Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Whitesmoke redirect.


  • This topic is locked This topic is locked
33 replies to this topic

#1 Ryan McHugh

Ryan McHugh

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 08 August 2012 - 04:19 PM

When I'm surfing the web, I occasionally get redirects to various ad sites. I'm pretty sure this is caused by some leftover malware, after having TDSS on my computer. Attached below is the Attach.txt, and DDS.txt is posted below.

Thanks in advance for any help you can provide.

--Begin DDS--
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by NZXT at 17:17:53 on 2012-08-08
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4092.1731 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIFFA.EXE
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
C:\Users\NZXT\AppData\Local\Apps\2.0\XBZH1B91.ZJM\KYAWZMYV.M4M\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384d1fffca2c\CurseClient.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Rosewill 11n USB Wireless LAN Utility\RtlService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Rosewill 11n USB Wireless LAN Utility\RtWlan.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\ProgramData\TVersity\Media Server\web\admin\TVersity.exe
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\ProgramData\TVersity\Media Server\berkelium.exe
C:\ProgramData\TVersity\Media Server\berkelium.exe
C:\ProgramData\TVersity\Media Server\berkelium.exe
C:\ProgramData\TVersity\Media Server\berkelium.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
c:\program files (x86)\teamviewer\version7\TeamViewer_Desktop.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDockTray.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\sppsvc.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uURLSearchHooks: H - No File
BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.6.2\PriceGongIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [EPSON Artisan 50 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFFA.EXE /FU "C:\Windows\TEMP\E_SDCBC.tmp" /EF "HKCU"
uRun: [Google Update] "C:\Users\NZXT\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
mRun: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\NZXT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\NZXT\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download with Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 216.165.129.158
TCP: Interfaces\{6BE1B3AA-F87F-49C6-ADA9-3982BDFDE978} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{C4977A99-2158-4CDC-A2DC-7374ABF67E8C} : DhcpNameServer = 192.168.0.1 216.165.129.158
TCP: Interfaces\{C4977A99-2158-4CDC-A2DC-7374ABF67E8C}\3556879702349726F62776 : DhcpNameServer = 192.168.0.1 216.165.129.158 192.168.1.1
TCP: Interfaces\{C4977A99-2158-4CDC-A2DC-7374ABF67E8C}\64F68764963363 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{C4977A99-2158-4CDC-A2DC-7374ABF67E8C}\94D60756279616C6024416471602E4564777F627B6 : DhcpNameServer = 192.168.0.1 38.8.82.2 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
BHO-X64: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.2\PriceGongIE.dll
BHO-X64: PriceGong - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun-x64: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\NZXT\AppData\Roaming\Mozilla\Firefox\Profiles\xvrzsxsa.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\hanbitsoft\nphlauncher.dll
FF - plugin: C:\Users\NZXT\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\NZXT\AppData\LocalLow\StoneTrip\Web Player\npShiVa3D.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AsrAppCharger;AsrAppCharger;C:\Windows\system32\DRIVERS\AsrAppCharger.sys --> C:\Windows\system32\DRIVERS\AsrAppCharger.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 FNETURPX;FNETURPX;C:\Windows\system32\drivers\FNETURPX.SYS --> C:\Windows\system32\drivers\FNETURPX.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-11 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-11 44808]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-6-5 87400]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-7-17 116632]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-6-18 65657]
R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Rosewill 11n USB Wireless LAN Utility\RtlService.exe [2011-9-6 36864]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-26 2673064]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8192su;Rosewill Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-8 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-28 250056]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\system32\drivers\FNETTBOH_305.SYS --> C:\Windows\system32\drivers\FNETTBOH_305.SYS [?]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-28 113120]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
VBEFile=C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
VBSFile=C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.
=============== Created Last 30 ================
.
2012-08-08 20:54:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-08 20:54:43 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-08 15:36:04 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-08-07 07:03:09 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-08-07 07:03:08 -------- d-----w- C:\Program Files (x86)\ffdshow
2012-08-07 07:00:16 -------- d-----w- C:\Program Files (x86)\TVersity Codec Pack
2012-08-07 07:00:11 -------- d-----w- C:\ProgramData\TVersity
2012-08-02 17:17:17 -------- d-----w- C:\Users\NZXT\AppData\Roaming\YourFileDownloader
2012-08-02 17:14:54 -------- d-----w- C:\Program Files (x86)\YourFileDownloader
2012-08-01 19:52:06 -------- d-----w- C:\ProgramData\Curse Client
2012-08-01 01:45:51 -------- d-----w- C:\Program Files (x86)\Motorola Media Link
2012-07-30 22:31:03 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs
2012-07-29 22:57:10 -------- d-----w- C:\Users\NZXT\AppData\Local\SplitMediaLabs
2012-07-29 22:56:50 -------- d-----w- C:\ProgramData\SplitMediaLabs
2012-07-29 22:56:25 -------- d-----w- C:\Users\NZXT\AppData\Roaming\SplitMediaLabs
2012-07-26 22:55:22 -------- d-----w- C:\Users\NZXT\AppData\Roaming\TeamViewer
2012-07-26 22:50:22 -------- d-----w- C:\Users\NZXT\temp
2012-07-26 22:50:19 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-07-25 16:31:32 -------- d-----w- C:\Program Files (x86)\PriceGong
2012-07-19 02:26:20 -------- d-----w- C:\Program Files\Motorola Inc
2012-07-17 21:37:53 -------- d-----w- C:\Program Files (x86)\World of Warcraft Beta
2012-07-15 15:58:40 -------- d-----w- C:\Users\NZXT\AppData\Local\CRE
2012-07-15 15:58:26 -------- d-----w- C:\Program Files (x86)\Conduit
2012-07-15 15:58:25 -------- d-----w- C:\Users\NZXT\AppData\Local\Conduit
2012-07-12 22:32:26 -------- d-----w- C:\Users\NZXT\AppData\Local\Funcom
2012-07-12 22:32:16 -------- d-----w- C:\ProgramData\media center programs
2012-07-12 22:32:12 -------- d-----w- C:\Program Files (x86)\Funcom
2012-07-12 01:18:01 -------- d-----w- C:\$RECYCLE.BIN
2012-07-12 00:23:49 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-11 22:44:36 98816 ----a-w- C:\Windows\sed.exe
2012-07-11 22:44:36 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-11 22:44:36 256000 ----a-w- C:\Windows\PEV.exe
2012-07-11 22:44:36 208896 ----a-w- C:\Windows\MBR.exe
2012-07-11 22:37:26 -------- d-----w- C:\_OTL
2012-07-11 15:51:53 -------- d-----w- C:\Users\NZXT\AppData\Roaming\Malwarebytes
2012-07-11 15:51:49 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-11 15:51:49 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-11 15:51:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-10 19:16:21 -------- d-----w- C:\Program Files\XXCLONE
2012-07-10 19:06:30 -------- d-----w- C:\Program Files\AMD
2012-07-10 19:06:28 -------- d-----w- C:\Program Files (x86)\AMD APP
11747-11-13 19:58:10 -------- d-----w- C:\Windows\xxclone.arc
.
==================== Find3M ====================
.
2012-08-06 03:33:21 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-06 03:33:21 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-01 01:45:42 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2012-07-03 16:21:52 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-03 16:21:52 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-03 16:21:52 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr
2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll
2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll
2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-06-11 17:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-06-11 17:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-06-11 17:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-06-11 17:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-06-11 17:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-06-11 17:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll
2012-06-11 17:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll
2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe
2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll
2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll
2012-06-11 16:34:44 77312 ----a-w- C:\Windows\System32\amdave64.dll
2012-06-11 16:34:38 77312 ----a-w- C:\Windows\SysWow64\amdave32.dll
2012-06-11 16:34:28 74240 ----a-w- C:\Windows\System32\atisamu64.dll
2012-06-11 16:34:22 71168 ----a-w- C:\Windows\atisamu32.dll
2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
.
============= FINISH: 17:18:18.13 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 PM

Posted 13 August 2012 - 04:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464420 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Ryan McHugh

Ryan McHugh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 16 August 2012 - 12:44 AM

New logs attached, as requested.
OS: Win7 Ultimate x64 (so no GMER)

