Visenya

Last time you had given me a link that neatly cleaned up all the installs and log files - should I be using that again? There should be a paypal donation showing up momentarily to you as well. I apologize as I know I said I was going to send something last time, there have been some complex medical issues going on with the family and it sort of slipped through the cracks. So this is for this time and last time. Thank you again MrC!

Initial searching seems good. I will monitor over the next couple of days as the issue did not resurface until hours later when you previously helped me remove the virus that was causing the issue. As an addendum to the hosts file - I got a little scared when I saw all the websites showing up in the scan logs from the tools you gave me but when I open the actual file I see this above them: # Start of entries inserted by Spybot - Search & Destroy and an end comment below them saying # End of entries inserted by Spybot - Search & Destroy so I think I was alarmed by it for no reason - it is actually the sites that Spybot "immunizes" against.

Ok - another quick question. Should we be doing anything about the hosts file? When I looked at it after we last cleaned the computer it was very standard looking, empty. Now its FULL of weird spammy looking sites such as below: --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com

Firefox I have not noticed it in any other browser, however I don't use the other browsers on the PC very often if at all.

OTL.txt OTL logfile created on: 9/2/2012 3:52:29 PM - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Aryylas\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 6.52 Gb Available Physical Memory | 81.57% Memory free 15.99 Gb Paging File | 14.29 Gb Available in Paging File | 89.36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450.66 Gb Total Space | 210.84 Gb Free Space | 46.78% Space Free | Partition Type: NTFS Drive D: | 100.00 Mb Total Space | 70.80 Mb Free Space | 70.80% Space Free | Partition Type: NTFS Drive E: | 7.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive F: | 2.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: ARYYLAS-PC | User Name: Aryylas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/02 15:52:12 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Aryylas\Desktop\OTL.exe PRC - [2012/08/31 18:24:57 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe PRC - [2012/07/31 18:37:56 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/07/24 11:17:50 | 001,193,176 | ---- | M] () -- C:\Users\Aryylas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012/07/21 09:55:41 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010/08/10 05:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010/08/10 05:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010/08/10 05:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010/06/28 19:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010/04/14 16:03:46 | 000,275,832 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe PRC - [2010/04/14 16:03:46 | 000,140,160 | ---- | M] (Advanced Micro Devices) -- C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe PRC - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe ========== Modules (No Company Name) ========== MOD - [2012/08/31 18:24:57 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll MOD - [2012/07/24 11:17:50 | 001,193,176 | ---- | M] () -- C:\Users\Aryylas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012/07/21 09:55:41 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2010/06/28 19:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2009/05/20 02:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/05/22 22:02:36 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012/05/22 21:52:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/06/11 17:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/08/24 20:37:15 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/07/31 18:37:56 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/07/21 09:55:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/16 10:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/05/17 15:51:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Disabled | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Disabled | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc) SRV - [2010/08/10 05:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010/06/28 19:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010/06/01 19:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010/05/26 23:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010/04/14 16:03:46 | 000,275,832 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe -- (AMD FusionUtility Service) SRV - [2010/04/14 16:03:46 | 000,140,160 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV - [2010/04/03 19:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/05/22 23:15:36 | 010,248,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/05/22 21:08:40 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011/12/19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw) DRV:64bit: - [2011/12/19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis) DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips) DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs) DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE) DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP) DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL) DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/07/08 23:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010/06/17 05:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/06/16 17:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) DRV:64bit: - [2010/05/14 17:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2010/05/11 06:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/04/29 05:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010/04/19 22:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010/04/13 06:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 21:40:11 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/02 23:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009/06/02 23:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009/06/02 23:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV - [2012/08/16 22:34:41 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox) DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-500180581-3182723006-2823437177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-500180581-3182723006-2823437177-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-500180581-3182723006-2823437177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Aryylas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Aryylas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Aryylas\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Aryylas\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 09:55:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/05 10:48:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 09:55:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/05 10:48:14 | 000,000,000 | ---D | M] [2012/05/17 14:09:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aryylas\AppData\Roaming\Mozilla\Extensions [2012/08/01 06:51:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aryylas\AppData\Roaming\Mozilla\Firefox\Profiles\71tqzoiy.default\extensions [2012/07/23 10:43:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Aryylas\AppData\Roaming\Mozilla\Firefox\Profiles\71tqzoiy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/06/09 11:27:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [1832/11/29 00:44:26 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\ARYYLAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\71TQZOIY.DEFAULT\EXTENSIONS\YDWAHSHKLP@YDWAHSHKLP.ORG.XPI [2012/07/21 09:55:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/12/09 13:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012/07/21 09:55:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/07/21 09:55:39 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Aryylas\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Aryylas\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Aryylas\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Aryylas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Aryylas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Aryylas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Aryylas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\Aryylas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/08/16 23:14:32 | 000,444,105 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15252 more lines... O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-500180581-3182723006-2823437177-1000..\Run: [PlayNC Launcher] File not found O4 - HKU\S-1-5-21-500180581-3182723006-2823437177-1000..\Run: [spotify Web Helper] C:\Users\Aryylas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Aryylas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk = C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97F6DD8B-BE8B-4FDD-B0CF-2095CF0515DD}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/04/27 07:09:58 | 000,000,143 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{434ce64e-cede-11e1-badb-b870f477edad}\Shell - "" = AutoRun O33 - MountPoints2\{434ce64e-cede-11e1-badb-b870f477edad}\Shell\AutoRun\command - "" = F:\Setup\rsrc\AUTORUN.EXE -- [2000/01/17 00:28:36 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>) O33 - MountPoints2\{434ce64e-cede-11e1-badb-b870f477edad}\Shell\dinstall\command - "" = F:\DirectX\dxsetup.exe -- [2003/08/18 08:15:00 | 000,467,456 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/09/02 15:52:11 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Aryylas\Desktop\OTL.exe [2012/09/02 14:44:13 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Local\Diagnostics [2012/09/02 14:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012/09/02 13:45:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/09/02 13:45:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/09/02 13:41:18 | 004,742,930 | ---- | C] (Swearware) -- C:\Users\Aryylas\Desktop\ComboFix.exe [2012/09/02 11:48:33 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\Desktop\RK_Quarantine [2012/09/02 11:48:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/09/02 11:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/09/02 09:43:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Aryylas\Desktop\dds.com [2012/08/31 18:44:37 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Local\Macromedia [2012/08/31 18:24:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012/08/16 23:09:23 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Aryylas\Desktop\tdsskiller.exe [2012/08/16 23:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012/08/16 08:57:39 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JFK Reloaded [2012/08/16 08:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JFK Reloaded [2012/08/16 08:57:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JFK Reloaded [2012/08/12 20:20:47 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Roaming\Stardock [2012/08/12 20:20:47 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Local\GameStop [2012/08/12 20:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Gibraltar [2012/08/12 20:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameStop App [2012/08/12 20:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameStop [2012/08/12 20:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\GameStop [2012/08/12 20:20:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AC1FA872-E696-4D01-A2D5-76D53ED9BA09} [2012/08/12 20:19:54 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Local\PackageAware [2012/08/12 20:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock [2012/08/11 13:20:46 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/08/11 10:58:22 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Roaming\Malwarebytes [2012/08/11 10:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/08/11 10:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/08/11 10:58:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/08/11 10:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/08/04 20:34:00 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\Documents\Bioshock [2012/08/04 20:34:00 | 000,000,000 | ---D | C] -- C:\Users\Aryylas\AppData\Roaming\Bioshock [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/09/02 15:52:12 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Aryylas\Desktop\OTL.exe [2012/09/02 15:20:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-500180581-3182723006-2823437177-1000UA.job [2012/09/02 15:15:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/02 15:15:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/02 15:08:12 | 000,001,204 | ---- | M] () -- C:\Users\Aryylas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk [2012/09/02 15:07:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/02 15:07:43 | 2143,469,567 | -HS- | M] () -- C:\hiberfil.sys [2012/09/02 13:41:21 | 004,742,930 | ---- | M] (Swearware) -- C:\Users\Aryylas\Desktop\ComboFix.exe [2012/09/02 12:43:21 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Aryylas\Desktop\tdsskiller.exe [2012/09/02 11:41:42 | 001,377,280 | ---- | M] () -- C:\Users\Aryylas\Desktop\RogueKiller.exe [2012/09/02 09:43:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Aryylas\Desktop\dds.com [2012/09/02 09:40:33 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-500180581-3182723006-2823437177-1000Core.job [2012/08/31 18:25:35 | 000,804,816 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/31 18:25:35 | 000,678,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/31 18:25:35 | 000,127,882 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/31 17:40:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012/08/24 21:33:11 | 000,001,036 | ---- | M] () -- C:\Users\Aryylas\Desktop\The Secret World.lnk [2012/08/16 23:14:32 | 000,444,105 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/08/16 22:34:41 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\BlackBox.sys [2012/08/11 10:58:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/08/10 20:11:39 | 000,000,000 | ---- | M] () -- C:\Users\Aryylas\AppData\Local\census.cache [2012/08/10 20:11:39 | 000,000,000 | ---- | M] () -- C:\Users\Aryylas\AppData\Local\ars.cache [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/09/02 11:41:42 | 001,377,280 | ---- | C] () -- C:\Users\Aryylas\Desktop\RogueKiller.exe [2012/08/31 17:40:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012/08/24 21:33:11 | 000,001,036 | ---- | C] () -- C:\Users\Aryylas\Desktop\The Secret World.lnk [2012/08/16 22:34:34 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys [2012/08/12 20:20:48 | 000,001,204 | ---- | C] () -- C:\Users\Aryylas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk [2012/08/11 10:58:13 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/08/10 20:05:50 | 000,000,000 | ---- | C] () -- C:\Users\Aryylas\AppData\Local\census.cache [2012/08/10 20:05:50 | 000,000,000 | ---- | C] () -- C:\Users\Aryylas\AppData\Local\ars.cache [2012/07/31 15:52:34 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/07/31 15:52:12 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/07/31 15:17:06 | 000,000,036 | ---- | C] () -- C:\Users\Aryylas\AppData\Local\housecall.guid.cache [2012/07/31 12:09:44 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012/07/31 11:41:06 | 000,000,073 | ---- | C] () -- C:\Windows\wininit.ini [2012/07/16 13:21:01 | 000,000,343 | ---- | C] () -- C:\Windows\doom3.ini [2012/06/01 14:38:22 | 000,007,620 | ---- | C] () -- C:\Users\Aryylas\AppData\Local\Resmon.ResmonCfg [2012/05/25 11:15:49 | 000,001,053 | ---- | C] () -- C:\Users\Aryylas\Documents - Shortcut.lnk [2012/05/22 21:29:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/05/22 21:29:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/05/17 15:39:08 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2012/05/17 15:39:08 | 000,113,264 | ---- | C] () -- C:\Windows\FixUVC.exe [2012/05/17 15:39:08 | 000,000,321 | ---- | C] () -- C:\Windows\PidList_C.ini [2012/05/17 15:31:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/05/17 14:09:13 | 000,799,096 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/05/31 02:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011/05/31 02:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll ========== LOP Check ========== [2012/08/05 14:19:06 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\.minecraft [2012/06/09 08:45:01 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Ad-Aware Antivirus [2012/08/04 21:49:03 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Bioshock [2012/06/15 09:34:21 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\GermanDarknes [2012/07/21 15:08:14 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Hive Cluster [2012/05/18 10:02:49 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\LolClient [2012/05/23 14:05:37 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\LolClient2 [2012/05/20 11:12:05 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Natural Selection 2 [2012/06/17 11:19:12 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\NeopleLauncherDFO [2012/07/31 11:41:43 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Origin [2012/06/15 19:59:07 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\RotMG.Production [2012/08/23 20:14:51 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Spotify [2012/08/12 20:20:47 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\Stardock [2012/07/26 14:12:50 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\SystemRequirementsLab [2012/07/27 12:52:30 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\TeamViewer [2012/05/17 14:15:27 | 000,000,000 | ---D | M] -- C:\Users\Aryylas\AppData\Roaming\WildTangent [2012/06/16 23:48:53 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt OTL Extras logfile created on: 9/2/2012 3:52:29 PM - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Aryylas\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 6.52 Gb Available Physical Memory | 81.57% Memory free 15.99 Gb Paging File | 14.29 Gb Available in Paging File | 89.36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450.66 Gb Total Space | 210.84 Gb Free Space | 46.78% Space Free | Partition Type: NTFS Drive D: | 100.00 Mb Total Space | 70.80 Mb Free Space | 70.80% Space Free | Partition Type: NTFS Drive E: | 7.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive F: | 2.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: ARYYLAS-PC | User Name: Aryylas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-500180581-3182723006-2823437177-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2E43B4A7-0A40-4765-9CA6-782A7611EDDC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{ED9900F4-3EE8-4F7A-89BB-52ACCDF2550B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00974591-EB90-4F4C-946C-9A3EE7F757CF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{031B8EF5-1259-44D4-AE53-C966BA199065}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | "{09A6C68C-E9D7-43D2-BFCC-26C48C6DAC39}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0BDA57B8-BB32-49A8-B87C-32C5AC549AD6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{0DB99DD0-1357-491B-8A47-FF62011B0841}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | "{1215D748-2700-4992-A93E-15C20BB902E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | "{13EBC6F1-804B-4359-B23B-C850B6F97D69}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{17624373-2938-4F58-AAB6-EC1D5A6EA6CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{1A25817B-CD55-4777-AA4D-0FBDF701E3D2}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe | "{1ED888F4-4717-451E-A379-E4A109440452}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe | "{2B322CA2-9BEB-4D5A-B8A0-F89F30050753}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{2BAB2017-D443-4462-85E2-6D0926BEFE7F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{2C1555DB-23C4-4708-9241-0C8390373D22}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | "{2C1B87FF-99C8-45E6-8563-F2FCC603A073}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\launchpad.exe | "{2E969FAB-35B5-4EA6-8B5C-FF7DB2777F1D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld abes oddysee\abewin.exe | "{32E5DDF5-14B0-419A-886A-05E6F16F0BB2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{3938D7BD-FBC5-45A1-9388-EBCBA8EED4C7}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{3F8C768E-04AA-4697-8159-BAE2FD7C2AA5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{48A6F7ED-4E9F-4D8C-9CF1-3BF0723497BB}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe | "{4BAF92FB-153F-4A3A-8B4B-306352C24025}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{4E0EA1EE-ABAD-49F9-8B17-D304840314F2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{55F7E1F1-581D-408D-BE7E-586959434DE4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld abes oddysee\abewin.exe | "{5B3150FA-9FA2-40A6-882B-6EE45FE0EEF3}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{5CABEE34-C3FE-407E-8CD1-99C7A3117E04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{60BA722C-B5EE-4DB6-8A41-B26F43D08147}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{62E09651-85F1-48F9-918E-F265AF099985}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{64E75F63-8791-4E18-BE78-EE8498549582}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{67B31539-6731-4C59-B941-9DC78DA036E6}" = protocol=17 | dir=in | app=c:\users\aryylas\appdata\local\google\google talk plugin\googletalkplugin.exe | "{69329F3B-F26B-4D70-B565-F9D3209A7B2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld abes exoddus\exoddus.exe | "{6E14BA49-432F-4F84-BD78-03A0066DB8A8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{71D49B40-D217-463F-8EF0-1259A816B837}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | "{72CC9928-E408-42EF-B725-A832A189C69E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{72F2C548-90A1-446B-90C5-8DAF63E62D25}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe | "{743F2453-CA9B-4205-9BCA-D942368A0A3F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{85CFC214-EE8F-4CA2-8EEA-5CDD787BF63C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oddworld abes exoddus\exoddus.exe | "{8842690F-E5B6-4CC7-A649-369A3E3EE9CF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "{8F143CB5-3294-4677-A256-BB0F187A03A7}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | "{8F1B3031-05DB-4B8F-877F-20CD43540AE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe | "{9AF74214-2D82-4425-A1C0-0940349D5D8D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\launchpad.exe | "{9EF6F2EB-6C1E-4164-BD0C-BE681C6FC9D3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{9F6B0970-D640-440E-A7D5-EA5F211A74CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\launchpad.exe | "{A1D54C36-0EA4-4345-84FB-41E6822ACF4E}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "{A3EFB500-03A0-4DD4-86DD-0F6264B83CEA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{A51E2538-1201-4F30-ABAA-9304E38561D8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{AA42B8D7-BC66-440C-9771-B73C043D6D86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | "{B1015E68-9DCC-4796-AA7B-B2069789D51A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{B5B39D8E-6E85-41E5-BEBD-28BF0E81058A}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | "{BA96AECD-4D28-4102-8045-6A6C9B0D33D8}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "{BCC05CC6-2FB1-48B9-83C8-CCD7414F1A09}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | "{C311E312-BE50-4BDC-8861-3326F14076F5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{C477681B-81D6-4EC2-918B-F31892012BBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | "{C6BD4585-D5B3-4772-BFB9-F350BE0FA1E0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{CBCE0576-C3FE-4962-AD88-4CE7CEF25AA5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | "{CD73E465-4A56-4E2C-B329-EDE031080DC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{D602283D-A144-4BB3-9B66-F9D6BB4701DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | "{D717DE22-965E-437E-A74B-33F39E609154}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\launchpad.exe | "{DD954020-0536-46DC-A919-F0A25A22A302}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{DF2C913E-4486-4DB8-9D96-829ABF093B3E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{E4EA57BD-4326-4619-BEAD-971695356566}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "{E5DEFE05-0D4D-4ABC-A7BF-BE2E4BEB68F3}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{E9E79850-65F8-4C21-B1E6-2E92FE2849BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe | "{EE85E797-3584-4A62-882D-4FE5D2F1D89B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F7081FCC-23EB-48BF-9AC3-692688037A0A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe | "{F83633B0-42DA-4DDA-A258-91566FF594AC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{FE7E2321-1D28-4B0F-A453-7655B7AF71D9}" = protocol=6 | dir=in | app=c:\users\aryylas\appdata\local\google\google talk plugin\googletalkplugin.exe | "{FEFC172F-CF3D-40A1-85F8-CEA6953C0283}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe | "TCP Query User{06994CFC-234F-4E8B-829E-24E9C216A638}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "TCP Query User{0D08C6D3-E5AE-407A-8CC2-E2809C22D42A}C:\nexon\dfo\dfo.exe" = protocol=6 | dir=in | app=c:\nexon\dfo\dfo.exe | "TCP Query User{1FD62D85-30C3-4370-B6BF-ED8CC67F72D4}C:\users\aryylas\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\aryylas\appdata\roaming\spotify\spotify.exe | "TCP Query User{2D2DD710-C575-41FC-97AD-5F97AA1EDE7A}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "TCP Query User{2DACF7AE-96E2-4F22-A41A-9FDE497CB6BD}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "TCP Query User{60217BAC-8B53-4BAA-A81B-79108F0E7B9B}C:\program files (x86)\steam\steamapps\aryylasdarkfyre@hotmail.com\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\aryylasdarkfyre@hotmail.com\counter-strike source\hl2.exe | "TCP Query User{8B7977F1-8B50-4BCA-A055-0F3E6A3F289F}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "TCP Query User{B1977E23-86C6-4CBD-8939-F0CC3ED04888}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "TCP Query