31:41.0128 5640 RpcLocator - ok
13:31:41.0162 5640 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:31:41.0168 5640 RpcSs - ok
13:31:41.0194 5640 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:31:41.0195 5640 rspndr - ok
13:31:41.0236 5640 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:31:41.0239 5640 RTL8167 - ok
13:31:41.0259 5640 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:31:41.0260 5640 s3cap - ok
13:31:41.0276 5640 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:31:41.0277 5640 SamSs - ok
13:31:41.0343 5640 SASDIFSV - ok
13:31:41.0347 5640 SASKUTIL - ok
13:31:41.0365 5640 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:31:41.0367 5640 sbp2port - ok
13:31:41.0386 5640 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:31:41.0388 5640 SCardSvr - ok
13:31:41.0405 5640 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:31:41.0406 5640 scfilter - ok
13:31:41.0462 5640 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:31:41.0467 5640 Schedule - ok
13:31:41.0493 5640 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:31:41.0494 5640 SCPolicySvc - ok
13:31:41.0501 5640 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:31:41.0503 5640 SDRSVC - ok
13:31:41.0541 5640 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:31:41.0542 5640 secdrv - ok
13:31:41.0551 5640 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:31:41.0553 5640 seclogon - ok
13:31:41.0571 5640 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:31:41.0573 5640 SENS - ok
13:31:41.0585 5640 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:31:41.0586 5640 SensrSvc - ok
13:31:41.0603 5640 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:31:41.0604 5640 Serenum - ok
13:31:41.0629 5640 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:31:41.0631 5640 Serial - ok
13:31:41.0655 5640 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:31:41.0657 5640 sermouse - ok
13:31:41.0676 5640 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:31:41.0679 5640 SessionEnv - ok
13:31:41.0682 5640 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:31:41.0683 5640 sffdisk - ok
13:31:41.0686 5640 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:31:41.0687 5640 sffp_mmc - ok
13:31:41.0691 5640 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:31:41.0692 5640 sffp_sd - ok
13:31:41.0695 5640 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:31:41.0696 5640 sfloppy - ok
13:31:41.0736 5640 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:31:41.0739 5640 SharedAccess - ok
13:31:41.0776 5640 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:31:41.0780 5640 ShellHWDetection - ok
13:31:41.0813 5640 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:31:41.0815 5640 SiSRaid2 - ok
13:31:41.0831 5640 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:31:41.0833 5640 SiSRaid4 - ok
13:31:41.0854 5640 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:31:41.0856 5640 Smb - ok
13:31:41.0881 5640 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:31:41.0882 5640 SNMPTRAP - ok
13:31:41.0892 5640 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:31:41.0892 5640 spldr - ok
13:31:41.0926 5640 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:31:41.0931 5640 Spooler - ok
13:31:42.0063 5640 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:31:42.0078 5640 sppsvc - ok
13:31:42.0151 5640 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:31:42.0153 5640 sppuinotify - ok
13:31:42.0213 5640 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
13:31:42.0217 5640 srv - ok
13:31:42.0244 5640 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
13:31:42.0247 5640 srv2 - ok
13:31:42.0262 5640 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
13:31:42.0263 5640 srvnet - ok
13:31:42.0288 5640 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:31:42.0291 5640 SSDPSRV - ok
13:31:42.0315 5640 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:31:42.0316 5640 SstpSvc - ok
13:31:42.0353 5640 ssudmdm (a3db02b3fe0884e9167e457d167c8a73) C:\Windows\system32\DRIVERS\ssudmdm.sys
13:31:42.0355 5640 ssudmdm - ok
13:31:42.0416 5640 Steam Client Service - ok
13:31:42.0438 5640 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:31:42.0440 5640 stexstor - ok
13:31:42.0487 5640 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:31:42.0493 5640 stisvc - ok
13:31:42.0511 5640 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
13:31:42.0512 5640 storflt - ok
13:31:42.0531 5640 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:31:42.0532 5640 storvsc - ok
13:31:42.0553 5640 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:31:42.0554 5640 swenum - ok
13:31:42.0592 5640 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:31:42.0596 5640 swprv - ok
13:31:42.0613 5640 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
13:31:42.0615 5640 Synth3dVsc - ok
13:31:42.0691 5640 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:31:42.0703 5640 SysMain - ok
13:31:42.0777 5640 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:31:42.0779 5640 TabletInputService - ok
13:31:42.0832 5640 tap0901t (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
13:31:42.0833 5640 tap0901t - ok
13:31:42.0855 5640 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:31:42.0858 5640 TapiSrv - ok
13:31:42.0870 5640 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:31:42.0872 5640 TBS - ok
13:31:42.0953 5640 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
13:31:42.0963 5640 Tcpip - ok
13:31:43.0095 5640 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
13:31:43.0106 5640 TCPIP6 - ok
13:31:43.0149 5640 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:31:43.0150 5640 tcpipreg - ok
13:31:43.0160 5640 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:31:43.0161 5640 TDPIPE - ok
13:31:43.0167 5640 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:31:43.0168 5640 TDTCP - ok
