Jump to content

Duder1989

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Well, I had a bit of a problem. It seems as if either the virus or the act of removing the virus has completely broken my USB drivers. It also seems to have messed up my wireless dongle. According to my father (IT Technician) the USB drivers aren't functioning properly & Windows is assuming my wireless dongle is working fine, even though it isn't & when it isn't even plugged in. I'm having to completely wipe & reinstall Windows 7
  2. That's good to see. Firefox has been my go-to browser for years now. It seems pretty quick, I like the layout & look and I've got plenty of useful add-ons. I've only used IE once in the past 5-6 years, and that's only because I had to install it for the ESET virus scan...
  3. It seems to be doing good. I haven't had any warning messages, I do a quick scan with Malwarebytes every now & again & it hasn't found anything since that first time. Everything seems to be going well. So, is that all that needs to be done now?
  4. Okay. I let the virus removal tool do it's thing. Here's the report. Status: Quarantined (events: 1) 06/07/2012 20:35:59 Quarantined unknown threat UDS:DangerousObject.Multi.Generic C:\_OTL\MovedFiles\07052012_192340\C_Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\U\00000001.@ High
  5. Hey, Maniac. I ran ESET, left it for a couple of hours to do it's thing. When I came back it had finished & found & removed 4 possible threats. I've looked absolutely everywhere for a log (including where you told me), tried to open through Notepad, done specific searches for it, & the only thing I could find was this log: I don't know if that means anything to you or not, but it's the only log I could find that had any connection to ESET whatsoever.
  6. Good morning. I let ComboFix do it's thing. Here's the report: ComboFix 12-07-06.01 - Rich 06/07/2012 12:44:32.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2046.1405 [GMT 1:00] Running from: c:\users\Rich\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 ))))))))))))))))))))))))))))))) . . 2012-07-05 18:23 . 2012-07-05 18:23 -------- d-----w- C:\_OTL 2012-06-27 20:51 . 2012-06-27 20:51 -------- d-----w- c:\users\Rich\AppData\Local\HotheadGames 2012-06-23 21:03 . 2012-06-23 21:03 -------- d-----w- c:\users\Rich\AppData\Local\Macromedia 2012-06-21 08:05 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 08:05 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 08:05 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 08:05 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 08:05 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-21 08:05 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 08:05 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 08:04 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 08:04 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-17 17:27 . 2012-06-17 17:27 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-17 17:27 . 2012-06-17 17:27 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 18:58 . 2012-05-08 04:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-23 18:58 . 2012-05-08 04:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-18 15:14 . 2012-05-18 15:14 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2012-05-18 15:14 . 2012-05-18 15:14 22328 ----a-w- c:\users\Rich\AppData\Roaming\PnkBstrK.sys 2012-05-18 15:13 . 2012-05-18 15:13 107832 ----a-w- c:\windows\system32\PnkBstrB.exe 2012-05-18 15:13 . 2012-05-18 15:13 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2012-05-18 15:13 . 2012-05-18 15:13 2337865 ----a-w- c:\windows\system32\pbsvc.exe 2012-05-15 10:26 . 2012-05-23 14:09 301376 ----a-w- c:\windows\system32\nvdecodemft.dll 2012-05-15 10:26 . 2012-05-23 14:09 202048 ----a-w- c:\windows\system32\nvinit.dll 2012-05-15 10:26 . 2012-05-23 14:09 19607872 ----a-w- c:\windows\system32\nvoglv32.dll 2012-05-15 10:26 . 2012-05-23 14:09 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-05-15 10:26 . 2012-05-23 14:09 5982528 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:26 . 2012-05-23 14:09 2524992 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:26 . 2012-05-23 14:09 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:26 . 2012-05-23 14:09 17551680 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:26 . 2012-05-12 21:50 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:26 . 2012-05-12 21:50 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-05-15 10:26 . 2012-05-12 21:50 2368832 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:26 . 2012-05-12 21:50 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 10:26 . 2012-02-09 21:43 818496 ----a-w- c:\windows\system32\nvumdshim.dll 2012-05-15 10:26 . 2012-02-09 21:43 61248 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:26 . 2012-02-09 21:43 15322432 ----a-w- c:\windows\system32\nvd3dum.dll 2012-05-15 09:28 . 2012-05-12 21:50 645440 ----a-w- c:\windows\system32\nvvsvc.exe 2012-05-15 09:28 . 2012-05-12 21:50 62272 ----a-w- c:\windows\system32\nvshext.dll 2012-05-15 09:28 . 2012-05-12 21:50 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-15 09:28 . 2012-05-12 21:50 3931456 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:27 . 2012-05-12 21:50 2759488 ----a-w- c:\windows\system32\nvsvc.dll 2012-05-15 01:21 . 2012-05-15 01:21 423744 ----a-w- c:\windows\system32\nvStreaming.exe 2012-05-13 20:26 . 2011-03-28 17:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-05-08 04:31 . 2012-05-08 04:31 476960 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-05-08 04:31 . 2012-05-08 04:31 472864 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-19 03:50 . 2012-04-19 03:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-04-18 17:08 . 2012-05-23 14:09 27968 ----a-w- c:\windows\system32\nvhdap32.dll 2012-04-18 17:08 . 2012-05-23 14:09 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys 2012-04-18 17:08 . 2012-05-23 14:09 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll 2012-04-18 10:06 . 2012-05-12 22:19 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30BA81A2-411A-47D9-9649-650FF314A0D1}\mpengine.dll 2012-06-17 17:27 . 2012-05-08 04:21 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TBPanel"="c:\program files\Vtune\TBPanel.exe" [2011-11-02 2248704] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ NETGEAR WNDA3200 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe [2012-5-8 565248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x] R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNDA3200\jswpsapi.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x] S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [x] S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 18:58] . 2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3350772935-3395239629-2234222438-1000Core.job - c:\users\Rich\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-13 01:08] . 2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3350772935-3395239629-2234222438-1000UA.job - c:\users\Rich\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-13 01:08] . . ------- Supplementary Scan ------- . TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 FF - ProfilePath - c:\users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\orx39u25.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3350772935-3395239629-2234222438-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3350772935-3395239629-2234222438-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(748) c:\windows\System32\wshtcpip.dll . Completion time: 2012-07-06 12:57:42 ComboFix-quarantined-files.txt 2012-07-06 11:57 . Pre-Run: 30,707,978,240 bytes free Post-Run: 30,620,782,592 bytes free . - - End Of File - - 5502B75E9A300A08565FA5BFF5198668
  7. I was just making sure my topic wasn't getting buried in a lot of similar problems I appreciate the help, of course. I figured it would be a common thing for malware to do, I just didn't realise HOW common until I saw just how many people were noting the same problems with svchost.exe. Thanks for the info
  8. I'm back now. I've done the run fix with OTL & scanned with Malwarebytes again. Here's the results: All processes killed ========== OTL ========== C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\U\80000000.@ moved successfully. C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\U\00000001.@ moved successfully. C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\@ moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Rich\Desktop\cmd.bat deleted successfully. C:\Users\Rich\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Rich ->Temp folder emptied: 824847382 bytes ->Temporary Internet Files folder emptied: 55124452 bytes ->Java cache emptied: 5037926 bytes ->FireFox cache emptied: 486961970 bytes ->Google Chrome cache emptied: 819568 bytes ->Flash cache emptied: 1219 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6647974 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,316.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.53.1 log created on 07052012_192340 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.05.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Rich :: RICH-PC [administrator] Protection: Enabled 05/07/2012 19:32:49 mbam-log-2012-07-05 (19-32-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 205930 Time elapsed: 4 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  9. And now the OTL logs: OTL logfile created on: 05/07/2012 13:13:40 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Rich\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.31% Memory free 4.00 Gb Paging File | 3.05 Gb Available in Paging File | 76.32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 153.29 Gb Total Space | 25.89 Gb Free Space | 16.89% Space Free | Partition Type: NTFS Computer Name: RICH-PC | User Name: Rich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/05 13:12:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe PRC - [2012/06/13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe PRC - [2012/05/15 10:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012/05/15 10:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe PRC - [2011/11/02 21:45:16 | 002,248,704 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/10/13 18:36:20 | 000,565,248 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe PRC - [2010/06/23 19:41:28 | 000,167,936 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe ========== Modules (No Company Name) ========== MOD - [2011/11/02 21:45:16 | 002,248,704 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe MOD - [2010/08/17 10:14:08 | 000,249,856 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3200\WPSLib.dll MOD - [1998/10/31 12:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\Vtune\TBMANAGE.DLL ========== Win32 Services (SafeList) ========== SRV - [2012/06/23 19:58:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/06/20 21:00:28 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/06/17 18:27:43 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/15 11:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/04/26 15:03:36 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2010/06/23 19:41:28 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe -- (WDCS_WNDA3200) SRV - [2009/11/06 00:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNDA3200\jswpsapi.exe -- (jswpsapi) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Rich\AppData\Local\Temp\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135) DRV - [2012/05/15 11:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012/04/18 18:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2010/11/20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) DRV - [2010/11/20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV - [2010/11/20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010/11/20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010/11/20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt) DRV - [2010/11/20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/10/12 01:09:10 | 001,564,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur) DRV - [2009/07/13 23:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009/07/13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2008/05/15 11:28:44 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf) DRV - [2007/03/16 18:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3350772935-3395239629-2234222438-1000\..\SearchScopes,DefaultScope = {2B0A8ADA-4505-41F5-ABF5-980346914E83} IE - HKU\S-1-5-21-3350772935-3395239629-2234222438-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3350772935-3395239629-2234222438-1000\..\SearchScopes\{2B0A8ADA-4505-41F5-ABF5-980346914E83}: "URL" = http://uk.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=937811&p={searchTerms} IE - HKU\S-1-5-21-3350772935-3395239629-2234222438-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "&hsimp=yhs-affiliate_a_ff&hspart=greentree&type=937811" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rich\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rich\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 10:17:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 18:27:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 18:27:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/08 05:21:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rich\AppData\Roaming\mozilla\Extensions [2012/07/04 14:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rich\AppData\Roaming\mozilla\Firefox\Profiles\orx39u25.default\extensions [2012/06/17 18:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/06/17 18:27:44 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/06/17 18:27:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/06/17 18:27:39 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Rich\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rich\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rich\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Java Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\system32\npdeployJava1.