If you need anything else, please just ask.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by NZXT at 1:40:52 on 2012-08-16
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4092.2347 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Rosewill 11n USB Wireless LAN Utility\RtlService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Rosewill 11n USB Wireless LAN Utility\RtWlan.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
C:\Users\NZXT\AppData\Local\Apps\2.0\XBZH1B91.ZJM\KYAWZMYV.M4M\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384d1fffca2c\CurseClient.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDockTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\program files (x86)\teamviewer\version7\TeamViewer_Desktop.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uURLSearchHooks: H - No File
BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.6.2\PriceGongIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [EPSON Artisan 50 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFFA.EXE /FU "C:\Windows\TEMP\E_SDCBC.tmp" /EF "HKCU"
uRun: [Google Update] "C:\Users\NZXT\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
mRun: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\NZXT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\NZXT\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download with Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 216.165.129.158
TCP: Interfaces\{6BE1B3AA-F87F-49C6-ADA9-3982BDFDE978} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{C4977A99-2158-4CDC-A2DC-7374ABF67E8C} : DhcpNameServer = 192.168.0.1 216.165.129.158
TCP: Interfaces\{C4977A99-2158-4CDC-A2DC-7374ABF67E8C}\3556879702349726F62776 : DhcpNameServer = 192.168.0.1 216.165.129.158 192.168.1.1
TCP: Interfaces\{C4977A99-2158-4CDC-A2DC-7374ABF67E8C}\64F68764963363 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{C4977A99-2158-4CDC-A2DC-7374ABF67E8C}\94D60756279616C6024416471602E4564777F627B6 : DhcpNameServer = 192.168.0.1 38.8.82.2 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
BHO-X64: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.2\PriceGongIE.dll
BHO-X64: PriceGong - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun-x64: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\NZXT\AppData\Roaming\Mozilla\Firefox\Profiles\xvrzsxsa.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\hanbitsoft\nphlauncher.dll
FF - plugin: C:\Users\NZXT\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\NZXT\AppData\LocalLow\StoneTrip\Web Player\npShiVa3D.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AsrAppCharger;AsrAppCharger;C:\Windows\system32\DRIVERS\AsrAppCharger.sys --> C:\Windows\system32\DRIVERS\AsrAppCharger.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 FNETURPX;FNETURPX;C:\Windows\system32\drivers\FNETURPX.SYS --> C:\Windows\system32\drivers\FNETURPX.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-11 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-11 44808]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-6-5 87400]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-7-17 116632]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-6-18 65657]
R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Rosewill 11n USB Wireless LAN Utility\RtlService.exe [2011-9-6 36864]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-8 1153368]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-26 2673064]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 FNETTBOH_305;FNETTBOH_305;C:\Windows\system32\drivers\FNETTBOH_305.SYS --> C:\Windows\system32\drivers\FNETTBOH_305.SYS [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8192su;Rosewill Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-28 250056]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-28 113120]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
VBEFile=C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
VBSFile=C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.
=============== Created Last 30 ================
.
2012-08-08 20:54:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-08 20:54:43 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-08 15:36:04 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-08-07 07:03:09 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-08-07 07:03:08 -------- d-----w- C:\Program Files (x86)\ffdshow
2012-08-07 07:00:16 -------- d-----w- C:\Program Files (x86)\TVersity Codec Pack
2012-08-07 07:00:11 -------- d-----w- C:\ProgramData\TVersity
2012-08-02 17:17:17 -------- d-----w- C:\Users\NZXT\AppData\Roaming\YourFileDownloader
2012-08-02 17:14:54 -------- d-----w- C:\Program Files (x86)\YourFileDownloader
2012-08-01 19:52:06 -------- d-----w- C:\ProgramData\Curse Client
2012-08-01 01:45:51 -------- d-----w- C:\Program Files (x86)\Motorola Media Link
2012-07-30 22:31:03 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs
2012-07-29 22:57:10 -------- d-----w- C:\Users\NZXT\AppData\Local\SplitMediaLabs
2012-07-29 22:56:50 -------- d-----w- C:\ProgramData\SplitMediaLabs
2012-07-29 22:56:25 -------- d-----w- C:\Users\NZXT\AppData\Roaming\SplitMediaLabs
2012-07-26 22:55:22 -------- d-----w- C:\Users\NZXT\AppData\Roaming\TeamViewer
2012-07-26 22:50:22 -------- d-----w- C:\Users\NZXT\temp
2012-07-26 22:50:19 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-07-25 16:31:32 -------- d-----w- C:\Program Files (x86)\PriceGong
2012-07-19 02:26:20 -------- d-----w- C:\Program Files\Motorola Inc
2012-07-17 21:37:53 -------- d-----w- C:\Program Files (x86)\World of Warcraft Beta
11747-11-13 19:58:10 -------- d-----w- C:\Windows\xxclone.arc
.
==================== Find3M ====================
.
2012-08-15 14:33:32 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 14:33:32 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-01 01:45:42 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-03 16:21:52 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-03 16:21:52 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-03 16:21:52 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr
2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll
2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll
2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-06-11 17:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-06-11 17:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-06-11 17:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-06-11 17:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-06-11 17:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-06-11 17:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll
2012-06-11 17:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll
2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe
2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll
2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll
2012-06-11 16:34:44 77312 ----a-w- C:\Windows\System32\amdave64.dll
2012-06-11 16:34:38 77312 ----a-w- C:\Windows\SysWow64\amdave32.dll
2012-06-11 16:34:28 74240 ----a-w- C:\Windows\System32\atisamu64.dll
2012-06-11 16:34:22 71168 ----a-w- C:\Windows\atisamu32.dll
2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
.
============= FINISH: 1:41:18.85 ===============

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 16 August 2012 - 11:59 AM

Greetings Ryan McHugh and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. :thumbup2:


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for patiently waiting for assistace. Please allow me some time to review the information you have provided. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 16 August 2012 - 12:43 PM

Greetings Ryan McHugh,

Thank you for allowing me the time to review the information you provided. There is one other report I would like to review.

Please complete the following for me, if you would.


===================================================


Posting Previous ComboFix Log

--------------------

It appears that Combofix was previously run on 7-11-12 and I would like to evaluate that information. Please copy and paste the listed file in your reply.

  • c:\combofix.txt

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Ryan McHugh

Ryan McHugh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 16 August 2012 - 01:34 PM

When searching Google for "Bleepingcomputer" and clicking on the link to the main index (www.bleepingcomputer.com) I was redirected to:
http://click.gethotresults.com/ads-clicktrack/click/jump1.do?sid=gZjn50V6l6DAbGbGOgkkTb6qMaZz22n0mSzVAYSJeB8%3D&affiliate=46938&subid=10090&rc=0&terms=bleepingcomputer

Going back, then clicking on it again brought me to the actual site.

Below is the combofix log you requested. I'd like to point out this is a friend's computer, so I'm not responsible for running ComboFix without someone telling me to do so first. :)

Thanks again for any help you can provide.


ComboFix 12-07-11.03 - NZXT 07/11/2012 21:07:42.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4092.2860 [GMT -4:00]
Running from: c:\users\NZXT\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\NZXT\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
c:\users\NZXT\AppData\Local\Temp\WindowsAPI.dll6835946949644099327.lib
c:\users\NZXT\AppData\Local\Temp\WindowsFolderWatcher.dll7447614871330454369.lib
c:\users\NZXT\AppData\Local\Temp\ZumoLocalGateway.dll2814431019591880688.lib
c:\users\NZXT\AppData\Local\Temp\zumotaglib.dll3763094189360670454.lib
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\@
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\L\00000004.@
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\L\1afb2d56
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\L\201d3dde
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\00000004.@
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\00000008.@
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\000000cb.@
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\80000000.@
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\80000032.@
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\80000064.@
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz295A.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz2B2F.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz39B8.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz3B65.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz3BBC.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz3F8B.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz3FA4.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz3FA5.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz4CD5.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz5169.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz563A.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz5C44.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz5D9C.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz5E0D.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz60B8.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz6155.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz7092.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz714E.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz74CF.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz921B.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz96FC.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz992F.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trz9C4C.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzA586.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzA6AF.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzA884.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzB7D8.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzB856.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzB8E3.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzB8E9.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzBA12.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzBC5D.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzBE13.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzBE86.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzBF97.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzBFC7.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzBFCE.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzC2E9.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzC90C.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzCC74.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzCE49.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzCF29.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzD005.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzD0A2.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzD1B4.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzD2D5.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzD343.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzD392.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzD463.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzE19E.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzF1D4.tmp
c:\windows\Installer\{bd89eefc-3d08-1df8-67f0-97e4c61bb834}\U\trzFAF9.tmp
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache64\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-12 01:16 . 2012-07-12 01:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-11 22:37 . 2012-07-11 22:37 -------- d-----w- C:\_OTL
2012-07-11 15:51 . 2012-07-11 15:51 -------- d-----w- c:\users\NZXT\AppData\Roaming\Malwarebytes
2012-07-11 15:51 . 2012-07-11 15:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-11 15:51 . 2012-07-11 15:51 -------- d-----w- c:\programdata\Malwarebytes
2012-07-11 15:51 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-10 19:16 . 2012-07-10 19:16 -------- d-----w- c:\program files\XXCLONE
2012-07-10 19:09 . 2012-07-10 19:09 -------- d-----w- c:\programdata\ATI
2012-07-10 19:06 . 2012-07-10 19:06 -------- d-----w- c:\program files\AMD
2012-07-10 19:06 . 2012-07-10 19:06 -------- d-----w- c:\program files (x86)\AMD APP
2012-06-29 22:53 . 2012-06-29 22:53 -------- d-----w- c:\programdata\hanbitsoft
2012-06-29 22:16 . 2012-06-29 22:16 -------- d-----w- c:\users\NZXT\AppData\Local\Macromedia
2012-06-29 03:05 . 2012-06-29 03:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-29 02:51 . 2012-06-29 22:42 -------- d-----w- C:\T3Fun
2012-06-28 21:17 . 2012-07-04 06:29 -------- d-----w- c:\users\NZXT\AppData\Local\PMB Files
2012-06-28 21:17 . 2012-06-29 03:34 -------- d-----w- c:\programdata\PMB Files
2012-06-28 21:13 . 2012-06-28 21:13 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-28 21:13 . 2012-06-28 21:13 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-28 21:13 . 2012-06-28 21:13 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-28 21:13 . 2012-06-28 21:13 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-28 21:13 . 2012-06-28 21:13 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-28 19:17 . 2012-06-28 19:17 -------- d-----w- c:\program files (x86)\AMD AVT
2012-06-28 19:13 . 2012-06-28 19:13 -------- d-----w- C:\AMD
2012-06-21 15:40 . 2012-06-21 15:40 -------- d-----w- c:\program files (x86)\EaseUS
2012-06-21 02:18 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 02:18 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 02:18 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 02:18 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 02:18 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 02:18 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 02:18 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 02:18 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 02:18 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 23:49 . 2012-06-18 23:49 -------- d-----w- c:\program files (x86)\Motorola Media Link
2012-06-18 23:48 . 2012-06-18 23:48 -------- d-----w- c:\users\NZXT\AppData\Roaming\Motorola Mobility
2012-06-18 23:47 . 2012-06-18 23:47 -------- d-----w- c:\program files\Motorola Inc
2012-06-18 22:20 . 2012-06-28 21:13 624608 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-18 22:20 . 2012-06-28 21:13 43488 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-06-17 21:17 . 2012-06-17 21:17 -------- d-----w- c:\programdata\Battle.net
11747-11-13 19:58 . 2012-07-10 20:46 -------- d-----w- c:\windows\xxclone.arc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 16:21 . 2012-03-07 00:59 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2012-03-07 00:59 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2012-03-07 00:59 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-03-07 00:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2012-03-07 00:59 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2012-03-07 00:59 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2012-03-07 00:59 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2012-03-07 00:59 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2012-03-07 00:59 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-29 03:33 . 2011-05-14 14:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-18 23:48 . 2012-02-25 00:12 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:50 . 2012-06-11 17:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 17:50 . 2012-06-11 17:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 17:50 . 2012-06-11 17:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 17:50 . 2012-06-11 17:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2012-06-11 17:24 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2012-06-11 17:23 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2012-06-11 17:01 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:34 . 2012-06-11 16:34 77312 ----a-w- c:\windows\system32\amdave64.dll
2012-06-11 16:34 . 2012-06-11 16:34 77312 ----a-w- c:\windows\SysWow64\amdave32.dll
2012-06-11 16:34 . 2012-06-11 16:34 74240 ----a-w- c:\windows\system32\atisamu64.dll
2012-06-11 16:34 . 2012-06-11 16:34 71168 ----a-w- c:\windows\atisamu32.dll
2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2012-06-11 16:25 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2012-06-11 16:24 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-11_22.56.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-07-12 01:05 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-12 00:26 . 2012-07-12 00:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-07-12 00:36 . 2012-07-12 00:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012071120120712\index.dat
+ 2012-07-12 00:23 . 2012-07-12 00:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2012-07-12 00:23 . 2012-07-12 00:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-07-12 00:23 . 2012-07-12 00:59 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2011-05-14 13:44 . 2012-07-12 01:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-14 13:44 . 2012-07-11 22:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-14 13:44 . 2012-07-11 22:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-14 13:44 . 2012-07-12 01:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-12 01:17 . 2012-07-12 01:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-11 22:56 . 2012-07-11 22:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-07-12 01:05 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:01 . 2012-07-12 00:11 236556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-11 22:41 236556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-07-12 01:05 2506752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-14 14:06 . 2012-07-11 22:41 1042584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-05-14 14:06 . 2012-07-12 00:11 1042584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-05-15 14:40 . 2012-07-11 22:41 29802549 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2796391299-3814755040-3489974468-1000-12288.dat
+ 2011-05-15 14:40 . 2012-07-12 00:11 29802549 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2796391299-3814755040-3489974468-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-06-18 2055]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2011-05-14 4942336]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
.
c:\users\NZXT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-11-25 0]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe [2012-3-13 4142448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 250056]
R3 AsrIbDrv;AsrIbDrv;c:\windows\SysWOW64\Drivers\AsrIbDrv.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2010-08-24 74320]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2010-08-24 13392]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-28 113120]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-16 1255736]
R3 X6va005;X6va005;c:\users\NZXT\AppData\Local\Temp\0059706.tmp [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-05-14 15936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-06-05 87400]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-06-05 116632]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Rosewill 11n USB Wireless LAN Utility\RtlService.exe [2009-07-10 36864]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2011-06-10 31808]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-06-02 82816]
S3 RTL8192su;Rosewill Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-10-14 674304]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-03-31 126464]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 03:33]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2796391299-3814755040-3489974468-1000Core.job
- c:\users\NZXT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-14 06:15]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2796391299-3814755040-3489974468-1000UA.job
- c:\users\NZXT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll" [2010-03-24 633200]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://Mythos.T3fun.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Download with Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 192.168.0.1 216.165.129.158
FF - ProfilePath - c:\users\NZXT\AppData\Roaming\Mozilla\Firefox\Profiles\xvrzsxsa.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va005]
"ImagePath"="\??\c:\users\NZXT\AppData\Local\Temp\0059706.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Rosewill 11n USB Wireless LAN Utility\RtWlan.exe
c:\program files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
c:\program files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
.
**************************************************************************
.
Completion time: 2012-07-11 21:19:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-12 01:19
ComboFix2.txt 2012-07-11 22:57
.
Pre-Run: 93,030,838,272 bytes free
Post-Run: 92,928,933,888 bytes free
.
- - End Of File - - 1E95E22511AA21F544C6838EE5AA8802

