Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack/Rootkit Virus


  • Please log in to reply
18 replies to this topic

#1 metalmikey

metalmikey

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 30 July 2012 - 03:15 AM

Hey everyone. I'm just trying to get down to the bottom of why my PC has been acting funny. Browsers are redirecting, and some other funny things are showing. I ran ComboFix and included my log below. If any kind person could give me a hand at getting my PC clean again I will greatly appreciate it. Thanks!

Attached File  ComboFix.txt   21.66KB   0 downloads

Edited by metalmikey, 30 July 2012 - 09:14 AM.


BC AdBot (Login to Remove)

 


#2 metalmikey

metalmikey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 30 July 2012 - 09:14 AM

Just realized I didn't attach my ComboFix file. Can anyone tell me what's wrong in my file?

Edited by metalmikey, 30 July 2012 - 09:15 AM.


#3 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:12 AM

Posted 01 August 2012 - 02:31 PM

Hello and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. :)


Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: Do not choose Cure or Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


----------Step 3----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 4----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

#4 metalmikey

metalmikey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 01 August 2012 - 09:16 PM

Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 32
Java™ 7 Update 3
Java version out of Date!
Mozilla Firefox (14.0.1)
Mozilla Thunderbird 12.0.1 Thunderbird out of Date!
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````



22:15:06.0407 1036 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:15:06.0712 1036 ============================================================
22:15:06.0712 1036 Current date / time: 2012/08/01 22:15:06.0712
22:15:06.0712 1036 SystemInfo:
22:15:06.0712 1036
22:15:06.0712 1036 OS Version: 6.1.7600 ServicePack: 0.0
22:15:06.0712 1036 Product type: Workstation
22:15:06.0712 1036 ComputerName: -
22:15:06.0712 1036 UserName: Michael
22:15:06.0712 1036 Windows directory: C:\Windows
22:15:06.0712 1036 System windows directory: C:\Windows
22:15:06.0712 1036 Running under WOW64
22:15:06.0712 1036 Processor architecture: Intel x64
22:15:06.0712 1036 Number of processors: 4
22:15:06.0712 1036 Page size: 0x1000
22:15:06.0712 1036 Boot type: Normal boot
22:15:06.0712 1036 ============================================================
22:15:07.0412 1036 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:15:07.0412 1036 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:15:07.0442 1036 ============================================================
22:15:07.0442 1036 \Device\Harddisk0\DR0:
22:15:07.0452 1036 MBR partitions:
22:15:07.0452 1036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A34E830
22:15:07.0452 1036 \Device\Harddisk1\DR1:
22:15:07.0452 1036 MBR partitions:
22:15:07.0452 1036 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
22:15:07.0452 1036 ============================================================
22:15:07.0502 1036 C: <-> \Device\Harddisk0\DR0\Partition0
22:15:07.0542 1036 D: <-> \Device\Harddisk1\DR1\Partition0
22:15:07.0542 1036 ============================================================
22:15:07.0542 1036 Initialize success
22:15:07.0542 1036 ============================================================
22:15:10.0317 4984 ============================================================
22:15:10.0317 4984 Scan started
22:15:10.0317 4984 Mode: Manual;
22:15:10.0317 4984 ============================================================
22:15:11.0632 4984 Scan interrupted by user!
22:15:11.0632 4984 Scan interrupted by user!
22:15:11.0632 4984 Scan interrupted by user!
22:15:11.0632 4984 ============================================================
22:15:11.0632 4984 Scan finished
22:15:11.0632 4984 ============================================================
22:15:11.0642 4368 Detected object count: 0
22:15:11.0642 4368 Actual detected object count: 0
22:15:12.0407 4776 ============================================================
22:15:12.0407 4776 Scan started
22:15:12.0407 4776 Mode: Manual;
22:15:12.0407 4776 ============================================================
22:15:12.0857 4776 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:15:12.0857 4776 1394ohci - ok
22:15:12.0892 4776 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:15:12.0897 4776 ACPI - ok
22:15:12.0907 4776 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:15:12.0907 4776 AcpiPmi - ok
22:15:13.0022 4776 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:15:13.0022 4776 AdobeFlashPlayerUpdateSvc - ok
22:15:13.0062 4776 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:15:13.0067 4776 adp94xx - ok
22:15:13.0107 4776 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:15:13.0107 4776 adpahci - ok
22:15:13.0127 4776 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:15:13.0132 4776 adpu320 - ok
22:15:13.0157 4776 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:15:13.0157 4776 AeLookupSvc - ok
22:15:13.0197 4776 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
22:15:13.0202 4776 AFD - ok
22:15:13.0222 4776 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:15:13.0222 4776 agp440 - ok
22:15:13.0242 4776 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:15:13.0242 4776 ALG - ok
22:15:13.0262 4776 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:15:13.0262 4776 aliide - ok
22:15:13.0267 4776 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:15:13.0267 4776 amdide - ok
22:15:13.0292 4776 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:15:13.0292 4776 AmdK8 - ok
22:15:13.0302 4776 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:15:13.0302 4776 AmdPPM - ok
22:15:13.0327 4776 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
22:15:13.0327 4776 amdsata - ok
22:15:13.0342 4776 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:15:13.0347 4776 amdsbs - ok
22:15:13.0357 4776 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
22:15:13.0357 4776 amdxata - ok
22:15:13.0382 4776 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:15:13.0382 4776 AppID - ok
22:15:13.0407 4776 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:15:13.0407 4776 AppIDSvc - ok
22:15:13.0437 4776 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
22:15:13.0437 4776 Appinfo - ok
22:15:13.0467 4776 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
22:15:13.0472 4776 AppMgmt - ok
22:15:13.0497 4776 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:15:13.0497 4776 arc - ok
22:15:13.0517 4776 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:15:13.0517 4776 arcsas - ok
22:15:13.0542 4776 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:15:13.0542 4776 AsyncMac - ok
22:15:13.0577 4776 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:15:13.0577 4776 atapi - ok
22:15:13.0672 4776 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
22:15:13.0682 4776 athr - ok
22:15:13.0787 4776 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:15:13.0787 4776 AudioEndpointBuilder - ok
22:15:13.0797 4776 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:15:13.0797 4776 AudioSrv - ok
22:15:13.0842 4776 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
22:15:13.0842 4776 Avgfwfd - ok
22:15:13.0952 4776 avgfws (5cd22eb540f82c70e33e530003f3903b) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
22:15:13.0962 4776 avgfws - ok
22:15:14.0112 4776 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
22:15:14.0127 4776 AVGIDSAgent - ok
22:15:14.0207 4776 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
22:15:14.0212 4776 AVGIDSDriver - ok
22:15:14.0217 4776 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
22:15:14.0222 4776 AVGIDSEH - ok
22:15:14.0232 4776 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
22:15:14.0232 4776 AVGIDSFilter - ok
22:15:14.0247 4776 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
22:15:14.0252 4776 Avgldx64 - ok
22:15:14.0262 4776 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
22:15:14.0262 4776 Avgmfx64 - ok
22:15:14.0277 4776 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
22:15:14.0277 4776 Avgrkx64 - ok
22:15:14.0307 4776 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
22:15:14.0307 4776 Avgtdia - ok
22:15:14.0402 4776 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
22:15:14.0402 4776 avgwd - ok
22:15:14.0437 4776 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
22:15:14.0437 4776 AxInstSV - ok
22:15:14.0487 4776 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:15:14.0492 4776 b06bdrv - ok
22:15:14.0532 4776 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:15:14.0532 4776 b57nd60a - ok
22:15:14.0572 4776 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:15:14.0572 4776 BDESVC - ok
22:15:14.0577 4776 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:15:14.0577 4776 Beep - ok
22:15:14.0647 4776 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
22:15:14.0652 4776 BFE - ok
22:15:14.0727 4776 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
22:15:14.0732 4776 BITS - ok
22:15:14.0762 4776 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:15:14.0762 4776 blbdrive - ok
22:15:14.0782 4776 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
22:15:14.0782 4776 bowser - ok
22:15:14.0837 4776 BPowMon (8680d1397255d533c9a0aafb64e55ff3) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
22:15:14.0837 4776 BPowMon - ok
22:15:14.0877 4776 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:15:14.0877 4776 BrFiltLo - ok
22:15:14.0887 4776 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:15:14.0887 4776 BrFiltUp - ok
22:15:14.0912 4776 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:15:14.0912 4776 BridgeMP - ok
22:15:14.0942 4776 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
22:15:14.0942 4776 Browser - ok
22:15:14.0962 4776 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:15:14.0967 4776 Brserid - ok
22:15:14.0977 4776 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:15:14.0977 4776 BrSerWdm - ok
22:15:14.0987 4776 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:15:14.0987 4776 BrUsbMdm - ok
22:15:14.0987 4776 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:15:14.0992 4776 BrUsbSer - ok
22:15:15.0002 4776 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:15:15.0002 4776 BTHMODEM - ok
22:15:15.0032 4776 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:15:15.0032 4776 bthserv - ok
22:15:15.0057 4776 catchme - ok
22:15:15.0082 4776 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:15:15.0087 4776 cdfs - ok
22:15:15.0122 4776 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:15:15.0122 4776 cdrom - ok
22:15:15.0137 4776 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:15:15.0137 4776 CertPropSvc - ok
22:15:15.0152 4776 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:15:15.0152 4776 circlass - ok
22:15:15.0182 4776 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:15:15.0182 4776 CLFS - ok
22:15:15.0272 4776 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:15:15.0272 4776 clr_optimization_v2.0.50727_32 - ok
22:15:15.0322 4776 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:15:15.0322 4776 clr_optimization_v2.0.50727_64 - ok
22:15:15.0387 4776 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:15:15.0387 4776 clr_optimization_v4.0.30319_32 - ok
22:15:15.0422 4776 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:15:15.0422 4776 clr_optimization_v4.0.30319_64 - ok
22:15:15.0442 4776 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:15:15.0442 4776 CmBatt - ok
22:15:15.0452 4776 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:15:15.0452 4776 cmdide - ok
22:15:15.0477 4776 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
22:15:15.0482 4776 CNG - ok
22:15:15.0492 4776 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:15:15.0492 4776 Compbatt - ok
22:15:15.0517 4776 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:15:15.0517 4776 CompositeBus - ok
22:15:15.0532 4776 COMSysApp - ok
22:15:15.0567 4776 cpuz135 (c08063f052308b6f5882482615387f30) C:\Windows\system32\drivers\cpuz135_x64.sys
22:15:15.0567 4776 cpuz135 - ok
22:15:15.0582 4776 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:15:15.0582 4776 crcdisk - ok
22:15:15.0627 4776 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
22:15:15.0627 4776 CryptSvc - ok
22:15:15.0657 4776 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