13:31:43.0184 5640 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:31:43.0185 5640 tdx - ok
13:31:43.0347 5640 TeamViewer6 (01a402d34732ca3da91786adcc765069) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
13:31:43.0361 5640 TeamViewer6 - ok
13:31:43.0393 5640 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
13:31:43.0394 5640 TermDD - ok
13:31:43.0421 5640 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
13:31:43.0422 5640 terminpt - ok
13:31:43.0481 5640 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:31:43.0485 5640 TermService - ok
13:31:43.0503 5640 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:31:43.0505 5640 Themes - ok
13:31:43.0527 5640 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:31:43.0528 5640 THREADORDER - ok
13:31:43.0544 5640 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:31:43.0546 5640 TrkWks - ok
13:31:43.0587 5640 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:31:43.0589 5640 TrustedInstaller - ok
13:31:43.0605 5640 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:31:43.0606 5640 tssecsrv - ok
13:31:43.0624 5640 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:31:43.0625 5640 TsUsbFlt - ok
13:31:43.0648 5640 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:31:43.0650 5640 TsUsbGD - ok
13:31:43.0668 5640 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
13:31:43.0669 5640 tsusbhub - ok
13:31:43.0694 5640 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:31:43.0696 5640 tunnel - ok
13:31:43.0813 5640 TunngleService (f8302e3e534af5e3f2588a974bea80df) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
13:31:43.0818 5640 TunngleService - ok
13:31:43.0823 5640 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:31:43.0825 5640 uagp35 - ok
13:31:43.0838 5640 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:31:43.0842 5640 udfs - ok
13:31:43.0866 5640 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:31:43.0867 5640 UI0Detect - ok
13:31:43.0887 5640 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:31:43.0888 5640 uliagpkx - ok
13:31:43.0912 5640 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:31:43.0913 5640 umbus - ok
13:31:43.0926 5640 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:31:43.0927 5640 UmPass - ok
13:31:43.0962 5640 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
13:31:43.0965 5640 UmRdpService - ok
13:31:43.0992 5640 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:31:43.0995 5640 upnphost - ok
13:31:44.0060 5640 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
13:31:44.0062 5640 USBAAPL64 - ok
13:31:44.0111 5640 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:31:44.0113 5640 usbaudio - ok
13:31:44.0139 5640 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
13:31:44.0141 5640 usbccgp - ok
13:31:44.0158 5640 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:31:44.0160 5640 usbcir - ok
13:31:44.0177 5640 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
13:31:44.0179 5640 usbehci - ok
13:31:44.0211 5640 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
13:31:44.0217 5640 usbhub - ok
13:31:44.0221 5640 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
13:31:44.0222 5640 usbohci - ok
13:31:44.0236 5640 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
13:31:44.0237 5640 usbprint - ok
13:31:44.0252 5640 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:31:44.0254 5640 USBSTOR - ok
13:31:44.0258 5640 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
13:31:44.0259 5640 usbuhci - ok
13:31:44.0276 5640 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:31:44.0277 5640 UxSms - ok
13:31:44.0292 5640 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:31:44.0293 5640 VaultSvc - ok
13:31:44.0313 5640 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:31:44.0313 5640 vdrvroot - ok
13:31:44.0345 5640 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:31:44.0349 5640 vds - ok
13:31:44.0353 5640 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:31:44.0354 5640 vga - ok
13:31:44.0366 5640 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:31:44.0367 5640 VgaSave - ok
13:31:44.0369 5640 VGPU - ok
13:31:44.0389 5640 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:31:44.0391 5640 vhdmp - ok
13:31:44.0406 5640 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:31:44.0407 5640 viaide - ok
13:31:44.0436 5640 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys
13:31:44.0437 5640 VKbms - ok
13:31:44.0468 5640 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
13:31:44.0471 5640 vmbus - ok
13:31:44.0481 5640 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:31:44.0482 5640 VMBusHID - ok
13:31:44.0496 5640 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:31:44.0497 5640 volmgr - ok
13:31:44.0517 5640 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:31:44.0520 5640 volmgrx - ok
13:31:44.0544 5640 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:31:44.0547 5640 volsnap - ok
13:31:44.0570 5640 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:31:44.0572 5640 vsmraid - ok
13:31:44.0668 5640 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:31:44.0678 5640 VSS - ok
13:31:44.0701 5640 vtany - ok
13:31:44.0757 5640 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:31:44.0758 5640 vwifibus - ok
13:31:44.0779 5640 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:31:44.0783 5640 W32Time - ok
13:31:44.0796 5640 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:31:44.0797 5640 WacomPen - ok
13:31:44.0824 5640 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:31:44.0826 5640 WANARP - ok
13:31:44.0828 5640 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:31:44.0829 5640 Wanarpv6 - ok
13:31:44.0892 5640 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:31:44.0908 5640 WatAdminSvc - ok
13:31:44.0966 5640 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:31:44.0976 5640 wbengine - ok
13:31:45.0017 5640 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:31:45.0019 5640 WbioSrvc - ok