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 16 August 2012 - 02:02 PM

Greetings Ryan McHugh,

I'm not responsible for running ComboFix


I won't yell at you... :)

The information you provided was valuable and assists us in the next steps. Before doing that I must advise you of the following:


===================================================


BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please let me know if you have already noticed evedences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


===================================================


Running TDSSKiller with Changed Parameters

--------------------

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    Posted Image

  • Check Verify Driver Digital Signature and Detect TDLFS file system
    Click OK


    Posted Image

  • Click Start Scan and allow the scan process to run


    Posted Image

  • If threats are detected select Skip for all of them unless I instruct you otherwise
    Click Continue


    Posted Image

  • Click Reboot computer
  • Please copy and paste the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    Posted Image
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    Posted Image
  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Ryan McHugh

Ryan McHugh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 16 August 2012 - 02:14 PM

See attached logs


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-16 15:11:31
-----------------------------
15:11:31.656 OS Version: Windows x64 6.1.7600
15:11:31.656 Number of processors: 4 586 0x403
15:11:31.656 ComputerName: NZXT-PC UserName: NZXT
15:11:31.875 Initialize success
15:11:31.984 AVAST engine defs: 12081600
15:11:48.079 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
15:11:48.079 Disk 0 Vendor: SAMSUNG_SSD_830_Series CXM03B1Q Size: 244198MB BusType: 3
15:11:48.079 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-2
15:11:48.079 Disk 1 Vendor: Hitachi_HUA723030ALA640 MKAOA580 Size: 2861588MB BusType: 3
15:11:48.095 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T1L0-5
15:11:48.095 Disk 2 Vendor: ST96812AS 3.14 Size: 57231MB BusType: 3
15:11:48.095 Disk 0 MBR read successfully
15:11:48.095 Disk 0 MBR scan
15:11:48.095 Disk 0 Windows XP default MBR code
15:11:48.095 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 244196 MB offset 2048
15:11:48.111 Disk 0 scanning C:\Windows\system32\drivers
15:11:49.327 Service scanning
15:11:52.541 Modules scanning
15:11:52.541 Disk 0 trace - called modules:
15:11:52.541 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:11:52.541 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a26060]
15:11:52.541 3 CLASSPNP.SYS[fffff880018a143f] -> nt!IofCallDriver -> [0xfffffa80045419b0]
15:11:52.557 5 ACPI.sys[fffff88000efc781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80049b4060]
15:11:52.728 AVAST engine scan C:\Windows
15:11:53.103 AVAST engine scan C:\Windows\system32
15:12:25.870 AVAST engine scan C:\Windows\system32\drivers
15:12:27.586 AVAST engine scan C:\Users\NZXT
15:12:45.822 AVAST engine scan C:\ProgramData
15:12:59.642 Scan finished successfully
15:13:10.680 Disk 0 MBR has been saved successfully to "C:\Users\NZXT\Desktop\MBR.dat"
15:13:10.684 The log file has been saved successfully to "C:\Users\NZXT\Desktop\aswMBR.txt"