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Rich\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AVG Do Not Track = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: Gmail = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-21-3350772935-3395239629-2234222438-1000..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FE3267E-2232-4DF2-A164-961D7C673B75}: DhcpNameServer = 194.168.4.100 194.168.8.100 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoInst.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/05 13:12:17 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe [2012/07/05 13:08:23 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rich\Desktop\tdsskiller.exe [2012/07/05 10:12:42 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{BAD0BD85-933D-45B0-A102-AD419E8B001C} [2012/07/05 10:12:28 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{7F09E8C7-76AA-40C1-AF89-F0683018B781} [2012/07/04 23:50:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rich\Desktop\dds.com [2012/07/04 15:27:53 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{27F48031-9F59-45E6-90F5-0E95DBED12F7} [2012/07/04 15:27:41 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{AA1E687D-51B4-46EA-B9DE-1AE86A5F79C3} [2012/07/04 14:22:32 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{5061FE4C-0284-4C50-B5E8-86E9A6C6BAF6} [2012/07/04 14:22:20 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{1C4D7ABE-E964-4BC7-B5EC-8F687BB7142D} [2012/07/03 13:36:49 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{E336E4AD-974D-490A-846D-0B0B39D04AF0} [2012/07/03 13:36:36 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{5895672B-47DE-482A-8C91-A7FC126BAB85} [2012/07/03 10:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/07/03 10:14:46 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{10D73ED5-BA41-43B7-A5FB-A9908E44A94E} [2012/07/02 16:26:49 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{E7459CDC-B4BD-408A-80EE-237EF3363972} [2012/07/02 16:26:38 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{53F1891B-085C-46C4-8005-5F4EB01FE222} [2012/07/01 14:24:48 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{2F9D7173-8F17-43E1-85C1-149328481A3A} [2012/07/01 14:24:36 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{F0C8F6BD-3E1F-4088-B74B-CFE834C5B8DC} [2012/06/30 14:34:04 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{06BE3E4F-82F1-41B4-8DBB-5BCFDE38A2AC} [2012/06/30 14:33:52 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{6A072764-C383-4A67-AE5C-4530AA66499F} [2012/06/29 22:02:17 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{12553D91-58E0-4A60-8ED6-F1E5D5A08553} [2012/06/29 22:01:53 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{A262BA4E-ED30-49B8-9BDA-66C99EFC5597} [2012/06/29 10:01:25 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{11AAC49D-26C9-4A39-88A0-7AFEE8264CAD} [2012/06/29 10:01:09 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{9878334A-C5B4-44E0-B019-43E54D5E3324} [2012/06/28 12:22:47 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{A856636F-C02C-4DA4-85AE-BEE224B8554B} [2012/06/28 12:22:35 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{283F0A5E-A164-47AE-9E2E-64B08F2439C8} [2012/06/27 21:51:28 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\HotheadGames [2012/06/27 15:01:39 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{06B3447D-0192-4CAE-AE6D-308BB76870BA} [2012/06/27 15:01:26 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{779318F6-1605-4528-BCCB-F79802734DE9} [2012/06/27 11:54:53 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{49888081-D5F9-4B84-B158-5905D901ACAF} [2012/06/26 16:25:07 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{C87A99ED-459E-47C9-8BD2-DD1473A68FA2} [2012/06/26 16:24:50 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{5CF3AD09-DBC2-4A02-BAD3-4F477BFC25C2} [2012/06/26 14:59:09 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{AC7A7112-5637-4534-99D3-8B1BB9158213} [2012/06/25 20:44:18 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{DA4383E5-0F92-49F6-91F0-C40248B766A5} [2012/06/25 20:44:04 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{B57E270C-287D-4117-AB35-49FB82E86F15} [2012/06/24 18:53:02 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{87C4865F-CC99-4947-A904-20DF9E133030} [2012/06/23 22:03:16 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Macromedia [2012/06/23 10:30:51 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{D1EE2B11-600B-4BD0-A72A-76B5627FB354} [2012/06/23 10:30:35 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{9A1226E6-1039-472E-AA45-177C981AAA21} [2012/06/21 09:01:50 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{5B9EE0DC-F464-4F34-A4C1-50B6B3AE008E} [2012/06/21 09:01:36 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{89737B9E-6ABB-4C01-846B-F367C4E55DF8} [2012/06/20 17:42:09 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{729E8BF3-F179-49D3-9ED0-8FC474E88C19} [2012/06/20 17:41:57 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{3C7E8E58-2CDB-481B-85B3-1B490C7602C4} [2012/06/20 12:38:30 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{7DBD4674-AAA3-45A1-9B66-D7712E656244} [2012/06/20 12:38:17 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{E5A29916-0027-49CF-A1DD-595B4C0B6C7C} [2012/06/19 14:06:49 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{705DF180-E7E2-4C67-B381-2D0944C593B2} [2012/06/19 14:06:37 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{F9AB64EA-F592-4E6A-B0D3-7E5987285901} [2012/06/18 21:34:35 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{624FD0ED-723E-43AE-9A92-8D159630C2C4} [2012/06/18 20:31:14 | 000,000,000 | ---D | C] -- C:\Users\Rich\Desktop\Stuff [2012/06/18 09:34:11 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{803410B4-54D1-4BEC-A001-5CC4AF40F025} [2012/06/17 13:51:38 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{A41C0294-F354-4B53-94EC-E3CBB20C3BD4} [2012/06/16 11:04:12 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{1A31915C-1C81-4605-98B4-09F04D1EAB25} [2012/06/15 12:34:27 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{2CC2762C-2924-489B-A25A-65202BED30BC} [2012/06/14 15:16:32 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{96C48549-B283-4705-9DC8-C9F1C0B2378E} [2012/06/14 15:16:20 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{113F7F19-D85F-49AA-BBC6-39091FB24E9B} [2012/06/13 13:42:35 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{A408B575-9F51-4ABA-ABF3-23E696E9E52A} [2012/06/13 13:42:22 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{D3C96546-BE51-4792-8E92-4D71FA195EE5} [2012/06/12 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{BFE587A2-728E-4EBC-935F-540EE76EBE25} [2012/06/12 15:16:02 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{EACF61EB-48B3-4B44-8385-0010F25527A3} [2012/06/11 23:39:52 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{F9D0AD91-FAF8-431D-8EFE-9FCBF9579484} [2012/06/11 23:39:37 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{0FAED150-B161-4C9F-BC7C-3CA2860F5ECB} [2012/06/11 11:25:54 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{9539CB8B-0F1F-4C3E-B92A-FA2A4D503BA7} [2012/06/11 11:25:40 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{230A57C0-57A2-418C-903E-8A11FC983ECA} [2012/06/10 12:05:05 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{C8ACDEB4-C905-4E3F-828D-C39F820C6FE3} [2012/06/10 12:04:47 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{16F59312-4FA5-42DE-9637-6F58E8461B6F} [2012/06/08 23:48:58 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{D45697FE-ACE4-47C2-972F-BD6B52C6AC08} [2012/06/08 23:48:46 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{15DA8384-E1CF-42C0-BD8A-3112AF087EAA} [2012/06/08 11:37:22 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{7607624D-F8D2-457D-B7F4-AA42E503DCC6} [2012/06/08 11:37:10 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{5D108F12-ECED-489F-92CA-D9FAB1672F0D} [2012/06/07 11:28:08 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{E9B37710-C387-46A0-8D29-5D7B08FA2B65} [2012/06/07 11:27:55 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{A8FC8F80-67B4-43E8-AFF8-D5DA2300454B} [2012/06/07 11:26:08 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{26BFC2A9-902E-4270-998C-2AF5F35B9AE5} [2012/06/06 11:31:03 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{DE79B012-679E-4BB4-B61F-5A526A658A7C} [2012/06/06 11:30:49 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{3EE3FF80-15A0-4542-8609-58C024598EBB} [2012/06/05 16:04:06 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{35E4404D-4DEC-4446-8FB9-BA0DF5DB8198} [2012/06/05 16:03:49 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{7FA64710-B97B-42D4-A330-333AC972F1A1} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/05 13:13:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3350772935-3395239629-2234222438-1000UA.job [2012/07/05 13:12:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe [2012/07/05 13:08:24 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rich\Desktop\tdsskiller.exe [2012/07/05 12:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/05 10:19:08 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/05 10:19:08 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/05 10:17:32 | 101,140,075 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012/07/05 10:11:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/05 10:11:57 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2012/07/05 02:13:13 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3350772935-3395239629-2234222438-1000Core.job [2012/07/04 23:50:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rich\Desktop\dds.com [2012/06/27 19:56:25 | 000,000,215 | ---- | M] () -- C:\Users\Rich\Desktop\On the Rain-Slick Precipice of Darkness, Episode Two.url [2012/06/27 19:36:30 | 000,000,227 | ---- | M] () -- C:\Users\Rich\Desktop\On the Rain-Slick Precipice of Darkness, Episode One.url [2012/06/27 18:20:18 | 000,164,810 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012/06/19 15:44:03 | 010,166,582 | ---- | M] () -- C:\Users\Rich\Documents\Knife Party - Tourniquet (Original Mix).mp3 [2012/06/19 15:44:03 | 008,929,291 | ---- | M] () -- C:\Users\Rich\Documents\Flux Pavilion - Daydreamer (Ft. Example) (Dillon Francis Remix).mp3 [2012/06/18 23:00:24 | 010,111,243 | ---- | M] () -- C:\Users\Rich\Documents\Labrinth - Last Time (Knife Party Remix).mp3 [2012/06/18 22:58:11 | 008,421,697 | ---- | M] () -- C:\Users\Rich\Documents\Fatboy Slim - Right Here Right Now (Trumpdisco Remix).mp3 [2012/06/18 22:48:14 | 008,632,878 | ---- | M] () -- C:\Users\Rich\Documents\Gemini - Feel Me.mp3 [2012/06/18 22:47:30 | 010,334,766 | ---- | M] () -- C:\Users\Rich\Documents\Gemini - Destiny [HQ].mp3 [2012/06/18 22:46:45 | 005,231,412 | ---- | M] () -- C:\Users\Rich\Documents\Benny Benassi Ft. Gary Go _Cinema_.mp3 [2012/06/18 22:46:19 | 005,133,882 | ---- | M] () -- C:\Users\Rich\Documents\Mason Feat Princess Superstar - Perfect Exceeder HD 720p!!!.mp3 [2012/06/18 22:20:51 | 006,690,821 | ---- | M] () -- C:\Users\Rich\Documents\Benny Benassi - who's your daddy.mp3 [2012/06/18 22:12:02 | 011,301,689 | ---- | M] () -- C:\Users\Rich\Documents\Flux Pavilion - Bass Cannon (Rap Remix by None Like Joshua) [Zomboy], Cracks, I Cant Stop + New Song.mp3 [2012/06/16 14:13:06 | 008,746,529 | ---- | M] () -- C:\Users\Rich\Documents\Knife Party ft. Mistajam - Sleaze (Original Mix).mp3 [2012/06/15 00:08:22 | 009,585,953 | ---- | M] () -- C:\Users\Rich\Documents\Knife Party - Rage Valley (Original Mix).mp3 [2012/06/15 00:06:15 | 007,904,033 | ---- | M] () -- C:\Users\Rich\Documents\Knife Party - Centipede (Original Mix).mp3 [2012/06/10 22:10:03 | 000,000,215 | ---- | M] () -- C:\Users\Rich\Desktop\Sonic and SEGA All Stars Racing.url [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/04 23:03:52 | 000,013,312 | ---- | C] () -- C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\U\80000000.@ [2012/07/04 23:03:50 | 000,001,696 | ---- | C] () -- C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\U\00000001.