13:31:45.0036 5640 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:31:45.0040 5640 wcncsvc - ok
13:31:45.0044 5640 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:31:45.0045 5640 WcsPlugInService - ok
13:31:45.0080 5640 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:31:45.0081 5640 Wd - ok
13:31:45.0115 5640 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:31:45.0123 5640 Wdf01000 - ok
13:31:45.0142 5640 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:31:45.0144 5640 WdiServiceHost - ok
13:31:45.0146 5640 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:31:45.0148 5640 WdiSystemHost - ok
13:31:45.0160 5640 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:31:45.0162 5640 WebClient - ok
13:31:45.0173 5640 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:31:45.0176 5640 Wecsvc - ok
13:31:45.0182 5640 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:31:45.0183 5640 wercplsupport - ok
13:31:45.0206 5640 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:31:45.0208 5640 WerSvc - ok
13:31:45.0229 5640 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:31:45.0230 5640 WfpLwf - ok
13:31:45.0245 5640 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:31:45.0246 5640 WIMMount - ok
13:31:45.0271 5640 WinDefend - ok
13:31:45.0276 5640 WinHttpAutoProxySvc - ok
13:31:45.0325 5640 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:31:45.0328 5640 Winmgmt - ok
13:31:45.0420 5640 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:31:45.0433 5640 WinRM - ok
13:31:45.0568 5640 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:31:45.0569 5640 WinUsb - ok
13:31:45.0615 5640 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:31:45.0622 5640 Wlansvc - ok
13:31:45.0759 5640 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:31:45.0769 5640 wlidsvc - ok
13:31:45.0810 5640 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:31:45.0811 5640 WmiAcpi - ok
13:31:45.0851 5640 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:31:45.0853 5640 wmiApSrv - ok
13:31:45.0870 5640 WMPNetworkSvc - ok
13:31:45.0885 5640 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:31:45.0886 5640 WPCSvc - ok
13:31:45.0906 5640 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:31:45.0908 5640 WPDBusEnum - ok
13:31:45.0915 5640 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:31:45.0916 5640 ws2ifsl - ok
13:31:45.0932 5640 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:31:45.0934 5640 wscsvc - ok
13:31:45.0936 5640 WSearch - ok
13:31:46.0031 5640 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:31:46.0041 5640 wuauserv - ok
13:31:46.0136 5640 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:31:46.0137 5640 WudfPf - ok
13:31:46.0147 5640 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:31:46.0149 5640 WUDFRd - ok
13:31:46.0163 5640 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:31:46.0164 5640 wudfsvc - ok
13:31:46.0187 5640 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:31:46.0190 5640 WwanSvc - ok
13:31:46.0276 5640 X6va006 - ok
13:31:46.0337 5640 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
13:31:46.0352 5640 xnacc - ok
13:31:46.0355 5640 xsherlock - ok
13:31:46.0391 5640 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
13:31:46.0393 5640 xusb21 - ok
13:31:46.0424 5640 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:31:46.0596 5640 \Device\Harddisk0\DR0 - ok
13:31:46.0599 5640 Boot (0x1200) (dd7b7dcabf152e75b8de1be39cf111cf) \Device\Harddisk0\DR0\Partition0
13:31:46.0600 5640 \Device\Harddisk0\DR0\Partition0 - ok
13:31:46.0618 5640 Boot (0x1200) (fe4f53ae259c0d588160f157c2e78c19) \Device\Harddisk0\DR0\Partition1
13:31:46.0620 5640 \Device\Harddisk0\DR0\Partition1 - ok
13:31:46.0629 5640 Boot (0x1200) (6c7f320f80b1186d7e1106a86ac739cc) \Device\Harddisk0\DR0\Partition2
13:31:46.0631 5640 \Device\Harddisk0\DR0\Partition2 - ok
13:31:46.0631 5640 ============================================================
13:31:46.0631 5640 Scan finished
13:31:46.0631 5640 ============================================================
13:31:46.0638 7140 Detected object count: 0
13:31:46.0638 7140 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-03 13:32:31
-----------------------------
13:32:31.887 OS Version: Windows x64 6.1.7601 Service Pack 1
13:32:31.887 Number of processors: 8 586 0x2A07
13:32:31.887 ComputerName: JMO-PC UserName: JMo
13:32:32.411 Initialize success
13:33:17.549 AVAST engine defs: 12070300
13:36:07.788 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
13:36:07.791 Disk 0 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476940MB BusType: 3
13:36:07.807 Disk 0 MBR read successfully
13:36:07.810 Disk 0 MBR scan
13:36:07.814 Disk 0 Windows 7 default MBR code
13:36:07.816 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:36:07.826 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 49900 MB offset 206848
13:36:07.845 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 426938 MB offset 102402048
13:36:07.867 Disk 0 scanning C:\Windows\system32\drivers
13:36:13.883 Service scanning
13:36:27.593 Modules scanning
13:36:27.601 Disk 0 trace - called modules:
13:36:27.624 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:36:27.955 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d7d9790]
13:36:27.960 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa800d36c520]
13:36:27.965 5 ACPI.sys[fffff88000f4e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800d21e680]
13:36:28.762 AVAST engine scan C:\Windows
13:36:31.354 AVAST engine scan C:\Windows\system32
13:38:03.026 AVAST engine scan C:\Windows\system32\drivers
13:38:10.133 AVAST engine scan C:\Users\JMo
13:40:15.396 AVAST engine scan C:\ProgramData
13:43:04.131 Scan finished successfully
13:44:44.494 Disk 0 MBR has been saved successfully to "C:\Users\JMo\Desktop\MBR.dat"
13:44:44.499 The log file has been saved successfully to "C:\Users\JMo\Desktop\aswMBR.txt"