--
15:08:19.0006 2304 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
15:08:19.0302 2304 ============================================================
15:08:19.0302 2304 Current date / time: 2012/08/16 15:08:19.0302
15:08:19.0302 2304 SystemInfo:
15:08:19.0302 2304
15:08:19.0302 2304 OS Version: 6.1.7600 ServicePack: 0.0
15:08:19.0302 2304 Product type: Workstation
15:08:19.0302 2304 ComputerName: NZXT-PC
15:08:19.0302 2304 UserName: NZXT
15:08:19.0302 2304 Windows directory: C:\Windows
15:08:19.0302 2304 System windows directory: C:\Windows
15:08:19.0302 2304 Running under WOW64
15:08:19.0302 2304 Processor architecture: Intel x64
15:08:19.0302 2304 Number of processors: 4
15:08:19.0302 2304 Page size: 0x1000
15:08:19.0302 2304 Boot type: Normal boot
15:08:19.0302 2304 ============================================================
15:08:20.0909 2304 Drive \Device\Harddisk2\DR2 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:08:20.0909 2304 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:08:20.0925 2304 Drive \Device\Harddisk1\DR1 - Size: 0x2BAA1476000 (2794.52 Gb), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:08:20.0941 2304 Drive \Device\Harddisk3\DR9 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:08:20.0956 2304 ============================================================
15:08:20.0956 2304 \Device\Harddisk2\DR2:
15:08:20.0972 2304 MBR partitions:
15:08:20.0972 2304 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FC6800
15:08:20.0972 2304 \Device\Harddisk0\DR0:
15:08:20.0972 2304 MBR partitions:
15:08:20.0972 2304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1DCF2000
15:08:20.0972 2304 \Device\Harddisk1\DR1:
15:08:20.0972 2304 GPT partitions:
15:08:20.0972 2304 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {6F323781-CEF9-4271-A3C4-D506D21517B1}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x5D4C9800
15:08:20.0972 2304 MBR partitions:
15:08:20.0972 2304 \Device\Harddisk3\DR9:
15:08:20.0972 2304 MBR partitions:
15:08:20.0972 2304 \Device\Harddisk3\DR9\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E035C1
15:08:20.0972 2304 ============================================================
15:08:20.0972 2304 C: <-> \Device\Harddisk0\DR0\Partition1
15:08:20.0987 2304 D: <-> \Device\Harddisk2\DR2\Partition1
15:08:21.0019 2304 F: <-> \Device\Harddisk1\DR1\Partition1
15:08:21.0019 2304 H: <-> \Device\Harddisk3\DR9\Partition1
15:08:21.0019 2304 ============================================================
15:08:21.0019 2304 Initialize success
15:08:21.0019 2304 ============================================================
15:08:53.0682 3196 ============================================================
15:08:53.0682 3196 Scan started
15:08:53.0682 3196 Mode: Manual; SigCheck; TDLFS;
15:08:53.0682 3196 ============================================================
15:08:54.0010 3196 ================ Scan services =============================
15:08:54.0041 3196 [ 1b00662092f9f9568b995902f0cc40d5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
15:08:54.0072 3196 1394ohci - ok
15:08:54.0088 3196 [ 6f11e88748cdefd2f76aa215f97ddfe5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
15:08:54.0103 3196 ACPI - ok
15:08:54.0103 3196 [ 63b05a0420ce4bf0e4af6dcc7cada254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
15:08:54.0119 3196 AcpiPmi - ok
15:08:54.0135 3196 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:08:54.0135 3196 AdobeFlashPlayerUpdateSvc - ok
15:08:54.0150 3196 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:08:54.0166 3196 adp94xx - ok
15:08:54.0166 3196 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:08:54.0181 3196 adpahci - ok
15:08:54.0181 3196 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:08:54.0197 3196 adpu320 - ok
15:08:54.0197 3196 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:08:54.0228 3196 AeLookupSvc - ok
15:08:54.0244 3196 [ 6ef20ddf3172e97d69f596fb90602f29 ] AFD C:\Windows\system32\drivers\afd.sys
15:08:54.0259 3196 AFD - ok
15:08:54.0259 3196 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
15:08:54.0275 3196 agp440 - ok
15:08:54.0275 3196 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
15:08:54.0291 3196 ALG - ok
15:08:54.0291 3196 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
15:08:54.0291 3196 aliide - ok
15:08:54.0306 3196 [ 9c616ba191b80f5cd1a1b9553e107100 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:08:54.0322 3196 AMD External Events Utility - ok
15:08:54.0322 3196 AMD FUEL Service - ok
15:08:54.0322 3196 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\DRIVERS\amdide.sys
15:08:54.0337 3196 amdide - ok
15:08:54.0337 3196 [ 6a2eeb0c4133b20773bb3dd0b7b377b4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
15:08:54.0353 3196 amdiox64 - ok
15:08:54.0353 3196 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:08:54.0369 3196 AmdK8 - ok
15:08:54.0431 3196 [ 5165e83751b8ff40e5e4925996fcc506 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:08:54.0556 3196 amdkmdag - ok
15:08:54.0571 3196 [ 86ab3cf484260c4318f3a6e8b035f422 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:08:54.0587 3196 amdkmdap - ok
15:08:54.0587 3196 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:08:54.0603 3196 AmdPPM - ok
15:08:54.0618 3196 [ 7a4b413614c055935567cf88a9734d38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
15:08:54.0618 3196 amdsata - ok
15:08:54.0634 3196 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:08:54.0634 3196 amdsbs - ok
15:08:54.0649 3196 [ b4ad0cacbab298671dd6f6ef7e20679d ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
15:08:54.0649 3196 amdxata - ok
15:08:54.0649 3196 [ 5b25d1a753cc3a3edb909bb759ac1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
15:08:54.0665 3196 AODDriver4.1 - ok
15:08:54.0665 3196 [ 42fd751b27fa0e9c69bb39f39e409594 ] AppID C:\Windows\system32\drivers\appid.sys
15:08:54.0681 3196 AppID - ok
15:08:54.0681 3196 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:08:54.0712 3196 AppIDSvc - ok
15:08:54.0712 3196 [ d065be66822847b7f127d1f90158376e ] Appinfo C:\Windows\System32\appinfo.dll
15:08:54.0727 3196 Appinfo - ok
15:08:54.0743 3196 [ 20f6f19fe9e753f2780dc2fa083ad597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:08:54.0743 3196 Apple Mobile Device - ok
15:08:54.0743 3196 [ 4aba3e75a76195a3e38ed2766c962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:08:54.0759 3196 AppMgmt - ok
15:08:54.0759 3196 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
15:08:54.0774 3196 arc - ok
15:08:54.0774 3196 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:08:54.0790 3196 arcsas - ok
15:08:54.0790 3196 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:08:54.0805 3196 aspnet_state - ok
15:08:54.0805 3196 [ 912a215ce180a6e7c923c662d7ec777d ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys
15:08:54.0821 3196 AsrAppCharger - ok
15:08:54.0837 3196 AsrIbDrv - ok
15:08:54.0837 3196 [ df59b8e8df0bd2e0e303778a3806a17d ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
15:08:54.0852 3196 aswFsBlk - ok
15:08:54.0852 3196 [ f8e6ab4f876feff69250f2e0c29ef004 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
15:08:54.0852 3196 aswMonFlt - ok
15:08:54.0868 3196 [ aa92bc4bcba40ca3aa3ffd1be24f0c09 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
15:08:54.0868 3196 aswRdr - ok
15:08:54.0883 3196 [ f06e230e1e8ca9437a6474b7b551cd37 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
15:08:54.0915 3196 aswSnx - ok
15:08:54.0915 3196 [ 3610ca74a69e380424f0452dec5c1317 ] aswSP C:\Windows\system32\drivers\aswSP.sys
15:08:54.0930 3196 aswSP - ok
15:08:54.0930 3196 [ 87de3e31cb0091d22351349869324065 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
15:08:54.0946 3196 aswTdi - ok
15:08:54.0946 3196 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:08:54.0977 3196 AsyncMac - ok
15:08:54.0977 3196 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\DRIVERS\atapi.sys
15:08:54.0993 3196 atapi - ok
15:08:54.0993 3196 [ 24464b908e143d2561e9e452fee97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:08:55.0008 3196 AtiHDAudioService - ok
15:08:55.0008 3196 [ 77c149e6d702737b2e372dee166faef8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
15:08:55.0024 3196 AtiHdmiService - ok
15:08:55.0024 3196 [ 7c5d273e29dcc5505469b299c6f29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
15:08:55.0024 3196 AtiPcie - ok
15:08:55.0039 3196 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:08:55.0071 3196 AudioEndpointBuilder - ok
15:08:55.0086 3196 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:08:55.0117 3196 AudioSrv - ok
15:08:55.0117 3196 [ 2f7c0f3e39c45e0127fb78b2f18a41f3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:08:55.0133 3196 avast! Antivirus - ok
15:08:55.0133 3196 [ b20b5fa5ca050e9926e4d1db81501b32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:08:55.0164 3196 AxInstSV - ok
15:08:55.0164 3196 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:08:55.0180 3196 b06bdrv - ok
15:08:55.0195 3196 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:08:55.0195 3196 b57nd60a - ok
15:08:55.0211 3196 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:08:55.0227 3196 BDESVC - ok
15:08:55.0227 3196 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:08:55.0242 3196 Beep - ok
15:08:55.0258 3196 [ 4992c609a6315671463e30f6512bc022 ] BFE C:\Windows\System32\bfe.dll
15:08:55.0305 3196 BFE - ok
15:08:55.0320 3196 [ 7f0c323fe3da28aa4aa1bda3f575707f ] BITS C:\Windows\system32\qmgr.dll
15:08:55.0351 3196 BITS - ok
15:08:55.0351 3196 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:08:55.0367 3196 blbdrive - ok
15:08:55.0383 3196 [ f2060a34c8a75bc24a9222eb4f8c07bd ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:08:55.0383 3196 Bonjour Service - ok
15:08:55.0398 3196 [ 19d20159708e152267e53b66677a4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:08:55.0414 3196 bowser - ok
15:08:55.0414 3196 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:08:55.0429 3196 BrFiltLo - ok
15:08:55.0429 3196 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:08:55.0445 3196 BrFiltUp - ok
15:08:55.0445 3196 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:08:55.0476 3196 BridgeMP - ok
15:08:55.0492 3196 [ 94fbc06f294d58d02361918418f996e3 ] Browser C:\Windows\System32\browser.dll
15:08:55.0523 3196 Browser - ok
15:08:55.0523 3196 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:08:55.0539 3196 Brserid - ok
15:08:55.0539 3196 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:08:55.0554 3196 BrSerWdm - ok
15:08:55.0554 3196 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:08:55.0570 3196 BrUsbMdm - ok
15:08:55.0570 3196 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:08:55.0585 3196 BrUsbSer - ok
15:08:55.0585 3196 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:08:55.0601 3196 BTHMODEM - ok
15:08:55.0617 3196 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
15:08:55.0632 3196 bthserv - ok
15:08:55.0648 3196 catchme - ok
15:08:55.0648 3196 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:08:55.0679 3196 cdfs - ok
15:08:55.0679 3196 [ 83d2d75e1efb81b3450c18131443f7db ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:08:55.0695 3196 cdrom - ok
15:08:55.0695 3196 [ 312e2f82af11e79906898ac3e3d58a1f ] CertPropSvc C:\Windows\System32\certprop.dll
15:08:55.0726 3196 CertPropSvc - ok
15:08:55.0726 3196 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:08:55.0741 3196 circlass - ok
15:08:55.0741 3196 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
15:08:55.0757 3196 CLFS - ok
15:08:55.0773 3196 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:08:55.0773 3196 clr_optimization_v2.0.50727_32 - ok
15:08:55.0788 3196 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:08:55.0788 3196 clr_optimization_v2.0.50727_64 - ok
15:08:55.0788 3196 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:08:55.0804 3196 clr_optimization_v4.0.30319_32 - ok
15:08:55.0804 3196 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:08:55.0819 3196 clr_optimization_v4.0.30319_64 - ok
15:08:55.0819 3196 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:08:55.0835 3196 CmBatt - ok
15:08:55.0835 3196 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
15:08:55.0851 3196 cmdide - ok
15:08:55.0851 3196 [ f95fd4cb7da00ba2a63ce9f6b5c053e1 ] CNG C:\Windows\system32\Drivers\cng.sys
15:08:55.0866 3196 CNG - ok
15:08:55.0882 3196 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:08:55.0882 3196 Compbatt - ok
15:08:55.0897 3196 [ f26b3a86f6fa87ca360b879581ab4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:08:55.0897 3196 CompositeBus - ok
15:08:55.0913 3196 COMSysApp - ok
15:08:55.0913 3196 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:08:55.0913 3196 crcdisk - ok
15:08:55.0929 3196 [ 8c57411b66282c01533cb776f98ad384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:08:55.0960 3196 CryptSvc - ok
15:08:55.0960 3196 [ 4a6173c2279b498cd8f57cae504564cb ] CSC C:\Windows\system32\drivers\csc.sys
15:08:55.0975 3196 CSC - ok
15:08:55.0991 3196 [ 873fbf927c06e5cee04dec617502f8fd ] CscService C:\Windows\System32\cscsvc.dll
15:08:56.0007 3196 CscService - ok
15:08:56.0022 3196 [ 7266972e86890e2b30c0c322e906b027 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:08:56.0053 3196 DcomLaunch - ok
15:08:56.0053 3196 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
15:08:56.0085 3196 defragsvc - ok
15:08:56.0100 3196 [ 3430ead65bbe8516572eb7c8b82ed8cd ] DeviceMonitorService C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
15:08:56.0100 3196 DeviceMonitorService - ok
15:08:56.0116 3196 [ 9c253ce7311ca60fc11c774692a13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:08:56.0194 3196 DfsC - ok
15:08:56.0194 3196 [ ce3b9562d997f69b330d181a8875960f ] Dhcp C:\Windows\system32\dhcpcore.dll
15:08:56.0256 3196 Dhcp - ok
15:08:56.0256 3196 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
15:08:56.0287 3196 discache - ok
15:08:56.0287 3196 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:08:56.0287 3196 Disk - ok
15:08:56.0303 3196 [ 85cf424c74a1d5ec33533e1dbff9920a ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:08:56.0319 3196 Dnscache - ok
15:08:56.0319 3196 [ 14452acdb09b70964c8c21bf80a13acb ] dot3svc C:\Windows\System32\dot3svc.dll
15:08:56.0350 3196 dot3svc - ok
15:08:56.0350 3196 [ 8c2ba6bea949ee6e68385f5692bafb94 ] DPS C:\Windows\system32\dps.dll
15:08:56.0381 3196 DPS - ok