@ [2012/06/27 19:56:25 | 000,000,215 | ---- | C] () -- C:\Users\Rich\Desktop\On the Rain-Slick Precipice of Darkness, Episode Two.url [2012/06/27 19:36:30 | 000,000,227 | ---- | C] () -- C:\Users\Rich\Desktop\On the Rain-Slick Precipice of Darkness, Episode One.url [2012/06/18 23:05:55 | 010,166,582 | ---- | C] () -- C:\Users\Rich\Documents\Knife Party - Tourniquet (Original Mix).mp3 [2012/06/18 22:59:46 | 008,929,291 | ---- | C] () -- C:\Users\Rich\Documents\Flux Pavilion - Daydreamer (Ft. Example) (Dillon Francis Remix).mp3 [2012/06/18 22:57:22 | 010,111,243 | ---- | C] () -- C:\Users\Rich\Documents\Labrinth - Last Time (Knife Party Remix).mp3 [2012/06/18 22:45:49 | 008,421,697 | ---- | C] () -- C:\Users\Rich\Documents\Fatboy Slim - Right Here Right Now (Trumpdisco Remix).mp3 [2012/06/18 22:41:47 | 008,632,878 | ---- | C] () -- C:\Users\Rich\Documents\Gemini - Feel Me.mp3 [2012/06/18 22:35:21 | 010,334,766 | ---- | C] () -- C:\Users\Rich\Documents\Gemini - Destiny [HQ].mp3 [2012/06/18 22:32:43 | 005,231,412 | ---- | C] () -- C:\Users\Rich\Documents\Benny Benassi Ft. Gary Go _Cinema_.mp3 [2012/06/18 22:27:39 | 005,133,882 | ---- | C] () -- C:\Users\Rich\Documents\Mason Feat Princess Superstar - Perfect Exceeder HD 720p!!!.mp3 [2012/06/18 22:13:50 | 006,690,821 | ---- | C] () -- C:\Users\Rich\Documents\Benny Benassi - who's your daddy.mp3 [2012/06/18 21:55:57 | 011,301,689 | ---- | C] () -- C:\Users\Rich\Documents\Flux Pavilion - Bass Cannon (Rap Remix by None Like Joshua) [Zomboy], Cracks, I Cant Stop + New Song.mp3 [2012/06/15 00:10:14 | 008,746,529 | ---- | C] () -- C:\Users\Rich\Documents\Knife Party ft. Mistajam - Sleaze (Original Mix).mp3 [2012/06/15 00:06:31 | 009,585,953 | ---- | C] () -- C:\Users\Rich\Documents\Knife Party - Rage Valley (Original Mix).mp3 [2012/06/15 00:04:16 | 007,904,033 | ---- | C] () -- C:\Users\Rich\Documents\Knife Party - Centipede (Original Mix).mp3 [2012/06/10 22:10:03 | 000,000,215 | ---- | C] () -- C:\Users\Rich\Desktop\Sonic and SEGA All Stars Racing.url [2012/05/23 15:11:11 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2012/05/18 16:14:02 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012/05/18 16:14:02 | 000,022,328 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\PnkBstrK.sys [2012/05/18 16:13:31 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012/05/18 16:13:15 | 002,337,865 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2012/05/18 16:13:15 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012/05/12 23:20:46 | 000,002,048 | -HS- | C] () -- C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\@ [2012/05/07 21:05:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/05/07 21:05:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010/11/20 22:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2010/11/20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe ========== LOP Check ========== [2012/05/13 04:31:31 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\AVG2012 [2012/05/31 01:53:24 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\Beat Hazard [2012/06/01 01:15:39 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\fltk.org [2012/05/15 14:14:57 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\runic games [2012/05/08 05:59:44 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\SystemRequirementsLab [2012/07/05 00:42:13 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 05/07/2012 13:13:40 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Rich\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.31% Memory free 4.00 Gb Paging File | 3.05 Gb Available in Paging File | 76.32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 153.29 Gb Total Space | 25.89 Gb Free Space | 16.89% Space Free | Partition Type: NTFS Computer Name: RICH-PC | User Name: Rich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3350772935-3395239629-2234222438-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{13E4E789-A618-4631-A3AE-138B503B4E5F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1795B0A7-9807-47C7-8CC6-D81FEA59CAE6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{BC9636D5-35A1-49C3-AA0A-8E19769A0058}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{DF15F5A4-8F39-4F38-8109-7F3C5E287BEF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0326E137-FE66-456C-98AA-BEF28E39A417}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\beat hazard\beathazard.exe | "{1121D391-E1FE-48B0-A732-8C498E494929}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\multiwinia\multiwinia.exe | "{1199DE02-A305-4446-A305-B8D464B077DB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\uplink\uplink.exe | "{120A5B22-9F02-4E51-BA9D-8751862E2406}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | "{12C15DB8-1C6E-4F97-9FD9-E899EA2A79CC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sonic and sega all stars racing\config.exe | "{16832B73-C285-475B-8C98-11D9735BC14A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\darwinia\darwinia.exe | "{1DDDA925-5C0E-494C-A7B6-C04E8EC3E185}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe | "{21DFFA4E-7C6E-4665-A96B-4CEE6BE2ED26}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe | "{22EA4790-EF58-47E3-9129-68E86B740357}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\on the rain-slick precipice of darkness - episode one\rainslickep1.exe | "{2305D42B-7744-4492-A1E5-6E1510916775}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | "{28839412-D091-4D72-8983-9DE0409FCD81}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{3D2FB373-37CA-414E-92EB-AB7219DAB981}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | "{3DF34B55-41DB-494E-8409-FCBB365E9D12}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | "{3E51738F-F4F3-4E4F-87D1-70063043ACA7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | "{3F50DA4E-21F1-4B1F-8DFC-634E63ED9095}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{426578D5-8531-4923-9CA7-CDBCC3677162}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\hitman blood money\configure.exe | "{43604A5A-E7C8-486A-A7AB-D6F06A7A8757}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{474213DD-B8A1-4D68-9F56-607B8BDD5934}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe | "{4CAFAA87-1414-4EC5-A6B3-C0B923DFDFAA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bastion\bastion.exe | "{4F52F939-86F5-4466-9865-35C6E27E3DAE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{5107D116-F19C-4E86-91ED-5B194B4B8372}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe | "{5382FFBD-415A-4B9C-979E-3B85035487F9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\beat hazard\beathazard.exe | "{53D94902-31A8-49DB-8717-AD7A74FD1CAA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\oblivion\oblivionlauncher.exe | "{59247086-23D6-41C1-99AF-5B137D86ABC0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | "{5C959A09-4AD2-4606-8FD4-BFF8C3CA9207}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{5CE7A710-660B-4697-BA65-0BA8FF562311}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\beat hazard\runme.exe | "{5D513CEF-61B8-43CF-A431-304F17735C3A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{5E1F8F86-35BC-4D23-9A80-B25ACFBFE54D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{5ECEDF75-4AFE-4EF5-9DAA-9DA30465434A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | "{61394929-DCBA-4604-9D0D-EFD29BE5AE79}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | "{634CCC11-2449-4D78-A156-DAC0AA1781B4}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{6E103170-AD5F-44BF-81F9-76DA1ADA9DDA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{71604B45-F730-47F3-AA25-EB1AA981931E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\uplink\uplink.exe | "{719FBE39-2CCC-46F3-B2EC-05797CDE3A20}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe | "{71DFAF0F-ED98-4740-BF10-0DDF9CB85204}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\beat hazard\runme.exe | "{74D6DEE5-6E05-4AE6-8720-3040A952D3F8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{7531C86E-2B13-4B94-B6C5-2D5826C78E8C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\penny arcade adventures on the rain-slick precipice of darkness episode 2\rainslickep2.exe | "{82D844D3-EF6D-4726-A10F-971265D0383E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\psychonauts\psychonauts.exe | "{83B0EF6D-4C33-405E-B300-AF46210A8518}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe | "{84373196-D57F-4935-A60C-157554EE135E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\oblivion\oblivionlauncher.exe | "{87F6A6CA-AE9D-44AD-A845-D532C1836EFA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | "{890D1905-640C-42A7-A454-1F9E51C04594}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bastion\bastion.exe | "{8A36F279-8583-40BD-B71C-E43F78DAC4CE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | "{95ECA88A-B433-47C3-9E56-CC7BAEEAB7DD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe | "{9A1395F6-6C44-40F5-A9BF-90E11656B4D0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | "{9C9939FD-30B0-4D94-9FA5-451AE1FE0F67}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\psychonauts\psychonauts.exe | "{9F5BDE1F-4C0B-473F-8D2E-76AA56109507}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\hitman blood money\configure.exe | "{A6512F3A-C864-4DFC-B4C8-78F3019E8BF1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe | "{A70DC96B-A599-4F7B-B616-D03896174858}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{A8F28FBF-4732-4A11-8212-286DCE54AF6C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\penny arcade adventures on the rain-slick precipice of darkness episode 2\rainslickep2.exe | "{A9E5A223-AFE9-4D5F-B451-3ACCE3A62063}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{AB4761E6-27A6-4140-9CE3-BE202D7E00FD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe | "{B53A00BA-9005-410D-85B0-8306CE8B3544}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\multiwinia\multiwinia.exe | "{B857CEBB-B0B5-4681-A609-9BF55862DF26}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sonic and sega all stars racing\config.exe | "{CF4869EB-D120-4315-BC1C-8D6A954E8E3B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\darwinia\darwinia.exe | "{D0806215-C992-4EAB-AA84-AC7FA7FEEC1A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sonic and sega all stars racing\sonic & sega all-stars racing.exe | "{D278280A-6614-4079-BD8F-859E7FCD6C15}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | "{D31BCEF9-70C7-42A0-8065-ECD20C5378C4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sonic and sega all stars racing\sonic & sega all-stars racing.exe | "{D88DBE3A-4FF4-4B95-945B-E9A0F4E941CA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{DA901B39-E68A-4D87-912F-3BE9A1519F82}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe | "{E6BBE381-ABE1-460F-8B18-111167E6173D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe | "{F06AAE16-4E5B-45DF-A622-A0877C3444F5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\on the rain-slick precipice of darkness - episode one\rainslickep1.exe | "{FBF5ABDA-6F78-442D-8700-14DFB25DDE13}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe | "{FCA59642-D835-4787-9269-0DAF8E9A80C6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.7 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32 "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3FE93ACC-83FB-4FE5-9147-8BAD2D33E2EF}" = AVG 2012 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B02F55E-7E6B-4226-8E67-76514D33FD41}_is1" = NETGEAR WNDA3200 wireless adapter Setup "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "7-Zip" = 7-Zip 9.20 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "AVG" = AVG 2012 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MySSID_is1" = Vtune 7.22 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Oblivion mod manager_is1" = Oblivion mod manager 1.1.12 "PunkBusterSvc" = PunkBuster Services "Steam App 104700" = Super Monday Night Combat "Steam App 107100" = Bastion "Steam App 12900" = Audiosurf "Steam App 1500" = Darwinia "Steam App 1510" = Uplink "Steam App 15120" = Tom Clancy's Rainbow Six: Vegas 2 "Steam App 1520" = DEFCON "Steam App 1530" = Multiwinia "Steam App 18000" = On the Rain-Slick Precipice of Darkness, Episode One "Steam App 18020" = On the Rain-Slick Precipice of Darkness, Episode Two "Steam App 204060" = Superbrothers: Sword & Sworcery EP "Steam App 22330" = The Elder Scrolls IV: Oblivion "Steam App 34190" = Sonic and SEGA All Stars Racing "Steam App 3590" = Plants vs. Zombies: Game of the Year "Steam App 3830" = Psychonauts "Steam App 41500" = Torchlight "Steam App 440" = Team Fortress 2 "Steam App 48000" = LIMBO "Steam App 49600" = Beat Hazard "Steam App 500" = Left 4 Dead "Steam App 550" = Left 4 Dead 2 "Steam App 57300" = Amnesia: The Dark Descent "Steam App 630" = Alien Swarm "Steam App 65800" = Dungeon Defenders "Steam App 6860" = Hitman: Blood Money "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3350772935-3395239629-2234222438-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 02/07/2012 12:12:22 | Computer Name = Rich-PC | Source = WinMgmt | ID = 10 Description = Error - 02/07/2012 12:29:54 | Computer Name = Rich-PC | Source = WinMgmt | ID = 10 Description = Error - 03/07/2012 05:11:50 | Computer Name = Rich-PC | Source = WinMgmt | ID = 10 Description = Error - 03/07/2012 08:37:22 | Computer Name = Rich-PC | Source = WinMgmt | ID = 10 Description = Error - 03/07/2012 17:25:22 | Computer Name = Rich-PC | Source = WinMgmt | ID = 10 Description = Error - 04/07/2012 09:22:59 | Computer Name = Rich-PC | Source = WinMgmt | ID = 10 Description = Error - 04/07/2012 10:28:48 | Computer Name = Rich-PC | Source = WinMgmt | ID = 10 Description = Error - 04/07/2012 18:04:07 | Computer Name = Rich-PC | Source = WinMgmt | ID = 10 Description = Error - 04/07/2012 19:43:42 | Computer Name = Rich-PC | Source = WinMgmt | ID = 10 Description = Error - 05/07/2012 05:13:31 | Computer Name = Rich-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 04/07/2012 10:29:18 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7000 Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error - 04/07/2012 18:04:40 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7038 Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 04/07/2012 18:04:40 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7000 Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error - 04/07/2012 19:39:58 | Computer Name = Rich-PC | Source = DCOM | ID = 10005 Description = Error - 04/07/2012 19:39:58 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7038 Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 04/07/2012 19:39:58 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7000 Description = The UPnP Device Host service failed to start due to the following error: %%1069 Error - 04/07/2012 19:44:17 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7038 Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 04/07/2012 19:44:17 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7000 Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error - 05/07/2012 05:14:05 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7038 Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 05/07/2012 05:14:05 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7000 Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 < End of report >