22:15:15.0657 4776 CSC - ok
22:15:15.0687 4776 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
22:15:15.0692 4776 CscService - ok
22:15:15.0792 4776 DAZContentManagementService (958ef96991abccfdac0953c4a24081dc) C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
22:15:15.0792 4776 DAZContentManagementService - ok
22:15:15.0822 4776 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
22:15:15.0827 4776 DcomLaunch - ok
22:15:15.0862 4776 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:15:15.0867 4776 defragsvc - ok
22:15:15.0922 4776 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
22:15:15.0922 4776 DfsC - ok
22:15:15.0957 4776 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
22:15:15.0962 4776 Dhcp - ok
22:15:15.0977 4776 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:15:15.0977 4776 discache - ok
22:15:16.0007 4776 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:15:16.0012 4776 Disk - ok
22:15:16.0027 4776 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
22:15:16.0032 4776 Dnscache - ok
22:15:16.0052 4776 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
22:15:16.0057 4776 dot3svc - ok
22:15:16.0067 4776 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
22:15:16.0067 4776 DPS - ok
22:15:16.0097 4776 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:15:16.0097 4776 drmkaud - ok
22:15:16.0132 4776 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:15:16.0132 4776 dtsoftbus01 - ok
22:15:16.0187 4776 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
22:15:16.0192 4776 DXGKrnl - ok
22:15:16.0247 4776 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:15:16.0247 4776 EapHost - ok
22:15:16.0362 4776 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:15:16.0382 4776 ebdrv - ok
22:15:16.0462 4776 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
22:15:16.0467 4776 EFS - ok
22:15:16.0527 4776 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
22:15:16.0532 4776 ehRecvr - ok
22:15:16.0547 4776 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:15:16.0547 4776 ehSched - ok
22:15:16.0607 4776 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:15:16.0612 4776 elxstor - ok
22:15:16.0627 4776 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:15:16.0632 4776 ErrDev - ok
22:15:16.0647 4776 EtronHub3 - ok
22:15:16.0647 4776 EtronXHCI - ok
22:15:16.0682 4776 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:15:16.0682 4776 EventSystem - ok
22:15:16.0712 4776 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:15:16.0712 4776 exfat - ok
22:15:16.0727 4776 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:15:16.0732 4776 fastfat - ok
22:15:16.0767 4776 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
22:15:16.0777 4776 Fax - ok
22:15:16.0782 4776 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:15:16.0782 4776 fdc - ok
22:15:16.0787 4776 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:15:16.0787 4776 fdPHost - ok
22:15:16.0807 4776 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:15:16.0807 4776 FDResPub - ok
22:15:16.0822 4776 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:15:16.0822 4776 FileInfo - ok
22:15:16.0832 4776 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:15:16.0832 4776 Filetrace - ok
22:15:16.0842 4776 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:15:16.0842 4776 flpydisk - ok
22:15:16.0862 4776 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:15:16.0867 4776 FltMgr - ok
22:15:16.0897 4776 FNETTBOH_305 (fe95ae537b41a7e2f4cfe353064dc4af) C:\Windows\system32\drivers\FNETTBOH_305.SYS
22:15:16.0897 4776 FNETTBOH_305 - ok
22:15:16.0947 4776 FNETURPX (7c3c4b4c951ec1bdfd4f769d05e2cc68) C:\Windows\system32\drivers\FNETURPX.SYS
22:15:16.0947 4776 FNETURPX - ok
22:15:17.0012 4776 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
22:15:17.0022 4776 FontCache - ok
22:15:17.0092 4776 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:15:17.0092 4776 FontCache3.0.0.0 - ok
22:15:17.0107 4776 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:15:17.0107 4776 FsDepends - ok
22:15:17.0117 4776 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:15:17.0117 4776 Fs_Rec - ok
22:15:17.0137 4776 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
22:15:17.0137 4776 fvevol - ok
22:15:17.0167 4776 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:15:17.0167 4776 gagp30kx - ok
22:15:17.0212 4776 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
22:15:17.0217 4776 gpsvc - ok
22:15:17.0257 4776 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:15:17.0257 4776 hcw85cir - ok
22:15:17.0302 4776 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:15:17.0302 4776 HdAudAddService - ok
22:15:17.0332 4776 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:15:17.0332 4776 HDAudBus - ok
22:15:17.0342 4776 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:15:17.0342 4776 HidBatt - ok
22:15:17.0357 4776 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:15:17.0357 4776 HidBth - ok
22:15:17.0382 4776 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:15:17.0382 4776 HidIr - ok
22:15:17.0397 4776 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:15:17.0397 4776 hidserv - ok
22:15:17.0417 4776 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:15:17.0417 4776 HidUsb - ok
22:15:17.0437 4776 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
22:15:17.0442 4776 hkmsvc - ok
22:15:17.0482 4776 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
22:15:17.0482 4776 HomeGroupListener - ok
22:15:17.0512 4776 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
22:15:17.0512 4776 HomeGroupProvider - ok
22:15:17.0537 4776 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:15:17.0537 4776 HpSAMD - ok
22:15:17.0557 4776 HtcUsbMdmV64 (7c7c986776d00e575bfbde5dcbdc615d) C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys
22:15:17.0557 4776 HtcUsbMdmV64 - ok
22:15:17.0607 4776 HtcVCom32 (7c7c986776d00e575bfbde5dcbdc615d) C:\Windows\system32\DRIVERS\HtcVComV64.sys
22:15:17.0607 4776 HtcVCom32 - ok
22:15:17.0652 4776 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:15:17.0657 4776 HTTP - ok
22:15:17.0692 4776 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:15:17.0692 4776 hwpolicy - ok
22:15:17.0717 4776 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:15:17.0717 4776 i8042prt - ok
22:15:17.0757 4776 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
22:15:17.0762 4776 iaStorV - ok
22:15:18.0032 4776 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:15:18.0037 4776 idsvc - ok
22:15:18.0387 4776 igfx (174bcac474de13b2650e444cf124828e) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:15:18.0427 4776 igfx - ok
22:15:18.0517 4776 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:15:18.0517 4776 iirsp - ok
22:15:18.0567 4776 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
22:15:18.0572 4776 IKEEXT - ok
22:15:18.0672 4776 IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys
22:15:18.0687 4776 IntcAzAudAddService - ok
22:15:18.0772 4776 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:15:18.0772 4776 intelide - ok
22:15:18.0792 4776 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:15:18.0792 4776 intelppm - ok
22:15:18.0807 4776 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:15:18.0807 4776 IPBusEnum - ok
22:15:18.0832 4776 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:15:18.0832 4776 IpFilterDriver - ok
22:15:18.0897 4776 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
22:15:18.0902 4776 iphlpsvc - ok
22:15:18.0917 4776 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:15:18.0917 4776 IPMIDRV - ok
22:15:18.0937 4776 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:15:18.0937 4776 IPNAT - ok
22:15:18.0957 4776 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:15:18.0957 4776 IRENUM - ok
22:15:18.0972 4776 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:15:18.0977 4776 isapnp - ok
22:15:18.0992 4776 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:15:18.0992 4776 iScsiPrt - ok
22:15:19.0012 4776 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:15:19.0012 4776 kbdclass - ok
22:15:19.0042 4776 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:15:19.0047 4776 kbdhid - ok
22:15:19.0062 4776 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
22:15:19.0067 4776 KeyIso - ok
22:15:19.0077 4776 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
22:15:19.0077 4776 KSecDD - ok
22:15:19.0092 4776 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
22:15:19.0092 4776 KSecPkg - ok
22:15:19.0107 4776 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:15:19.0107 4776 ksthunk - ok
22:15:19.0137 4776 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:15:19.0137 4776 KtmRm - ok
22:15:19.0172 4776 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\System32\srvsvc.dll
22:15:19.0177 4776 LanmanServer - ok
22:15:19.0217 4776 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
22:15:19.0222 4776 LanmanWorkstation - ok
22:15:19.0262 4776 LicCtrlService (29fab5363138f6e322f4cd780ed9d337) C:\Windows\runservice.exe
22:15:19.0267 4776 LicCtrlService - ok
22:15:19.0277 4776 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:15:19.0282 4776 lltdio - ok
22:15:19.0312 4776 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:15:19.0312 4776 lltdsvc - ok
22:15:19.0322 4776 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:15:19.0327 4776 lmhosts - ok
22:15:19.0417 4776 LMS (9ad4bee2fe76d4ca39ac969b617e94fb) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:15:19.0417 4776 LMS - ok
22:15:19.0442 4776 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:15:19.0442 4776 LSI_FC - ok
22:15:19.0457 4776 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:15:19.0457 4776 LSI_SAS - ok
22:15:19.0467 4776 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:15:19.0467 4776 LSI_SAS2 - ok
22:15:19.0487 4776 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:15:19.0487 4776 LSI_SCSI - ok
22:15:19.0507 4776 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:15:19.0507 4776 luafv - ok
22:15:19.0547 4776 MAFWPROFIRE (7212995303fb21e44457e0302ca59b65) C:\Windows\system32\DRIVERS\MAudioProFire.sys
22:15:19.0547 4776 MAFWPROFIRE - ok
22:15:19.0592 4776 MAUSBMIDI (6ea9aa4a432871225938cc6869e59213) C:\Windows\system32\DRIVERS\MAudioUSBMIDI.sys
22:15:19.0592 4776 MAUSBMIDI - ok
22:15:19.0617 4776 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
22:15:19.0617 4776 Mcx2Svc - ok
22:15:19.0647 4776 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:15:19.0647 4776 megasas - ok
22:15:19.0677 4776 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:15:19.0682 4776 MegaSR - ok
22:15:19.0707 4776 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
22:15:19.0707 4776 MEIx64 - ok
22:15:19.0782 4776 Microsoft SharePoint Workspace Audit Service - ok
22:15:19.0822 4776 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:15:19.0822 4776 MMCSS - ok
22:15:19.0837 4776 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:15:19.0837 4776 Modem - ok
22:15:19.0862 4776 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:15:19.0862 4776 monitor - ok
22:15:19.0897 4776 MotioninJoyXFilter (fc44ad48746ffa5fd640ef1260ab5ec2) C:\Windows\system32\DRIVERS\MijXfilt.sys
22:15:19.0897 4776 MotioninJoyXFilter - ok
22:15:19.0922 4776 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:15:19.0922 4776 mouclass - ok
22:15:19.0932 4776 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:15:19.0937 4776 mouhid - ok
22:15:19.0957 4776 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:15:19.0957 4776 mountmgr - ok
22:15:20.0012 4776 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:15:20.0012 4776 MozillaMaintenance - ok
22:15:20.0027 4776 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:15:20.0032 4776 mpio - ok
22:15:20.0047 4776 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:15:20.0047 4776 mpsdrv - ok
22:15:20.0112 4776 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
22:15:20.0122 4776 MpsSvc - ok
22:15:20.0162 4776 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:15:20.0162 4776 MRxDAV - ok
22:15:20.0192 4776 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:15:20.0197 4776 mrxsmb - ok
22:15:20.0217 4776 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:15:20.0217 4776 mrxsmb10 - ok
22:15:20.0237 4776 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:15:20.0242 4776 mrxsmb20 - ok
22:15:20.0252 4776 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
22:15:20.0257 4776 msahci - ok
22:15:20.0272 4776 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:15:20.0272 4776 msdsm - ok