15:08:56.0381 3196 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:08:56.0397 3196 drmkaud - ok
15:08:56.0412 3196 [ ebce0b0924835f635f620d19f0529dce ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:08:56.0428 3196 DXGKrnl - ok
15:08:56.0443 3196 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:08:56.0475 3196 EapHost - ok
15:08:56.0490 3196 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:08:56.0537 3196 ebdrv - ok
15:08:56.0553 3196 [ 0793f40b9b8a1bdd266296409dbd91ea ] EFS C:\Windows\System32\lsass.exe
15:08:56.0553 3196 EFS - ok
15:08:56.0568 3196 [ b91d81b3b54a54ccafc03733dbc2e29e ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:08:56.0599 3196 ehRecvr - ok
15:08:56.0599 3196 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
15:08:56.0615 3196 ehSched - ok
15:08:56.0615 3196 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:08:56.0631 3196 elxstor - ok
15:08:56.0631 3196 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
15:08:56.0646 3196 ErrDev - ok
15:08:56.0646 3196 [ df2f6c1e55f6e81cfc7f688380d85816 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
15:08:56.0662 3196 EtronHub3 - ok
15:08:56.0662 3196 [ e093abfb67a4b9d94f80611a7d0a8bb9 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
15:08:56.0677 3196 EtronXHCI - ok
15:08:56.0677 3196 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
15:08:56.0709 3196 EventSystem - ok
15:08:56.0724 3196 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
15:08:56.0755 3196 exfat - ok
15:08:56.0755 3196 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:08:56.0787 3196 fastfat - ok
15:08:56.0802 3196 [ d607b2f1bee3992aa6c2c92c0a2f0855 ] Fax C:\Windows\system32\fxssvc.exe
15:08:56.0818 3196 Fax - ok
15:08:56.0818 3196 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:08:56.0833 3196 fdc - ok
15:08:56.0833 3196 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:08:56.0865 3196 fdPHost - ok
15:08:56.0865 3196 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:08:56.0896 3196 FDResPub - ok
15:08:56.0896 3196 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:08:56.0911 3196 FileInfo - ok
15:08:56.0911 3196 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:08:56.0943 3196 Filetrace - ok
15:08:56.0943 3196 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:08:56.0958 3196 flpydisk - ok
15:08:56.0958 3196 [ f7866af72abbaf84b1fa5aa195378c59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:08:56.0974 3196 FltMgr - ok
15:08:56.0974 3196 [ fe95ae537b41a7e2f4cfe353064dc4af ] FNETTBOH_305 C:\Windows\system32\drivers\FNETTBOH_305.SYS
15:08:56.0989 3196 FNETTBOH_305 - ok
15:08:56.0989 3196 [ 7c3c4b4c951ec1bdfd4f769d05e2cc68 ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS
15:08:56.0989 3196 FNETURPX - ok
15:08:57.0005 3196 [ 8ac4cb4ea61e41009fae9ae7b2b5da3a ] FontCache C:\Windows\system32\FntCache.dll
15:08:57.0052 3196 FontCache - ok
15:08:57.0052 3196 [ 8d89e3131c27fdd6932189cb785e1b7a ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:08:57.0052 3196 FontCache3.0.0.0 - ok
15:08:57.0067 3196 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:08:57.0067 3196 FsDepends - ok
15:08:57.0083 3196 [ e95ef8547de20cf0603557c0cf7a9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:08:57.0083 3196 Fs_Rec - ok
15:08:57.0099 3196 [ b8b2a6e1558f8f5de5ce431c5b2c7b09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:08:57.0099 3196 fvevol - ok
15:08:57.0114 3196 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:08:57.0114 3196 gagp30kx - ok
15:08:57.0130 3196 [ fe5ab4525bc2ec68b9119a6e5d40128b ] gpsvc C:\Windows\System32\gpsvc.dll
15:08:57.0161 3196 gpsvc - ok
15:08:57.0161 3196 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:08:57.0177 3196 hcw85cir - ok
15:08:57.0177 3196 [ 6410f6f415b2a5a9037224c41da8bf12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:08:57.0192 3196 HdAudAddService - ok
15:08:57.0192 3196 [ 0a49913402747a0b67de940fb42cbdbb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:08:57.0208 3196 HDAudBus - ok
15:08:57.0208 3196 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:08:57.0223 3196 HidBatt - ok
15:08:57.0223 3196 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:08:57.0239 3196 HidBth - ok
15:08:57.0239 3196 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:08:57.0255 3196 HidIr - ok
15:08:57.0255 3196 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
15:08:57.0286 3196 hidserv - ok
15:08:57.0286 3196 [ b3bf6b5b50006def50b66306d99fcf6f ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:08:57.0301 3196 HidUsb - ok
15:08:57.0301 3196 [ efa58ede58dd74388ffd04cb32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:08:57.0333 3196 hkmsvc - ok
15:08:57.0348 3196 [ 046b2673767ca626e2cfb7fdf735e9e8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:08:57.0348 3196 HomeGroupListener - ok
15:08:57.0364 3196 [ 06a7422224d9865a5613710a089987df ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:08:57.0379 3196 HomeGroupProvider - ok
15:08:57.0379 3196 [ 0886d440058f203eba0e1825e4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
15:08:57.0379 3196 HpSAMD - ok
15:08:57.0395 3196 [ f47cec45fb85791d4ab237563ad0fa8f ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
15:08:57.0395 3196 HTCAND64 - ok
15:08:57.0411 3196 [ b8b1b284362e1d8135112573395d5da5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
15:08:57.0411 3196 htcnprot - ok
15:08:57.0426 3196 [ cee049cac4efa7f4e1e4ad014414a5d4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:08:57.0457 3196 HTTP - ok
15:08:57.0457 3196 [ f17766a19145f111856378df337a5d79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:08:57.0473 3196 hwpolicy - ok
15:08:57.0473 3196 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:08:57.0489 3196 i8042prt - ok
15:08:57.0489 3196 [ d83efb6fd45df9d55e9a1afc63640d50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
15:08:57.0504 3196 iaStorV - ok
15:08:57.0520 3196 [ 2f2be70d3e02b6fa877921ab9516d43c ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:08:57.0535 3196 idsvc - ok
15:08:57.0551 3196 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:08:57.0551 3196 iirsp - ok
15:08:57.0567 3196 [ c5b4683680df085b57bc53e5ef34861f ] IKEEXT C:\Windows\System32\ikeext.dll
15:08:57.0598 3196 IKEEXT - ok
15:08:57.0629 3196 [ e8017f1662d9142f45ceab694d013c00 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:08:57.0676 3196 IntcAzAudAddService - ok
15:08:57.0676 3196 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\DRIVERS\intelide.sys
15:08:57.0691 3196 intelide - ok
15:08:57.0691 3196 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:08:57.0707 3196 intelppm - ok
15:08:57.0707 3196 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:08:57.0738 3196 IPBusEnum - ok
15:08:57.0738 3196 [ 722dd294df62483cecaae6e094b4d695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:08:57.0769 3196 IpFilterDriver - ok
15:08:57.0769 3196 [ f8e058d17363ec580e4b7232778b6cb5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:08:57.0816 3196 iphlpsvc - ok
15:08:57.0816 3196 [ e2b4a4494db7cb9b89b55ca268c337c5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:08:57.0832 3196 IPMIDRV - ok
15:08:57.0832 3196 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:08:57.0863 3196 IPNAT - ok
15:08:57.0863 3196 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:08:57.0879 3196 IRENUM - ok
15:08:57.0879 3196 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
15:08:57.0894 3196 isapnp - ok
15:08:57.0894 3196 [ fa4d2557de56d45b0a346f93564be6e1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:08:57.0910 3196 iScsiPrt - ok
15:08:57.0910 3196 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:08:57.0910 3196 kbdclass - ok
15:08:57.0925 3196 [ 6def98f8541e1b5dceb2c822a11f7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:08:57.0941 3196 kbdhid - ok
15:08:57.0941 3196 [ 0793f40b9b8a1bdd266296409dbd91ea ] KeyIso C:\Windows\system32\lsass.exe
15:08:57.0957 3196 KeyIso - ok
15:08:57.0957 3196 [ e8b6fcc9c83535c67f835d407620bd27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:08:57.0957 3196 KSecDD - ok
15:08:57.0972 3196 [ a8c63880ef6f4d3fec7b616b9c060215 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:08:57.0972 3196 KSecPkg - ok
15:08:57.0988 3196 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:08:58.0003 3196 ksthunk - ok
15:08:58.0019 3196 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
15:08:58.0050 3196 KtmRm - ok
15:08:58.0050 3196 [ a4a9ca24e54e81c6c3e469eaeb4b3f42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
15:08:58.0066 3196 L1C - ok
15:08:58.0066 3196 [ 81f1d04d4d0e433099365127375fd501 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:08:58.0081 3196 LanmanServer - ok
15:08:58.0081 3196 [ 27026eac8818e8a6c00a1cad2f11d29a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:08:58.0113 3196 LanmanWorkstation - ok
15:08:58.0128 3196 [ 7772dfab22611050b79504e671b06e6e ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:08:58.0128 3196 LBTServ - ok
15:08:58.0144 3196 [ 00ba093a3f316d43a4c3e098a96ae912 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
15:08:58.0144 3196 LEqdUsb - ok
15:08:58.0159 3196 [ 3067cfad2baa4a208130cd0afb130bc9 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
15:08:58.0159 3196 LHidEqd - ok
15:08:58.0159 3196 [ 241f2648adf090e2a10095bd6d6f5dcb ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:08:58.0175 3196 LHidFilt - ok
15:08:58.0175 3196 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:08:58.0206 3196 lltdio - ok
15:08:58.0222 3196 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:08:58.0237 3196 lltdsvc - ok
15:08:58.0253 3196 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:08:58.0284 3196 lmhosts - ok
15:08:58.0284 3196 [ 342ed5a4b3326014438f36d22d803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:08:58.0300 3196 LMouFilt - ok
15:08:58.0300 3196 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:08:58.0315 3196 LSI_FC - ok
15:08:58.0315 3196 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:08:58.0331 3196 LSI_SAS - ok
15:08:58.0331 3196 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:08:58.0331 3196 LSI_SAS2 - ok
15:08:58.0347 3196 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:08:58.0347 3196 LSI_SCSI - ok
15:08:58.0362 3196 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
15:08:58.0378 3196 luafv - ok
15:08:58.0393 3196 [ b8be35421b9e8dc1ab4b0cb7b9b0328b ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
15:08:58.0393 3196 LUsbFilt - ok
15:08:58.0409 3196 [ f84c8f1000bc11e3b7b23cbd3baff111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:08:58.0409 3196 Mcx2Svc - ok
15:08:58.0425 3196 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:08:58.0425 3196 megasas - ok
15:08:58.0425 3196 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:08:58.0440 3196 MegaSR - ok
15:08:58.0456 3196 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
15:08:58.0471 3196 MMCSS - ok
15:08:58.0487 3196 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:08:58.0503 3196 Modem - ok
15:08:58.0518 3196 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:08:58.0518 3196 monitor - ok
15:08:58.0534 3196 [ a8fd4605aacf006bba3b2b90ac9565b2 ] Motorola Device Manager C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
15:08:58.0534 3196 Motorola Device Manager - ok
15:08:58.0534 3196 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:08:58.0549 3196 mouclass - ok
15:08:58.0549 3196 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:08:58.0565 3196 mouhid - ok
15:08:58.0565 3196 [ 791af66c4d0e7c90a3646066386fb571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:08:58.0581 3196 mountmgr - ok
15:08:58.0581 3196 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:08:58.0596 3196 MozillaMaintenance - ok
15:08:58.0596 3196 [ 609d1d87649ecc19796f4d76d4c15cea ] mpio C:\Windows\system32\DRIVERS\mpio.sys
15:08:58.0596 3196 mpio - ok
15:08:58.0612 3196 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:08:58.0643 3196 mpsdrv - ok
15:08:58.0643 3196 [ aecab449567d1846dad63ece49e893e3 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:08:58.0690 3196 MpsSvc - ok
15:08:58.0690 3196 [ 30524261bb51d96d6fcbac20c810183c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:08:58.0705 3196 MRxDAV - ok
15:08:58.0721 3196 [ 040d62a9d8ad28922632137acdd984f2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:08:58.0721 3196 mrxsmb - ok
15:08:58.0737 3196 [ f0067552f8f9b33d7c59403ab808a3cb ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:08:58.0752 3196 mrxsmb10 - ok
15:08:58.0752 3196 [ 3c142d31de9f2f193218a53fe2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:08:58.0768 3196 mrxsmb20 - ok
15:08:58.0768 3196 [ 5c37497276e3b3a5488b23a326a754b7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
15:08:58.0768 3196 msahci - ok
15:08:58.0783 3196 [ 8d27b597229aed79430fb9db3bcbfbd0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
15:08:58.0783 3196 msdsm - ok
15:08:58.0799 3196 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
15:08:58.0815 3196 MSDTC - ok
15:08:58.0815 3196 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:08:58.0846 3196 Msfs - ok
15:08:58.0846 3196 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:08:58.0877 3196 mshidkmdf - ok
15:08:58.0877 3196 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
15:08:58.0877 3196 msisadrv - ok
15:08:58.0893 3196 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:08:58.0924 3196 MSiSCSI - ok
15:08:58.0924 3196 msiserver - ok
15:08:58.0924 3196 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:08:58.0955 3196 MSKSSRV - ok
15:08:58.0955 3196 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:08:58.0986 3196 MSPCLOCK - ok
15:08:58.0986 3196 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:08:59.0017 3196 MSPQM - ok
15:08:59.0017 3196 [ 89cb141aa8616d8c6a4610fa26c60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:08:59.0033 3196 MsRPC - ok
15:08:59.0049 3196 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:08:59.0049 3196 mssmbios - ok
15:08:59.0049 3196 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:08:59.0080 3196 MSTEE - ok
15:08:59.0080 3196 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:08:59.0095 3196 MTConfig - ok
15:08:59.0095 3196 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:08:59.0111 3196 Mup - ok
15:08:59.0111 3196 [ 4987e079a4530fa737a128be54b63b12 ] napagent C:\Windows\system32\qagentRT.dll