  10. Okay, I've done all of that. Here are the reports. 13:09:06.0136 3356 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08 13:09:06.0293 3356 ============================================================ 13:09:06.0293 3356 Current date / time: 2012/07/05 13:09:06.0293 13:09:06.0293 3356 SystemInfo: 13:09:06.0293 3356 13:09:06.0293 3356 OS Version: 6.1.7601 ServicePack: 1.0 13:09:06.0293 3356 Product type: Workstation 13:09:06.0294 3356 ComputerName: RICH-PC 13:09:06.0294 3356 UserName: Rich 13:09:06.0294 3356 Windows directory: C:\Windows 13:09:06.0294 3356 System windows directory: C:\Windows 13:09:06.0294 3356 Processor architecture: Intel x86 13:09:06.0294 3356 Number of processors: 2 13:09:06.0294 3356 Page size: 0x1000 13:09:06.0294 3356 Boot type: Normal boot 13:09:06.0294 3356 ============================================================ 13:09:07.0609 3356 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x531A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050 13:09:07.0684 3356 ============================================================ 13:09:07.0684 3356 \Device\Harddisk0\DR0: 13:09:07.0684 3356 MBR partitions: 13:09:07.0684 3356 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 13:09:07.0684 3356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x13292000 13:09:07.0684 3356 ============================================================ 13:09:07.0708 3356 C: <-> \Device\Harddisk0\DR0\Partition1 13:09:07.0709 3356 ============================================================ 13:09:07.0709 3356 Initialize success 13:09:07.0709 3356 ============================================================ 13:09:58.0171 2140 ============================================================ 13:09:58.0171 2140 Scan started 13:09:58.0171 2140 Mode: Manual; SigCheck; TDLFS; 13:09:58.0171 2140 ============================================================ 13:09:58.0654 2140 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys 13:09:58.0792 2140 1394ohci - ok 13:09:58.0819 2140 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 13:09:58.0844 2140 ACPI - ok 13:09:58.0870 2140 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 13:09:58.0932 2140 AcpiPmi - ok 13:09:58.0976 2140 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 13:09:58.0998 2140 AdobeFlashPlayerUpdateSvc - ok 13:09:59.0044 2140 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys 13:09:59.0073 2140 adp94xx - ok 13:09:59.0095 2140 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys 13:09:59.0120 2140 adpahci - ok 13:09:59.0137 2140 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys 13:09:59.0160 2140 adpu320 - ok 13:09:59.0191 2140 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 13:09:59.0313 2140 AeLookupSvc - ok 13:09:59.0360 2140 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 13:09:59.0421 2140 AFD - ok 13:09:59.0454 2140 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 13:09:59.0477 2140 agp440 - ok 13:09:59.0515 2140 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys 13:09:59.0539 2140 aic78xx - ok 13:09:59.0568 2140 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 13:09:59.0613 2140 ALG - ok 13:09:59.0635 2140 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 13:09:59.0655 2140 aliide - ok 13:09:59.0672 2140 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 13:09:59.0693 2140 amdagp - ok 13:09:59.0708 2140 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 13:09:59.0727 2140 amdide - ok 13:09:59.0753 2140 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys 13:09:59.0792 2140 AmdK8 - ok 13:09:59.0821 2140 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys 13:09:59.0866 2140 AmdPPM - ok 13:09:59.0894 2140 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys 13:09:59.0916 2140 amdsata - ok 13:09:59.0936 2140 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys 13:09:59.0958 2140 amdsbs - ok 13:09:59.0973 2140 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys 13:09:59.0995 2140 amdxata - ok 13:10:00.0019 2140 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 13:10:00.0082 2140 AppID - ok 13:10:00.0110 2140 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 13:10:00.0168 2140 AppIDSvc - ok 13:10:00.0187 2140 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll 13:10:00.0229 2140 Appinfo - ok 13:10:00.0264 2140 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll 13:10:00.0309 2140 AppMgmt - ok 13:10:00.0337 2140 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys 13:10:00.0357 2140 arc - ok 13:10:00.0365 2140 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys 13:10:00.0388 2140 arcsas - ok 13:10:00.0414 2140 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 13:10:00.0506 2140 AsyncMac - ok 13:10:00.0527 2140 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 13:10:00.0545 2140 atapi - ok 13:10:00.0628 2140 athur (3426386f125dd820e0651e5833f9849b) C:\Windows\system32\DRIVERS\athur.sys 13:10:00.0681 2140 athur - ok 13:10:00.0953 2140 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys 13:10:01.0064 2140 atikmdag - ok 13:10:01.0189 2140 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 13:10:01.0240 2140 AudioEndpointBuilder - ok 13:10:01.0248 2140 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 13:10:01.0290 2140 Audiosrv - ok 13:10:01.0344 2140 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys 13:10:01.0387 2140 AVGIDSHX - ok 13:10:01.0409 2140 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys 13:10:01.0427 2140 Avgldx86 - ok 13:10:01.0443 2140 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys 13:10:01.0458 2140 Avgmfx86 - ok 13:10:01.0483 2140 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys 13:10:01.0497 2140 Avgrkx86 - ok 13:10:01.0562 2140 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe 13:10:01.0582 2140 avgwd - ok 13:10:01.0610 2140 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll 13:10:01.0690 2140 AxInstSV - ok 13:10:01.0738 2140 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys 13:10:01.0787 2140 b06bdrv - ok 13:10:01.0829 2140 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 13:10:01.0874 2140 b57nd60x - ok 13:10:01.0909 2140 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 13:10:01.0952 2140 BDESVC - ok 13:10:01.0979 2140 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 13:10:02.0024 2140 Beep - ok 13:10:02.0073 2140 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll 13:10:02.0124 2140 BFE - ok 13:10:02.0177 2140 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll 13:10:02.0224 2140 BITS - ok 13:10:02.0248 2140 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 13:10:02.0281 2140 blbdrive - ok 13:10:02.0317 2140 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 13:10:02.0359 2140 bowser - ok 13:10:02.0374 2140 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys 13:10:02.0421 2140 BrFiltLo - ok 13:10:02.0442 2140 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys 13:10:02.0474 2140 BrFiltUp - ok 13:10:02.0509 2140 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll 13:10:02.0554 2140 Browser - ok 13:10:02.0599 2140 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 13:10:02.0644 2140 Brserid - ok 13:10:02.0651 2140 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 13:10:02.0689 2140 BrSerWdm - ok 13:10:02.0705 2140 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 13:10:02.0743 2140 BrUsbMdm - ok 13:10:02.0748 2140 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 13:10:02.0783 2140 BrUsbSer - ok 13:10:02.0791 2140 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys 13:10:02.0822 2140 BTHMODEM - ok 13:10:02.0860 2140 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 13:10:02.0908 2140 bthserv - ok 13:10:02.0931 2140 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 13:10:02.0982 2140 cdfs - ok 13:10:03.0014 2140 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys 13:10:03.0050 2140 cdrom - ok 13:10:03.0085 2140 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 13:10:03.0132 2140 CertPropSvc - ok 13:10:03.0164 2140 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys 13:10:03.0204 2140 circlass - ok 13:10:03.0231 2140 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 13:10:03.0253 2140 CLFS - ok 13:10:03.0297 2140 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:10:03.0314 2140 clr_optimization_v2.0.50727_32 - ok 13:10:03.0338 2140 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys 13:10:03.0374 2140 CmBatt - ok 13:10:03.0388 2140 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 13:10:03.0408 2140 cmdide - ok 13:10:03.0452 2140 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 13:10:03.0495 2140 CNG - ok 13:10:03.0507 2140 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys 13:10:03.0526 2140 Compbatt - ok 13:10:03.0561 2140 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys 13:10:03.0591 2140 CompositeBus - ok 13:10:03.0600 2140 COMSysApp - ok 13:10:03.0633 2140 cpuz135 - ok 13:10:03.0659 2140 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys 13:10:03.0678 2140 crcdisk - ok 13:10:03.0717 2140 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll 13:10:03.0755 2140 CryptSvc - ok 13:10:03.0791 2140 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 13:10:03.0837 2140 CSC - ok 13:10:03.0881 2140 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll 13:10:03.0920 2140 CscService - ok 13:10:03.0963 2140 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 13:10:04.0015 2140 DcomLaunch - ok 13:10:04.0053 2140 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 13:10:04.0113 2140 defragsvc - ok 13:10:04.0161 2140 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 13:10:04.0210 2140 DfsC - ok 13:10:04.0250 2140 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll 13:10:04.0301 2140 Dhcp - ok 13:10:04.0313 2140 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 13:10:04.0360 2140 discache - ok 13:10:04.0414 2140 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys 13:10:04.0435 2140 Disk - ok 13:10:04.0472 2140 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys 13:10:04.0519 2140 dmvsc - ok 13:10:04.0548 2140 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll 13:10:04.0590 2140 Dnscache - ok 13:10:04.0615 2140 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll 13:10:04.0666 2140 dot3svc - ok 13:10:04.0682 2140 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll 13:10:04.0737 2140 DPS - ok 13:10:04.0760 2140 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 13:10:04.0790 2140 drmkaud - ok 13:10:04.0835 2140 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 13:10:04.0869 2140 DXGKrnl - ok 13:10:04.0894 2140 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 13:10:04.0939 2140 EapHost - ok 13:10:05.0088 2140 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys 13:10:05.0186 2140 ebdrv - ok 13:10:05.0267 2140 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe 13:10:05.0330 2140 EFS - ok 13:10:05.0391 2140 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe 13:10:05.0435 2140 ehRecvr - ok 13:10:05.0450 2140 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 13:10:05.0486 2140 ehSched - ok 13:10:05.0558 2140 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys 13:10:05.0591 2140 elxstor - ok 13:10:05.0613 2140 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 13:10:05.0650 2140 ErrDev - ok 13:10:05.0696 2140 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 13:10:05.0747 2140 EventSystem - ok 13:10:05.0772 2140 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 13:10:05.0811 2140 exfat - ok 13:10:05.0821 2140 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 13:10:05.0878 2140 fastfat - ok 13:10:05.0918 2140 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe 13:10:05.0966 2140 Fax - ok 13:10:05.0992 2140 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 13:10:06.0027 2140 fdc - ok 13:10:06.0046 2140 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 13:10:06.0092 2140 fdPHost - ok 13:10:06.0106 2140 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 13:10:06.0145 2140 FDResPub - ok 13:10:06.0160 2140 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 13:10:06.0179 2140 FileInfo - ok 13:10:06.0193 2140 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 13:10:06.0239 2140 Filetrace - ok 13:10:06.0257 2140 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys 13:10:06.0292 2140 flpydisk - ok 13:10:06.0323 2140 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 13:10:06.0345 2140 FltMgr - ok 13:10:06.0403 2140 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll 13:10:06.0458 2140 FontCache - ok 13:10:06.0527 2140 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 13:10:06.0547 2140 FontCache3.0.0.0 - ok 13:10:06.0581 2140 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 13:10:06.0600 2140 FsDepends - ok 13:10:06.0639 2140 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys 13:10:06.0658 2140 Fs_Rec - ok 13:10:06.0741 2140 Futuremark SystemInfo Service (ae6f0a6562d3eccd613de1fd8612ac4e) C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe 13:10:06.0760 2140 Futuremark SystemInfo Service - ok 13:10:06.0799 2140 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 