Edited by JMo_0812, 03 July 2012 - 01:47 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 03 July 2012 - 01:57 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 JMo_0812

JMo_0812
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 03 July 2012 - 02:11 PM

OTL logfile created on: 7/3/2012 2:02:07 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\JMo\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 13.09 Gb Available Physical Memory | 81.93% Memory free
31.97 Gb Paging File | 28.99 Gb Available in Paging File | 90.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 416.93 Gb Total Space | 110.39 Gb Free Space | 26.48% Space Free | Partition Type: NTFS
Drive D: | 48.73 Gb Total Space | 48.63 Gb Free Space | 99.80% Space Free | Partition Type: NTFS

Computer Name: JMO-PC | User Name: JMo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\JMo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\JMo\Desktop\aswMBR(1).exe (AVAST Software)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe ()
PRC - C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe (Razer USA Ltd.)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (xsherlock) -- C:\Windows\SysWOW64\xsherlock.xem (Wellbia.com Co., Ltd.)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\drivers\Motousbnet.sys (Motorola Mobility Inc)
DRV:64bit: - (motport) -- C:\Windows\SysNative\drivers\motport.sys (Motorola Mobility Inc)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola Mobility Inc)
DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola Mobility Inc)
DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola Mobility Inc)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\drivers\motusbdevice.sys (Motorola Inc)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (VKbms) -- C:\Windows\SysNative\drivers\VKbms.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Lycosa) -- C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.)
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MotDev) -- C:\Windows\SysNative\drivers\motodrv.sys (Motorola Inc)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\drivers\motfilt.sys (Motorola Inc)
DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2845292073-1220794304-876079315-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2845292073-1220794304-876079315-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 50 5A AE AC 57 CD 01 [binary data]
IE - HKU\S-1-5-21-2845292073-1220794304-876079315-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2845292073-1220794304-876079315-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163&ilc=12"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/|hotmail.com"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=616163&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/02 15:38:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 15:38:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/23 22:25:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/27 15:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JMo\AppData\Roaming\Mozilla\Extensions
[2012/03/27 15:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JMo\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2012/06/20 15:30:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JMo\AppData\Roaming\Mozilla\Firefox\Profiles\4z6t1h3w.default\extensions
[2012/05/31 11:27:48 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\JMo\AppData\Roaming\Mozilla\Firefox\Profiles\4z6t1h3w.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012/06/20 15:30:29 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\JMo\AppData\Roaming\Mozilla\Firefox\Profiles\4z6t1h3w.default\extensions\info@djzig.com
[2011/11/21 06:46:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/21 18:31:34 | 000,089,442 | ---- | M] () (No name found) -- C:\USERS\JMO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4Z6T1H3W.DEFAULT\EXTENSIONS\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.XPI
[2012/05/18 23:26:51 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\JMO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4Z6T1H3W.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/06/23 22:25:16 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/23 22:25:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/23 22:25:14 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/03 11:51:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL File not found
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2845292073-1220794304-876079315-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2845292073-1220794304-876079315-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2845292073-1220794304-876079315-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} http://tera.hangame.com/common/activex/HanSetup1040.cab (HanSetupCtrl1010 Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38B3E089-4412-46E5-BD19-6A207C7CC123}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EB23FAC-8C4A-4359-9DCE-2B3FEDA4DFEC}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/03 14:01:00 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\JMo\Desktop\OTL.exe
[2012/07/03 13:30:53 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\JMo\Desktop\aswMBR(1).exe
[2012/07/03 13:30:50 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\JMo\Desktop\tdsskiller(1).exe
[2012/07/03 11:55:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/03 11:51:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/03 03:58:21 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{AA5EF3ED-C447-4A95-B6AB-6C3967972A94}
[2012/07/03 03:58:10 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{C937FEE0-52A7-4D2A-B147-57FD64769D37}
[2012/07/02 15:57:57 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{AF792520-62AB-4132-A7E3-C758F69906B8}
[2012/07/02 15:57:45 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{7A47F76E-B5CC-4B19-AA06-42690E860310}
[2012/07/02 15:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/01 13:50:16 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webzen Hub
[2012/07/01 13:50:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Overwolf
[2012/07/01 13:47:45 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\Overwolf
[2012/07/01 13:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WEBZEN
[2012/07/01 12:26:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/01 12:00:27 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{0181FE0B-8210-454C-800C-A07C63EB56AB}
[2012/07/01 12:00:16 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{3004B1F8-4F51-4BA3-9023-2C2D584ACB4E}
[2012/06/30 00:48:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/30 00:48:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/30 00:48:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/30 00:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/06/30 00:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/30 00:05:00 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{E2925BFC-2B15-46FA-92BC-F84EFBF4F89A}
[2012/06/30 00:04:48 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{06134409-A26E-4946-B770-AEB7E24C97F9}
[2012/06/29 12:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/06/29 12:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/06/29 12:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/06/29 12:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/06/29 12:04:22 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{A53D5DAA-9097-443E-AC02-84FC0E9EAA3D}
[2012/06/29 12:04:10 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{C5CAD3BE-5383-4078-ABFB-80DB97B6249E}
[2012/06/28 08:35:58 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{AEB8C5EC-EA8D-4C64-A24B-18DEBAAF9701}
[2012/06/28 08:35:47 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{3490ABDD-585B-4DE7-914C-A529C0C2FDE1}
[2012/06/27 20:35:35 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{492CBA2B-7B99-477B-9B03-242B6A6F031B}
[2012/06/27 20:35:24 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{86D7CE81-634B-4842-A920-8853497B6D66}
[2012/06/27 08:35:11 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{D4DCE21A-A2FE-4575-9A9E-ADAE008B2F87}
[2012/06/27 08:35:00 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{CA32BC9C-8DDB-4FEC-8D70-0930FA56AC2A}
[2012/06/26 20:34:48 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{E94DD567-EE80-4BDB-BC67-1855238AF170}
[2012/06/26 20:34:37 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{CC82B9DF-DD7B-4B39-9E54-242BCF60BD39}
[2012/06/26 08:34:24 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{F51C0D7F-A9C5-4403-B299-A3E56B35F2AF}
[2012/06/26 08:34:13 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{36520C43-D865-4465-B460-C92CD4911EA6}
[2012/06/25 20:46:45 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/06/25 20:34:01 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{D135B335-DD6E-4A9B-87DD-BAA3496632AC}