22:15:20.0302 4776 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:15:20.0302 4776 MSDTC - ok
22:15:20.0322 4776 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:15:20.0322 4776 Msfs - ok
22:15:20.0337 4776 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:15:20.0337 4776 mshidkmdf - ok
22:15:20.0352 4776 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:15:20.0352 4776 msisadrv - ok
22:15:20.0377 4776 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:15:20.0377 4776 MSiSCSI - ok
22:15:20.0382 4776 msiserver - ok
22:15:20.0422 4776 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:15:20.0422 4776 MSKSSRV - ok
22:15:20.0432 4776 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:15:20.0432 4776 MSPCLOCK - ok
22:15:20.0457 4776 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:15:20.0457 4776 MSPQM - ok
22:15:20.0482 4776 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:15:20.0487 4776 MsRPC - ok
22:15:20.0497 4776 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:15:20.0497 4776 mssmbios - ok
22:15:20.0502 4776 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:15:20.0502 4776 MSTEE - ok
22:15:20.0532 4776 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:15:20.0532 4776 MTConfig - ok
22:15:20.0547 4776 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:15:20.0547 4776 Mup - ok
22:15:20.0582 4776 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
22:15:20.0587 4776 napagent - ok
22:15:20.0627 4776 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:15:20.0627 4776 NativeWifiP - ok
22:15:20.0692 4776 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:15:20.0702 4776 NDIS - ok
22:15:20.0737 4776 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:15:20.0742 4776 NdisCap - ok
22:15:20.0757 4776 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:15:20.0757 4776 NdisTapi - ok
22:15:20.0772 4776 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:15:20.0772 4776 Ndisuio - ok
22:15:20.0797 4776 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:15:20.0797 4776 NdisWan - ok
22:15:20.0812 4776 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:15:20.0817 4776 NDProxy - ok
22:15:20.0827 4776 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:15:20.0827 4776 NetBIOS - ok
22:15:20.0852 4776 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:15:20.0857 4776 NetBT - ok
22:15:20.0862 4776 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
22:15:20.0867 4776 Netlogon - ok
22:15:20.0887 4776 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:15:20.0892 4776 Netman - ok
22:15:20.0917 4776 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:15:20.0922 4776 netprofm - ok
22:15:20.0967 4776 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
22:15:20.0972 4776 netr28x - ok
22:15:21.0012 4776 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys
22:15:21.0017 4776 netr7364 - ok
22:15:21.0082 4776 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:15:21.0082 4776 NetTcpPortSharing - ok
22:15:21.0252 4776 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
22:15:21.0282 4776 netw5v64 - ok
22:15:21.0392 4776 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:15:21.0392 4776 nfrd960 - ok
22:15:21.0427 4776 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
22:15:21.0432 4776 NlaSvc - ok
22:15:21.0447 4776 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:15:21.0447 4776 Npfs - ok
22:15:21.0457 4776 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:15:21.0462 4776 nsi - ok
22:15:21.0462 4776 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:15:21.0467 4776 nsiproxy - ok
22:15:21.0522 4776 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
22:15:21.0532 4776 Ntfs - ok
22:15:21.0612 4776 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:15:21.0612 4776 Null - ok
22:15:22.0012 4776 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:15:22.0057 4776 nvlddmkm - ok
22:15:22.0182 4776 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
22:15:22.0187 4776 nvraid - ok
22:15:22.0222 4776 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
22:15:22.0227 4776 nvstor - ok
22:15:22.0287 4776 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
22:15:22.0297 4776 nvsvc - ok
22:15:22.0377 4776 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:15:22.0387 4776 nvUpdatusService - ok
22:15:22.0482 4776 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:15:22.0482 4776 nv_agp - ok
22:15:22.0497 4776 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:15:22.0502 4776 ohci1394 - ok
22:15:22.0567 4776 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:15:22.0567 4776 ose - ok
22:15:22.0742 4776 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:15:22.0762 4776 osppsvc - ok
22:15:22.0827 4776 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:15:22.0832 4776 p2pimsvc - ok
22:15:22.0852 4776 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:15:22.0857 4776 p2psvc - ok
22:15:22.0902 4776 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:15:22.0902 4776 Parport - ok
22:15:22.0907 4776 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
22:15:22.0907 4776 partmgr - ok
22:15:22.0927 4776 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:15:22.0932 4776 PcaSvc - ok
22:15:22.0957 4776 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:15:22.0957 4776 pci - ok
22:15:22.0967 4776 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:15:22.0967 4776 pciide - ok
22:15:22.0987 4776 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:15:22.0987 4776 pcmcia - ok
22:15:23.0017 4776 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:15:23.0017 4776 pcw - ok
22:15:23.0047 4776 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:15:23.0047 4776 PEAUTH - ok
22:15:23.0097 4776 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
22:15:23.0107 4776 PeerDistSvc - ok
22:15:23.0157 4776 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:15:23.0162 4776 PerfHost - ok
22:15:23.0267 4776 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
22:15:23.0277 4776 pla - ok
22:15:23.0322 4776 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
22:15:23.0327 4776 PlugPlay - ok
22:15:23.0342 4776 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:15:23.0342 4776 PNRPAutoReg - ok
22:15:23.0367 4776 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:15:23.0367 4776 PNRPsvc - ok
22:15:23.0402 4776 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
22:15:23.0407 4776 PolicyAgent - ok
22:15:23.0427 4776 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:15:23.0427 4776 Power - ok
22:15:23.0487 4776 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:15:23.0487 4776 PptpMiniport - ok
22:15:23.0502 4776 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:15:23.0502 4776 Processor - ok
22:15:23.0532 4776 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
22:15:23.0537 4776 ProfSvc - ok
22:15:23.0552 4776 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
22:15:23.0552 4776 ProtectedStorage - ok
22:15:23.0577 4776 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:15:23.0582 4776 Psched - ok
22:15:23.0647 4776 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:15:23.0657 4776 ql2300 - ok
22:15:23.0762 4776 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:15:23.0762 4776 ql40xx - ok
22:15:23.0807 4776 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:15:23.0807 4776 QWAVE - ok
22:15:23.0822 4776 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:15:23.0822 4776 QWAVEdrv - ok
22:15:23.0877 4776 RalinkRegistryWriter (e155e09229624c69a1a6609c0cb3641f) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
22:15:23.0877 4776 RalinkRegistryWriter - ok
22:15:23.0897 4776 RalinkRegistryWriter64 (42a952ca5f9de8fcec25307b19570bb9) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
22:15:23.0902 4776 RalinkRegistryWriter64 - ok
22:15:23.0917 4776 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:15:23.0917 4776 RasAcd - ok
22:15:23.0952 4776 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:15:23.0952 4776 RasAgileVpn - ok
22:15:23.0967 4776 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:15:23.0967 4776 RasAuto - ok
22:15:23.0987 4776 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:15:23.0987 4776 Rasl2tp - ok
22:15:24.0012 4776 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
22:15:24.0012 4776 RasMan - ok
22:15:24.0027 4776 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:15:24.0032 4776 RasPppoe - ok
22:15:24.0042 4776 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:15:24.0047 4776 RasSstp - ok
22:15:24.0072 4776 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:15:24.0072 4776 rdbss - ok
22:15:24.0082 4776 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:15:24.0082 4776 rdpbus - ok
22:15:24.0107 4776 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:15:24.0107 4776 RDPCDD - ok
22:15:24.0152 4776 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
22:15:24.0152 4776 RDPDR - ok
22:15:24.0167 4776 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:15:24.0167 4776 RDPENCDD - ok
22:15:24.0177 4776 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:15:24.0177 4776 RDPREFMP - ok
22:15:24.0202 4776 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
22:15:24.0202 4776 RDPWD - ok
22:15:24.0232 4776 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
22:15:24.0237 4776 rdyboost - ok
22:15:24.0272 4776 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:15:24.0277 4776 RemoteAccess - ok
22:15:24.0302 4776 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:15:24.0302 4776 RemoteRegistry - ok
22:15:24.0317 4776 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:15:24.0322 4776 RpcEptMapper - ok
22:15:24.0332 4776 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:15:24.0332 4776 RpcLocator - ok
22:15:24.0357 4776 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
22:15:24.0362 4776 RpcSs - ok
22:15:24.0387 4776 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:15:24.0387 4776 rspndr - ok
22:15:24.0427 4776 rt61x64 (ec7f0030d58886b0fcd3eefb1c51f8e2) C:\Windows\system32\DRIVERS\netr6164.sys
22:15:24.0432 4776 rt61x64 - ok
22:15:24.0477 4776 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:15:24.0482 4776 RTL8167 - ok
22:15:24.0497 4776 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
22:15:24.0497 4776 s3cap - ok
22:15:24.0512 4776 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
22:15:24.0512 4776 SamSs - ok
22:15:24.0532 4776 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:15:24.0532 4776 sbp2port - ok
22:15:24.0562 4776 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:15:24.0562 4776 SCardSvr - ok
22:15:24.0582 4776 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:15:24.0582 4776 scfilter - ok
22:15:24.0627 4776 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
22:15:24.0637 4776 Schedule - ok
22:15:24.0662 4776 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:15:24.0662 4776 SCPolicySvc - ok
22:15:24.0682 4776 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
22:15:24.0682 4776 SDRSVC - ok
22:15:24.0717 4776 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:15:24.0717 4776 secdrv - ok
22:15:24.0727 4776 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
22:15:24.0727 4776 seclogon - ok
22:15:24.0742 4776 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:15:24.0747 4776 SENS - ok
22:15:24.0767 4776 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:15:24.0767 4776 SensrSvc - ok
22:15:24.0782 4776 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:15:24.0787 4776 Serenum - ok
22:15:24.0807 4776 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:15:24.0807 4776 Serial - ok
22:15:24.0832 4776 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:15:24.0832 4776 sermouse - ok
22:15:24.0852 4776 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
22:15:24.0857 4776 SessionEnv - ok
22:15:24.0867 4776 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
22:15:24.0867 4776 sffdisk - ok
22:15:24.0872 4776 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:15:24.0872 4776 sffp_mmc - ok
22:15:24.0882 4776 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:15:24.0882 4776 sffp_sd - ok
22:15:24.0887 4776 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:15:24.0887 4776 sfloppy - ok
22:15:24.0932 4776 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:15:24.0937 4776 SharedAccess - ok
22:15:24.0972 4776 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
22:15:24.0977 4776 ShellHWDetection - ok