User{B1F5284A-6DAC-406E-AD8C-C87EFB755578}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "TCP Query User{CE9F5771-E5F1-4290-8A19-E587C5EF58A1}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | "TCP Query User{DB87BA24-2B6F-44E6-86D4-71BFDEF2A0C3}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "TCP Query User{E0A887B8-2670-4466-9BE8-0C47CFC1EE7F}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "TCP Query User{F589514F-CBDB-401E-B98D-3BF72C591569}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe | "UDP Query User{0EDEF8C4-FD0E-420C-AA8A-9BD03FE20DB2}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "UDP Query User{1EC321FC-47B8-48D3-B900-6824A5E382E7}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | "UDP Query User{4FD8E087-0774-45F1-BC39-6552D64D701A}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "UDP Query User{8BEC165F-C66D-4B91-AB57-495FC756235C}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "UDP Query User{92653D68-ED93-4E33-8E22-21816F32BCE4}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "UDP Query User{A163DCBF-8AE5-43F3-AC2A-D6E7FBCDFE73}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "UDP Query User{A3F0D4C5-FDDA-4969-8A7E-59A97AAB4585}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "UDP Query User{ABC248D9-1324-484F-B12E-3518DD1D070F}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "UDP Query User{B1E4C5ED-DC9E-453B-A780-B9D98C124848}C:\nexon\dfo\dfo.exe" = protocol=17 | dir=in | app=c:\nexon\dfo\dfo.exe | "UDP Query User{BC514CAD-A2B3-4371-BE58-FB0461237931}C:\program files (x86)\steam\steamapps\aryylasdarkfyre@hotmail.com\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\aryylasdarkfyre@hotmail.com\counter-strike source\hl2.exe | "UDP Query User{CB7668B5-C078-4B08-934B-150ABA434C73}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe | "UDP Query User{E8E14F96-6613-41F7-9CEB-A898A505DE19}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "UDP Query User{EC0DADCB-FAD0-421D-8A9C-E4A082AC2D84}C:\users\aryylas\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\aryylas\appdata\roaming\spotify\spotify.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07D1CCC7-85B8-802A-A3D3-19EA4488CC22}" = AMD Media Foundation Decoders "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{4C569ABA-8FE0-DC22-5550-FC0D4837F6B0}" = ccc-utility64 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8D2B792E-2738-FA40-0CE9-9531F9C47E6E}" = AMD Fuel "{8DDDD1B7-CB3E-3270-6EC0-581C7C7CAE68}" = AMD Catalyst Install Manager "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8F617308-573A-513C-8F73-5F2C2157124B}" = AMD Accelerated Video Transcoding "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{AADE1FBC-E59B-AD50-83A3-8EBEB5A07252}" = AMD Drag and Drop Transcoding "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "The Secret World_is1" = The Secret World [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{121E6FA9-6633-1FB3-473F-6EED2CC9D96A}" = CCC Help English "{1429F2F7-C307-94C3-025C-754E7B23C195}" = CCC Help Finnish "{15157B88-3773-FE29-99A3-065749EA2DF7}" = CCC Help Danish "{1583C05E-2AB7-7892-6A73-3E671B79F26C}" = CCC Help Czech "{15E642CC-E176-5962-8A9B-6E3E44AC413A}" = CCC Help Swedish "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1BC4F235-FCFB-54EE-E05B-551D8DA20164}" = CCC Help Greek "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28D67165-E575-5F18-ED79-6C8ABBFC23A7}" = Catalyst Control Center Localization All "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish "{2E9CBC83-B021-4118-8BB9-40FFF1179C3C}" = AMD Fusion Utility "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D96BC8B-3945-D6F1-87BC-B32029BBC07F}" = CCC Help Turkish "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher "{5FADC5E2-3564-7601-471B-B3648D26FBAC}" = CCC Help Spanish "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71A2554B-5DAE-86F9-AA6C-E773B1F41EB0}" = AMD VISION Engine Control Center "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{736C6F0E-A133-9BA8-1567-C32615B56606}" = Catalyst Control Center Graphics Previews Common "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85257426-38D5-F3BB-533F-14AD95510CD8}" = Catalyst Control Center InstallProxy "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B7BFDD0-D33E-A654-88E5-0AA86CDD712D}" = CCC Help Chinese Standard "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B326B27-315A-5268-2EA0-37183003C55F}" = CCC Help Chinese Traditional "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A78A44C4-2406-971B-A844-2DBD7AA4EF1D}" = CCC Help Thai "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{AFFC96D1-1341-9A0D-5C6B-86C129E0DE99}" = CCC Help French "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B428FE8F-C5C1-1013-F595-CE60F33796C0}" = CCC Help Korean "{B890C235-856E-974C-34E1-4BA27190B269}" = CCC Help Japanese "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C496E361-159F-5E56-DEBC-2AFE49AEF5F3}" = CCC Help German "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C9559D7E-1CE6-F543-A474-0351AEDCD553}" = CCC Help Dutch "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.199.107 "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4E133B8-6359-B9D6-D82D-3E021570F88A}" = CCC Help Hungarian "{DC58EF47-72CC-2499-7D1A-E8F662B68BC1}" = CCC Help Polish "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = GameStop App "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EC409068-9252-2A42-0E4D-E2A4EF612810}" = CCC Help Portuguese "{ECD71D86-8D8E-B8D4-3B04-DCBBE70E8D54}" = CCC Help Norwegian "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F3FC97A4-7E43-8230-61FD-5784B5F5D580}" = CCC Help Italian "{F7B1FFCA-7ED4-C50E-F98F-6DE383C8AF66}" = CCC Help Russian "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch "{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Acer Game Console" = Acer Game Console "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "BandiMPEG1" = Bandisoft MPEG-1 Decoder "Battlelog Web Plugins" = Battlelog Web Plugins "Cisco Connect" = Cisco Connect "DFO" = DFOLauncher "Diablo III" = Diablo III "ESN Sonar-0.70.4" = ESN Sonar "ffdshow_is1" = ffdshow [rev 3154] [2009-12-09] "GameStop App" = GameStop App "hon" = Heroes of Newerth "Identity Card" = Identity Card "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3 "JFK Reloaded" = JFK Reloaded 1.1 "LManager" = Launch Manager "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "Steam App 102600" = Orcs Must Die! "Steam App 105600" = Terraria "Steam App 113200" = The Binding of Isaac "Steam App 15700" = Oddworld: Abe's Oddysee "Steam App 15710" = Oddworld: Abe's Exoddus "Steam App 207170" = Legend of Grimrock "Steam App 220" = Half-Life 2 "Steam App 240" = Counter-Strike: Source "Steam App 24240" = PAYDAY: The Heist "Steam App 340" = Half-Life 2: Lost Coast "Steam App 39160" = Dungeon Siege III "Steam App 440" = Team Fortress 2 "Steam App 4920" = Natural Selection 2 "Steam App 550" = Left 4 Dead 2 "Steam App 570" = Dota 2 "Steam App 7670" = BioShock "Steam App 8980" = Borderlands "TeamViewer 7" = TeamViewer 7 "Vindictus" = Vindictus "WildTangent acer Master Uninstall" = Acer Games "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.11 (32-bit) "World of Warcraft" = World of Warcraft "WT088295" = Agatha Christie - Death on the Nile "WT088300" = Bejeweled 2 Deluxe "WT088310" = Build-a-lot 2 "WT088312" = Chuzzle Deluxe "WT088318" = Diner Dash 2 Restaurant Rescue "WT088350" = Jewel Quest Solitaire 2 "WT088364" = Plants vs. Zombies "WT088373" = Blackhawk Striker 2 "WT088393" = Dora's Carnival Adventure "WT088413" = FATE "WT088445" = John Deere Drive Green "WT088449" = Penguins! "WT088453" = Polar Bowler "WT088457" = Polar Golfer "WT088517" = Zuma's Revenge "WT088553" = Virtual Villagers 4 - The Tree of Life "WT088649" = 18 Wheels of Steel - American Long Haul "WT088653" = Jewel Quest - Heritage ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-500180581-3182723006-2823437177-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "NCsoft-Aion" = Aion "SOE-EverQuest II" = EverQuest II "Spotify" = Spotify "Winamp Detect" = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/13/2012 7:59:31 AM | Computer Name = Aryylas-PC | Source = Application Hang | ID = 1002 Description = The program firefox.exe version 12.0.0.4493 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 734 Start Time: 01cd495b8d68dfa0 Termination Time: 20 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 3989eae6-b54f-11e1-83b5-b870f477edad Error - 6/14/2012 10:41:19 AM | Computer Name = Aryylas-PC | Source = Application Error | ID = 1000 Description = Faulting application name: TheSecretWorldDX11.exe, version: 1.0.0.0, time stamp: 0x4fd91c77 Faulting module name: TheSecretWorldDX11.exe, version: 1.0.0.0, time stamp: 0x4fd91c77 Exception code: 0xc0000005 Fault offset: 0x00e0a8bc Faulting process id: 0xc10 Faulting application start time: 0x01cd4a2f6bf716d9 Faulting application path: C:\Program Files\Funcom\The Secret World\TheSecretWorldDX11.exe Faulting module path: C:\Program Files\Funcom\The Secret World\TheSecretWorldDX11.exe Report Id: 004d35c0-b62f-11e1-8719-b870f477edad Error - 6/14/2012 3:57:59 PM | Computer Name = Aryylas-PC | Source = Application Hang | ID = 1002 Description = The program PowerDVD9.exe version 9.0.3216.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 504 Start Time: 01cd4a5d7061fe6a Termination Time: 48 Application Path: C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.exe Report Id: Error - 6/17/2012 12:05:58 AM | Computer Name = Aryylas-PC | Source = Application Hang | ID = 1002 Description = The program FusionUI.exe version 2.0.1.117 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 3bc Start Time: 01cd4c3e6cb2de0a Termination Time: 6 Application Path: C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUI.exe Report Id: bad238dc-b831-11e1-b7e9-b870f477edad Error - 6/17/2012 12:09:57 AM | Computer Name = Aryylas-PC | Source = Application Hang | ID = 1002 Description = The program DFO.exe version 1.0.44.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ee8 Start Time: 01cd4c3edc4dfd74 Termination Time: 208 Application Path: C:\Nexon\DFO\DFO.exe Report Id: 47d8992c-b832-11e1-b7e9-b870f477edad Error - 6/17/2012 1:22:46 AM | Computer Name = Aryylas-PC | Source = Application Error | ID = 1000 Description = Faulting application name: DFO.exe, version: 1.0.44.1, time stamp: 0x4fd73d37 Faulting module name: DFO.exe, version: 1.0.44.1, time stamp: 0x4fd73d37 Exception code: 0xc0000005 Fault offset: 0x00a23998 Faulting process id: 0x644 Faulting application start time: 0x01cd4c4938532ffe Faulting application path: C:\Nexon\DFO\DFO.exe Faulting module path: C:\Nexon\DFO\DFO.exe Report Id: 7859f703-b83c-11e1-b7e9-b870f477edad Error - 6/26/2012 4:05:14 PM | Computer Name = Aryylas-PC | Source = SignInAssistant | ID = 0 Description = Error - 6/28/2012 8:06:37 PM | Computer Name = Aryylas-PC | Source = Application Error | ID = 1000 Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0, time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x6b68e36c Faulting process id: 0xec8 Faulting application start time: 0x01cd55898e4c8606 Faulting application path: c:\program files (x86)\steam\steamapps\aryylasdarkfyre@hotmail.com\counter-strike source\hl2.exe Faulting module path: filesystem_steam.dll Report Id: 4b01ab70-c17e-11e1-b8ea-b870f477edad Error - 6/28/2012 10:33:12 PM | Computer Name = Aryylas-PC | Source = SignInAssistant | ID = 0 Description = Error - 7/15/2012 5:39:41 PM | Computer Name = Aryylas-PC | Source = Application Hang | ID = 1002 Description = The program Steam.exe version 1.0.1065.11 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: be0 Start Time: 01cd62b140507e08 Termination Time: 0 Application Path: C:\Program Files (x86)\Steam\Steam.exe Report Id: 910d6b67-cec5-11e1-8860-b870f477edad [ Media Center Events ] Error - 8/4/2012 3:52:27 AM | Computer Name = Aryylas-PC | Source = MCUpdate | ID = 0 Description = 3:52:27 AM - Failed to retrieve Directory (Error: Unable to connect to the remote server) Error - 8/4/2012 8:12:40 AM | Computer Name = Aryylas-PC | Source = MCUpdate | ID = 0 Description = 8:12:17 AM - Error connecting to the internet. 8:12:17 AM - Unable to contact server.. Error - 8/12/2012 5:57:43 AM | Computer Name = Aryylas-PC | Source = MCUpdate | ID = 0 Description = 5:57:43 AM - Failed to retrieve MCEClientUX (Error: Unable to connect to the remote server) Error - 8/12/2012 5:57:43 AM | Computer Name = Aryylas-PC | Source = MCUpdate | ID = 0 Description = 5:57:43 AM - Failed to retrieve SportsSchedule (Error: The remote name could not be resolved: 'data.tvdownload.microsoft.com') Error - 8/12/2012 5:57:43 AM | Computer Name = Aryylas-PC | Source = MCUpdate | ID = 0 Description = 5:57:43 AM - Failed to retrieve SportsV2 (Error: The remote name could not be resolved: 'data.tvdownload.microsoft.com') Error - 8/12/2012 11:07:14 AM | Computer Name = Aryylas-PC | Source = MCUpdate | ID = 0 Description = 5:57:43 AM - Failed to retrieve Broadband (Error: The remote name could not be resolved: 'data.tvdownload.microsoft.com') [ System Events ] Error - 6/5/2012 6:26:45 AM | Computer Name = Aryylas-PC | Source = DCOM | ID = 10010 Description = < End of report >