[2012/06/25 20:33:50 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{A5D8EBB8-ACB3-44BE-9D19-D2D3DEDB58F8}
[2012/06/25 08:33:38 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{32B61E3D-86D8-4931-8B43-47C1213B05CF}
[2012/06/25 08:33:26 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{3EDD7826-487E-45B1-AA17-027BFE4D3235}
[2012/06/24 20:33:12 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{A436F2A7-4528-4CCC-B7AE-00940AECEC9E}
[2012/06/24 20:32:58 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{0BD22AB6-2864-41FA-A96B-3771401309F4}
[2012/06/23 22:20:49 | 000,000,000 | ---D | C] -- C:\Users\JMo\Documents\Ubisoft
[2012/06/23 21:49:44 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Roaming\Ubisoft
[2012/06/23 21:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012/06/23 14:30:43 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{1F9CCB8C-E2DC-4B6C-B3E1-1720E19B61ED}
[2012/06/23 14:30:25 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{E030F69F-E903-4DBC-8C9E-2CA12B498210}
[2012/06/23 02:30:07 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{CEAC258C-53F8-4EDE-A72F-36013DF9E58D}
[2012/06/23 02:29:53 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{159DE48D-3F75-4727-A09D-7C7E2E3488B3}
[2012/06/22 14:29:37 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{52336716-7029-4698-BCC1-D785998B7484}
[2012/06/22 14:29:19 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{8D85FF14-ACF7-4250-82A3-47B5A234542E}
[2012/06/22 11:50:48 | 000,000,000 | ---D | C] -- C:\Users\JMo\Desktop\jtk374en
[2012/06/22 11:45:36 | 000,040,960 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\eax.dll
[2012/06/22 11:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative Labs
[2012/06/22 11:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FINAL FANTASY VIII
[2012/06/22 11:44:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Square Soft, Inc
[2012/06/22 11:44:14 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2012/06/22 02:29:07 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{798C6710-7F1B-4110-8123-DCB55C37C45A}
[2012/06/22 02:28:56 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{686470D1-4E85-42AB-BD16-2FD7EC3972CB}
[2012/06/21 14:28:44 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{527E6135-0ECB-4724-9782-AC7D30A46DD8}
[2012/06/21 14:28:26 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{8989E4E6-9D45-4C26-BBEE-3B9086257A4E}
[2012/06/21 02:28:08 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{D04C03E1-3D6D-4693-9B9B-AA3E37D64441}
[2012/06/21 02:27:57 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{76836989-B08B-4A1D-A4ED-819299961FDE}
[2012/06/20 14:27:45 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{9CEA3838-798B-4B21-9D7A-D84E337D8AF7}
[2012/06/20 14:27:30 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{497FA7B0-12FF-49EF-81C6-2B927EC3E23C}
[2012/06/20 02:27:15 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{BA80C99D-F1DB-4661-B0ED-B1927F593649}
[2012/06/20 02:26:49 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{F42E680C-A2D3-4736-86E0-1EDC73A4587D}
[2012/06/19 14:26:37 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{2D6CDF1A-2118-4078-A2E2-69CFC97FD0BF}
[2012/06/19 14:26:26 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{39CD0D6B-9CAD-4965-BA80-319F07621376}
[2012/06/19 02:25:58 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{D2B96489-49DA-4F44-AC8F-75FBC7BBF00E}
[2012/06/19 02:25:44 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{572CEF0C-6D1C-4EAF-9A86-87027A8DB175}
[2012/06/18 14:25:31 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{B537B2AA-BAB7-41E9-A775-FA9A217DB73C}
[2012/06/18 02:25:19 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{952DAB76-CE80-4C66-9B6B-110CF3A85F41}
[2012/06/17 14:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012/06/17 14:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2012/06/17 14:25:07 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{ACC37D83-50FF-4CD7-B3E2-169077922DB6}
[2012/06/17 02:24:40 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{D092CBDE-1EAB-4A84-A6EF-F8AFE3DAD3D9}
[2012/06/16 14:24:19 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{BCF6173C-5670-4143-A031-3F952E08318B}
[2012/06/16 02:23:55 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{B0D82F47-844B-40D1-B6E9-886C3DB5C3E1}
[2012/06/15 22:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012/06/15 22:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2012/06/15 14:23:37 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{B4B9A871-D5D9-4CDB-8AA8-CA261B2C7922}
[2012/06/15 02:23:18 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{6123FF99-4D6F-4826-ADD9-70A055F29C54}
[2012/06/14 14:23:06 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{318A70FB-D0BB-4C08-B620-1260D485C5B2}
[2012/06/14 14:22:55 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{2EEAA83C-5D71-4869-80CD-0BF5C97F51F8}
[2012/06/14 02:22:43 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{E5B2A53A-8090-471A-951D-FAF919907791}
[2012/06/14 02:22:31 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{D31A0DA5-74AF-4FB2-A59A-E530D3151038}
[2012/06/13 14:22:19 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{78AE248F-29B0-4A57-AC48-BF53471DC112}
[2012/06/13 14:22:08 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{AEF00B8C-69BF-46D6-AF90-11C2D6D1B826}
[2012/06/13 02:21:55 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{8D2A8CC3-9AD5-4FF2-AEAE-25EAC3067045}
[2012/06/13 02:21:44 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{8CDB0F22-065D-46FA-A3FB-39AA516ABE1D}
[2012/06/12 14:21:19 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{FF2FE9F7-A085-474C-A8FF-9ED8082EBC19}
[2012/06/12 14:21:07 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{F13A850D-4BC9-4C1F-AA1E-127982B2B365}
[2012/06/12 02:20:55 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{5827275C-7401-472B-AAF0-53030B02C61B}
[2012/06/12 02:20:43 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{B5617A08-9BDE-4AA4-ADB8-2C3543A6CA81}
[2012/06/11 14:20:24 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{F0F5EB17-C6E4-429E-AD6F-815B494EBF8B}
[2012/06/11 14:20:06 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{E7B8FCFE-98DF-491B-8D39-0CFFC1A813C8}
[2012/06/11 13:59:38 | 010,248,192 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2012/06/11 13:50:30 | 000,075,264 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OpenVideo64.dll
[2012/06/11 13:50:24 | 000,065,024 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OpenVideo.dll
[2012/06/11 13:50:18 | 000,063,488 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OVDecode64.dll
[2012/06/11 13:50:14 | 000,056,320 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OVDecode.dll
[2012/06/11 13:50:06 | 016,457,728 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll
[2012/06/11 13:49:22 | 013,008,896 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll
[2012/06/11 13:35:48 | 000,070,144 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_8.98.dll
[2012/06/11 13:29:34 | 024,826,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2012/06/11 13:00:32 | 020,467,712 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2012/06/11 12:25:06 | 000,163,840 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2012/06/11 12:20:02 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2012/06/11 12:19:58 | 000,532,992 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/06/11 12:19:14 | 000,239,616 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/06/11 12:17:56 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/06/11 12:17:42 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/06/11 12:17:38 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2012/06/11 12:17:32 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2012/06/11 11:51:54 | 004,246,528 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2012/06/11 11:45:48 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2012/06/11 11:45:46 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2012/06/11 11:45:40 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2012/06/11 11:45:38 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2012/06/11 11:45:26 | 015,703,040 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2012/06/11 11:40:58 | 013,277,696 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2012/06/11 11:36:56 | 006,605,824 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2012/06/11 11:27:02 | 000,539,136 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2012/06/11 11:26:52 | 000,368,640 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2012/06/11 11:26:40 | 000,017,920 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2012/06/11 11:26:36 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2012/06/11 11:26:36 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2012/06/11 11:26:30 | 000,041,984 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2012/06/11 11:26:22 | 000,033,280 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2012/06/11 11:26:14 | 000,367,616 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2012/06/11 11:25:06 | 000,045,056 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2012/06/11 11:24:24 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2012/06/11 11:23:18 | 000,056,320 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2012/06/11 11:23:18 | 000,056,320 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2012/06/11 11:23:10 | 000,056,832 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2012/06/11 11:23:10 | 000,056,832 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2012/06/11 02:19:54 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{837BEB43-16A0-43A2-B4D8-84FA5C33C178}