13:10:06.0829 2140 fvevol - ok 13:10:06.0857 2140 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys 13:10:06.0878 2140 gagp30kx - ok 13:10:06.0928 2140 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll 13:10:06.0983 2140 gpsvc - ok 13:10:07.0003 2140 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 13:10:07.0039 2140 hcw85cir - ok 13:10:07.0249 2140 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 13:10:07.0286 2140 HdAudAddService - ok 13:10:07.0306 2140 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys 13:10:07.0343 2140 HDAudBus - ok 13:10:07.0372 2140 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys 13:10:07.0410 2140 HidBatt - ok 13:10:07.0435 2140 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys 13:10:07.0475 2140 HidBth - ok 13:10:07.0500 2140 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys 13:10:07.0533 2140 HidIr - ok 13:10:07.0556 2140 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll 13:10:07.0603 2140 hidserv - ok 13:10:07.0645 2140 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys 13:10:07.0675 2140 HidUsb - ok 13:10:07.0693 2140 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll 13:10:07.0732 2140 hkmsvc - ok 13:10:07.0752 2140 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll 13:10:07.0795 2140 HomeGroupListener - ok 13:10:07.0830 2140 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll 13:10:07.0863 2140 HomeGroupProvider - ok 13:10:07.0897 2140 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 13:10:07.0918 2140 HpSAMD - ok 13:10:07.0954 2140 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 13:10:07.0998 2140 HTTP - ok 13:10:08.0011 2140 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 13:10:08.0032 2140 hwpolicy - ok 13:10:08.0055 2140 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 13:10:08.0083 2140 i8042prt - ok 13:10:08.0109 2140 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys 13:10:08.0135 2140 iaStorV - ok 13:10:08.0243 2140 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 13:10:08.0281 2140 idsvc - ok 13:10:08.0313 2140 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys 13:10:08.0336 2140 iirsp - ok 13:10:08.0397 2140 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll 13:10:08.0456 2140 IKEEXT - ok 13:10:08.0481 2140 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 13:10:08.0501 2140 intelide - ok 13:10:08.0528 2140 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 13:10:08.0550 2140 intelppm - ok 13:10:08.0569 2140 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 13:10:08.0608 2140 IPBusEnum - ok 13:10:08.0625 2140 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:10:08.0664 2140 IpFilterDriver - ok 13:10:08.0719 2140 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll 13:10:08.0761 2140 iphlpsvc - ok 13:10:08.0770 2140 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 13:10:08.0793 2140 IPMIDRV - ok 13:10:08.0802 2140 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 13:10:08.0846 2140 IPNAT - ok 13:10:08.0875 2140 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 13:10:08.0908 2140 IRENUM - ok 13:10:08.0922 2140 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 13:10:08.0942 2140 isapnp - ok 13:10:08.0973 2140 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 13:10:08.0996 2140 iScsiPrt - ok 13:10:09.0102 2140 jswpsapi (81534359f525f7c02b2b56b2653bd779) C:\Program Files\NETGEAR\WNDA3200\jswpsapi.exe 13:10:09.0132 2140 jswpsapi ( UnsignedFile.Multi.Generic ) - warning 13:10:09.0133 2140 jswpsapi - detected UnsignedFile.Multi.Generic (1) 13:10:09.0178 2140 jswpslwf (55c9b4252b751226b838eed2bc50bb64) C:\Windows\system32\DRIVERS\jswpslwf.sys 13:10:09.0228 2140 jswpslwf - ok 13:10:09.0258 2140 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 13:10:09.0280 2140 kbdclass - ok 13:10:09.0303 2140 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys 13:10:09.0333 2140 kbdhid - ok 13:10:09.0350 2140 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 13:10:09.0376 2140 KeyIso - ok 13:10:09.0390 2140 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 13:10:09.0410 2140 KSecDD - ok 13:10:09.0440 2140 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 13:10:09.0461 2140 KSecPkg - ok 13:10:09.0492 2140 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 13:10:09.0550 2140 KtmRm - ok 13:10:09.0592 2140 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll 13:10:09.0636 2140 LanmanServer - ok 13:10:09.0657 2140 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll 13:10:09.0697 2140 LanmanWorkstation - ok 13:10:09.0743 2140 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 13:10:09.0787 2140 lltdio - ok 13:10:09.0824 2140 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 13:10:09.0865 2140 lltdsvc - ok 13:10:09.0882 2140 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 13:10:09.0932 2140 lmhosts - ok 13:10:09.0964 2140 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys 13:10:09.0986 2140 LSI_FC - ok 13:10:10.0006 2140 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys 13:10:10.0026 2140 LSI_SAS - ok 13:10:10.0049 2140 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys 13:10:10.0072 2140 LSI_SAS2 - ok 13:10:10.0088 2140 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys 13:10:10.0108 2140 LSI_SCSI - ok 13:10:10.0133 2140 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 13:10:10.0183 2140 luafv - ok 13:10:10.0225 2140 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys 13:10:10.0243 2140 MBAMProtector - ok 13:10:10.0305 2140 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 13:10:10.0344 2140 MBAMService - ok 13:10:10.0364 2140 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll 13:10:10.0393 2140 Mcx2Svc - ok 13:10:10.0421 2140 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys 13:10:10.0441 2140 megasas - ok 13:10:10.0471 2140 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys 13:10:10.0494 2140 MegaSR - ok 13:10:10.0523 2140 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 13:10:10.0569 2140 MMCSS - ok 13:10:10.0589 2140 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 13:10:10.0644 2140 Modem - ok 13:10:10.0661 2140 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 13:10:10.0694 2140 monitor - ok 13:10:10.0718 2140 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 13:10:10.0740 2140 mouclass - ok 13:10:10.0774 2140 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 13:10:10.0801 2140 mouhid - ok 13:10:10.0814 2140 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 13:10:10.0834 2140 mountmgr - ok 13:10:10.0876 2140 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 13:10:10.0894 2140 MozillaMaintenance - ok 13:10:10.0916 2140 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 13:10:10.0937 2140 mpio - ok 13:10:10.0952 2140 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 13:10:11.0002 2140 mpsdrv - ok 13:10:11.0051 2140 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll 13:10:11.0105 2140 MpsSvc - ok 13:10:11.0131 2140 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 13:10:11.0172 2140 MRxDAV - ok 13:10:11.0209 2140 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 13:10:11.0243 2140 mrxsmb - ok 13:10:11.0270 2140 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:10:11.0293 2140 mrxsmb10 - ok 13:10:11.0309 2140 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:10:11.0330 2140 mrxsmb20 - ok 13:10:11.0341 2140 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 13:10:11.0362 2140 msahci - ok 13:10:11.0393 2140 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 13:10:11.0413 2140 msdsm - ok 13:10:11.0443 2140 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 13:10:11.0477 2140 MSDTC - ok 13:10:11.0494 2140 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 13:10:11.0531 2140 Msfs - ok 13:10:11.0545 2140 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 13:10:11.0583 2140 mshidkmdf - ok 13:10:11.0594 2140 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 13:10:11.0613 2140 msisadrv - ok 13:10:11.0643 2140 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 13:10:11.0696 2140 MSiSCSI - ok 13:10:11.0703 2140 msiserver - ok 13:10:11.0740 2140 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 13:10:11.0788 2140 MSKSSRV - ok 13:10:11.0798 2140 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 13:10:11.0844 2140 MSPCLOCK - ok 13:10:11.0850 2140 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 13:10:11.0895 2140 MSPQM - ok 13:10:11.0913 2140 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 13:10:11.0934 2140 MsRPC - ok 13:10:11.0948 2140 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 13:10:11.0968 2140 mssmbios - ok 13:10:11.0982 2140 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 13:10:12.0020 2140 MSTEE - ok 13:10:12.0030 2140 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys 13:10:12.0060 2140 MTConfig - ok 13:10:12.0083 2140 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 13:10:12.0101 2140 Mup - ok 13:10:12.0140 2140 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll 13:10:12.0197 2140 napagent - ok 13:10:12.0244 2140 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 13:10:12.0284 2140 NativeWifiP - ok 13:10:12.0389 2140 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 13:10:12.0424 2140 NDIS - ok 13:10:12.0444 2140 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 13:10:12.0494 2140 NdisCap - ok 13:10:12.0511 2140 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 13:10:12.0553 2140 NdisTapi - ok 13:10:12.0571 2140 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 13:10:12.0619 2140 Ndisuio - ok 13:10:12.0637 2140 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 13:10:12.0686 2140 NdisWan - ok 13:10:12.0713 2140 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 13:10:12.0749 2140 NDProxy - ok 13:10:12.0774 2140 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 13:10:12.0819 2140 NetBIOS - ok 13:10:12.0838 2140 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 13:10:12.0877 2140 NetBT - ok 13:10:12.0899 2140 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 13:10:12.0922 2140 Netlogon - ok 13:10:12.0969 2140 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 13:10:13.0011 2140 Netman - ok 13:10:13.0038 2140 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 13:10:13.0094 2140 netprofm - ok 13:10:13.0163 2140 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 13:10:13.0187 2140 NetTcpPortSharing - ok 13:10:13.0223 2140 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys 13:10:13.0244 2140 nfrd960 - ok 13:10:13.0277 2140 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll 13:10:13.0323 2140 NlaSvc - ok 13:10:13.0337 2140 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 13:10:13.0386 2140 Npfs - ok 13:10:13.0400 2140 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 13:10:13.0439 2140 nsi - ok 13:10:13.0462 2140 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 13:10:13.0506 2140 nsiproxy - ok 13:10:13.0569 2140 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys 13:10:13.0614 2140 Ntfs - ok 13:10:13.0631 2140 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 13:10:13.0680 2140 Null - ok 13:10:13.0712 2140 NVHDA (a0a9e53b4aac3c6534a063aba69bc19f) C:\Windows\system32\drivers\nvhda32v.sys 13:10:13.0732 2140 NVHDA - ok 13:10:14.0238 2140 nvlddmkm (afb33a823aabc112fc7bd62afbcdb0cd) C:\Windows\system32\DRIVERS\nvlddmkm.sys 13:10:14.0617 2140 nvlddmkm - ok 13:10:14.0723 2140 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys 13:10:14.0747 2140 nvraid - ok 13:10:14.0761 2140 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys 13:10:14.0783 2140 nvstor - ok 13:10:14.0846 2140 nvsvc (782945716ad010ac3d41758e8e52c735) C:\Windows\system32\nvvsvc.exe 13:10:14.0876 2140 nvsvc - ok 13:10:14.0973 2140 nvUpdatusService (a974e5c310b9b00894070ceb055d467f) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 13:10:15.0011 2140 nvUpdatusService - ok 13:10:15.0118 2140 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 13:10:15.0142 2140 nv_agp - ok 13:10:15.0149 2140 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 13:10:15.0188 2140 ohci1394 - ok 13:10:15.0220 2140 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 13:10:15.0271 2140 p2pimsvc - ok 13:10:15.0294 2140 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 13:10:15.0323 2140 p2psvc - ok 13:10:15.0359 2140 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 13:10:15.0382 2140 Parport - ok 13:10:15.0408 2140 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys 13:10:15.0429 2140 partmgr - ok 13:10:15.0439 2140 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 13:10:15.0470 2140 Parvdm - ok 13:10:15.0498 2140 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 13:10:15.0525 2140 PcaSvc - ok 13:10:15.0543 2140 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 13:10:15.0566 2140 pci - ok 13:10:15.0581 2140 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 13:10:15.0599 2140 pciide - ok 13:10:15.0633 2140 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys 13:10:15.0656 2140 pcmcia - ok 13:10:15.0676 2140 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 13:10:15.0696 2140 pcw - ok 13:10:15.0743 2140 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 13:10:15.0796 2140 PEAUTH - ok 13:10:15.0880 2140 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll 13:10:15.0929 2140 PeerDistSvc - ok 13:10:16.0027 2140 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll 13:10:16.0098 2140 pla - ok 13:10:16.0218 2140 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll 13:10:16.0263 2140 PlugPlay - ok 13:10:16.0319 2140 PnkBstrA (831883b107684301f48ace752c963984) C:\Windows\system32\PnkBstrA.exe 13:10:16.0338 2140 PnkBstrA - ok 13:10:16.0385 2140 PnkBstrB (e24106a5eaecddff00b25497049dd65f) C:\Windows\system32\PnkBstrB.exe 13:10:16.0405 2140 PnkBstrB - ok 13:10:16.0425 2140 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 13:10:16.0463 2140 PNRPAutoReg - ok 13:10:16.0486 2140 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 13:10:16.0515 2140 PNRPsvc - ok 13:10:16.0550 2140 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll 13:10:16.0597 2140 PolicyAgent - ok 13:10:16.0624 2140 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll 13:10:16.0667 2140 Power - ok 13:10:16.0719 2140 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 13:10:16.0766 2140 PptpMiniport - ok 13:10:16.0789 2140 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys 13:10:16.0830 2140 Processor - ok 13:10:16.0877 2140 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll 13:10:16.0918 2140 ProfSvc - ok 13:10:16.0941 2140 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 13:10:16.0963 2140 ProtectedStorage - ok 13:10:17.0001 2140 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 13:10:17.0042 2140 Psched - ok 13:10:17.0126 2140 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys 13:10:17.0184 2140 ql2300 - ok 13:10:17.0277 2140 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys 13:10:17.0298 2140 ql40xx - ok 13:10:17.0329 2140 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 13:10:17.0363 2140 QWAVE - ok 13:10:17.0392 2140 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 13:10:17.0416 2140 QWAVEdrv - ok 13:10:17.0431 2140 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 13:10:17.0488 2140 RasAcd - ok 13:10:17.0541 2140 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 13:10:17.0576 2140 RasAgileVpn - ok 13:10:17.0593 2140 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 13:10:17.0645 2140 RasAuto - ok 13:10:17.0674 2140 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 13:10:17.0717 2140 Rasl2tp - ok 13:10:17.0756 2140 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll 13:10:17.0806 2140 RasMan - ok 13:10:17.0831 2140 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 13:10:17.0871 2140 RasPppoe - ok 13:10:17.0900 2140 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 13:10:17.0947 2140 RasSstp - ok 13:10:17.0978 2140 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 13:10:18.0023 2140 rdbss - ok 13:10:18.0040 2140 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 13:10:18.0063 2140 rdpbus - ok 13:10:18.0079 2140 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 13:10:18.0126 2140 RDPCDD - ok 13:10:18.0159 2140 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 13:10:18.0193 2140 RDPDR - ok 13:10:18.0227 2140 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 13:10:18.0271 2140 RDPENCDD - ok 13:10:18.0289 2140 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 13:10:18.0336 2140 RDPREFMP - ok 13:10:18.0370 2140 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys 13:10:18.0416 2140 RdpVideoMiniport - ok 13:10:18.0457 2140 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys 13:10:18.0496 2140 RDPWD - ok 13:10:18.0523 2140 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 13:10:18.0547 2140 rdyboost - ok 13:10:18.0572 2140 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 13:10:18.0609 2140 RemoteAccess - ok 13:10:18.0633 2140 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 13:10:18.0675 2140 RemoteRegistry - ok 13:10:18.0701 2140 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 13:10:18.0748 2140 RpcEptMapper - ok 13:10:18.0768 2140 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 13:10:18.0797 2140 RpcLocator - ok 13:10:18.0829 2140 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 13:10:18.0870 2140 RpcSs - ok 13:10:18.0902 2140 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 13:10:18.0954 2140 rspndr - ok 13:10:18.0974 2140 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 13:10:19.0004 2140 s3cap - ok 13:10:19.0025 2140 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 13:10:19.0047 2140 SamSs - ok 13:10:19.0075 2140 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 13:10:19.0095 2140 sbp2port - ok 13:10:19.0123 2140 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 13:10:19.0175 2140 SCardSvr - ok 13:10:19.0194 2140 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 13:10:19.0243 2140 scfilter - ok 13:10:19.0287 2140 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll 13:10:19.0345 2140 Schedule - ok 13:10:19.0373 2140 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 13:10:19.0409 2140 SCPolicySvc - ok 13:10:19.0433 2140 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll 13:10:19.0484 2140 SDRSVC - ok 13:10:19.0513 2140 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 13:10:19.0564 2140 secdrv - ok 13:10:19.0585 2140 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 13:10:19.0630 2140 seclogon - ok 13:10:19.0659 2140 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll 13:10:19.0710 2140 SENS - ok 13:10:19.0726 2140 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 13:10:19.0765 2140 SensrSvc - ok 13:10:19.0785 2140 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 13:10:19.0807 2140 Serenum - ok 13:10:19.0832 2140 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 13:10:19.0864 2140 Serial - ok 13:10:19.0885 2140 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys 13:10:19.0908 2140 sermouse - ok 13:10:19.0957 2140 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll 13:10:20.0010 2140 SessionEnv - ok 13:10:20.0024 2140 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 13:10:20.0058 2140 sffdisk - ok 13:10:20.0063 2140 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 13:10:20.0095 2140 sffp_mmc - ok 13:10:20.0119 2140 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 13:10:20.0157 2140 sffp_sd - ok 13:10:20.0175 2140 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys 13:10:20.0197 2140 sfloppy - ok 13:10:20.0241 2140 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 13:10:20.0297 2140 SharedAccess - ok 13:10:20.0328 2140 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll 13:10:20.0379 2140 ShellHWDetection - ok 13:10:20.0409 2140 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 13:10:20.0429 2140 sisagp - ok 13:10:20.0455 2140 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys 13:10:20.0477 2140 SiSRaid2 - ok 13:10:20.0495 2140 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys 13:10:20.0517 2140 SiSRaid4 - ok 13:10:20.0533 2140 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 13:10:20.0571 2140 Smb - ok 13:10:20.0598 2140 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 13:10:20.0622 2140 SNMPTRAP - ok 13:10:20.0637 2140 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 13:10:20.0657 2140 spldr - ok 13:10:20.0684 2140 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe 13:10:20.0735 2140 Spooler - ok 13:10:20.0892 2140 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe 13:10:21.0010 2140 sppsvc - ok 13:10:21.0111 2140 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll 13:10:21.0167 2140 sppuinotify - ok 13:10:21.0220 2140 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 13:10:21.0267 2140 srv - ok 13:10:21.0312 2140 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 13:10:21.0348 2140 srv2 - ok 13:10:21.0380 2140 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 13:10:21.0414 2140 srvnet - ok 13:10:21.0446 2140 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 13:10:21.0499 2140 SSDPSRV - ok 13:10:21.0516 2140 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 13:10:21.0563 2140 SstpSvc - ok 13:10:21.0618 2140 Steam Client Service - ok 13:10:21.0711 2140 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 13:10:21.0734 2140 Stereo Service - ok 13:10:21.0758 2140 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys 13:10:21.0778 2140 stexstor - ok 13:10:21.0821 2140 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll 13:10:21.0866 2140 StiSvc - ok 13:10:21.0883 2140 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 13:10:21.0903 2140 storflt - ok 13:10:21.0922 2140 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 13:10:21.0943 2140 storvsc - ok 13:10:21.0963 2140 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 13:10:21.0986 2140 swenum - ok 13:10:22.0031 2140 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 13:10:22.0088 2140 swprv - ok 13:10:22.0120 2140 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\synth3dvsc.sys 13:10:22.0141 2140 Synth3dVsc - ok 13:10:22.0229 2140 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll 13:10:22.0283 2140 SysMain - ok 13:10:22.0311 2140 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll 13:10:22.0350 2140 TabletInputService - ok 13:10:22.0377 2140 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll 13:10:22.0418 2140 TapiSrv - ok 13:10:22.0499 2140 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\Windows\system32\drivers\TBPanel.sys 13:10:22.0518 2140 TBPanel - ok 13:10:22.0560 2140 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 13:10:22.0599 2140 TBS - ok 13:10:22.0674 2140 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys 13:10:22.0720 2140 Tcpip - ok 13:10:22.0750 2140 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys 13:10:22.0790 2140 TCPIP6 - ok 13:10:22.0816 2140 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 13:10:22.0859 2140 tcpipreg - ok 13:10:22.0881 2140 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 13:10:22.0901 2140 TDPIPE - ok 13:10:22.0922 2140 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys 13:10:22.0943 2140 TDTCP - ok 13:10:22.0959 2140 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 13:10:23.0003 2140 tdx - ok 13:10:23.0015 2140 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys 13:10:23.0036 2140 TermDD - ok 13:10:23.0073 2140 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys 13:10:23.0115 2140 terminpt - ok 13:10:23.0151 2140 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll 13:10:23.0195 2140 TermService - ok 13:10:23.0211 2140 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 13:10:23.0253 2140 Themes - ok 13:10:23.0281 2140 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 13:10:23.0320 2140 THREADORDER - ok 13:10:23.0353 2140 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 13:10:23.0410 2140 TrkWks - ok 13:10:23.0459 2140 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe 13:10:23.0502 2140 TrustedInstaller - ok 13:10:23.0525 2140 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 13:10:23.0573 2140 tssecsrv - ok 13:10:23.0609 2140 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 13:10:23.0650 2140 TsUsbFlt - ok 13:10:23.0668 2140 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys 13:10:23.0704 2140 TsUsbGD - ok 13:10:23.0726 2140 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys 13:10:23.0751 2140 tsusbhub - ok 13:10:23.0782 2140 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 13:10:23.0818 2140 tunnel - ok 13:10:23.0917 2140 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys 13:10:23.0940 2140 uagp35 - ok 13:10:23.0995 2140 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 13:10:24.0053 2140 udfs - ok 13:10:24.0109 2140 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 13:10:24.0167 2140 UI0Detect - ok 13:10:24.0210 2140 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 13:10:24.0232 2140 uliagpkx - ok 13:10:24.0260 2140 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys 13:10:24.0284 2140 umbus - ok 13:10:24.0313 2140 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys 13:10:24.0344 2140 UmPass - ok 13:10:24.0372 2140 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll 13:10:24.0407 2140 UmRdpService - ok 13:10:24.0435 2140 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 13:10:24.0485 2140 upnphost - ok 13:10:24.0505 2140 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys 13:10:24.0535 2140 usbccgp - ok 13:10:24.0561 2140 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 13:10:24.0589 2140 usbcir - ok 13:10:24.0614 2140 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\DRIVERS\usbehci.sys 13:10:24.0653 2140 usbehci - ok 13:10:24.0691 2140 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\DRIVERS\usbhub.sys 13:10:24.0722 2140 usbhub - ok 13:10:24.0746 2140 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 13:10:24.0784 2140 usbohci - ok 13:10:24.0819 2140 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys 13:10:24.0847 2140 usbprint - ok 13:10:24.0876 2140 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:10:24.0903 2140 USBSTOR - ok 13:10:24.0925 2140 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys 13:10:24.0962 2140 usbuhci - ok 13:10:24.0984 2140 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 13:10:25.0022 2140 UxSms - ok 13:10:25.0041 2140 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 13:10:25.0064 2140 VaultSvc - ok 13:10:25.0093 2140 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 13:10:25.0113 2140 vdrvroot - ok 13:10:25.0142 2140 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe 13:10:25.0192 2140 vds - ok 13:10:25.0210 2140 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 13:10:25.0247 2140 vga - ok 13:10:25.0261 2140 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 13:10:25.0300 2140 VgaSave - ok 13:10:25.0306 2140 VGPU - ok 13:10:25.0340 2140 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 13:10:25.0362 2140 vhdmp - ok 13:10:25.0396 2140 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 13:10:25.0417 2140 viaagp - ok 