22:15:25.0002 4776 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:15:25.0002 4776 SiSRaid2 - ok
22:15:25.0017 4776 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:15:25.0017 4776 SiSRaid4 - ok
22:15:25.0082 4776 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:15:25.0082 4776 SkypeUpdate - ok
22:15:25.0107 4776 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:15:25.0107 4776 Smb - ok
22:15:25.0157 4776 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:15:25.0157 4776 SNMPTRAP - ok
22:15:25.0167 4776 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:15:25.0167 4776 spldr - ok
22:15:25.0187 4776 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe
22:15:25.0192 4776 Spooler - ok
22:15:25.0322 4776 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
22:15:25.0337 4776 sppsvc - ok
22:15:25.0407 4776 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:15:25.0412 4776 sppuinotify - ok
22:15:25.0457 4776 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
22:15:25.0462 4776 srv - ok
22:15:25.0482 4776 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
22:15:25.0487 4776 srv2 - ok
22:15:25.0507 4776 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
22:15:25.0512 4776 srvnet - ok
22:15:25.0537 4776 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:15:25.0542 4776 SSDPSRV - ok
22:15:25.0552 4776 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:15:25.0552 4776 SstpSvc - ok
22:15:25.0567 4776 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:15:25.0567 4776 stexstor - ok
22:15:25.0627 4776 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
22:15:25.0632 4776 stisvc - ok
22:15:25.0657 4776 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
22:15:25.0662 4776 storflt - ok
22:15:25.0682 4776 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
22:15:25.0682 4776 storvsc - ok
22:15:25.0697 4776 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:15:25.0697 4776 swenum - ok
22:15:25.0817 4776 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:15:25.0822 4776 SwitchBoard - ok
22:15:25.0852 4776 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:15:25.0857 4776 swprv - ok
22:15:25.0947 4776 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
22:15:25.0962 4776 SysMain - ok
22:15:26.0042 4776 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
22:15:26.0047 4776 TabletInputService - ok
22:15:26.0072 4776 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
22:15:26.0077 4776 TapiSrv - ok
22:15:26.0102 4776 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:15:26.0102 4776 TBS - ok
22:15:26.0192 4776 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
22:15:26.0202 4776 Tcpip - ok
22:15:26.0382 4776 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
22:15:26.0392 4776 TCPIP6 - ok
22:15:26.0422 4776 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:15:26.0422 4776 tcpipreg - ok
22:15:26.0432 4776 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:15:26.0432 4776 TDPIPE - ok
22:15:26.0437 4776 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:15:26.0437 4776 TDTCP - ok
22:15:26.0452 4776 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:15:26.0452 4776 tdx - ok
22:15:26.0467 4776 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:15:26.0467 4776 TermDD - ok
22:15:26.0517 4776 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
22:15:26.0522 4776 TermService - ok
22:15:26.0537 4776 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:15:26.0542 4776 Themes - ok
22:15:26.0557 4776 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:15:26.0562 4776 THREADORDER - ok
22:15:26.0572 4776 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:15:26.0572 4776 TrkWks - ok
22:15:26.0607 4776 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
22:15:26.0612 4776 TrustedInstaller - ok
22:15:26.0637 4776 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:15:26.0637 4776 tssecsrv - ok
22:15:26.0667 4776 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:15:26.0667 4776 tunnel - ok
22:15:26.0682 4776 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:15:26.0682 4776 uagp35 - ok
22:15:26.0702 4776 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
22:15:26.0707 4776 udfs - ok
22:15:26.0727 4776 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:15:26.0727 4776 UI0Detect - ok
22:15:26.0737 4776 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:15:26.0737 4776 uliagpkx - ok
22:15:26.0762 4776 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:15:26.0762 4776 umbus - ok
22:15:26.0782 4776 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:15:26.0782 4776 UmPass - ok
22:15:26.0802 4776 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
22:15:26.0807 4776 UmRdpService - ok
22:15:26.0987 4776 UNS (cd114ce02a10fa79c229770788106842) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:15:26.0997 4776 UNS - ok
22:15:27.0072 4776 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:15:27.0072 4776 upnphost - ok
22:15:27.0212 4776 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
22:15:27.0212 4776 usbaudio - ok
22:15:27.0247 4776 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
22:15:27.0247 4776 usbccgp - ok
22:15:27.0267 4776 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:15:27.0267 4776 usbcir - ok
22:15:27.0282 4776 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
22:15:27.0287 4776 usbehci - ok
22:15:27.0307 4776 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
22:15:27.0312 4776 usbhub - ok
22:15:27.0382 4776 USBMIDIAudioDevMon (8d557006bb327c29cdd6a01ba49e0e4e) C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
22:15:27.0387 4776 USBMIDIAudioDevMon - ok
22:15:27.0467 4776 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
22:15:27.0467 4776 usbohci - ok
22:15:27.0477 4776 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:15:27.0477 4776 usbprint - ok
22:15:27.0497 4776 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:15:27.0497 4776 USBSTOR - ok
22:15:27.0512 4776 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:15:27.0512 4776 usbuhci - ok
22:15:27.0527 4776 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:15:27.0527 4776 UxSms - ok
22:15:27.0542 4776 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
22:15:27.0542 4776 VaultSvc - ok
22:15:27.0562 4776 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:15:27.0562 4776 vdrvroot - ok
22:15:27.0597 4776 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
22:15:27.0602 4776 vds - ok
22:15:27.0622 4776 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:15:27.0622 4776 vga - ok
22:15:27.0632 4776 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:15:27.0632 4776 VgaSave - ok
22:15:27.0657 4776 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:15:27.0657 4776 vhdmp - ok
22:15:27.0667 4776 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:15:27.0667 4776 viaide - ok
22:15:27.0677 4776 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
22:15:27.0677 4776 vmbus - ok
22:15:27.0697 4776 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
22:15:27.0697 4776 VMBusHID - ok
22:15:27.0717 4776 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:15:27.0717 4776 volmgr - ok
22:15:27.0742 4776 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:15:27.0747 4776 volmgrx - ok
22:15:27.0777 4776 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:15:27.0782 4776 volsnap - ok
22:15:27.0807 4776 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:15:27.0812 4776 vsmraid - ok
22:15:27.0922 4776 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
22:15:27.0932 4776 VSS - ok
22:15:28.0177 4776 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:15:28.0177 4776 vwifibus - ok
22:15:28.0202 4776 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:15:28.0207 4776 vwififlt - ok
22:15:28.0227 4776 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:15:28.0227 4776 vwifimp - ok
22:15:28.0262 4776 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:15:28.0267 4776 W32Time - ok
22:15:28.0287 4776 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:15:28.0287 4776 WacomPen - ok
22:15:28.0327 4776 wampapache (5cf6e9a685199445fee02fe8c191c9ba) c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
22:15:28.0327 4776 wampapache - ok
22:15:28.0362 4776 wampmysqld - ok
22:15:28.0387 4776 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:15:28.0387 4776 WANARP - ok
22:15:28.0392 4776 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:15:28.0392 4776 Wanarpv6 - ok
22:15:28.0462 4776 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
22:15:28.0477 4776 wbengine - ok
22:15:28.0552 4776 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:15:28.0552 4776 WbioSrvc - ok
22:15:28.0577 4776 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
22:15:28.0582 4776 wcncsvc - ok
22:15:28.0587 4776 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:15:28.0592 4776 WcsPlugInService - ok
22:15:28.0627 4776 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:15:28.0627 4776 Wd - ok
22:15:28.0662 4776 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:15:28.0662 4776 Wdf01000 - ok
22:15:28.0677 4776 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:15:28.0682 4776 WdiServiceHost - ok
22:15:28.0682 4776 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:15:28.0682 4776 WdiSystemHost - ok
22:15:28.0712 4776 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
22:15:28.0717 4776 WebClient - ok
22:15:28.0732 4776 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:15:28.0732 4776 Wecsvc - ok
22:15:28.0757 4776 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:15:28.0757 4776 wercplsupport - ok
22:15:28.0777 4776 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:15:28.0777 4776 WerSvc - ok
22:15:28.0797 4776 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:15:28.0797 4776 WfpLwf - ok
22:15:28.0812 4776 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:15:28.0812 4776 WIMMount - ok
22:15:28.0857 4776 WinDefend - ok
22:15:28.0862 4776 WinHttpAutoProxySvc - ok
22:15:28.0927 4776 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:15:28.0927 4776 Winmgmt - ok
22:15:29.0002 4776 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
22:15:29.0017 4776 WinRM - ok
22:15:29.0097 4776 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:15:29.0102 4776 Wlansvc - ok
22:15:29.0137 4776 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:15:29.0137 4776 WmiAcpi - ok
22:15:29.0202 4776 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:15:29.0207 4776 wmiApSrv - ok
22:15:29.0247 4776 WMPNetworkSvc - ok
22:15:29.0272 4776 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:15:29.0272 4776 WPCSvc - ok
22:15:29.0297 4776 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
22:15:29.0297 4776 WPDBusEnum - ok
22:15:29.0307 4776 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:15:29.0307 4776 ws2ifsl - ok
22:15:29.0332 4776 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:15:29.0332 4776 wscsvc - ok
22:15:29.0337 4776 WSearch - ok
22:15:29.0452 4776 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
22:15:29.0472 4776 wuauserv - ok
22:15:29.0542 4776 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
22:15:29.0542 4776 WudfPf - ok
22:15:29.0582 4776 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:15:29.0582 4776 WUDFRd - ok
22:15:29.0612 4776 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
22:15:29.0617 4776 wudfsvc - ok
22:15:29.0637 4776 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:15:29.0642 4776 WwanSvc - ok
22:15:29.0702 4776 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
22:15:29.0712 4776 xnacc - ok
22:15:29.0757 4776 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
22:15:29.0757 4776 xusb21 - ok
22:15:29.0827 4776 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:15:29.0962 4776 \Device\Harddisk0\DR0 - ok
22:15:29.0962 4776 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
22:15:30.0042 4776 \Device\Harddisk1\DR1 - ok
22:15:30.0042 4776 Boot (0x1200) (b7bd12b46425818dfbe1ee599960d7e0) \Device\Harddisk0\DR0\Partition0
22:15:30.0042 4776 \Device\Harddisk0\DR0\Partition0 - ok
22:15:30.0047 4776 Boot (0x1200) (88266da0d0e2b9e8e43af15ae22a006f) \Device\Harddisk1\DR1\Partition0
22:15:30.0047 4776 \Device\Harddisk1\DR1\Partition0 - ok
22:15:30.0052 4776 ============================================================
22:15:30.0052 4776 Scan finished
22:15:30.0052 4776 ============================================================
22:15:30.0057 4152 Detected object count: 0
22:15:30.0057 4152 Actual detected object count: 0