[2012/06/11 02:19:43 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{2B42CAEC-736D-4EA9-826A-BB4385F13DAC}
[2012/06/10 14:19:24 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{5F2CC334-1724-43B1-87BB-074FB586E201}
[2012/06/10 14:19:06 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{A7E417DD-A6FF-47D1-B82E-F6C366CF9682}
[2012/06/10 02:18:51 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{45D18F5A-F0AE-43D8-9415-A8E5198EB3D8}
[2012/06/10 02:18:39 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{1B7D4C28-4CCD-4E2E-9121-E948E0685421}
[2012/06/09 14:18:20 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{B947B478-AF34-49CA-BC81-AE86DA5E0308}
[2012/06/09 14:18:05 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{F9446DA4-4C5D-4A57-9159-097CDC6DC45C}
[2012/06/09 02:17:53 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{05C77F65-3D7E-418E-824B-762DF54E906D}
[2012/06/09 02:17:41 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{390101E4-F18F-4106-B82B-BC93D1F0328A}
[2012/06/09 00:51:34 | 000,000,000 | ---D | C] -- C:\Users\JMo\Documents\Downloads
[2012/06/09 00:36:27 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\SKIDROW
[2012/06/08 14:17:16 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{E6D19FBB-8581-49EC-8106-10BA520ACAB2}
[2012/06/08 14:17:02 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{5FF4D22C-CC28-48F1-87D9-42AA89AB4B4A}
[2012/06/08 02:16:37 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{699FD645-461E-47F4-8CE9-600E08621E3E}
[2012/06/07 14:16:13 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{42352C3B-C5B7-4BBE-A326-D87247EEBA34}
[2012/06/07 14:16:01 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{524E4368-C6D1-4CBA-BB64-AC9285EC9859}
[2012/06/06 19:19:34 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2012/06/06 19:19:34 | 000,000,000 | ---D | C] -- C:\Fraps
[2012/06/06 14:04:45 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\LogiShrd
[2012/06/06 14:04:40 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Roaming\Leadertech
[2012/06/06 14:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2012/06/06 14:04:30 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012/06/06 14:03:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2012/06/06 14:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/06/06 14:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/06/06 14:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2012/06/06 14:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2012/06/06 14:03:22 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Roaming\Logitech
[2012/06/06 14:03:22 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Roaming\Logishrd
[2012/06/06 13:59:30 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{DF68FFAF-6FE0-447D-8993-524F388C7CB3}
[2012/06/06 13:59:08 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{6B59F967-71D6-464D-BCE5-F2DA34F63FC5}
[2012/06/05 21:31:22 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{DDE0D9A0-3CA0-451E-86F6-88BC29677F4D}
[2012/06/05 16:23:20 | 000,000,000 | ---D | C] -- C:\Users\JMo\Documents\Rockstar Games
[2012/06/05 15:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012/06/05 15:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games
[2012/06/05 15:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012/06/05 09:30:58 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{53313F3F-E7E9-4CA0-9B45-D3EB97E6A35A}
[2012/06/04 21:30:34 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{FDFC5287-1087-4CE3-94A3-51498257C0A8}
[2012/06/04 14:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/06/04 14:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/04 14:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/04 14:37:17 | 000,687,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/06/04 14:37:16 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/06/04 14:37:16 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/06/04 14:37:09 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/04 14:37:09 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/06/04 14:37:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/06/04 09:30:09 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{8B8CAA78-EAD8-4D9E-813B-6485985555D6}
[2012/06/03 21:29:46 | 000,000,000 | ---D | C] -- C:\Users\JMo\AppData\Local\{A840585E-3825-4FF0-8CE1-D5BEFE65846E}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/03 14:01:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\JMo\Desktop\OTL.exe
[2012/07/03 13:44:44 | 000,000,512 | ---- | M] () -- C:\Users\JMo\Desktop\MBR.dat
[2012/07/03 13:31:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\JMo\Desktop\aswMBR(1).exe
[2012/07/03 13:30:54 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\JMo\Desktop\tdsskiller(1).exe
[2012/07/03 13:12:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/03 11:51:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/03 11:51:12 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/03 11:51:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/03 11:51:01 | 4281,688,062 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/03 11:50:10 | 000,020,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/03 11:50:10 | 000,020,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/03 08:14:08 | 101,039,536 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/02 16:20:14 | 000,000,168 | ---- | M] () -- C:\Users\JMo\defogger_reenable
[2012/07/02 15:38:27 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/01 21:13:02 | 000,282,696 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/07/01 21:13:02 | 000,282,696 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/01 14:01:09 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) -- C:\Windows\SysWow64\xsherlock.xem
[2012/06/30 08:50:25 | 000,282,696 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/06/29 12:02:59 | 522,324,802 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/25 17:24:39 | 000,350,085 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/23 21:59:12 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/06/21 03:37:14 | 003,166,792 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/06/18 07:26:16 | 000,001,916 | ---- | M] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012/06/17 14:46:48 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/06/17 14:44:33 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012/06/17 10:08:56 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012/06/15 22:50:10 | 000,000,892 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012/06/11 13:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2012/06/11 13:50:46 | 000,187,392 | ---- | M] () -- C:\Windows\SysNative\clinfo.exe
[2012/06/11 13:50:30 | 000,075,264 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OpenVideo64.dll
[2012/06/11 13:50:24 | 000,065,024 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OpenVideo.dll
[2012/06/11 13:50:18 | 000,063,488 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OVDecode64.dll
[2012/06/11 13:50:14 | 000,056,320 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OVDecode.dll
[2012/06/11 13:50:06 | 016,457,728 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll
[2012/06/11 13:49:22 | 013,008,896 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll
[2012/06/11 13:35:48 | 000,070,144 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst_8.98.dll