No need for any sorry! You are helping me out here! Contents of quarentine file from Combofix: 2012-09-02 18:14:16 . 2012-09-02 18:14:16 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-ETDWare.reg.dat 2012-09-02 18:14:14 . 2012-09-02 18:14:14 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat 2012-09-02 18:12:17 . 2012-09-02 18:12:17 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-83345985.sys.reg.dat 2012-09-02 18:11:51 . 2012-09-02 18:11:51 101 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-PlayNC Launcher.reg.dat 2012-09-02 18:11:47 . 2012-09-02 18:11:47 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat 2012-09-02 17:55:17 . 2012-09-02 17:55:17 13,295 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2012-09-02 17:46:05 . 2012-09-02 17:46:05 51 ----a-w- C:\Qoobox\Quarantine\catchme.log 2007-11-07 12:03:18 . 2007-11-07 12:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\Install.exe.vir

System restore completed, I am now able to connect to the internet from the effected machine. Awaiting further instruction.

ok doing that now wil report back shortly

in regards to the internet access, it is not working wired or wireless. when i run windows network diagnostics it says there is not a valid ip configuration.

Ran combofix... now have no ability to connect to internet. It did not restore internet connection as it said it would. transferred log to my phone, which im posting from now. ComboFix-230790420.txt

No issues were found. Log claims it is too long to copy to the post itself so I am attaching it. TDSSKiller.2.8.8.0_02.09.2012_12.46.28_log.txt

I realized that was a rather silly question - I uninstalled both the 64 bit and 32 bit outdated versions that were on the machine and have updated to the latest version. Still uncertain why I was missing the update tab though! RKReport: RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Aryylas [Admin rights] Mode : Scan -- Date : 09/02/2012 11:50:17 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545050B9A300 ATA Device +++++ --- User --- [MBR] f3303991d5b74a996e8ec357ed534486 [bSP] cdd3c03a49747ac14386905d6b4f674b : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt

Mr Charlie Strangely enough my java control panel only has the other four tabs - no update tab. Should I just go directly to the Java website and download the latest version?

Good Morning, A very helpful forum member here helped me previously to clean up and remove a root kit and a trojan causing web redirects. At the time I had thought I was all set but later in the day the redirects started again. All scanning programs I was instructed to use continued to come up clean so I think the issue was just some residual clean up still needed. When I search in google I get redirected when clicking on results for example when searching for this forum and clicking on the link I was redirected to http://63.209.69.107/search/web/malwarebytes+computer+help/a22/46355-8911_1340/v5 (please do not click this link as I am sure it is full of nasty things - I am hoping that maybe the IP it is redirecting to can help someone in troubleshooting). I also get redirected to various other sites of the same type - click.getanswersfast, etc. Attach.txt DDS.txt

Thank you so much for your time and help MrCharlie. I will be sending a paypal donation tonight or by tommorow at the latest as I really appreciate your time and assistance.

Hi MrCharlie, After removing the specified file there were no infections detected when running quick scan with MBAM. I did a small handful (5 or so) google searches and did not get redirected so far, so that is also looking better! Here is the last MBAM log. I also wanted to say thank you for taking time out of your day to help. People like you make the internet so much better. :) Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.11.03 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Aryylas :: ARYYLAS-PC [administrator] Protection: Enabled 8/11/2012 1:40:31 PM mbam-log-2012-08-11 (13-40-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 192659 Time elapsed: 4 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