ComboFix is already attached in my first post.

My system is faster but now I am getting random screen flickers along with a USB connect/disconnect sound every few minutes. I am not using anything USB...

#5 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:12 AM

Posted 01 August 2012 - 09:36 PM

ComboFix is already attached in my first post.

I am aware. Please run it again. :)

#6 metalmikey

metalmikey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 01 August 2012 - 10:14 PM

Here ya go.

Attached Files



#7 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:12 AM

Posted 01 August 2012 - 11:42 PM

Let's get an OTL report. I'd like to take a deeper look at a few more things.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


#8 metalmikey

metalmikey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 02 August 2012 - 12:05 AM

OTL logfile created on: 8/2/2012 1:01:23 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Michael\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 5.90 Gb Available Physical Memory | 74.60% Memory free
15.83 Gb Paging File | 13.80 Gb Available in Paging File | 87.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.65 Gb Total Space | 141.30 Gb Free Space | 30.34% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 0.52 Gb Free Space | 0.17% Space Free | Partition Type: NTFS
Drive E: | 164.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: - | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/02 01:00:47 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2012/07/31 20:26:30 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/30 23:11:04 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2012/07/30 17:43:29 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
PRC - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/02/22 12:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/22 12:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/04/13 15:47:14 | 001,636,872 | ---- | M] (M-Audio) -- C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
PRC - [2010/03/01 17:16:06 | 000,313,864 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\SysWOW64\MAFWDITray.exe
PRC - [2009/08/20 17:42:38 | 001,560,576 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe
PRC - [2009/07/14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/31 20:26:30 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/07/30 17:43:29 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/08/20 21:59:58 | 000,860,160 | ---- | M] () -- C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/05 16:36:05 | 000,022,528 | ---- | M] () [Auto | Running] -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe -- (DAZContentManagementService)
SRV:64bit: - [2011/01/31 16:59:14 | 000,118,120 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe -- (BPowMon)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/31 20:26:30 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/30 23:11:04 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2012/07/30 17:43:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/25 09:56:30 | 009,690,112 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe -- (wampmysqld)
SRV - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/26 10:06:54 | 000,021,504 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/22 12:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/22 12:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/04/13 15:47:14 | 001,636,872 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe -- (USBMIDIAudioDevMon)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 21:53:32 | 000,211,232 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2009/07/14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/28 02:46:34 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2012/05/26 21:55:40 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2012/04/09 19:01:01 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/04/21 14:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/09 23:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/04/13 15:47:12 | 000,200,200 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioUSBMIDI.sys -- (MAUSBMIDI)
DRV:64bit: - [2010/03/08 13:08:36 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcVComV64.sys -- (HtcVCom32)
DRV:64bit: - [2010/03/08 13:03:54 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcUsbMdmV64.sys -- (HtcUsbMdmV64)
DRV:64bit: - [2010/03/01 17:15:50 | 000,287,240 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioProFire.sys -- (MAFWPROFIRE)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 16:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 17:35:30 | 000,438,784 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3078889156-4169220582-358240279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3078889156-4169220582-358240279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3078889156-4169220582-358240279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3078889156-4169220582-358240279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E B1 CF 85 93 16 CD 01 [binary data]
IE - HKU\S-1-5-21-3078889156-4169220582-358240279-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3078889156-4169220582-358240279-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3078889156-4169220582-358240279-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/04/09 18:15:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/29 19:23:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/31 20:26:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/04/09 17:06:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{CDAFC262-D814-11E1-8270-B8AC6F996F26}: C:\Users\Michael\AppData\Local\{CDAFC262-D814-11E1-8270-B8AC6F996F26}\ [2012/07/27 14:00:55 | 000,000,000 | ---D | M]