13:10:25.0437 2140 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys 13:10:25.0477 2140 ViaC7 - ok 13:10:25.0491 2140 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 13:10:25.0512 2140 viaide - ok 13:10:25.0543 2140 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 13:10:25.0566 2140 vmbus - ok 13:10:25.0584 2140 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 13:10:25.0614 2140 VMBusHID - ok 13:10:25.0633 2140 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 13:10:25.0654 2140 volmgr - ok 13:10:25.0683 2140 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 13:10:25.0707 2140 volmgrx - ok 13:10:25.0741 2140 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 13:10:25.0765 2140 volsnap - ok 13:10:25.0792 2140 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys 13:10:25.0814 2140 vsmraid - ok 13:10:25.0877 2140 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe 13:10:25.0936 2140 VSS - ok 13:10:25.0960 2140 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 13:10:25.0996 2140 vwifibus - ok 13:10:26.0013 2140 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 13:10:26.0051 2140 vwififlt - ok 13:10:26.0088 2140 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 13:10:26.0131 2140 W32Time - ok 13:10:26.0155 2140 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys 13:10:26.0192 2140 WacomPen - ok 13:10:26.0210 2140 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 13:10:26.0254 2140 WANARP - ok 13:10:26.0258 2140 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 13:10:26.0294 2140 Wanarpv6 - ok 13:10:26.0358 2140 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe 13:10:26.0405 2140 wbengine - ok 13:10:26.0427 2140 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 13:10:26.0464 2140 WbioSrvc - ok 13:10:26.0495 2140 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll 13:10:26.0528 2140 wcncsvc - ok 13:10:26.0543 2140 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 13:10:26.0578 2140 WcsPlugInService - ok 13:10:26.0628 2140 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys 13:10:26.0650 2140 Wd - ok 13:10:26.0702 2140 WDCS_WNDA3200 (49b50be4c6e61dc378057a09130e0629) C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe 13:10:26.0722 2140 WDCS_WNDA3200 ( UnsignedFile.Multi.Generic ) - warning 13:10:26.0722 2140 WDCS_WNDA3200 - detected UnsignedFile.Multi.Generic (1) 13:10:26.0755 2140 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 13:10:26.0786 2140 Wdf01000 - ok 13:10:26.0817 2140 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 13:10:26.0888 2140 WdiServiceHost - ok 13:10:26.0893 2140 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 13:10:26.0922 2140 WdiSystemHost - ok 13:10:26.0942 2140 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll 13:10:26.0983 2140 WebClient - ok 13:10:27.0006 2140 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 13:10:27.0048 2140 Wecsvc - ok 13:10:27.0061 2140 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 13:10:27.0101 2140 wercplsupport - ok 13:10:27.0135 2140 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 13:10:27.0176 2140 WerSvc - ok 13:10:27.0214 2140 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 13:10:27.0253 2140 WfpLwf - ok 13:10:27.0270 2140 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 13:10:27.0289 2140 WIMMount - ok 13:10:27.0379 2140 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 13:10:27.0428 2140 WinDefend - ok 13:10:27.0439 2140 WinHttpAutoProxySvc - ok 13:10:27.0491 2140 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 13:10:27.0530 2140 Winmgmt - ok 13:10:27.0598 2140 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll 13:10:27.0666 2140 WinRM - ok 13:10:27.0738 2140 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 13:10:27.0787 2140 Wlansvc - ok 13:10:27.0972 2140 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 13:10:28.0023 2140 wlidsvc - ok 13:10:28.0114 2140 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 13:10:28.0140 2140 WmiAcpi - ok 13:10:28.0191 2140 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 13:10:28.0227 2140 wmiApSrv - ok 13:10:28.0322 2140 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 13:10:28.0372 2140 WMPNetworkSvc - ok 13:10:28.0401 2140 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 13:10:28.0445 2140 WPCSvc - ok 13:10:28.0465 2140 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll 13:10:28.0496 2140 WPDBusEnum - ok 13:10:28.0546 2140 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 13:10:28.0597 2140 ws2ifsl - ok 13:10:28.0618 2140 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll 13:10:28.0664 2140 wscsvc - ok 13:10:28.0670 2140 WSearch - ok 13:10:28.0800 2140 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll 13:10:28.0866 2140 wuauserv - ok 13:10:28.0970 2140 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 13:10:29.0022 2140 WudfPf - ok 13:10:29.0053 2140 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 13:10:29.0105 2140 WUDFRd - ok 13:10:29.0135 2140 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll 13:10:29.0173 2140 wudfsvc - ok 13:10:29.0195 2140 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 13:10:29.0225 2140 WwanSvc - ok 13:10:29.0268 2140 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys 13:10:29.0294 2140 yukonw7 - ok 13:10:29.0316 2140 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 13:10:29.0861 2140 \Device\Harddisk0\DR0 - ok 13:10:29.0866 2140 Boot (0x1200) (e63e14d9535434be73c4c97547aeb621) \Device\Harddisk0\DR0\Partition0 13:10:29.0867 2140 \Device\Harddisk0\DR0\Partition0 - ok 13:10:29.0895 2140 Boot (0x1200) (17b9c6ee5e8b84a37a7a24733481bb4f) \Device\Harddisk0\DR0\Partition1 13:10:29.0896 2140 \Device\Harddisk0\DR0\Partition1 - ok 13:10:29.0897 2140 ============================================================ 13:10:29.0897 2140 Scan finished 13:10:29.0897 2140 ============================================================ 13:10:29.0917 3268 Detected object count: 2 13:10:29.0917 3268 Actual detected object count: 2 13:10:50.0951 3268 jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user 13:10:50.0951 3268 jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:10:50.0952 3268 WDCS_WNDA3200 ( UnsignedFile.Multi.Generic ) - skipped by user 13:10:50.0952 3268 WDCS_WNDA3200 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  11. These are the logs I could find that mention the viruses. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.04.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Rich :: RICH-PC [administrator] Protection: Enabled 04/07/2012 23:03:56 mbam-log-2012-07-04 (23-03-56).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 377903 Time elapsed: 1 hour(s), 27 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully. Registry Values Detected: 2 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\n. -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Firewall 2.9 (Trojan.Agent.Gen) -> Data: C:\Users\Rich\AppData\Roaming\WMPRWISE.EXE -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\n (Trojan.Dropper.PE4) -> Delete on reboot. C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. (end) 2012/05/13 21:22:50 +0100 RICH-PC Rich MESSAGE Starting protection 2012/05/13 21:22:54 +0100 RICH-PC Rich MESSAGE Protection started successfully 2012/05/13 21:22:57 +0100 RICH-PC Rich MESSAGE Starting IP protection 2012/05/13 21:23:02 +0100 RICH-PC Rich MESSAGE IP Protection started successfully 2012/05/13 21:23:34 +0100 RICH-PC Rich MESSAGE Executing scheduled update: Daily 2012/05/13 21:23:36 +0100 RICH-PC Rich MESSAGE Database already up-to-date 2012/05/13 23:10:18 +0100 RICH-PC Rich IP-BLOCK 95.154.250.105 (Type: outgoing, Port: 62267, Process: hl2.exe) 2012/05/13 23:10:19 +0100 RICH-PC Rich IP-BLOCK 95.154.250.105 (Type: outgoing, Port: 62267, Process: hl2.exe) 2012/05/13 23:10:19 +0100 RICH-PC Rich IP-BLOCK 95.154.250.150 (Type: outgoing, Port: 62267, Process: hl2.exe) 2012/05/13 23:10:19 +0100 RICH-PC Rich IP-BLOCK 95.154.250.105 (Type: outgoing, Port: 62267, Process: hl2.exe) 2012/05/13 23:10:19 +0100 RICH-PC Rich IP-BLOCK 95.154.250.126 (Type: outgoing, Port: 62267, Process: hl2.exe) 2012/05/13 23:10:19 +0100 RICH-PC Rich IP-BLOCK 95.154.250.105 (Type: outgoing, Port: 62267, Process: hl2.exe) 2012/05/13 23:10:52 +0100 RICH-PC Rich IP-BLOCK 95.154.250.126 (Type: outgoing, Port: 62269, Process: hl2.exe) 2012/05/13 23:10:52 +0100 RICH-PC Rich IP-BLOCK 217.199.218.178 (Type: outgoing, Port: 62269, Process: hl2.exe) 2012/05/13 23:15:17 +0100 RICH-PC Rich IP-BLOCK 95.154.250.150 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:17 +0100 RICH-PC Rich IP-BLOCK 95.154.250.126 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:18 +0100 RICH-PC Rich IP-BLOCK 109.236.86.140 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:18 +0100 RICH-PC Rich IP-BLOCK 93.190.140.205 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:18 +0100 RICH-PC Rich IP-BLOCK 109.236.86.140 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:18 +0100 RICH-PC Rich IP-BLOCK 46.249.51.229 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:18 +0100 RICH-PC Rich IP-BLOCK 109.236.86.140 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:18 +0100 RICH-PC Rich IP-BLOCK 109.236.86.140 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:18 +0100 RICH-PC Rich IP-BLOCK 213.246.38.82 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:26 +0100 RICH-PC Rich IP-BLOCK 213.246.38.82 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:26 +0100 RICH-PC Rich IP-BLOCK 213.246.38.82 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:26 +0100 RICH-PC Rich IP-BLOCK 88.86.119.233 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:26 +0100 RICH-PC Rich IP-BLOCK 88.86.119.233 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:26 +0100 RICH-PC Rich IP-BLOCK 88.86.119.233 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:26 +0100 RICH-PC Rich IP-BLOCK 88.86.119.233 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:34 +0100 RICH-PC Rich IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:34 +0100 RICH-PC Rich IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:34 +0100 RICH-PC Rich IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:34 +0100 RICH-PC Rich IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:34 +0100 RICH-PC Rich IP-BLOCK 91.211.118.43 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:34 +0100 RICH-PC Rich IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:34 +0100 RICH-PC Rich IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:34 +0100 RICH-PC Rich IP-BLOCK 217.199.218.178 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 83.222.109.43 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 83.222.109.43 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 83.222.109.45 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 83.222.109.45 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 83.222.109.45 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 83.222.109.45 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 83.222.109.45 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 83.222.109.45 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 83.222.109.45 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 92.243.76.11 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 83.222.109.45 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 217.199.218.178 (Type: outgoing, Port: 59201, Process: hl2.exe) 2012/05/13 23:28:01 +0100 RICH-PC Rich IP-BLOCK 95.154.250.126 (Type: outgoing, Port: 57183, Process: hl2.exe) 2012/05/13 23:28:01 +0100 RICH-PC Rich IP-BLOCK 217.199.218.178 (Type: outgoing, Port: 57183, Process: hl2.exe)
  12. I made a note of the blocked I.P when I was having the problem yesterday - 109.236.84.153. Latest Malwarebytes log: Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.13.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Rich :: RICH-PC [administrator] Protection: Disabled 14/05/2012 18:08:09 mbam-log-2012-05-14 (18-08-09).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 198497 Time elapsed: 6 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  13. & the Attach log. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 08/05/2012 05:10:50 System Uptime: 05/07/2012 10:11:32 (1 hours ago) . Motherboard: Acer | | MRS600M Processor: Intel® Pentium® D CPU 2.80GHz | Socket 775 | 2800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 153 GiB total, 25.884 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: Description: Multimedia Controller Device ID: PCI\VEN_12AB&DEV_1E3C&SUBSYS_1E3C12AB&REV_01\4&C9A676E&0&00A4 Manufacturer: Name: Multimedia Controller PNP Device ID: PCI\VEN_12AB&DEV_1E3C&SUBSYS_1E3C12AB&REV_01\4&C9A676E&0&00A4 Service: . ==== System Restore Points =================== . RP49: 21/06/2012 09:04:37 - Windows Update RP50: 28/06/2012 18:54:42 - Scheduled Checkpoint . ==== Installed Programs ====================== . 7-Zip 9.20 Adobe Flash Player 11 Plugin Adobe Shockwave Player 11.6 Alien Swarm Amnesia: The Dark Descent Audiosurf AVG 2012 Bastion Beat Hazard D3DX10 Darwinia DEFCON Dungeon Defenders Futuremark SystemInfo Google Chrome Hitman: Blood Money Java Auto Updater Java 6 Update 32 Left 4 Dead Left 4 Dead 2 LIMBO Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft Application Error Reporting Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft XNA Framework Redistributable 3.1 Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT Multiwinia NETGEAR WNDA3200 wireless adapter Setup NVIDIA 3D Vision Controller Driver 301.42 NVIDIA 3D Vision Driver 301.42 NVIDIA Control Panel 301.42 NVIDIA Graphics Driver 301.42 NVIDIA HD Audio Driver 1.3.16.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.0213 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.8.15 NVIDIA Update Components Oblivion mod manager 1.1.12 On the Rain-Slick Precipice of Darkness, Episode One On the Rain-Slick Precipice of Darkness, Episode Two Plants vs. Zombies: Game of the Year Psychonauts PunkBuster Services Sonic and SEGA All Stars Racing Steam Super Monday Night Combat Superbrothers: Sword & Sworcery EP swMSM System Requirements Lab CYRI Team Fortress 2 The Elder Scrolls IV: Oblivion Tom Clancy's Rainbow Six: Vegas 2 Torchlight Uplink Vtune 7.22 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack YTD YouTube Downloader & Converter 3.7 . ==== Event Viewer Messages From Past Week ======== . 05/07/2012 10:14:05, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 05/07/2012 10:14:05, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 05/07/2012 00:39:58, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 05/07/2012 00:39:58, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure. 05/07/2012 00:39:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56} 02/07/2012 13:59:18, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. . ==== End Of File ===========================