13:18:43.0609 2344 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 13:18:44.0063 2344 ============================================================ 13:18:44.0063 2344 Current date / time: 2012/08/11 13:18:44.0063 13:18:44.0063 2344 SystemInfo: 13:18:44.0063 2344 13:18:44.0063 2344 OS Version: 6.1.7600 ServicePack: 0.0 13:18:44.0063 2344 Product type: Workstation 13:18:44.0063 2344 ComputerName: ARYYLAS-PC 13:18:44.0063 2344 UserName: Aryylas 13:18:44.0063 2344 Windows directory: C:\Windows 13:18:44.0063 2344 System windows directory: C:\Windows 13:18:44.0063 2344 Running under WOW64 13:18:44.0063 2344 Processor architecture: Intel x64 13:18:44.0063 2344 Number of processors: 4 13:18:44.0064 2344 Page size: 0x1000 13:18:44.0064 2344 Boot type: Normal boot 13:18:44.0064 2344 ============================================================ 13:18:45.0890 2344 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 13:18:45.0902 2344 ============================================================ 13:18:45.0902 2344 \Device\Harddisk0\DR0: 13:18:45.0902 2344 MBR partitions: 13:18:45.0902 2344 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000 13:18:45.0902 2344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x38553000 13:18:45.0902 2344 ============================================================ 13:18:45.0925 2344 C: <-> \Device\Harddisk0\DR0\Partition1 13:18:45.0949 2344 D: <-> \Device\Harddisk0\DR0\Partition0 13:18:45.0950 2344 ============================================================ 13:18:45.0950 2344 Initialize success 13:18:45.0950 2344 ============================================================ 13:19:15.0923 4240 ============================================================ 13:19:15.0923 4240 Scan started 13:19:15.0923 4240 Mode: Manual; SigCheck; TDLFS; 13:19:15.0923 4240 ============================================================ 13:19:18.0995 4240 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 13:19:19.0136 4240 1394ohci - ok 13:19:19.0184 4240 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 13:19:19.0200 4240 ACPI - ok 13:19:19.0225 4240 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 13:19:19.0318 4240 AcpiPmi - ok 13:19:19.0482 4240 Ad-Aware Service (09e61047b0cef21559cfcedf4f14d216) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe 13:19:19.0511 4240 Ad-Aware Service - ok 13:19:19.0948 4240 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 13:19:19.0980 4240 adp94xx - ok 13:19:20.0018 4240 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 13:19:20.0034 4240 adpahci - ok 13:19:20.0066 4240 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 13:19:20.0096 4240 adpu320 - ok 13:19:20.0132 4240 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 13:19:20.0294 4240 AeLookupSvc - ok 13:19:20.0433 4240 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 13:19:20.0501 4240 AFD - ok 13:19:20.0561 4240 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 13:19:20.0580 4240 agp440 - ok 13:19:20.0635 4240 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 13:19:20.0682 4240 ALG - ok 13:19:20.0704 4240 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 13:19:20.0728 4240 aliide - ok 13:19:20.0849 4240 AMD External Events Utility (a5a5573c6718a570aa481d956daf71aa) C:\Windows\system32\atiesrxx.exe 13:19:20.0962 4240 AMD External Events Utility - ok 13:19:21.0042 4240 AMD FUEL Service - ok 13:19:21.0186 4240 AMD FusionUtility Service (72893d5e805cc0a721dac0102329f94e) C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe 13:19:21.0200 4240 AMD FusionUtility Service - ok 13:19:21.0263 4240 AMD Reservation Manager (ed5188382e64f860e0dfd32b2f1f259c) C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe 13:19:21.0280 4240 AMD Reservation Manager - ok 13:19:21.0307 4240 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 13:19:21.0320 4240 amdide - ok 13:19:21.0360 4240 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys 13:19:21.0370 4240 amdiox64 - ok 13:19:21.0427 4240 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 13:19:21.0469 4240 AmdK8 - ok 13:19:22.0117 4240 amdkmdag (31aa494a9c6ac84eb5269e3cd7f7c97c) C:\Windows\system32\DRIVERS\atikmdag.sys 13:19:22.0266 4240 amdkmdag - ok 13:19:22.0650 4240 amdkmdap (e51a6e189f1aaa87776690d71a803418) C:\Windows\system32\DRIVERS\atikmpag.sys 13:19:22.0703 4240 amdkmdap - ok 13:19:22.0765 4240 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 13:19:22.0816 4240 AmdPPM - ok 13:19:22.0897 4240 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 13:19:22.0923 4240 amdsata - ok 13:19:22.0960 4240 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 13:19:22.0976 4240 amdsbs - ok 13:19:22.0985 4240 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 13:19:22.0996 4240 amdxata - ok 13:19:23.0146 4240 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 13:19:23.0163 4240 AODDriver4.1 - ok 13:19:23.0228 4240 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 13:19:23.0335 4240 AppID - ok 13:19:23.0378 4240 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 13:19:23.0454 4240 AppIDSvc - ok 13:19:23.0494 4240 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 13:19:23.0555 4240 Appinfo - ok 13:19:23.0610 4240 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 13:19:23.0636 4240 arc - ok 13:19:23.0658 4240 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 13:19:23.0672 4240 arcsas - ok 13:19:23.0799 4240 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 13:19:23.0822 4240 aspnet_state - ok 13:19:23.0857 4240 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 13:19:23.0957 4240 AsyncMac - ok 13:19:23.0974 4240 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 13:19:23.0995 4240 atapi - ok 13:19:24.0145 4240 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys 13:19:24.0193 4240 athr - ok 13:19:24.0699 4240 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys 13:19:24.0719 4240 AtiHDAudioService - ok 13:19:24.0793 4240 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys 13:19:24.0810 4240 AtiPcie - ok 13:19:25.0024 4240 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 13:19:25.0109 4240 AudioEndpointBuilder - ok 13:19:25.0118 4240 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 13:19:25.0196 4240 AudioSrv - ok 13:19:25.0242 4240 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 13:19:25.0366 4240 AxInstSV - ok 13:19:25.0456 4240 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 13:19:25.0505 4240 b06bdrv - ok 13:19:25.0537 4240 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 13:19:25.0575 4240 b57nd60a - ok 13:19:25.0618 4240 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 13:19:25.0664 4240 BDESVC - ok 13:19:25.0699 4240 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 13:19:25.0782 4240 Beep - ok 13:19:25.0863 4240 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 13:19:25.0954 4240 BFE - ok 13:19:26.0028 4240 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll 13:19:26.0120 4240 BITS - ok 13:19:26.0218 4240 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 13:19:26.0243 4240 blbdrive - ok 13:19:26.0492 4240 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 13:19:26.0561 4240 bowser - ok 13:19:26.0589 4240 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 13:19:26.0643 4240 BrFiltLo - ok 13:19:26.0676 4240 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 13:19:26.0691 4240 BrFiltUp - ok 13:19:26.0737 4240 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 13:19:26.0852 4240 Browser - ok 13:19:26.0902 4240 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 13:19:26.0961 4240 Brserid - ok 13:19:27.0000 4240 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 13:19:27.0062 4240 BrSerWdm - ok 13:19:27.0100 4240 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 13:19:27.0148 4240 BrUsbMdm - ok 13:19:27.0186 4240 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 13:19:27.0238 4240 BrUsbSer - ok 13:19:27.0283 4240 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 13:19:27.0318 4240 BTHMODEM - ok 13:19:27.0352 4240 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 13:19:27.0422 4240 bthserv - ok 13:19:27.0465 4240 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 13:19:27.0534 4240 cdfs - ok 13:19:27.0578 4240 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 13:19:27.0594 4240 cdrom - ok 13:19:27.0631 4240 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 13:19:27.0706 4240 CertPropSvc - ok 13:19:27.0736 4240 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 13:19:27.0775 4240 circlass - ok 13:19:27.0823 4240 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 13:19:27.0842 4240 CLFS - ok 13:19:27.0903 4240 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:19:27.0925 4240 clr_optimization_v2.0.50727_32 - ok 13:19:27.0979 4240 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 13:19:28.0001 4240 clr_optimization_v2.0.50727_64 - ok 13:19:28.0114 4240 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:19:28.0130 4240 clr_optimization_v4.0.30319_32 - ok 13:19:28.0184 4240 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 13:19:28.0201 4240 clr_optimization_v4.0.30319_64 - ok 13:19:28.0258 4240 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 13:19:28.0274 4240 CmBatt - ok 13:19:28.0310 4240 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 13:19:28.0324 4240 cmdide - ok 13:19:28.0390 4240 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys 13:19:28.0437 4240 CNG - ok 13:19:28.0457 4240 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 13:19:28.0469 4240 Compbatt - ok 13:19:28.0493 4240 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 13:19:28.0529 4240 CompositeBus - ok 13:19:28.0553 4240 COMSysApp - ok 13:19:28.0574 4240 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 13:19:28.0599 4240 crcdisk - ok 13:19:28.0649 4240 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll 13:19:28.0713 4240 CryptSvc - ok 13:19:28.0771 4240 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 13:19:28.0854 4240 DcomLaunch - ok 13:19:28.0912 4240 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 13:19:28.0962 4240 defragsvc - ok 13:19:29.0011 4240 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 13:19:29.0055 4240 DfsC - ok 13:19:29.0105 4240 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 13:19:29.0209 4240 Dhcp - ok 13:19:29.0239 4240 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 13:19:29.0329 4240 discache - ok 13:19:29.0379 4240 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 13:19:29.0401 4240 Disk - ok 13:19:29.0454 4240 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 13:19:29.0492 4240 Dnscache - ok 13:19:29.0527 4240 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 13:19:29.0603 4240 dot3svc - ok 13:19:29.0636 4240 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 13:19:29.0712 4240 DPS - ok 13:19:29.0754 4240 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 13:19:29.0769 4240 drmkaud - ok 13:19:29.0866 4240 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe 13:19:29.0887 4240 DsiWMIService - ok 13:19:30.0009 4240 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 13:19:30.0046 4240 DXGKrnl - ok 13:19:30.0063 4240 EagleX64 - ok 13:19:30.0096 4240 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 13:19:30.0159 4240 EapHost - ok 13:19:30.0553 4240 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 13:19:30.0655 4240 ebdrv - ok 13:19:30.0786 4240 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe 13:19:30.0833 4240 EFS - ok 13:19:30.0923 4240 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe 13:19:30.0985 4240 ehRecvr - ok 13:19:31.0009 4240 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 13:19:31.0045 4240 ehSched - ok 13:19:31.0156 4240 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 13:19:31.0182 4240 elxstor - ok 13:19:31.0342 4240 