[2012/04/09 17:01:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2012/08/01 20:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\f9txzyle.default\extensions
[2012/07/24 11:25:11 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\f9txzyle.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012/04/10 22:56:42 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\f9txzyle.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/04/09 17:17:36 | 000,000,000 | ---D | M] (Adobe BrowserLab for Firebug) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\f9txzyle.default\extensions\browserlab@adobe.com
[2012/04/09 17:17:36 | 000,000,000 | ---D | M] (Wappalyzer) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\f9txzyle.default\extensions\wappalyzer@crunchlabz.com
[2012/07/25 16:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\OLDr4msg2h2.defaultOLD\extensions
[2012/07/31 20:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/01 20:35:05 | 001,621,534 | ---- | M] () (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F9TXZYLE.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012/03/08 03:22:25 | 000,007,927 | ---- | M] () (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F9TXZYLE.DEFAULT\EXTENSIONS\PAGERANK-CLIENT@KOENIGLICH.CH.XPI
[2012/07/31 20:26:30 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/31 20:26:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/31 20:26:29 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Michael\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/01 23:10:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\MAFWDITray.exe (Avid Technology, Inc.)
O4 - HKU\S-1-5-21-3078889156-4169220582-358240279-1001..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-3078889156-4169220582-358240279-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3078889156-4169220582-358240279-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3078889156-4169220582-358240279-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3078889156-4169220582-358240279-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8CBD43F-3C42-4906-8D83-EDD2B30405FC}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/02 01:00:46 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2012/08/01 23:10:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/01 23:05:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/01 21:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLO 3D 2011
[2012/08/01 21:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\CLO 3D 2011
[2012/08/01 13:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixologic
[2012/08/01 13:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pixologic
[2012/07/31 20:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/30 23:11:01 | 000,244,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsFlxGrd.ocx
[2012/07/30 23:11:01 | 000,126,976 | ---- | C] (Oceanview Software Limited) -- C:\Windows\SysWow64\ovsBooleanControls.ocx
[2012/07/30 23:11:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TEW2010
[2012/07/30 23:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TEW2010
[2012/07/30 23:10:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GDS
[2012/07/30 17:12:11 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/30 17:12:11 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/30 09:45:49 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/07/30 04:32:24 | 000,145,256 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\LnkProtect.dll
[2012/07/30 04:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/07/30 04:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/30 04:02:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/30 03:50:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/30 03:50:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/30 03:50:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/30 03:41:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/07/30 03:35:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/30 03:35:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/30 03:27:47 | 004,722,680 | R--- | C] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2012/07/30 03:17:42 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\RK_Quarantine
[2012/07/29 22:13:28 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2012/07/29 22:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/29 22:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/29 22:13:21 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/29 22:13:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/29 20:37:21 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/27 14:00:55 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{CDAFFD74-D814-11E1-8270-B8AC6F996F26}
[2012/07/27 14:00:55 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{CDAFC262-D814-11E1-8270-B8AC6F996F26}
[2012/07/27 13:59:39 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\xsecva
[2012/07/27 01:17:03 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/07/26 02:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\OptiTex
[2012/07/26 00:32:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/26 00:30:40 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Google
[2012/07/25 10:51:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\My Cheat Tables
[2012/07/25 10:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
[2012/07/25 10:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2
[2012/07/25 10:14:31 | 000,000,000 | ---D | C] -- C:\Editing Tools
[2012/07/25 10:14:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\REDitor II
[2012/07/25 01:57:57 | 000,000,000 | ---D | C] -- C:\Roaming
[2012/07/24 22:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ Productions
[2012/07/24 22:21:10 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2012/07/24 16:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAZ 3D
[2012/07/24 12:46:42 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/07/24 12:46:42 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/07/24 12:46:42 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/07/24 12:46:42 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/07/24 12:46:42 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/07/24 12:46:42 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/07/24 12:46:42 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/07/24 12:46:42 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/07/24 12:46:42 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/07/24 12:46:42 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/07/24 12:46:42 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/07/24 12:41:15 | 168,454,136 | ---- | C] (NVIDIA Corporation) -- C:\Users\Michael\Documents\301.42-desktop-win7-winvista-64bit-english-whql.exe
[2012/07/24 02:49:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DAZ
[2012/07/24 02:46:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
[2012/07/24 02:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D
[2012/07/24 02:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\DAZ 3D
[2012/07/24 02:46:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\DAZ 3D
[2012/07/24 02:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\DAZ 3D
[2012/07/24 02:45:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DAZ 3D
[2012/07/24 02:03:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Macromedia
[2012/07/24 01:52:22 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/07/24 01:52:22 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/07/24 01:52:22 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/07/24 01:52:15 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/07/24 01:52:15 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/07/24 01:52:15 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/07/24 01:52:05 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/07/24 01:52:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/07/24 01:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2012/07/24 01:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless
[2012/07/24 01:35:58 | 000,438,784 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\netr6164.sys
[2012/07/24 01:35:58 | 000,303,616 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2012/07/24 01:35:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Driver
[2012/07/24 01:35:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012/07/24 01:35:51 | 002,056,192 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RaCertMgr.dll
[2012/07/24 01:35:51 | 001,597,440 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RaCertMgr.dll
[2012/07/24 01:35:51 | 001,050,624 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAIHV.dll
[2012/07/24 01:35:51 | 001,050,624 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAIHV.dll
[2012/07/24 01:35:51 | 000,104,448 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAEXTUI.dll
[2012/07/24 01:35:51 | 000,104,448 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAEXTUI.dll
[2012/07/24 01:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ralink
[2012/07/24 01:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2012/07/24 00:47:54 | 000,356,096 | R--- | C] (Ralink Technology Inc.) -- C:\Windows\SysWow64\rt61.sys
[2012/07/24 00:39:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\BACS.exe
[2012/07/24 00:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadcom
[2012/07/24 00:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2012/07/24 00:38:32 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012/07/24 00:13:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Linksys Wireless-G PCI Wireless Network Monitor
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/02 01:00:47 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2012/08/02 00:40:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3078889156-4169220582-358240279-1000UA.job
[2012/08/02 00:40:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3078889156-4169220582-358240279-1000Core.job
[2012/08/02 00:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/01 23:18:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 23:18:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 23:14:47 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/01 23:14:47 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/01 23:14:47 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/01 23:10:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/01 23:10:05 | 000,000,889 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2012/08/01 23:09:47 | 000,000,204 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/08/01 23:09:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/01 23:09:15 | 2078,806,015 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/01 23:04:52 | 004,722,680 | R--- | M] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2012/08/01 21:20:17 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\CLO3D.lnk
[2012/08/01 20:24:00 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2012/08/01 19:57:26 | 102,750,583 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/01 19:56:17 | 000,000,175 | ---- | M] () -- C:\Users\Public\Desktop\Get 3D Models.url
[2012/08/01 13:55:09 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\ZBrush 4R2.lnk
[2012/08/01 11:52:22 | 000,281,754 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/31 22:10:02 | 010,349,052 | ---- | M] () -- C:\Users\Michael\Documents\m4-model.obj
[2012/07/31 22:10:02 | 000,007,855 | ---- | M] () -- C:\Users\Michael\Documents\m4-model.mtl
[2012/07/30 23:11:05 | 000,126,976 | ---- | M] () -- C:\Windows\lcmmfu.cpl
[2012/07/30 23:11:04 | 000,048,640 | ---- | M] () -- C:\Windows\mmfs.dll
[2012/07/30 23:11:04 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
[2012/07/30 17:43:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/30 17:43:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/30 16:15:18 | 423,171,248 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/30 09:45:49 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/07/30 04:32:24 | 000,145,256 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\LnkProtect.dll
[2012/07/30 03:41:37 | 004,009,167 | ---- | M] () -- C:\Users\Michael\Desktop\ServicesRepair.exe
[2012/07/30 03:40:14 | 002,030,547 | ---- | M] () -- C:\Users\Michael\Desktop\EZ_Sirefix.exe
[2012/07/27 13:44:07 | 000,001,872 | ---- | M] () -- C:\Users\Michael\Desktop\DAZ Studio 4 (64bit).lnk
[2012/07/27 13:44:07 | 000,000,180 | ---- | M] () -- C:\Users\Michael\Desktop\Get 3D Models.url
[2012/07/26 15:17:18 | 000,647,168 | ---- | M] () -- C:\Windows\AutoKMS.exe
[2012/07/26 15:17:18 | 000,000,184 | ---- | M] () -- C:\Windows\AutoKMS.ini
[2012/07/26 00:32:28 | 000,002,284 | ---- | M] () -- C:\Users\Michael\Desktop\Google Chrome.lnk
[2012/07/26 00:32:01 | 000,002,051 | ---- | M] () -- C:\Users\Public\Desktop\DAZ Studio 3.lnk
[2012/07/25 20:45:47 | 002,783,621 | ---- | M] () -- C:\Users\Michael\Documents\dev1.daz
[2012/07/25 20:45:47 | 000,004,859 | ---- | M] () -- C:\Users\Michael\Documents\dev1.daz.png
[2012/07/25 20:16:44 | 000,051,534 | ---- | M] () -- C:\Users\Michael\Desktop\Cowboy_James_Storm_0001.jpg
[2012/07/25 20:16:30 | 000,445,225 | ---- | M] () -- C:\Users\Michael\Desktop\77bab28d4d99647920526b9e548f.jpg
[2012/07/25 20:15:53 | 000,462,657 | ---- | M] () -- C:\Users\Michael\Desktop\ll.jpg
[2012/07/25 20:15:44 | 000,348,502 | ---- | M] () -- C:\Users\Michael\Desktop\058.JPG
[2012/07/25 20:15:37 | 000,474,115 | ---- | M] () -- C:\Users\Michael\Desktop\175 - James Storm.jpg
[2012/07/25 18:29:28 | 000,006,566 | ---- | M] () -- C:\Users\Michael\Desktop\mdevav.jpg
[2012/07/25 18:29:28 | 000,001,456 | ---- | M] () -- C:\Users\Michael\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/07/25 14:18:16 | 017,525,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/25 11:13:50 | 000,001,281 | ---- | M] () -- C:\Users\Michael\Documents\nba2k12.CT
[2012/07/25 10:51:56 | 000,001,085 | ---- | M] () -- C:\Users\Michael\Desktop\Cheat Engine.lnk
[2012/07/25 10:14:32 | 000,000,791 | ---- | M] () -- C:\Users\Michael\Desktop\REDitor II.lnk
[2012/07/25 03:34:42 | 000,002,510 | ---- | M] () -- C:\Users\Public\Desktop\Update Michael 4 Genitalia.lnk
[2012/07/25 03:30:09 | 000,002,490 | ---- | M] () -- C:\Users\Public\Desktop\Update Michael 4 Base.lnk
[2012/07/24 16:39:08 | 000,002,017 | ---- | M] () -- C:\Users\Michael\Desktop\Hexagon 2.lnk
[2012/07/24 12:45:16 | 168,454,136 | ---- | M] (NVIDIA Corporation) -- C:\Users\Michael\Documents\301.42-desktop-win7-winvista-64bit-english-whql.exe
[2012/07/24 04:02:03 | 000,002,651 | ---- | M] () -- C:\Users\Public\Desktop\Professional Football Simulator.lnk
[2012/07/24 01:55:01 | 000,625,911 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/07/24 01:36:00 | 000,001,986 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/01 21:20:17 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\CLO3D.lnk
[2012/08/01 13:55:09 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\ZBrush 4R2.lnk
[2012/07/31 22:10:02 | 000,007,855 | ---- | C] () -- C:\Users\Michael\Documents\m4-model.mtl
[2012/07/31 22:09:47 | 010,349,052 | ---- | C] () -- C:\Users\Michael\Documents\m4-model.obj
[2012/07/30 23:11:05 | 000,126,976 | ---- | C] () -- C:\Windows\lcmmfu.cpl
[2012/07/30 23:11:04 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2012/07/30 23:11:04 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2012/07/30 23:11:04 | 000,000,889 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2012/07/30 17:12:12 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/30 03:50:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/30 03:50:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/30 03:50:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/30 03:50:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/30 03:50:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/30 03:41:32 | 004,009,167 | ---- | C] () -- C:\Users\Michael\Desktop\ServicesRepair.exe
[2012/07/30 03:40:12 | 002,030,547 | ---- | C] () -- C:\Users\Michael\Desktop\EZ_Sirefix.exe
[2012/07/27 13:44:07 | 000,001,872 | ---- | C] () -- C:\Users\Michael\Desktop\DAZ Studio 4 (64bit).lnk
[2012/07/27 13:44:07 | 000,000,180 | ---- | C] () -- C:\Users\Michael\Desktop\Get 3D Models.url
[2012/07/27 01:16:48 | 423,171,248 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/26 15:17:19 | 000,000,204 | ---- | C] () -- C:\Windows\tasks\AutoKMS.job
[2012/07/26 15:17:18 | 000,647,168 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2012/07/26 15:17:18 | 000,000,202 | ---- | C] () -- C:\Windows\tasks\AutoKMSDaily.job
[2012/07/26 15:17:18 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012/07/26 00:32:28 | 000,002,284 | ---- | C] () -- C:\Users\Michael\Desktop\Google Chrome.lnk
[2012/07/26 00:32:01 | 000,002,051 | ---- | C] () -- C:\Users\Public\Desktop\DAZ Studio 3.lnk
[2012/07/26 00:30:41 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3078889156-4169220582-358240279-1000UA.job
[2012/07/26 00:30:40 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3078889156-4169220582-358240279-1000Core.job
[2012/07/25 20:45:47 | 000,004,859 | ---- | C] () -- C:\Users\Michael\Documents\dev1.daz.png
[2012/07/25 20:45:41 | 002,783,621 | ---- | C] () -- C:\Users\Michael\Documents\dev1.daz
[2012/07/25 20:16:44 | 000,051,534 | ---- | C] () -- C:\Users\Michael\Desktop\Cowboy_James_Storm_0001.jpg
[2012/07/25 20:16:30 | 000,445,225 | ---- | C] () -- C:\Users\Michael\Desktop\77bab28d4d99647920526b9e548f.jpg
[2012/07/25 20:15:52 | 000,462,657 | ---- | C] () -- C:\Users\Michael\Desktop\ll.jpg
[2012/07/25 20:15:44 | 000,348,502 | ---- | C] () -- C:\Users\Michael\Desktop\058.JPG
[2012/07/25 20:15:37 | 000,474,115 | ---- | C] () -- C:\Users\Michael\Desktop\175 - James Storm.jpg
[2012/07/25 18:29:28 | 000,006,566 | ---- | C] () -- C:\Users\Michael\Desktop\mdevav.jpg
[2012/07/25 11:05:35 | 000,001,281 | ---- | C] () -- C:\Users\Michael\Documents\nba2k12.CT
[2012/07/25 10:51:56 | 000,001,085 | ---- | C] () -- C:\Users\Michael\Desktop\Cheat Engine.lnk
[2012/07/25 10:14:32 | 000,000,791 | ---- | C] () -- C:\Users\Michael\Desktop\REDitor II.lnk
[2012/07/25 09:20:04 | 000,000,175 | ---- | C] () -- C:\Users\Public\Desktop\Get 3D Models.url
[2012/07/25 03:34:42 | 000,002,510 | ---- | C] () -- C:\Users\Public\Desktop\Update Michael 4 Genitalia.lnk
[2012/07/25 03:30:09 | 000,002,490 | ---- | C] () -- C:\Users\Public\Desktop\Update Michael 4 Base.lnk
[2012/07/24 16:39:08 | 000,002,017 | ---- | C] () -- C:\Users\Michael\Desktop\Hexagon 2.lnk
[2012/07/24 01:36:00 | 000,001,986 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
[2012/07/24 00:47:54 | 000,017,479 | R--- | C] () -- C:\Windows\SysWow64\Rt61.INF
[2012/07/24 00:47:54 | 000,007,870 | R--- | C] () -- C:\Windows\SysWow64\rt61.cat
[2012/05/29 09:10:25 | 000,000,017 | ---- | C] () -- C:\Users\Michael\AppData\Local\resmon.resmoncfg
[2012/04/16 03:16:47 | 000,000,600 | ---- | C] () -- C:\Users\Michael\AppData\Local\PUTTY.RND
[2012/04/12 17:17:03 | 000,001,456 | ---- | C] () -- C:\Users\Michael\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/04/09 16:54:18 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/04/09 16:54:18 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/04/09 16:54:18 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/04/09 16:54:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/04/09 16:54:18 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