15:08:59.0142 3196 napagent - ok
15:08:59.0158 3196 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:08:59.0173 3196 NativeWifiP - ok
15:08:59.0189 3196 [ cad515dbd07d082bb317d9928ce8962c ] NDIS C:\Windows\system32\drivers\ndis.sys
15:08:59.0205 3196 NDIS - ok
15:08:59.0205 3196 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:08:59.0236 3196 NdisCap - ok
15:08:59.0236 3196 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:08:59.0267 3196 NdisTapi - ok
15:08:59.0267 3196 [ f105ba1e22bf1f2ee8f005d4305e4bec ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:08:59.0298 3196 Ndisuio - ok
15:08:59.0314 3196 [ 557dfab9ca1fcb036ac77564c010dad3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:08:59.0329 3196 NdisWan - ok
15:08:59.0345 3196 [ 659b74fb74b86228d6338d643cd3e3cf ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:08:59.0376 3196 NDProxy - ok
15:08:59.0376 3196 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:08:59.0407 3196 NetBIOS - ok
15:08:59.0407 3196 [ 9162b273a44ab9dce5b44362731d062a ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:08:59.0439 3196 NetBT - ok
15:08:59.0439 3196 [ 0793f40b9b8a1bdd266296409dbd91ea ] Netlogon C:\Windows\system32\lsass.exe
15:08:59.0454 3196 Netlogon - ok
15:08:59.0454 3196 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
15:08:59.0485 3196 Netman - ok
15:08:59.0501 3196 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:08:59.0501 3196 NetMsmqActivator - ok
15:08:59.0501 3196 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:08:59.0517 3196 NetPipeActivator - ok
15:08:59.0517 3196 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
15:08:59.0548 3196 netprofm - ok
15:08:59.0563 3196 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:08:59.0563 3196 NetTcpActivator - ok
15:08:59.0563 3196 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:08:59.0579 3196 NetTcpPortSharing - ok
15:08:59.0579 3196 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:08:59.0595 3196 nfrd960 - ok
15:08:59.0595 3196 [ d9a0ce66046d6efa0c61baa885cba0a8 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:08:59.0626 3196 NlaSvc - ok
15:08:59.0641 3196 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:08:59.0657 3196 Npfs - ok
15:08:59.0657 3196 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:08:59.0688 3196 nsi - ok
15:08:59.0704 3196 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:08:59.0735 3196 nsiproxy - ok
15:08:59.0751 3196 [ 356698a13c4630d5b31c37378d469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:08:59.0782 3196 Ntfs - ok
15:08:59.0782 3196 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
15:08:59.0813 3196 Null - ok
15:08:59.0813 3196 [ 0ebc9d13cd96c15b1b18d8678a609e4b ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
15:08:59.0829 3196 nusb3hub - ok
15:08:59.0829 3196 [ 7bdec000d56d485021d9c1e63c2f81ca ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:08:59.0844 3196 nusb3xhc - ok
15:08:59.0844 3196 [ 3e38712941e9bb4ddbee00affe3fed3d ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
15:08:59.0860 3196 nvraid - ok
15:08:59.0860 3196 [ 477dc4d6deb99be37084c9ac6d013da1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
15:08:59.0875 3196 nvstor - ok
15:08:59.0875 3196 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
15:08:59.0891 3196 nv_agp - ok
15:08:59.0891 3196 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:08:59.0907 3196 ohci1394 - ok
15:08:59.0907 3196 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:08:59.0922 3196 p2pimsvc - ok
15:08:59.0938 3196 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:08:59.0953 3196 p2psvc - ok
15:08:59.0953 3196 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:08:59.0969 3196 Parport - ok
15:08:59.0969 3196 [ 7daa117143316c4a1537e074a5a9eaf0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:08:59.0985 3196 partmgr - ok
15:08:59.0985 3196 [ 68139940b5ac84affb7eb1b713be66e7 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
15:08:59.0985 3196 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
15:08:59.0985 3196 PassThru Service - detected UnsignedFile.Multi.Generic (1)
15:09:00.0000 3196 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:09:00.0016 3196 PcaSvc - ok
15:09:00.0016 3196 [ f36f6504009f2fb0dfd1b17a116ad74b ] pci C:\Windows\system32\DRIVERS\pci.sys
15:09:00.0031 3196 pci - ok
15:09:00.0031 3196 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\DRIVERS\pciide.sys
15:09:00.0047 3196 pciide - ok
15:09:00.0047 3196 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:09:00.0063 3196 pcmcia - ok
15:09:00.0063 3196 [ af7ce12c4f3dc8cb2b07685c916bbcfe ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
15:09:00.0078 3196 pcouffin - ok
15:09:00.0078 3196 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:09:00.0078 3196 pcw - ok
15:09:00.0094 3196 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:09:00.0125 3196 PEAUTH - ok
15:09:00.0141 3196 [ b9b0a4299dd2d76a4243f75fd54dc680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:09:00.0172 3196 PeerDistSvc - ok
15:09:00.0187 3196 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:09:00.0203 3196 PerfHost - ok
15:09:00.0219 3196 [ 557e9a86f65f0de18c9b6751dfe9d3f1 ] pla C:\Windows\system32\pla.dll
15:09:00.0265 3196 pla - ok
15:09:00.0281 3196 [ 98b1721b8718164293b9701b98c52d77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:09:00.0281 3196 PlugPlay - ok
15:09:00.0297 3196 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:09:00.0297 3196 PNRPAutoReg - ok
15:09:00.0312 3196 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:09:00.0328 3196 PNRPsvc - ok
15:09:00.0328 3196 [ 166eb40d1f5b47e615de3d0fffe5f243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:09:00.0359 3196 PolicyAgent - ok
15:09:00.0375 3196 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
15:09:00.0406 3196 Power - ok
15:09:00.0406 3196 [ 27cc19e81ba5e3403c48302127bda717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:09:00.0437 3196 PptpMiniport - ok
15:09:00.0437 3196 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:09:00.0453 3196 Processor - ok
15:09:00.0468 3196 [ f381975e1f4346de875cb07339ce8d3a ] ProfSvc C:\Windows\system32\profsvc.dll
15:09:00.0499 3196 ProfSvc - ok
15:09:00.0499 3196 [ 0793f40b9b8a1bdd266296409dbd91ea ] ProtectedStorage C:\Windows\system32\lsass.exe
15:09:00.0515 3196 ProtectedStorage - ok
15:09:00.0515 3196 [ ee992183bd8eaefd9973f352e587a299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:09:00.0546 3196 Psched - ok
15:09:00.0546 3196 [ ea735bf6df13a857a83c99bf27a422ad ] PST Service C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
15:09:00.0562 3196 PST Service ( UnsignedFile.Multi.Generic ) - warning
15:09:00.0562 3196 PST Service - detected UnsignedFile.Multi.Generic (1)
15:09:00.0577 3196 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:09:00.0609 3196 ql2300 - ok
15:09:00.0609 3196 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:09:00.0609 3196 ql40xx - ok
15:09:00.0624 3196 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
15:09:00.0640 3196 QWAVE - ok
15:09:00.0640 3196 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:09:00.0655 3196 QWAVEdrv - ok
15:09:00.0671 3196 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:09:00.0687 3196 RasAcd - ok
15:09:00.0702 3196 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:09:00.0718 3196 RasAgileVpn - ok
15:09:00.0733 3196 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
15:09:00.0765 3196 RasAuto - ok
15:09:00.0765 3196 [ 87a6e852a22991580d6d39adc4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:09:00.0796 3196 Rasl2tp - ok
15:09:00.0796 3196 [ 47394ed3d16d053f5906efe5ab51cc83 ] RasMan C:\Windows\System32\rasmans.dll
15:09:00.0827 3196 RasMan - ok
15:09:00.0843 3196 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:09:00.0858 3196 RasPppoe - ok
15:09:00.0874 3196 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:09:00.0905 3196 RasSstp - ok
15:09:00.0905 3196 [ 3bac8142102c15d59a87757c1d41dce5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:09:00.0936 3196 rdbss - ok
15:09:00.0936 3196 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:09:00.0952 3196 rdpbus - ok
15:09:00.0952 3196 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:09:00.0983 3196 RDPCDD - ok
15:09:00.0983 3196 [ 9706b84dbabfc4b4ca46c5a82b14dfa3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:09:00.0999 3196 RDPDR - ok
15:09:00.0999 3196 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:09:01.0030 3196 RDPENCDD - ok
15:09:01.0030 3196 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:09:01.0061 3196 RDPREFMP - ok
15:09:01.0061 3196 [ 8a3e6bea1c53ea6177fe2b6eba2c80d7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:09:01.0092 3196 RDPWD - ok
15:09:01.0108 3196 [ 634b9a2181d98f15941236886164ec8b ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:09:01.0108 3196 rdyboost - ok
15:09:01.0123 3196 [ f11f783d66fd2094c2a804d75b5bdc9a ] Realtek11nSU C:\Program Files (x86)\Rosewill 11n USB Wireless LAN Utility\RtlService.exe
15:09:01.0123 3196 Realtek11nSU ( UnsignedFile.Multi.Generic ) - warning
15:09:01.0123 3196 Realtek11nSU - detected UnsignedFile.Multi.Generic (1)
15:09:01.0123 3196 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:09:01.0155 3196 RemoteAccess - ok
15:09:01.0170 3196 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:09:01.0201 3196 RemoteRegistry - ok
15:09:01.0201 3196 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:09:01.0233 3196 RpcEptMapper - ok
15:09:01.0233 3196 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
15:09:01.0248 3196 RpcLocator - ok
15:09:01.0264 3196 [ 7266972e86890e2b30c0c322e906b027 ] RpcSs C:\Windows\System32\rpcss.dll
15:09:01.0295 3196 RpcSs - ok
15:09:01.0295 3196 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:09:01.0326 3196 rspndr - ok
15:09:01.0342 3196 [ 1212f04c5318882d2d86cb1589302f2c ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
15:09:01.0357 3196 RTL8192su - ok
15:09:01.0357 3196 [ 24510c4a77aba3b07aefa840db888637 ] RzSynapse C:\Windows\system32\DRIVERS\RzSynapse.sys
15:09:01.0373 3196 RzSynapse - ok
15:09:01.0373 3196 [ 88af6e02ab19df7fd07ecdf9c91e9af6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
15:09:01.0389 3196 s3cap - ok
15:09:01.0389 3196 [ 0793f40b9b8a1bdd266296409dbd91ea ] SamSs C:\Windows\system32\lsass.exe
15:09:01.0404 3196 SamSs - ok
15:09:01.0404 3196 [ e3bbb89983daf5622c1d50cf49f28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
15:09:01.0404 3196 sbp2port - ok
15:09:01.0420 3196 [ 794d4b48dfb6e999537c7c3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
15:09:01.0451 3196 SBSDWSCService - ok
15:09:01.0451 3196 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:09:01.0482 3196 SCardSvr - ok
15:09:01.0482 3196 [ c94da20c7e3ba1dca269bc8460d98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:09:01.0513 3196 scfilter - ok
15:09:01.0529 3196 [ 624d0f5ff99428bb90a5b8a4123e918e ] Schedule C:\Windows\system32\schedsvc.dll
15:09:01.0560 3196 Schedule - ok
15:09:01.0560 3196 [ 312e2f82af11e79906898ac3e3d58a1f ] SCPolicySvc C:\Windows\System32\certprop.dll
15:09:01.0591 3196 SCPolicySvc - ok
15:09:01.0591 3196 [ 765a27c3279ce11d14cb9e4f5869fca5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:09:01.0607 3196 SDRSVC - ok
15:09:01.0607 3196 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:09:01.0638 3196 secdrv - ok
15:09:01.0638 3196 [ 463b386ebc70f98da5dff85f7e654346 ] seclogon C:\Windows\system32\seclogon.dll
15:09:01.0669 3196 seclogon - ok
15:09:01.0669 3196 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
15:09:01.0701 3196 SENS - ok
15:09:01.0716 3196 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:09:01.0716 3196 SensrSvc - ok
15:09:01.0732 3196 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:09:01.0732 3196 Serenum - ok
15:09:01.0747 3196 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:09:01.0747 3196 Serial - ok
15:09:01.0763 3196 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:09:01.0763 3196 sermouse - ok
15:09:01.0779 3196 [ c3bc61ce47ff6f4e88ab8a3b429a36af ] SessionEnv C:\Windows\system32\sessenv.dll
15:09:01.0810 3196 SessionEnv - ok
15:09:01.0810 3196 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
15:09:01.0825 3196 sffdisk - ok
15:09:01.0825 3196 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:09:01.0841 3196 sffp_mmc - ok
15:09:01.0841 3196 [ 5588b8c6193eb1522490c122eb94dffa ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
15:09:01.0857 3196 sffp_sd - ok
15:09:01.0857 3196 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:09:01.0872 3196 sfloppy - ok
15:09:01.0872 3196 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:09:01.0903 3196 SharedAccess - ok
15:09:01.0919 3196 [ 0298ac45d0efffb2db4baa7dd186e7bf ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:09:01.0935 3196 ShellHWDetection - ok
15:09:01.0935 3196 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:09:01.0950 3196 SiSRaid2 - ok
15:09:01.0950 3196 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:09:01.0966 3196 SiSRaid4 - ok
15:09:01.0966 3196 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:09:01.0997 3196 Smb - ok
15:09:01.0997 3196 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:09:02.0013 3196 SNMPTRAP - ok
15:09:02.0013 3196 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:09:02.0028 3196 spldr - ok
15:09:02.0044 3196 [ f8e1fa03cb70d54a9892ac88b91d1e7b ] Spooler C:\Windows\System32\spoolsv.exe
15:09:02.0059 3196 Spooler - ok
15:09:02.0091 3196 [ 913d843498553a1bc8f8dbad6358e49f ] sppsvc C:\Windows\system32\sppsvc.exe
15:09:02.0137 3196 sppsvc - ok
15:09:02.0137 3196 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:09:02.0169 3196 sppuinotify - ok
15:09:02.0184 3196 [ 2408c0366d96bcdf63e8f1c78e4a29c5 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:09:02.0184 3196 srv - ok
15:09:02.0200 3196 [ 76548f7b818881b47d8d1ae1be9c11f8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:09:02.0215 3196 srv2 - ok
15:09:02.0215 3196 [ 0af6e19d39c70844c5caa8fb0183c36e ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:09:02.0231 3196 srvnet - ok
15:09:02.0231 3196 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:09:02.0262 3196 SSDPSRV - ok
15:09:02.0278 3196 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:09:02.0309 3196 SstpSvc - ok
15:09:02.0309 3196 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:09:02.0309 3196 stexstor - ok