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe 13:19:31.0371 4240 ePowerSvc - ok 13:19:31.0507 4240 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 13:19:31.0553 4240 ErrDev - ok 13:19:31.0596 4240 ETD (0975bf32399a24117e317b5bf1d5d0aa) C:\Windows\system32\DRIVERS\ETD.sys 13:19:31.0606 4240 ETD - ok 13:19:31.0663 4240 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 13:19:31.0731 4240 EventSystem - ok 13:19:31.0770 4240 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 13:19:31.0842 4240 exfat - ok 13:19:31.0877 4240 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 13:19:31.0936 4240 fastfat - ok 13:19:32.0025 4240 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 13:19:32.0084 4240 Fax - ok 13:19:32.0123 4240 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 13:19:32.0151 4240 fdc - ok 13:19:32.0189 4240 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 13:19:32.0245 4240 fdPHost - ok 13:19:32.0268 4240 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 13:19:32.0320 4240 FDResPub - ok 13:19:32.0514 4240 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 13:19:32.0531 4240 FileInfo - ok 13:19:32.0594 4240 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 13:19:32.0728 4240 Filetrace - ok 13:19:32.0900 4240 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 13:19:32.0918 4240 FLEXnet Licensing Service - ok 13:19:32.0965 4240 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 13:19:33.0034 4240 flpydisk - ok 13:19:33.0086 4240 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 13:19:33.0103 4240 FltMgr - ok 13:19:33.0286 4240 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll 13:19:33.0367 4240 FontCache - ok 13:19:33.0433 4240 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 13:19:33.0445 4240 FontCache3.0.0.0 - ok 13:19:33.0490 4240 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 13:19:33.0519 4240 FsDepends - ok 13:19:33.0560 4240 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys 13:19:33.0576 4240 Fs_Rec - ok 13:19:33.0641 4240 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 13:19:33.0682 4240 fvevol - ok 13:19:33.0738 4240 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 13:19:33.0750 4240 gagp30kx - ok 13:19:33.0851 4240 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe 13:19:33.0867 4240 GameConsoleService - ok 13:19:33.0946 4240 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 13:19:34.0006 4240 gpsvc - ok 13:19:34.0078 4240 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe 13:19:34.0091 4240 GREGService - ok 13:19:34.0137 4240 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 13:19:34.0186 4240 hcw85cir - ok 13:19:34.0233 4240 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 13:19:34.0275 4240 HdAudAddService - ok 13:19:34.0482 4240 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 13:19:34.0539 4240 HDAudBus - ok 13:19:34.0566 4240 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 13:19:34.0605 4240 HidBatt - ok 13:19:34.0634 4240 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 13:19:34.0678 4240 HidBth - ok 13:19:34.0704 4240 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 13:19:34.0754 4240 HidIr - ok 13:19:34.0788 4240 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 13:19:34.0870 4240 hidserv - ok 13:19:34.0921 4240 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 13:19:34.0960 4240 HidUsb - ok 13:19:34.0986 4240 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 13:19:35.0048 4240 hkmsvc - ok 13:19:35.0067 4240 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 13:19:35.0135 4240 HomeGroupListener - ok 13:19:35.0176 4240 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 13:19:35.0212 4240 HomeGroupProvider - ok 13:19:35.0300 4240 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 13:19:35.0330 4240 HpSAMD - ok 13:19:35.0393 4240 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 13:19:35.0473 4240 HTTP - ok 13:19:35.0508 4240 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 13:19:35.0520 4240 hwpolicy - ok 13:19:35.0544 4240 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 13:19:35.0563 4240 i8042prt - ok 13:19:35.0602 4240 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 13:19:35.0625 4240 iaStorV - ok 13:19:35.0749 4240 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 13:19:35.0774 4240 idsvc - ok 13:19:36.0280 4240 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 13:19:36.0310 4240 iirsp - ok 13:19:36.0538 4240 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 13:19:36.0637 4240 IKEEXT - ok 13:19:36.0662 4240 IntcAzAudAddService - ok 13:19:36.0676 4240 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 13:19:36.0693 4240 intelide - ok 13:19:36.0746 4240 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 13:19:36.0780 4240 intelppm - ok 13:19:36.0811 4240 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 13:19:36.0873 4240 IPBusEnum - ok 13:19:36.0914 4240 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:19:36.0969 4240 IpFilterDriver - ok 13:19:37.0023 4240 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 13:19:37.0092 4240 iphlpsvc - ok 13:19:37.0113 4240 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 13:19:37.0148 4240 IPMIDRV - ok 13:19:37.0174 4240 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 13:19:37.0252 4240 IPNAT - ok 13:19:37.0293 4240 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 13:19:37.0314 4240 IRENUM - ok 13:19:37.0335 4240 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 13:19:37.0351 4240 isapnp - ok 13:19:37.0412 4240 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 13:19:37.0434 4240 iScsiPrt - ok 13:19:37.0477 4240 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys 13:19:37.0497 4240 k57nd60a - ok 13:19:37.0519 4240 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 13:19:37.0530 4240 kbdclass - ok 13:19:37.0556 4240 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 13:19:37.0581 4240 kbdhid - ok 13:19:37.0619 4240 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 13:19:37.0636 4240 KeyIso - ok 13:19:37.0647 4240 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys 13:19:37.0661 4240 KSecDD - ok 13:19:37.0680 4240 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys 13:19:37.0699 4240 KSecPkg - ok 13:19:37.0720 4240 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 13:19:37.0789 4240 ksthunk - ok 13:19:37.0829 4240 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 13:19:37.0918 4240 KtmRm - ok 13:19:37.0971 4240 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll 13:19:38.0023 4240 LanmanServer - ok 13:19:38.0042 4240 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 13:19:38.0117 4240 LanmanWorkstation - ok 13:19:38.0160 4240 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 13:19:38.0229 4240 lltdio - ok 13:19:38.0269 4240 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 13:19:38.0321 4240 lltdsvc - ok 13:19:38.0470 4240 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 13:19:38.0527 4240 lmhosts - ok 13:19:38.0614 4240 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 13:19:38.0627 4240 LSI_FC - ok 13:19:38.0649 4240 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 13:19:38.0671 4240 LSI_SAS - ok 13:19:38.0687 4240 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 13:19:38.0700 4240 LSI_SAS2 - ok 13:19:38.0723 4240 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 13:19:38.0736 4240 LSI_SCSI - ok 13:19:38.0764 4240 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 13:19:38.0833 4240 luafv - ok 13:19:38.0918 4240 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys 13:19:38.0934 4240 MBAMProtector - ok 13:19:39.0024 4240 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 13:19:39.0046 4240 MBAMService - ok 13:19:39.0097 4240 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys 13:19:39.0113 4240 mcdbus - ok 13:19:39.0140 4240 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 13:19:39.0179 4240 Mcx2Svc - ok 13:19:39.0221 4240 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 13:19:39.0235 4240 megasas - ok 13:19:39.0279 4240 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 13:19:39.0297 4240 MegaSR - ok 13:19:39.0317 4240 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 13:19:39.0366 4240 MMCSS - ok 13:19:39.0394 4240 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 13:19:39.0450 4240 Modem - ok 13:19:39.0489 4240 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 13:19:39.0533 4240 monitor - ok 13:19:39.0563 4240 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 13:19:39.0590 4240 mouclass - ok 13:19:39.0606 4240 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 13:19:39.0621 4240 mouhid - ok 13:19:39.0636 4240 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 13:19:39.0648 4240 mountmgr - ok 13:19:39.0777 4240 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 13:19:39.0790 4240 MozillaMaintenance - ok 13:19:39.0850 4240 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys 13:19:39.0867 4240 MpFilter - ok 13:19:39.0909 4240 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 13:19:39.0942 4240 mpio - ok 13:19:39.0966 4240 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 13:19:40.0006 4240 mpsdrv - ok 13:19:40.0090 4240 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 13:19:40.0188 4240 MpsSvc - ok 13:19:40.0220 4240 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 13:19:40.0255 4240 MRxDAV - ok 13:19:40.0503 4240 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 13:19:40.0562 4240 mrxsmb - ok 13:19:40.0600 4240 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:19:40.0644 4240 mrxsmb10 - ok 13:19:40.0666 4240 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:19:40.0704 4240 mrxsmb20 - ok 13:19:40.0736 4240 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 13:19:40.0747 4240 msahci - ok 13:19:40.0767 4240 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 13:19:40.0785 4240 msdsm - ok 13:19:40.0814 4240 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 13:19:40.0854 4240 MSDTC - ok 13:19:40.0883 4240 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 13:19:40.0938 4240 Msfs - ok 13:19:40.0957 4240 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 13:19:40.0995 4240 mshidkmdf - ok 13:19:41.0002 4240 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 13:19:41.0013 4240 msisadrv - ok 13:19:41.0039 4240 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 13:19:41.0112 4240 MSiSCSI - ok 13:19:41.0117 4240 msiserver - ok 13:19:41.0137 4240 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 13:19:41.0196 4240 MSKSSRV - ok 13:19:41.0316 4240 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe 13:19:41.0344 4240 MsMpSvc - ok 13:19:41.0356 4240 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 13:19:41.0419 4240 MSPCLOCK - ok 13:19:41.0444 4240 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 13:19:41.0520 4240 MSPQM - ok 13:19:41.0558 4240 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 13:19:41.0586 4240 MsRPC - ok 13:19:41.0602 4240 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 13:19:41.0618 4240 mssmbios - ok 13:19:41.0622 4240 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 13:19:41.0681 4240 MSTEE - ok 13:19:41.0717 4240 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 13:19:41.0746 4240 MTConfig - ok 13:19:41.0769 4240 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 13:19:41.0781 4240 Mup - ok 13:19:41.0793 4240 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 13:19:41.0810 4240 mwlPSDFilter - ok 13:19:41.0832 4240 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 13:19:41.0842 4240 mwlPSDNServ - ok 13:19:41.0860 4240 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 13:19:41.0870 4240 mwlPSDVDisk - ok 13:19:42.0010 4240 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe 13:19:42.0029 4240 MWLService - ok 13:19:42.0078 4240 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 13:19:42.0151 4240 napagent - ok 13:19:42.0201 4240 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 13:19:42.0250 4240 NativeWifiP - ok 13:19:43.0349 4240 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 13:19:43.0388 4240 NDIS - ok 13:19:43.0433 4240 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 13:19:43.0472 4240 NdisCap - ok 13:19:43.0511 4240 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 13:19:43.0587 4240 NdisTapi - ok 13:19:43.0612 4240 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 13:19:43.0658 4240 Ndisuio - ok 13:19:43.0685 4240 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 13:19:43.0726 4240 NdisWan - ok 13:19:43.0734 4240 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 13:19:43.0796 4240 NDProxy - ok 13:19:43.0819 4240 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 13:19:43.0883 4240 NetBIOS - ok 13:19:43.0904 4240 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 13:19:43.0968 4240 NetBT - ok 13:19:44.0010 4240 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 13:19:44.0023 4240 Netlogon - ok 13:19:44.0072 4240 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 13:19:44.0163 4240 Netman - ok 13:19:44.0970 4240 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:19:44.0982 4240 NetMsmqActivator - ok 13:19:45.0013 4240 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:19:45.0026 4240 NetPipeActivator - ok 13:19:45.0103 4240 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 13:19:45.0183 4240 netprofm - ok 13:19:45.0189 4240 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:19:45.0201 4240 NetTcpActivator - ok 13:19:45.0208 4240 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:19:45.0219 4240 NetTcpPortSharing - ok 13:19:45.0285 4240 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 13:19:45.0296 4240 nfrd960 - ok 13:19:45.0334 4240 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 13:19:45.0344 4240 NisDrv - ok 13:19:45.0442 4240 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe 13:19:45.0469 4240 NisSrv - ok 13:19:45.0525 4240 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 13:19:45.0595 4240 NlaSvc - ok 13:19:45.0864 4240 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 13:19:45.0918 4240 NOBU - ok 13:19:46.0046 4240 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 13:19:46.0120 4240 Npfs - ok 13:19:46.0155 4240 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 13:19:46.0227 4240 nsi - ok 13:19:46.0244 4240 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 13:19:46.0299 4240 nsiproxy - ok 13:19:47.0684 4240 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 13:19:47.0740 4240 Ntfs - ok 13:19:47.0849 4240 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe 13:19:47.0869 4240 NTI IScheduleSvc - ok 13:19:48.0030 4240 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys 13:19:48.0046 4240 NTIDrvr - ok 13:19:48.0062 4240 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 13:19:48.0141 4240 Null - ok 13:19:48.0173 4240 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 13:19:48.0189 4240 nvraid - ok 13:19:48.0218 4240 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 13:19:48.0248 4240 nvstor - ok 13:19:48.0279 4240 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 13:19:48.0304 4240 nv_agp - ok 13:19:48.0724 4240 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 13:19:48.0889 4240 ohci1394 - ok 13:19:49.0403 4240 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 13:19:49.0454 4240 p2pimsvc - ok 13:19:49.0505 4240 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 13:19:49.0528 4240 p2psvc - ok 13:19:49.0547 4240 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 13:19:49.0562 4240 Parport - ok 13:19:49.0607 4240 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys 13:19:49.0621 4240 partmgr - ok 13:19:49.0648 4240 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 13:19:49.0698 4240 PcaSvc - ok 13:19:49.0737 4240 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 13:19:49.0767 4240 pci - ok 13:19:49.0780 4240 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 13:19:49.0799 4240 pciide - ok 13:19:49.0844 4240 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 13:19:49.0860 4240 pcmcia - ok 13:19:49.0870 4240 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 13:19:49.0892 4240 pcw - ok 13:19:49.0945 4240 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 13:19:50.0005 4240 PEAUTH - ok 13:19:50.0106 4240 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 13:19:50.0153 4240 PerfHost - ok 13:19:51.0416 4240 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 13:19:51.0516 4240 pla - ok 13:19:51.0676 4240 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll 13:19:51.0748 4240 PlugPlay - ok 13:19:51.0775 4240 PnkBstrA - ok 13:19:51.0805 4240 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 13:19:51.0820 4240 PNRPAutoReg - ok 13:19:51.0861 4240 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 13:19:51.0889 4240 PNRPsvc - ok 13:19:51.0946 4240 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 13:19:52.0042 4240 PolicyAgent - ok 13:19:52.0077 4240 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 13:19:52.0136 4240 Power - ok 13:19:52.0194 4240 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 13:19:52.0257 4240 PptpMiniport - ok 13:19:52.0293 4240 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 13:19:52.0321 4240 Processor - ok 13:19:52.0365 4240 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll 13:19:52.0439 4240 ProfSvc - ok 13:19:52.0488 4240 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 13:19:52.0502 4240 ProtectedStorage - ok 13:19:52.0554 4240 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 13:19:52.0616 4240 Psched - ok 13:19:52.0714 4240 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 13:19:52.0752 4240 ql2300 - ok 13:19:52.0898 4240 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 13:19:52.0930 4240 ql40xx - ok 13:19:52.0986 4240 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 13:19:53.0045 4240 QWAVE - ok 13:19:53.0077 4240 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 13:19:53.0123 4240 QWAVEdrv - ok 13:19:53.0150 4240 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 13:19:53.0216 4240 RasAcd - ok 13:19:53.0255 4240 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 13:19:53.0319 4240 RasAgileVpn - ok 13:19:53.0355 4240 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 13:19:53.0437 4240 RasAuto - ok 13:19:53.0460 4240 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 13:19:53.0531 4240 Rasl2tp - ok 13:19:53.0563 4240 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 13:19:53.0622 4240 RasMan - ok 13:19:53.0650 4240 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 13:19:53.0706 4240 RasPppoe - ok 13:19:53.0739 4240 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 13:19:53.0809 4240 RasSstp - ok 13:19:53.0849 4240 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 13:19:53.0912 4240 rdbss - ok 13:19:53.0948 4240 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 13:19:53.0979 4240 rdpbus - ok 13:19:54.0005 4240 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 13:19:54.0041 4240 RDPCDD - ok 13:19:54.0067 4240 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 13:19:54.0107 4240 RDPENCDD - ok 13:19:54.0119 4240 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 13:19:54.0169 4240 RDPREFMP - ok 13:19:54.0201 4240 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys 13:19:54.0249 4240 RDPWD - ok 13:19:54.0273 4240 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys 13:19:54.0289 4240 rdyboost - ok 13:19:54.0316 4240 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 13:19:54.0381 4240 RemoteAccess - ok 13:19:54.0630 4240 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 13:19:54.0713 4240 RemoteRegistry - ok 13:19:54.0743 4240 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 13:19:54.0822 4240 RpcEptMapper - ok 13:19:54.0844 4240 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 13:19:54.0890 4240 RpcLocator - ok 13:19:54.0944 4240 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 13:19:55.0007 4240 RpcSs - ok 13:19:55.0046 4240 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 13:19:55.0120 4240 rspndr - ok 13:19:55.0218 4240 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\System32\Drivers\RtsUStor.sys 13:19:55.0243 4240 RSUSBSTOR - ok 13:19:55.0288 4240 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 13:19:55.0303 4240 SamSs - ok 13:19:55.0592 4240 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe 13:19:55.0679 4240 SBAMSvc - ok 13:19:55.0833 4240 sbapifs (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys 13:19:55.0854 4240 sbapifs - ok 13:19:55.0936 4240 SbFw (19954328dda3d656f8a879b3a46ffed6) C:\Windows\system32\drivers\SbFw.sys 13:19:55.0966 4240 SbFw - ok 13:19:56.0013 4240 SBFWIMCL (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\sbfwim.sys 13:19:56.0024 4240 SBFWIMCL - ok 13:19:56.0045 4240 SBFWIMCLMP (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\SBFWIM.sys 13:19:56.0056 4240 SBFWIMCLMP - ok 13:19:56.0084 4240 sbhips (b671eef468d13016b9286f5835a06ae1) C:\Windows\system32\drivers\sbhips.sys 13:19:56.0101 4240 sbhips - ok 13:19:56.0147 4240 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 13:19:56.0173 4240 sbp2port - ok 13:19:56.0225 4240 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys 13:19:56.0242 4240 SBRE - ok 13:19:56.0264 4240 sbwtis (eab54adcceca64b2f38cd859fb494895) C:\Windows\system32\DRIVERS\sbwtis.sys 13:19:56.0273 4240 sbwtis - ok 13:19:56.0413 4240 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 13:19:56.0479 4240 SCardSvr - ok 13:19:56.0516 4240 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 13:19:56.0593 4240 scfilter - ok 13:19:56.0759 4240 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 13:19:56.0844 4240 Schedule - ok 13:19:56.0870 4240 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 13:19:56.0917 4240 SCPolicySvc - ok 13:19:56.0956 4240 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 13:19:57.0009 4240 SDRSVC - ok 13:19:57.0086 4240 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 13:19:57.0159 4240 secdrv - ok 13:19:57.0188 4240 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 13:19:57.0245 4240 seclogon - ok 13:19:57.0276 4240 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 13:19:57.0329 4240 SENS - ok 13:19:57.0357 4240 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 13:19:57.0392 4240 SensrSvc - ok 13:19:57.0402 4240 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 13:19:57.0440 4240 Serenum - ok 13:19:57.0475 4240 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 13:19:57.0497 4240 Serial - ok 13:19:57.0528 4240 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 13:19:57.0559 4240 sermouse - ok 13:19:57.0610 4240 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 13:19:57.0649 4240 SessionEnv - ok 13:19:57.0658 4240 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 13:19:57.0705 4240 sffdisk - ok 13:19:57.0715 4240 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 13:19:57.0747 4240 sffp_mmc - ok 13:19:57.0771 4240 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 13:19:57.0809 4240 sffp_sd - ok 13:19:57.0850 4240 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 13:19:57.0875 4240 sfloppy - ok 13:19:57.0934 4240 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 13:19:58.0015 4240 SharedAccess - ok 13:19:58.0078 4240 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 13:19:58.0138 4240 ShellHWDetection - ok 13:19:58.0169 4240 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 13:19:58.0186 4240 SiSRaid2 - ok 13:19:58.0209 4240 