< End of report >









OTL Extras logfile created on: 8/2/2012 1:01:23 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Michael\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 5.90 Gb Available Physical Memory | 74.60% Memory free
15.83 Gb Paging File | 13.80 Gb Available in Paging File | 87.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.65 Gb Total Space | 141.30 Gb Free Space | 30.34% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 0.52 Gb Free Space | 0.17% Space Free | Partition Type: NTFS
Drive E: | 164.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: - | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3078889156-4169220582-358240279-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416032FF}" = Java™ 6 Update 32 (64-bit)
"{32ED2629-C9B1-4C29-A32A-F3E04A5EE303}" = M-Audio USB MIDI Series Driver 5.0.1 (x64)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{55CD533D-97C2-4AEF-80B0-2341640CD246}" = Broadcom Management Programs
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92C28D3B-DEF3-4BFF-ADDB-DA12025B40E3}" = M-Audio ProFire Driver 6.0.9 (x64)
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60
"HitmanPro36" = HitmanPro 3.6
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Recuva" = Recuva
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03594E81-55C6-4036-BB32-6FB27BC7A497}_is1" = Sid Meier's Civilization V - Game of the Year Edition
"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B6BE33-525B-4EF9-9628-E1BA58093A4C}" = ZBrush 4R2
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java™ 7 Update 3
"{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.6.0.1691
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0005
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{606A0AC5-5F90-4379-81AE-11B44707E094}" = Adobe After Effects CS5.5 Third Party Content
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B862139C-29D8-4082-A815-0219F6B220A4}" = Professional Football Simulator
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DFAA3C20-5968-46A3-B7B0-0AF72D758A59}" = HTC Sync
"{E0A160F1-127B-43AC-AF96-EBB6319B01C7}" = Google SketchUp Pro 8
"{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1" = CBR Reader
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink RT6x Wireless LAN Card
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"3D Bridge DS4 (64bit) 1.0.11.9" = 3D Bridge DS4 (64bit)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aniMate 2 DS3 2.0.0.7" = aniMate 2 DS3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"CLO 3D 2011" = CLO 3D 2011
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAZ Content Management Service 4.8.1.7" = DAZ Content Management Service
"DAZ Studio 3 3.1.2.24" = DAZ Studio 3
"DAZ Studio 4 (64bit) 4.5.0.90" = DAZ Studio 4 (64bit)
"Draft Day Sports: Pro Basketball 2" = Draft Day Sports: Pro Basketball 2
"DS4 Default Content 4.1.0.17" = DS4 Default Content
"Dynamic Clothing Control DS4 (64bit) 1.0.11.9" = Dynamic Clothing Control DS4 (64bit)
"GankedLifeViewer" = GankedLifeViewer (remove only)
"GoZ DS4 (64bit) 1.0.3.9" = GoZ DS4 (64bit)
"Hexagon 2 2.5.1.79" = Hexagon 2
"InstallShield_{20B6BE33-525B-4EF9-9628-E1BA58093A4C}" = ZBrush 4R2
"Kaos Extreme Utilities" = Kaos Extreme Utilities
"Live 8.2.8" = Live 8.2.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"Mozilla Thunderbird 12.0.1 (x86 en-US)" = Mozilla Thunderbird 12.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Service Center" = Native Instruments Service Center
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Out of the Park Baseball13" = Out of the Park Baseball 13
"PhoenixViewer" = PhoenixViewer (remove only)
"PS3 Media Server" = PS3 Media Server
"TEW2010" = TEW2010
"The Walking Dead © 3_is1" = The Walking Dead © 3 version 1
"Trillian" = Trillian
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"V-Ray for SketchUp 1.49.01" = V-Ray for SketchUp
"WampServer 2_is1" = WampServer 2.2
"World of Warcraft" = World of Warcraft
"XFastUsb" = XFastUsb