[2012/06/11 13:29:34 | 024,826,368 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2012/06/11 13:00:32 | 020,467,712 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2012/06/11 12:26:12 | 000,263,840 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012/06/11 12:26:12 | 000,263,840 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/06/11 12:25:06 | 000,163,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2012/06/11 12:24:58 | 000,924,160 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2012/06/11 12:23:12 | 001,090,560 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2012/06/11 12:20:02 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2012/06/11 12:19:58 | 000,532,992 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/06/11 12:19:14 | 000,239,616 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/06/11 12:17:56 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/06/11 12:17:42 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/06/11 12:17:38 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2012/06/11 12:17:32 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2012/06/11 12:16:48 | 006,301,696 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2012/06/11 12:01:56 | 006,914,560 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2012/06/11 11:51:54 | 004,246,528 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2012/06/11 11:50:16 | 002,936,864 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/06/11 11:45:48 | 000,051,200 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2012/06/11 11:45:46 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2012/06/11 11:45:44 | 005,480,448 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2012/06/11 11:45:40 | 000,044,544 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2012/06/11 11:45:38 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2012/06/11 11:45:26 | 015,703,040 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2012/06/11 11:43:18 | 004,729,344 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2012/06/11 11:41:48 | 002,971,136 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/06/11 11:40:58 | 013,277,696 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2012/06/11 11:36:56 | 006,605,824 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2012/06/11 11:27:02 | 000,539,136 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2012/06/11 11:26:52 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2012/06/11 11:26:40 | 000,017,920 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2012/06/11 11:26:36 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2012/06/11 11:26:36 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2012/06/11 11:26:30 | 000,041,984 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2012/06/11 11:26:22 | 000,033,280 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2012/06/11 11:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2012/06/11 11:25:20 | 000,054,784 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2012/06/11 11:25:12 | 000,042,496 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2012/06/11 11:25:06 | 000,045,056 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2012/06/11 11:24:58 | 000,032,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2012/06/11 11:24:24 | 000,053,248 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2012/06/11 11:23:18 | 000,056,320 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2012/06/11 11:23:18 | 000,056,320 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2012/06/11 11:23:10 | 000,056,832 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2012/06/11 11:23:10 | 000,056,832 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2012/06/09 00:19:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2012/06/08 12:46:43 | 000,000,975 | ---- | M] () -- C:\Users\JMo\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk
[2012/06/08 12:46:43 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2012/06/06 19:19:34 | 000,000,562 | ---- | M] () -- C:\Users\JMo\Desktop\Fraps.lnk
[2012/06/04 14:37:04 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/04 14:37:04 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/03 13:44:44 | 000,000,512 | ---- | C] () -- C:\Users\JMo\Desktop\MBR.dat
[2012/07/02 16:20:14 | 000,000,168 | ---- | C] () -- C:\Users\JMo\defogger_reenable
[2012/06/30 00:48:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/30 00:48:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/30 00:48:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/30 00:48:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/30 00:48:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/22 11:53:26 | 000,245,760 | ---- | C] () -- C:\Users\JMo\Desktop\Griever.exe
[2012/06/21 03:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/06/17 14:46:48 | 000,001,916 | ---- | C] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012/06/15 23:38:49 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/06/15 22:50:10 | 000,000,892 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012/06/11 13:50:46 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe
[2012/06/11 12:26:12 | 000,263,840 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012/06/11 12:26:12 | 000,263,840 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/06/11 11:50:16 | 002,936,864 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/06/11 11:41:48 | 002,971,136 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/06/08 12:42:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/06/06 19:19:34 | 000,000,562 | ---- | C] () -- C:\Users\JMo\Desktop\Fraps.lnk
[2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/19 20:13:11 | 000,007,602 | ---- | C] () -- C:\Users\JMo\AppData\Local\Resmon.ResmonCfg
[2012/03/14 19:03:21 | 000,000,344 | ---- | C] () -- C:\Windows\qawin32.INI
[2012/02/14 23:07:18 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/02/14 21:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 21:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/12/14 18:59:02 | 000,001,424 | -HS- | C] () -- C:\Users\JMo\AppData\Local\4a32bx0v66h183
[2011/12/14 18:59:02 | 000,001,424 | -HS- | C] () -- C:\ProgramData\4a32bx0v66h183
[2011/12/13 11:57:24 | 000,039,880 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe
[2011/11/30 14:53:34 | 000,171,008 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2011/11/30 14:53:26 | 006,244,574 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll
[2011/11/30 14:53:26 | 000,957,031 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll
[2011/11/30 14:53:26 | 000,337,369 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2011/11/30 14:53:26 | 000,197,696 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2011/11/30 14:53:26 | 000,127,340 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
[2011/11/23 16:05:58 | 000,282,696 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/23 16:05:57 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/11/21 18:23:29 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/21 15:15:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/21 15:10:36 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/11/21 06:42:24 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/11/21 06:38:32 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/11/20 06:34:48 | 003,900,928 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011/11/20 06:09:44 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/11/20 06:07:24 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011/11/20 06:07:06 | 000,133,632 | ---- | C] () -- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll
[2011/11/20 06:07:04 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011/11/20 06:07:04 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011/11/20 06:07:02 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011/11/20 06:07:02 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011/11/20 06:07:02 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011/11/20 06:07:02 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011/11/20 06:07:00 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011/11/20 06:06:58 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/30 08:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/23 02:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/03 06:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/03/03 06:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011/03/03 06:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/03/03 06:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/03/03 06:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/03/03 06:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/03/03 06:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/03/03 06:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011/03/03 06:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/03/03 06:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011/03/03 06:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/03/03 06:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/03/03 06:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2010/11/20 22:24:20 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat
[2010/08/18 14:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 03 July 2012 - 03:02 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL File not found
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    [2011/12/14 18:59:02 | 000,001,424 | -HS- | C] () -- C:\Users\JMo\AppData\Local\4a32bx0v66h183
    [2011/12/14 18:59:02 | 000,001,424 | -HS- | C] () -- C:\ProgramData\4a32bx0v66h183
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 JMo_0812