15:09:02.0325 3196 [ 52d0e33b681bd0f33fdc08812fee4f7d ] stisvc C:\Windows\System32\wiaservc.dll
15:09:02.0356 3196 stisvc - ok
15:09:02.0356 3196 [ ffd7a6f15b14234b5b0e5d49e7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
15:09:02.0356 3196 storflt - ok
15:09:02.0371 3196 [ 8fccbefc5c440b3c23454656e551b09a ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
15:09:02.0371 3196 storvsc - ok
15:09:02.0371 3196 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:09:02.0387 3196 swenum - ok
15:09:02.0387 3196 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
15:09:02.0434 3196 swprv - ok
15:09:02.0449 3196 [ 3c1284516a62078fb68f768de4f1a7be ] SysMain C:\Windows\system32\sysmain.dll
15:09:02.0481 3196 SysMain - ok
15:09:02.0481 3196 [ 238935c3cf2854886dc7cbb2a0e2cc66 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:09:02.0496 3196 TabletInputService - ok
15:09:02.0512 3196 [ 884264ac597b690c5707c89723bb8e7b ] TapiSrv C:\Windows\System32\tapisrv.dll
15:09:02.0543 3196 TapiSrv - ok
15:09:02.0543 3196 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
15:09:02.0574 3196 TBS - ok
15:09:02.0590 3196 [ f18f56efc0bfb9c87ba01c37b27f4da5 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:09:02.0637 3196 Tcpip - ok
15:09:02.0652 3196 [ f18f56efc0bfb9c87ba01c37b27f4da5 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:09:02.0683 3196 TCPIP6 - ok
15:09:02.0683 3196 [ 76d078af6f587b162d50210f761eb9ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:09:02.0715 3196 tcpipreg - ok
15:09:02.0715 3196 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:09:02.0746 3196 TDPIPE - ok
15:09:02.0746 3196 [ e4245bda3190a582d55ed09e137401a9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:09:02.0777 3196 TDTCP - ok
15:09:02.0777 3196 [ 079125c4b17b01fcaeebce0bcb290c0f ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:09:02.0808 3196 tdx - ok
15:09:02.0839 3196 [ 2bbb318ea9f34fdc508cea4aab98d770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
15:09:02.0886 3196 TeamViewer7 - ok
15:09:02.0886 3196 [ c448651339196c0e869a355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:09:02.0902 3196 TermDD - ok
15:09:02.0902 3196 [ 0f05ec2887bfe197ad82a13287d2f404 ] TermService C:\Windows\System32\termsrv.dll
15:09:02.0949 3196 TermService - ok
15:09:02.0949 3196 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
15:09:02.0964 3196 Themes - ok
15:09:02.0964 3196 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
15:09:02.0995 3196 THREADORDER - ok
15:09:02.0995 3196 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
15:09:03.0027 3196 TrkWks - ok
15:09:03.0027 3196 [ 840f7fb849f5887a49ba18c13b2da920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:09:03.0042 3196 TrustedInstaller - ok
15:09:03.0058 3196 [ 61b96c26131e37b24e93327a0bd1fb95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:09:03.0073 3196 tssecsrv - ok
15:09:03.0089 3196 [ 3836171a2cdf3af8ef10856db9835a70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:09:03.0105 3196 tunnel - ok
15:09:03.0151 3196 [ f29b0ca7e6e52672546d15909b70abe4 ] TVersityMediaServer C:\ProgramData\TVersity\Media Server\MediaServer.exe
15:09:03.0214 3196 TVersityMediaServer - ok
15:09:03.0229 3196 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:09:03.0229 3196 uagp35 - ok
15:09:03.0245 3196 [ d47baead86c65d4f4069d7ce0a4edceb ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:09:03.0261 3196 udfs - ok
15:09:03.0276 3196 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:09:03.0292 3196 UI0Detect - ok
15:09:03.0292 3196 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
15:09:03.0307 3196 uliagpkx - ok
15:09:03.0307 3196 [ eab6c35e62b1b0db0d1b48b671d3a117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:09:03.0307 3196 umbus - ok
15:09:03.0323 3196 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:09:03.0323 3196 UmPass - ok
15:09:03.0339 3196 [ af0ac98ee5077eb844413eb54287fde3 ] UmRdpService C:\Windows\System32\umrdp.dll
15:09:03.0354 3196 UmRdpService - ok
15:09:03.0354 3196 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
15:09:03.0385 3196 upnphost - ok
15:09:03.0385 3196 [ 54d4b48d443e7228bf64cf7cdc3118ac ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:09:03.0401 3196 USBAAPL64 - ok
15:09:03.0401 3196 [ 77b01bc848298223a95d4ec23e1785a1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:09:03.0417 3196 usbaudio - ok
15:09:03.0432 3196 [ b26afb54a534d634523c4fb66765b026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:09:03.0432 3196 usbccgp - ok
15:09:03.0448 3196 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
15:09:03.0448 3196 usbcir - ok
15:09:03.0463 3196 [ 2ea4aff7be7eb4632e3aa8595b0803b5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:09:03.0463 3196 usbehci - ok
15:09:03.0479 3196 [ 2c780746dc44a28fe67004dc58173f05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
15:09:03.0479 3196 usbfilter - ok
15:09:03.0495 3196 [ 4c9042b8df86c1e8e6240c218b99b39b ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:09:03.0495 3196 usbhub - ok
15:09:03.0510 3196 [ 58e546bbaf87664fc57e0f6081e4f609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:09:03.0510 3196 usbohci - ok
15:09:03.0526 3196 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:09:03.0541 3196 usbprint - ok
15:09:03.0541 3196 [ 080d3820da6c046be82fc8b45a893e83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:09:03.0541 3196 USBSTOR - ok
15:09:03.0557 3196 [ 81fb2216d3a60d1284455d511797db3d ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:09:03.0557 3196 usbuhci - ok
15:09:03.0573 3196 [ 70d05ee263568a742d14e1876df80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
15:09:03.0573 3196 usb_rndisx - ok
15:09:03.0588 3196 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
15:09:03.0619 3196 UxSms - ok
15:09:03.0619 3196 [ 0793f40b9b8a1bdd266296409dbd91ea ] VaultSvc C:\Windows\system32\lsass.exe
15:09:03.0635 3196 VaultSvc - ok
15:09:03.0635 3196 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
15:09:03.0635 3196 vdrvroot - ok
15:09:03.0651 3196 [ 44d73e0bbc1d3c8981304ba15135c2f2 ] vds C:\Windows\System32\vds.exe
15:09:03.0666 3196 vds - ok
15:09:03.0666 3196 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:09:03.0682 3196 vga - ok
15:09:03.0682 3196 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
15:09:03.0713 3196 VgaSave - ok
15:09:03.0729 3196 [ c82e748660f62a242b2dfac1442f22a4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
15:09:03.0729 3196 vhdmp - ok
15:09:03.0729 3196 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
15:09:03.0744 3196 viaide - ok
15:09:03.0744 3196 [ 1501699d7eda984abc4155a7da5738d1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
15:09:03.0760 3196 vmbus - ok
15:09:03.0760 3196 [ ae10c35761889e65a6f7176937c5592c ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
15:09:03.0775 3196 VMBusHID - ok
15:09:03.0775 3196 [ 2b1a3dae2b4e70dbba822b7a03fbd4a3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
15:09:03.0791 3196 volmgr - ok
15:09:03.0791 3196 [ 99b0cbb569ca79acaed8c91461d765fb ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:09:03.0807 3196 volmgrx - ok
15:09:03.0807 3196 [ 58f82eed8ca24b461441f9c3e4f0bf5c ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
15:09:03.0822 3196 volsnap - ok
15:09:03.0822 3196 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:09:03.0838 3196 vsmraid - ok
15:09:03.0853 3196 [ 787898bf9fb6d7bd87a36e2d95c899ba ] VSS C:\Windows\system32\vssvc.exe
15:09:03.0885 3196 VSS - ok
15:09:03.0885 3196 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:09:03.0900 3196 vwifibus - ok
15:09:03.0900 3196 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:09:03.0916 3196 vwififlt - ok
15:09:03.0931 3196 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
15:09:03.0963 3196 W32Time - ok
15:09:03.0963 3196 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:09:03.0978 3196 WacomPen - ok
15:09:03.0978 3196 [ 47ca49400643effd3f1c9a27e1d69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:09:04.0009 3196 WANARP - ok
15:09:04.0009 3196 [ 47ca49400643effd3f1c9a27e1d69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:09:04.0041 3196 Wanarpv6 - ok
15:09:04.0056 3196 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:09:04.0072 3196 WatAdminSvc - ok
15:09:04.0087 3196 [ 5ab1bb85bd8b5089cc5d64200dedae68 ] wbengine C:\Windows\system32\wbengine.exe
15:09:04.0119 3196 wbengine - ok
15:09:04.0134 3196 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:09:04.0150 3196 WbioSrvc - ok
15:09:04.0165 3196 [ 8321c2ca3b62b61b293cda3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:09:04.0181 3196 wcncsvc - ok
15:09:04.0181 3196 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:09:04.0197 3196 WcsPlugInService - ok
15:09:04.0197 3196 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:09:04.0212 3196 Wd - ok
15:09:04.0228 3196 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:09:04.0243 3196 Wdf01000 - ok
15:09:04.0243 3196 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:09:04.0259 3196 WdiServiceHost - ok
15:09:04.0259 3196 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:09:04.0275 3196 WdiSystemHost - ok
15:09:04.0290 3196 [ 8a438cbb8c032a0c798b0c642ffbe572 ] WebClient C:\Windows\System32\webclnt.dll
15:09:04.0306 3196 WebClient - ok
15:09:04.0306 3196 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:09:04.0337 3196 Wecsvc - ok
15:09:04.0353 3196 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:09:04.0368 3196 wercplsupport - ok
15:09:04.0384 3196 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:09:04.0415 3196 WerSvc - ok
15:09:04.0415 3196 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:09:04.0446 3196 WfpLwf - ok
15:09:04.0446 3196 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:09:04.0462 3196 WIMMount - ok
15:09:04.0462 3196 WinDefend - ok
15:09:04.0462 3196 WinHttpAutoProxySvc - ok
15:09:04.0477 3196 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:09:04.0509 3196 Winmgmt - ok
15:09:04.0524 3196 [ 41fbb751936b387f9179e7f03a74fe29 ] WinRM C:\Windows\system32\WsmSvc.dll
15:09:04.0571 3196 WinRM - ok
15:09:04.0587 3196 [ 817eaff5d38674edd7713b9dfb8e9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:09:04.0602 3196 WinUsb - ok
15:09:04.0602 3196 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
15:09:04.0633 3196 Wlansvc - ok
15:09:04.0633 3196 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:09:04.0649 3196 WmiAcpi - ok
15:09:04.0665 3196 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:09:04.0665 3196 wmiApSrv - ok
15:09:04.0680 3196 WMPNetworkSvc - ok
15:09:04.0680 3196 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:09:04.0696 3196 WPCSvc - ok
15:09:04.0696 3196 [ 2e57ddf2880a7e52e76f41c7e96d327b ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:09:04.0711 3196 WPDBusEnum - ok
15:09:04.0711 3196 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:09:04.0743 3196 ws2ifsl - ok
15:09:04.0743 3196 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll
15:09:04.0758 3196 wscsvc - ok
15:09:04.0758 3196 WSearch - ok
15:09:04.0789 3196 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:09:04.0836 3196 wuauserv - ok
15:09:04.0836 3196 [ 7cadc74271dd6461c452c271b30bd378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:09:04.0867 3196 WudfPf - ok
15:09:04.0867 3196 [ 3b197af0fff08aa66b6b2241ca538d64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:09:04.0899 3196 WUDFRd - ok
15:09:04.0899 3196 [ b551d6637aa0e132c18ac6e504f7b79b ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:09:04.0930 3196 wudfsvc - ok
15:09:04.0945 3196 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
15:09:04.0961 3196 WwanSvc - ok
15:09:04.0961 3196 X6va005 - ok
15:09:04.0977 3196 [ 2ee48cfce7ca8e0db4c44c7476c0943b ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
15:09:04.0977 3196 xusb21 - ok
15:09:04.0992 3196 ================ Scan global ===============================
15:09:04.0992 3196 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
15:09:05.0008 3196 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
15:09:05.0008 3196 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
15:09:05.0008 3196 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
15:09:05.0023 3196 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
15:09:05.0023 3196 [Global] - ok
15:09:05.0023 3196 ================ Scan MBR ==================================
15:09:05.0023 3196 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
15:09:05.0445 3196 \Device\Harddisk2\DR2 - ok
15:09:05.0445 3196 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:09:05.0647 3196 \Device\Harddisk0\DR0 - ok
15:09:05.0663 3196 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
15:09:06.0412 3196 \Device\Harddisk1\DR1 - ok
15:09:06.0427 3196 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR9
15:09:06.0661 3196 \Device\Harddisk3\DR9 - ok
15:09:06.0677 3196 ================ Scan VBR ==================================
15:09:06.0677 3196 Boot (0x1200) (0f5e698b4a5896df7d65a5a8e9db2cc4) \Device\Harddisk2\DR2\Partition1
15:09:06.0677 3196 \Device\Harddisk2\DR2\Partition1 - ok
15:09:06.0677 3196 Boot (0x1200) (ee7c408c37216e01f31f9892f921b86b) \Device\Harddisk0\DR0\Partition1
15:09:06.0677 3196 \Device\Harddisk0\DR0\Partition1 - ok
15:09:06.0708 3196 Boot (0x1200) (b1dc22a9eb6c6b343c23e1b63083081e) \Device\Harddisk1\DR1\Partition1
15:09:06.0708 3196 \Device\Harddisk1\DR1\Partition1 - ok
15:09:06.0708 3196 Boot (0x1200) (28c8e40d059db062031c2a93b44c6ac6) \Device\Harddisk3\DR9\Partition1
15:09:06.0708 3196 \Device\Harddisk3\DR9\Partition1 - ok
15:09:06.0708 3196 ============================================================
15:09:06.0708 3196 Scan finished
15:09:06.0708 3196 ============================================================
15:09:06.0724 1180 Detected object count: 3
15:09:06.0724 1180 Actual detected object count: 3
15:09:40.0088 1180 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:09:40.0088 1180 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:09:40.0088 1180 PST Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:09:40.0088 1180 PST Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:09:40.0088 1180 Realtek11nSU ( UnsignedFile.Multi.Generic ) - skipped by user
15:09:40.0088 1180 Realtek11nSU ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:10:02.0100 5992 Deinitialize success