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3078889156-4169220582-358240279-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2012 2:31:46 PM | Computer Name = - | Source = Application Error | ID = 1000
Description = Faulting application name: DAZStudio.exe, version: 4.5.0.90, time
stamp: 0x50065e0c Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5be02b Exception code: 0xc0000005 Fault offset: 0x000000000004d174 Faulting
process id: 0x1488 Faulting application start time: 0x01cd6c248e092f26 Faulting application
path: C:\Program Files\DAZ 3D\DAZStudio4\DAZStudio.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 512ab077-d819-11e1-9ac6-002522ffef1a

Error - 7/29/2012 10:05:53 PM | Computer Name = - | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 11.0.0.4454 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 664 Start
Time: 01cd6df79b4c4d1f Termination Time: 0 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 15720a95-d9eb-11e1-bfe9-002522ffef1a

Error - 7/30/2012 2:58:24 AM | Computer Name = - | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 11.0.0.4454 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e34 Start
Time: 01cd6e1f37658783 Termination Time: 7 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: f2ff3ea9-da13-11e1-b7f0-002522ffef1a

Error - 7/30/2012 3:50:03 AM | Computer Name = - | Source = VSS | ID = 18
Description =

Error - 7/30/2012 3:50:03 AM | Computer Name = - | Source = VSS | ID = 8193
Description =

Error - 7/30/2012 3:50:03 AM | Computer Name = - | Source = System Restore | ID = 8193
Description =

Error - 7/30/2012 4:10:52 AM | Computer Name = - | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 11.0.0.4454 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 5bc Start
Time: 01cd6e2a732eb195 Termination Time: 5 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 12b09366-da1e-11e1-a957-002522ffef1a

Error - 7/30/2012 4:11:21 AM | Computer Name = - | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 11.0.0.4454 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 180 Start
Time: 01cd6e2ad76e1b4e Termination Time: 0 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 241da440-da1e-11e1-a957-002522ffef1a

Error - 7/30/2012 5:15:38 PM | Computer Name = - | Source = MsiInstaller | ID = 11722
Description =

Error - 7/31/2012 10:02:03 PM | Computer Name = - | Source = Application Error | ID = 1000
Description = Faulting application name: Hexagon.exe, version: 2.5.1.79, time stamp:
0x4e4b1eb9 Faulting module name: nvoglv32.DLL, version: 8.17.13.142, time stamp:
0x4fb203ef Exception code: 0xc0000005 Fault offset: 0x00195c8c Faulting process id:
0x1410 Faulting application start time: 0x01cd6f89a0170de3 Faulting application path:
C:\Program Files (x86)\DAZ 3D\Hexagon2\Hexagon.exe Faulting module path: C:\Windows\system32\nvoglv32.DLL
Report
Id: e2924031-db7c-11e1-8414-002522ffef1a

Error - 7/31/2012 10:28:31 PM | Computer Name = - | Source = Application Hang | ID = 1002
Description = The program DAZStudio.exe version 4.5.0.90 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 12a4 Start
Time: 01cd6f8a7d5fa0d0 Termination Time: 0 Application Path: C:\Program Files\DAZ
3D\DAZStudio4\DAZStudio.exe Report Id: 92ac9159-db80-11e1-8414-002522ffef1a

[ System Events ]
Error - 7/30/2012 4:00:06 AM | Computer Name = - | Source = DCOM | ID = 10005
Description =

Error - 7/30/2012 4:15:24 PM | Computer Name = - | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:13:53 PM on ?7/?30/?2012 was unexpected.

Error - 7/30/2012 4:15:29 PM | Computer Name = - | Source = BugCheck | ID = 1001
Description =

Error - 8/1/2012 7:04:47 PM | Computer Name = - | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 8/1/2012 11:05:28 PM | Computer Name = - | Source = Service Control Manager | ID = 7034
Description = The LicCtrl Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/1/2012 11:07:14 PM | Computer Name = - | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/1/2012 11:08:07 PM | Computer Name = - | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 8/1/2012 11:08:07 PM | Computer Name = - | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 8/1/2012 11:08:24 PM | Computer Name = - | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/1/2012 11:10:12 PM | Computer Name = - | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126


< End of report >

#9 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:12 AM

Posted 02 August 2012 - 12:39 PM

My system is faster but now I am getting random screen flickers along with a USB connect/disconnect sound every few minutes. I am not using anything USB...

Glad to hear things are faster.

Regarding thie USB issue, I see you're using XFastUSB- Try reinstalling that, and let me know if it still happens. This should be the download link.


------------------------------
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    O4 - HKU\S-1-5-21-3078889156-4169220582-358240279-1001..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
    O4 - HKU\S-1-5-21-3078889156-4169220582-358240279-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    [2012/07/27 14:00:55 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{CDAFFD74-D814-11E1-8270-B8AC6F996F26}
    [2012/07/27 14:00:55 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{CDAFC262-D814-11E1-8270-B8AC6F996F26}
    
    :Files
    C:\Users\Michael\AppData\Local\{CDAFC262-D814-11E1-8270-B8AC6F996F26}
    C:\Users\Michael\AppData\Local\{CDAFFD74-D814-11E1-8270-B8AC6F996F26}
    C:\Windows\Installer\{CDAFC262-D814-11E1-8270-B8AC6F996F26}
    C:\Windows\Installer\{CDAFFD74-D814-11E1-8270-B8AC6F996F26}
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


#10 metalmikey

metalmikey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 02 August 2012 - 01:01 PM

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3078889156-4169220582-358240279-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3078889156-4169220582-358240279-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
C:\Users\Michael\AppData\Local\{CDAFFD74-D814-11E1-8270-B8AC6F996F26} folder moved successfully.
C:\Users\Michael\AppData\Local\{CDAFC262-D814-11E1-8270-B8AC6F996F26}\chrome\content folder moved successfully.
C:\Users\Michael\AppData\Local\{CDAFC262-D814-11E1-8270-B8AC6F996F26}\chrome folder moved successfully.
C:\Users\Michael\AppData\Local\{CDAFC262-D814-11E1-8270-B8AC6F996F26} folder moved successfully.
========== FILES ==========
File\Folder C:\Users\Michael\AppData\Local\{CDAFC262-D814-11E1-8270-B8AC6F996F26} not found.
File\Folder C:\Users\Michael\AppData\Local\{CDAFFD74-D814-11E1-8270-B8AC6F996F26} not found.
File\Folder C:\Windows\Installer\{CDAFC262-D814-11E1-8270-B8AC6F996F26} not found.
File\Folder C:\Windows\Installer\{CDAFFD74-D814-11E1-8270-B8AC6F996F26} not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Michael
->Temp folder emptied: 1942 bytes
->Temporary Internet Files folder emptied: 11104529 bytes
->Java cache emptied: 21356 bytes
->FireFox cache emptied: 190978729 bytes
->Google Chrome cache emptied: 16334017 bytes
->Flash cache emptied: 15682 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 311486 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 209.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Michael
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Michael
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 08022012_135704

Files\Folders moved on Reboot...
C:\Users\Michael\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\master41241 moved successfully.

PendingFileRenameOperations files...
File C:\Users\Michael\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Windows\temp\master41241 not found!

Registry entries deleted on Reboot...

#11 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:12 AM

Posted 02 August 2012 - 02:15 PM

Looking good. Let's run an online scan to verify we haven't missed anything:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


#12 metalmikey

metalmikey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 02 August 2012 - 05:51 PM

This is all I got from the scan. Log file was only the 4 lines below.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251

C:\Program Files (x86)\2K Sports\NBA 2K12\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\AB81.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\AB82.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Michael\AppData\Roaming\whthl.dll.vir a variant of Win32/Medfos.BL trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{a6601322-3023-1e9e-e091-e31d5f8aea0d}\U\000000cb.@.vir Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{a6601322-3023-1e9e-e091-e31d5f8aea0d}\U\80000000.@.vir Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{a6601322-3023-1e9e-e091-e31d5f8aea0d}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Users\Michael\Downloads\NBA.2K12.Update.v1.01-RELOADED\Crack\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan cleaned by deleting - quarantined
C:\Users\Public\Desktop\CC Support\Samples\Services.exe.vir Win64/Patched.B.Gen trojan deleted - quarantined
C:\_OTL\MovedFiles\08022012_135704\C_Users\Michael\AppData\Local\{CDAFC262-D814-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
D:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OW2ZGXT0\cnet_PandoraRecovery2_1_1Setup_exe[1].exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
D:\Users\Mike\AppData\Local\Temp\ICReinstall\cnet_PandoraRecovery2_1_1Setup_exe[1].exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

#13 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:12 AM

Posted 02 August 2012 - 06:05 PM

Looks like that's the last of it. Your logs appear to be clean. :thumbup2:

Before we move on, please take the time to install the following updates. Using outdated applications leaves you vulnerable to getting infected again.

----------Step 1----------------
Please consider updating to Windows 7 Service Pack 1 (SP1).
SP1 contains many crucial updates, plus support for new types of hardware and emerging hardware standards.
It is now available via Windows Update or as a standalone installation here.


----------Step 2----------------
Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to Start > Control Panel and open Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).
They will have this icon next to them: Posted Image
Select each in turn and click Remove.

Once old versions are gone, please install the newest version.


----------Step 3----------------
You're using an outdated version of Thunderbird. The latest can be downloaded from here: http://www.mozilla.org/en-US/thunderbird/


----------Step 4----------------
Please let me know how the updates went, as failed updates may indicate additional malware.

Edited by D-FRED-BROWN, 02 August 2012 - 06:05 PM.


#14 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:12 AM

Posted 05 August 2012 - 03:42 PM

(bump)

Are you still with me? If your problems still persist, let me know and we'll go about fixing them. :wink:
If not, please let me know so I can close this topic.

-DFB

#15 metalmikey

metalmikey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 05 August 2012 - 10:58 PM

I'm going to install a ton of updates tomorrow.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users