  14. Thank you for the reply. After I posted this topic last night, Malwarebytes did a full system scan & found 5 different viruses & trojans. It apparently cured & removed the infections. I reset the PC & left it overnight while I slept. After waking up this morning I did another short scan & full system scan & it hasn't found anything else, nor has any of the warning messages popped up since. I'm hoping it has been cured, but I know enough about computers to assume that it may just be hiding away. So i'll post fresh DDS logs. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32 Run by Rich at 11:46:13 on 2012-07-05 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2046.1125 [GMT 1:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrB.exe C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Vtune\TBPANEL.exe C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [TBPanel] c:\program files\vtune\TBPanel.exe /A uRun: [Google Update] "c:\users\rich\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3200\WNDA3200WPSMgr.exe mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{7FE3267E-2232-4DF2-A164-961D7C673B75} : DhcpNameServer = 194.168.4.100 194.168.8.100 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\rich\appdata\roaming\mozilla\firefox\profiles\orx39u25.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\rich\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040] R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-5-8 20384] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-13 654408] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272] R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\netgear\wnda3200\WifiDevChkSvc.exe [2012-5-8 167936] R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2012-5-8 1564160] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-13 22344] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-5-23 148800] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-5-23 1262400] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-8 250056] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2012-5-13 135584] S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wnda3200\jswpsapi.exe [2012-5-8 954368] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 113120] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184] S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640] . =============== Created Last 30 ================ . 2012-07-05 09:12:42 -------- d-----w- c:\users\rich\appdata\local\{BAD0BD85-933D-45B0-A102-AD419E8B001C} 2012-07-05 09:12:28 -------- d-----w- c:\users\rich\appdata\local\{7F09E8C7-76AA-40C1-AF89-F0683018B781} 2012-07-04 14:27:53 -------- d-----w- c:\users\rich\appdata\local\{27F48031-9F59-45E6-90F5-0E95DBED12F7} 2012-07-04 14:27:41 -------- d-----w- c:\users\rich\appdata\local\{AA1E687D-51B4-46EA-B9DE-1AE86A5F79C3} 2012-07-04 13:22:32 -------- d-----w- c:\users\rich\appdata\local\{5061FE4C-0284-4C50-B5E8-86E9A6C6BAF6} 2012-07-04 13:22:20 -------- d-----w- c:\users\rich\appdata\local\{1C4D7ABE-E964-4BC7-B5EC-8F687BB7142D} 2012-07-03 12:36:49 -------- d-----w- c:\users\rich\appdata\local\{E336E4AD-974D-490A-846D-0B0B39D04AF0} 2012-07-03 12:36:36 -------- d-----w- c:\users\rich\appdata\local\{5895672B-47DE-482A-8C91-A7FC126BAB85} 2012-07-03 09:14:46 -------- d-----w- c:\users\rich\appdata\local\{10D73ED5-BA41-43B7-A5FB-A9908E44A94E} 2012-07-02 15:26:49 -------- d-----w- c:\users\rich\appdata\local\{E7459CDC-B4BD-408A-80EE-237EF3363972} 2012-07-02 15:26:38 -------- d-----w- c:\users\rich\appdata\local\{53F1891B-085C-46C4-8005-5F4EB01FE222} 2012-07-01 13:24:48 -------- d-----w- c:\users\rich\appdata\local\{2F9D7173-8F17-43E1-85C1-149328481A3A} 2012-07-01 13:24:36 -------- d-----w- c:\users\rich\appdata\local\{F0C8F6BD-3E1F-4088-B74B-CFE834C5B8DC} 2012-06-30 13:34:04 -------- d-----w- c:\users\rich\appdata\local\{06BE3E4F-82F1-41B4-8DBB-5BCFDE38A2AC} 2012-06-30 13:33:52 -------- d-----w- c:\users\rich\appdata\local\{6A072764-C383-4A67-AE5C-4530AA66499F} 2012-06-29 21:02:17 -------- d-----w- c:\users\rich\appdata\local\{12553D91-58E0-4A60-8ED6-F1E5D5A08553} 2012-06-29 21:01:53 -------- d-----w- c:\users\rich\appdata\local\{A262BA4E-ED30-49B8-9BDA-66C99EFC5597} 2012-06-29 09:01:25 -------- d-----w- c:\users\rich\appdata\local\{11AAC49D-26C9-4A39-88A0-7AFEE8264CAD} 2012-06-29 09:01:09 -------- d-----w- c:\users\rich\appdata\local\{9878334A-C5B4-44E0-B019-43E54D5E3324} 2012-06-28 11:22:47 -------- d-----w- c:\users\rich\appdata\local\{A856636F-C02C-4DA4-85AE-BEE224B8554B} 2012-06-28 11:22:35 -------- d-----w- c:\users\rich\appdata\local\{283F0A5E-A164-47AE-9E2E-64B08F2439C8} 2012-06-27 20:51:28 -------- d-----w- c:\users\rich\appdata\local\HotheadGames 2012-06-27 14:01:39 -------- d-----w- c:\users\rich\appdata\local\{06B3447D-0192-4CAE-AE6D-308BB76870BA} 2012-06-27 14:01:26 -------- d-----w- c:\users\rich\appdata\local\{779318F6-1605-4528-BCCB-F79802734DE9} 2012-06-27 10:54:53 -------- d-----w- c:\users\rich\appdata\local\{49888081-D5F9-4B84-B158-5905D901ACAF} 2012-06-26 15:25:07 -------- d-----w- c:\users\rich\appdata\local\{C87A99ED-459E-47C9-8BD2-DD1473A68FA2} 2012-06-26 15:24:50 -------- d-----w- c:\users\rich\appdata\local\{5CF3AD09-DBC2-4A02-BAD3-4F477BFC25C2} 2012-06-26 13:59:09 -------- d-----w- c:\users\rich\appdata\local\{AC7A7112-5637-4534-99D3-8B1BB9158213} 2012-06-25 19:44:18 -------- d-----w- c:\users\rich\appdata\local\{DA4383E5-0F92-49F6-91F0-C40248B766A5} 2012-06-25 19:44:04 -------- d-----w- c:\users\rich\appdata\local\{B57E270C-287D-4117-AB35-49FB82E86F15} 2012-06-24 17:53:02 -------- d-----w- c:\users\rich\appdata\local\{87C4865F-CC99-4947-A904-20DF9E133030} 2012-06-23 21:03:16 -------- d-----w- c:\users\rich\appdata\local\Macromedia 2012-06-23 09:30:51 -------- d-----w- c:\users\rich\appdata\local\{D1EE2B11-600B-4BD0-A72A-76B5627FB354} 2012-06-23 09:30:35 -------- d-----w- c:\users\rich\appdata\local\{9A1226E6-1039-472E-AA45-177C981AAA21} 2012-06-21 08:05:15 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 08:05:05 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 08:04:55 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-21 08:04:55 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 08:01:50 -------- d-----w- c:\users\rich\appdata\local\{5B9EE0DC-F464-4F34-A4C1-50B6B3AE008E} 2012-06-21 08:01:36 -------- d-----w- c:\users\rich\appdata\local\{89737B9E-6ABB-4C01-846B-F367C4E55DF8} 2012-06-20 16:42:09 -------- d-----w- c:\users\rich\appdata\local\{729E8BF3-F179-49D3-9ED0-8FC474E88C19} 2012-06-20 16:41:57 -------- d-----w- c:\users\rich\appdata\local\{3C7E8E58-2CDB-481B-85B3-1B490C7602C4} 2012-06-20 11:38:30 -------- d-----w- c:\users\rich\appdata\local\{7DBD4674-AAA3-45A1-9B66-D7712E656244} 2012-06-20 11:38:17 -------- d-----w- c:\users\rich\appdata\local\{E5A29916-0027-49CF-A1DD-595B4C0B6C7C} 2012-06-19 13:06:49 -------- d-----w- c:\users\rich\appdata\local\{705DF180-E7E2-4C67-B381-2D0944C593B2} 2012-06-19 13:06:37 -------- d-----w- c:\users\rich\appdata\local\{F9AB64EA-F592-4E6A-B0D3-7E5987285901} 2012-06-18 20:34:35 -------- d-----w- c:\users\rich\appdata\local\{624FD0ED-723E-43AE-9A92-8D159630C2C4} 2012-06-18 08:34:11 -------- d-----w- c:\users\rich\appdata\local\{803410B4-54D1-4BEC-A001-5CC4AF40F025} 2012-06-17 17:27:42 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2012-06-17 17:27:42 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2012-06-17 12:51:38 -------- d-----w- c:\users\rich\appdata\local\{A41C0294-F354-4B53-94EC-E3CBB20C3BD4} 2012-06-16 10:04:12 -------- d-----w- c:\users\rich\appdata\local\{1A31915C-1C81-4605-98B4-09F04D1EAB25} 2012-06-15 11:34:27 -------- d-----w- c:\users\rich\appdata\local\{2CC2762C-2924-489B-A25A-65202BED30BC} 2012-06-14 14:16:32 -------- d-----w- c:\users\rich\appdata\local\{96C48549-B283-4705-9DC8-C9F1C0B2378E} 2012-06-14 14:16:20 -------- d-----w- c:\users\rich\appdata\local\{113F7F19-D85F-49AA-BBC6-39091FB24E9B} 2012-06-13 12:42:35 -------- d-----w- c:\users\rich\appdata\local\{A408B575-9F51-4ABA-ABF3-23E696E9E52A} 2012-06-13 12:42:22 -------- d-----w- c:\users\rich\appdata\local\{D3C96546-BE51-4792-8E92-4D71FA195EE5} 2012-06-12 14:16:17 -------- d-----w- c:\users\rich\appdata\local\{BFE587A2-728E-4EBC-935F-540EE76EBE25} 2012-06-12 14:16:02 -------- d-----w- c:\users\rich\appdata\local\{EACF61EB-48B3-4B44-8385-0010F25527A3} 2012-06-11 22:39:52 -------- d-----w- c:\users\rich\appdata\local\{F9D0AD91-FAF8-431D-8EFE-9FCBF9579484} 2012-06-11 22:39:37 -------- d-----w- c:\users\rich\appdata\local\{0FAED150-B161-4C9F-BC7C-3CA2860F5ECB} 2012-06-11 10:25:54 -------- d-----w- c:\users\rich\appdata\local\{9539CB8B-0F1F-4C3E-B92A-FA2A4D503BA7} 2012-06-11 10:25:40 -------- d-----w- c:\users\rich\appdata\local\{230A57C0-57A2-418C-903E-8A11FC983ECA} 2012-06-10 11:05:05 -------- d-----w- c:\users\rich\appdata\local\{C8ACDEB4-C905-4E3F-828D-C39F820C6FE3} 2012-06-10 11:04:47 -------- d-----w- c:\users\rich\appdata\local\{16F59312-4FA5-42DE-9637-6F58E8461B6F} 2012-06-08 22:48:58 -------- d-----w- c:\users\rich\appdata\local\{D45697FE-ACE4-47C2-972F-BD6B52C6AC08} 2012-06-08 22:48:46 -------- d-----w- c:\users\rich\appdata\local\{15DA8384-E1CF-42C0-BD8A-3112AF087EAA} 2012-06-08 10:37:22 -------- d-----w- c:\users\rich\appdata\local\{7607624D-F8D2-457D-B7F4-AA42E503DCC6} 2012-06-08 10:37:10 -------- d-----w- c:\users\rich\appdata\local\{5D108F12-ECED-489F-92CA-D9FAB1672F0D} 2012-06-07 10:28:08 -------- d-----w- c:\users\rich\appdata\local\{E9B37710-C387-46A0-8D29-5D7B08FA2B65} 2012-06-07 10:27:55 -------- d-----w- c:\users\rich\appdata\local\{A8FC8F80-67B4-43E8-AFF8-D5DA2300454B} 2012-06-07 10:26:08 -------- d-----w- c:\users\rich\appdata\local\{26BFC2A9-902E-4270-998C-2AF5F35B9AE5} 2012-06-06 10:31:03 -------- d-----w- c:\users\rich\appdata\local\{DE79B012-679E-4BB4-B61F-5A526A658A7C} 2012-06-06 10:30:49 -------- d-----w- c:\users\rich\appdata\local\{3EE3FF80-15A0-4542-8609-58C024598EBB} 2012-06-05 15:04:06 -------- d-----w- c:\users\rich\appdata\local\{35E4404D-4DEC-4446-8FB9-BA0DF5DB8198} 2012-06-05 15:03:49 -------- d-----w- c:\users\rich\appdata\local\{7FA64710-B97B-42D4-A330-333AC972F1A1} 2012-06-05 11:48:13 -------- d-----w- c:\users\rich\appdata\local\{FDD403D8-5B0E-43B3-AC56-4152288C6A42} . ==================== Find3M ==================== . 2012-06-23 18:58:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-23 18:58:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-18 15:14:02 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2012-05-18 15:14:02 22328 ----a-w- c:\users\rich\appdata\roaming\PnkBstrK.sys 2012-05-18 15:13:38 107832 ----a-w- c:\windows\system32\PnkBstrB.exe 2012-05-18 15:13:15 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2012-05-18 15:13:15 2337865 ----a-w- c:\windows\system32\pbsvc.exe 2012-05-15 09:28:49 645440 ----a-w- c:\windows\system32\nvvsvc.exe 2012-05-15 09:28:49 62272 ----a-w- c:\windows\system32\nvshext.dll 2012-05-15 09:28:49 2621723 ----a-w- c:\windows\system32\nvcoproc.bin 2012-05-15 09:28:49 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-15 09:28:48 3931456 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:27:28 2759488 ----a-w- c:\windows\system32\nvsvc.dll 2012-05-15 01:21:50 423744 ----a-w- c:\windows\system32\nvStreaming.exe 2012-05-08 04:31:40 476960 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-05-08 04:31:40 472864 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-07 20:05:29 0 ----a-w- c:\windows\ativpsrm.bin 2012-04-19 03:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-04-18 17:08:07 27968 ----a-w- c:\windows\system32\nvhdap32.dll 2012-04-18 17:08:04 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys 2012-04-18 17:08:02 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll . ============= FINISH: 11:46:56.68 ===============
  15. I'm a little curious here. Looking at the help forums, it seems like a lot of people are having trouble with things related to svchost.exe & outgoing communications. Is this a "new" virus? Is everybody getting it from the same place, or is it just a big coincidence that so many people are getting it? Also, I'm not sure if this is the right place for it, but I have the issue too. I posted a help topic in the right place, but it's only been viewed a few times & it seems like it's getting buried. http://forums.malwarebytes.org/index.php?showtopic=112013 I understand that it might take time to get a reply. I just need help with this & I'm afraid the topic is going unnoticed.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.