JMo_0812
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 03 July 2012 - 03:19 PM

Seems to have done something. I'm not redirecting as frequently. Maybe 1 out of every 5 or 6 links get redirected. The sites take about 10 seconds before they actually start loading in a new tab.

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
C:\Users\JMo\AppData\Local\4a32bx0v66h183 moved successfully.
C:\ProgramData\4a32bx0v66h183 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\JMo\Desktop\cmd.bat deleted successfully.
C:\Users\JMo\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: JMo
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: JMo
->Flash cache emptied: 77505 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07032012_150351

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 03 July 2012 - 05:06 PM

In what browsers does this happen in


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 JMo_0812

JMo_0812
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 04 July 2012 - 08:14 AM

Firefox. I've never used IE, it just recently upgraded to IE9 on its own.

EDIT: Computer rebooted and now every link is redirecting.

Edited by JMo_0812, 04 July 2012 - 09:06 AM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 04 July 2012 - 01:26 PM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 JMo_0812

JMo_0812
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 04 July 2012 - 06:09 PM

Windows IP Configuration

Host Name . . . . . . . . . . . . : JMo-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Tunngle:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9 (Tunngle)
Physical Address. . . . . . . . . : 00-FF-8E-B2-3F-AC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 50-E5-49-37-07-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5535:e002:78b4:75db%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, July 04, 2012 5:45:47 PM
Lease Expires . . . . . . . . . . : Wednesday, July 11, 2012 5:45:47 PM
Default Gateway . . . . . . . . . : fe80::224:1ff:fed8:9687%11
192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{38B3E089-4412-46E5-BD19-6A207C7CC123}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:18ed:2b98:b473:ed8(Preferred)
Link-local IPv6 Address . . . . . : fe80::18ed:2b98:b473:ed8%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{8EB23FAC-8C4A-4359-9DCE-2B3FEDA4DFEC}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2001:4860:4002:802::1001
74.125.227.66
74.125.227.70
74.125.227.72
74.125.227.68
74.125.227.71
74.125.227.73
74.125.227.64
74.125.227.78
74.125.227.67
74.125.227.69
74.125.227.65

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging google.com [74.125.227.65] with 32 bytes of data:
Reply from 74.125.227.65: bytes=32 time=15ms TTL=52
Reply from 74.125.227.65: bytes=32 time=16ms TTL=52

Ping statistics for 74.125.227.65:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 16ms, Average = 15ms

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=200ms TTL=50
Reply from 72.30.38.140: bytes=32 time=87ms TTL=50

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 87ms, Maximum = 200ms, Average = 143ms
===========================================================================
Interface List
15...00 ff 8e b2 3f ac ......TAP-Win32 Adapter V9 (Tunngle)
11...50 e5 49 37 07 df ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.100 276
192.168.0.100 255.255.255.255 On-link 192.168.0.100 276
192.168.0.255 255.255.255.255 On-link 192.168.0.100 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.100 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.100 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
11 276 ::/0 fe80::224:1ff:fed8:9687
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:18ed:2b98:b473:ed8/128
On-link
11 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::18ed:2b98:b473:ed8/128
On-link
11 276 fe80::5535:e002:78b4:75db/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 04 July 2012 - 07:38 PM

After you have run these steps - you need to let me know how the computer is doing

Resetting Router


  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you donít know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 JMo_0812

JMo_0812
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 06 July 2012 - 04:52 PM

Links still be redirected. Few of the redirected search engines are: http://63.209.69.107/search/web | http://8.26.70.252/see | search.us.b00kmarks.com
Router reset with custom passwords instead of defaults.



Windows IP Configuration

Host Name . . . . . . . . . . . . : JMo-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Tunngle:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9 (Tunngle)
Physical Address. . . . . . . . . : 00-FF-8E-B2-3F-AC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 50-E5-49-37-07-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5535:e002:78b4:75db%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, July 06, 2012 4:41:41 PM
Lease Expires . . . . . . . . . . : Friday, July 13, 2012 4:41:41 PM
Default Gateway . . . . . . . . . : fe80::224:1ff:fed8:9687%11
192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{38B3E089-4412-46E5-BD19-6A207C7CC123}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:281b:2ac2:b473:ed8(Preferred)
Link-local IPv6 Address . . . . . : fe80::281b:2ac2:b473:ed8%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{8EB23FAC-8C4A-4359-9DCE-2B3FEDA4DFEC}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2607:f8b0:4000:800::1002
74.125.227.0
74.125.227.4
74.125.227.7
74.125.227.6
74.125.227.9
74.125.227.5
74.125.227.14
74.125.227.3
74.125.227.8
74.125.227.1
74.125.227.2

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging google.com [74.125.227.2] with 32 bytes of data:
Reply from 74.125.227.2: bytes=32 time=15ms TTL=52
Reply from 74.125.227.2: bytes=32 time=14ms TTL=52

Ping statistics for 74.125.227.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 15ms, Average = 14ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=101ms TTL=43
Reply from 98.139.183.24: bytes=32 time=131ms TTL=44

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 101ms, Maximum = 131ms, Average = 116ms
===========================================================================
Interface List
15...00 ff 8e b2 3f ac ......TAP-Win32 Adapter V9 (Tunngle)
11...50 e5 49 37 07 df ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.100 276
192.168.0.100 255.255.255.255 On-link 192.168.0.100 276
192.168.0.255 255.255.255.255 On-link 192.168.0.100 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.100 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.100 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
11 276 ::/0 fe80::224:1ff:fed8:9687
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:281b:2ac2:b473:ed8/128
On-link
11 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::281b:2ac2:b473:ed8/128
On-link
11 276 fe80::5535:e002:78b4:75db/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================

Edited by JMo_0812, 06 July 2012 - 04:53 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users