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 16 August 2012 - 04:18 PM

Greetings Ryan McHugh,

Can you tell me whether or not this happens with multiple browsers or is it limited to one? If one, which one?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Ryan McHugh

Ryan McHugh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 16 August 2012 - 04:32 PM

Hi Gary,

I can only currently reproduce the problem in Chrome, and it only will do it the first time I click on the link from the Google search. Subsequent clicks on the same link will bring me to the appropriate page.

When I relayed this information to my friend, he said:
"That is odd, Firefox was going it like once every few searches for me.
It did it the most when clicking links through Google searches."

I've tried 10 various searches in IE/Firefox and clicking on multiple links per page, with no luck. The only place I could reproduce the problem was Chrome.

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 16 August 2012 - 04:34 PM

Greetings Ryan McHugh,

OK thank you for that information. I will follow up on that while I ask you another question. Is Windows XP installed on this computer?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Ryan McHugh

Ryan McHugh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 16 August 2012 - 04:39 PM

Current Windows installation is Win7 Ultimate x64. XP is not installed on this machine.

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 16 August 2012 - 05:38 PM

Greetings Ryan McHugh,

Well I am trying to sort this out. In the logs you have provided I do not see any indication that Google Chrome is installed or running. Also, in the aswMBR report it indicates it is in fact Windows 7/64 but the MBR information indicates it is an XP default MBR code.


15:08:19.0302 2304 OS Version: 6.1.7600 ServicePack: 0.0
15:08:19.0302 2304 Processor architecture: Intel x64

15:11:48.095 Disk 0 Windows XP default MBR code


Can you or your friend offer any information regarding these 2 issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Ryan McHugh

Ryan McHugh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 16 August 2012 - 05:47 PM

Friend's response: "Had a corrupt bootldr at one point and had to ghetto rig a new one with a XP live CD. lol"

/facepalm

#15 Ryan McHugh

Ryan McHugh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 16 August 2012 - 05:49 PM

Also, when looking at Chrome, it's running out of %appdata%\local\google\application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users