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 13:19:58.0223 4240 SiSRaid4 - ok 13:19:58.0308 4240 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe 13:19:58.0321 4240 SkypeUpdate - ok 13:19:58.0366 4240 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 13:19:58.0410 4240 Smb - ok 13:19:58.0444 4240 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 13:19:58.0486 4240 SNMPTRAP - ok 13:19:58.0512 4240 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 13:19:58.0525 4240 spldr - ok 13:19:58.0583 4240 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 13:19:58.0668 4240 Spooler - ok 13:19:58.0902 4240 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 13:19:59.0030 4240 sppsvc - ok 13:19:59.0163 4240 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 13:19:59.0248 4240 sppuinotify - ok 13:19:59.0341 4240 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 13:19:59.0371 4240 srv - ok 13:19:59.0424 4240 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 13:19:59.0470 4240 srv2 - ok 13:19:59.0505 4240 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 13:19:59.0541 4240 srvnet - ok 13:19:59.0599 4240 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 13:19:59.0702 4240 SSDPSRV - ok 13:19:59.0721 4240 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 13:19:59.0761 4240 SstpSvc - ok 13:19:59.0827 4240 Steam Client Service - ok 13:19:59.0868 4240 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 13:19:59.0906 4240 stexstor - ok 13:19:59.0974 4240 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 13:20:00.0034 4240 stisvc - ok 13:20:00.0109 4240 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 13:20:00.0121 4240 swenum - ok 13:20:00.0191 4240 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 13:20:00.0309 4240 swprv - ok 13:20:00.0988 4240 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 13:20:01.0200 4240 SysMain - ok 13:20:01.0436 4240 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 13:20:01.0683 4240 TabletInputService - ok 13:20:01.0750 4240 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 13:20:01.0847 4240 TapiSrv - ok 13:20:01.0892 4240 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 13:20:02.0011 4240 TBS - ok 13:20:02.0473 4240 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys 13:20:02.0556 4240 Tcpip - ok 13:20:03.0021 4240 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys 13:20:03.0082 4240 TCPIP6 - ok 13:20:03.0229 4240 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 13:20:03.0284 4240 tcpipreg - ok 13:20:03.0309 4240 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 13:20:03.0353 4240 TDPIPE - ok 13:20:03.0373 4240 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 13:20:03.0386 4240 TDTCP - ok 13:20:03.0402 4240 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 13:20:03.0487 4240 tdx - ok 13:20:03.0747 4240 TeamViewer7 (2bbb318ea9f34fdc508cea4aab98d770) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 13:20:03.0829 4240 TeamViewer7 - ok 13:20:03.0957 4240 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 13:20:03.0972 4240 TermDD - ok 13:20:04.0045 4240 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 13:20:04.0138 4240 TermService - ok 13:20:04.0180 4240 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 13:20:04.0234 4240 Themes - ok 13:20:04.0264 4240 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 13:20:04.0318 4240 THREADORDER - ok 13:20:04.0477 4240 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 13:20:04.0535 4240 TrkWks - ok 13:20:04.0589 4240 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 13:20:04.0618 4240 TrustedInstaller - ok 13:20:04.0643 4240 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 13:20:04.0687 4240 tssecsrv - ok 13:20:04.0717 4240 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 13:20:04.0767 4240 tunnel - ok 13:20:04.0812 4240 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 13:20:04.0825 4240 uagp35 - ok 13:20:04.0858 4240 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys 13:20:04.0875 4240 UBHelper - ok 13:20:04.0916 4240 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 13:20:04.0968 4240 udfs - ok 13:20:05.0009 4240 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 13:20:05.0024 4240 UI0Detect - ok 13:20:05.0053 4240 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 13:20:05.0081 4240 uliagpkx - ok 13:20:05.0116 4240 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 13:20:05.0145 4240 umbus - ok 13:20:05.0201 4240 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 13:20:05.0244 4240 UmPass - ok 13:20:05.0330 4240 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe 13:20:05.0348 4240 Updater Service - ok 13:20:05.0398 4240 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 13:20:05.0483 4240 upnphost - ok 13:20:05.0523 4240 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys 13:20:05.0567 4240 usbccgp - ok 13:20:05.0601 4240 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 13:20:05.0660 4240 usbcir - ok 13:20:05.0673 4240 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys 13:20:05.0696 4240 usbehci - ok 13:20:05.0754 4240 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys 13:20:05.0767 4240 usbfilter - ok 13:20:05.0822 4240 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys 13:20:05.0844 4240 usbhub - ok 13:20:05.0863 4240 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys 13:20:05.0889 4240 usbohci - ok 13:20:05.0932 4240 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 13:20:05.0977 4240 usbprint - ok 13:20:06.0002 4240 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS 13:20:06.0056 4240 USBSTOR - ok 13:20:06.0075 4240 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys 13:20:06.0099 4240 usbuhci - ok 13:20:06.0144 4240 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys 13:20:06.0174 4240 usbvideo - ok 13:20:06.0213 4240 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 13:20:06.0269 4240 UxSms - ok 13:20:06.0323 4240 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 13:20:06.0337 4240 VaultSvc - ok 13:20:06.0399 4240 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 13:20:06.0410 4240 vdrvroot - ok 13:20:06.0491 4240 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 13:20:06.0549 4240 vds - ok 13:20:06.0580 4240 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 13:20:06.0610 4240 vga - ok 13:20:06.0644 4240 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 13:20:06.0728 4240 VgaSave - ok 13:20:06.0845 4240 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 13:20:06.0873 4240 vhdmp - ok 13:20:06.0886 4240 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 13:20:06.0905 4240 viaide - ok 13:20:06.0921 4240 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 13:20:06.0940 4240 volmgr - ok 13:20:06.0964 4240 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 13:20:06.0981 4240 volmgrx - ok 13:20:07.0002 4240 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 13:20:07.0019 4240 volsnap - ok 13:20:07.0087 4240 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 13:20:07.0112 4240 vsmraid - ok 13:20:07.0244 4240 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 13:20:07.0318 4240 VSS - ok 13:20:07.0432 4240 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 13:20:07.0464 4240 vwifibus - ok 13:20:07.0487 4240 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 13:20:07.0527 4240 vwififlt - ok 13:20:07.0565 4240 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 13:20:07.0632 4240 vwifimp - ok 13:20:07.0691 4240 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 13:20:07.0755 4240 W32Time - ok 13:20:07.0795 4240 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 13:20:07.0842 4240 WacomPen - ok 13:20:07.0889 4240 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 13:20:07.0952 4240 WANARP - ok 13:20:07.0959 4240 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 13:20:07.0997 4240 Wanarpv6 - ok 13:20:08.0148 4240 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 13:20:08.0194 4240 WatAdminSvc - ok 13:20:08.0509 4240 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 13:20:08.0617 4240 wbengine - ok 13:20:08.0798 4240 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 13:20:08.0830 4240 WbioSrvc - ok 13:20:08.0901 4240 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll 13:20:08.0971 4240 wcncsvc - ok 13:20:08.0987 4240 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 13:20:09.0045 4240 WcsPlugInService - ok 13:20:09.0099 4240 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 13:20:09.0126 4240 Wd - ok 13:20:09.0191 4240 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 13:20:09.0233 4240 Wdf01000 - ok 13:20:09.0287 4240 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 13:20:09.0327 4240 WdiServiceHost - ok 13:20:09.0335 4240 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 13:20:09.0379 4240 WdiSystemHost - ok 13:20:09.0430 4240 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll 13:20:09.0497 4240 WebClient - ok 13:20:09.0536 4240 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 13:20:09.0633 4240 Wecsvc - ok 13:20:09.0657 4240 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 13:20:09.0715 4240 wercplsupport - ok 13:20:09.0752 4240 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 13:20:09.0792 4240 WerSvc - ok 13:20:09.0831 4240 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 13:20:09.0886 4240 WfpLwf - ok 13:20:09.0899 4240 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 13:20:09.0909 4240 WIMMount - ok 13:20:09.0960 4240 WinDefend - ok 13:20:09.0985 4240 WinHttpAutoProxySvc - ok 13:20:10.0056 4240 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 13:20:10.0136 4240 Winmgmt - ok 13:20:10.0169 4240 WinRing0_1_2_0 - ok 13:20:10.0507 4240 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 13:20:10.0663 4240 WinRM - ok 13:20:10.0920 4240 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 13:20:10.0966 4240 Wlansvc - ok 13:20:11.0074 4240 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 13:20:11.0088 4240 wlcrasvc - ok 13:20:11.0384 4240 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 13:20:11.0434 4240 wlidsvc - ok 13:20:11.0561 4240 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 13:20:11.0592 4240 WmiAcpi - ok 13:20:11.0662 4240 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 13:20:11.0709 4240 wmiApSrv - ok 13:20:11.0760 4240 WMPNetworkSvc - ok 13:20:11.0793 4240 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 13:20:11.0818 4240 WPCSvc - ok 13:20:12.0013 4240 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 13:20:12.0079 4240 WPDBusEnum - ok 13:20:12.0110 4240 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 13:20:12.0188 4240 ws2ifsl - ok 13:20:12.0239 4240 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll 13:20:12.0295 4240 wscsvc - ok 13:20:12.0303 4240 WSearch - ok 13:20:12.0818 4240 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 13:20:12.0949 4240 wuauserv - ok 13:20:13.0121 4240 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 13:20:13.0194 4240 WudfPf - ok 13:20:13.0231 4240 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 13:20:13.0314 4240 wudfsvc - ok 13:20:13.0372 4240 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 13:20:13.0433 4240 WwanSvc - ok 13:20:13.0515 4240 X6va008 - ok 13:20:13.0548 4240 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 13:20:13.0615 4240 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 13:20:13.0615 4240 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 13:20:13.0675 4240 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 13:20:13.0675 4240 \Device\Harddisk0\DR0 - detected TDSS File System (1) 13:20:13.0713 4240 Boot (0x1200) (17b5b60ef646863fec565267beb34f54) \Device\Harddisk0\DR0\Partition0 13:20:13.0715 4240 \Device\Harddisk0\DR0\Partition0 - ok 13:20:13.0722 4240 Boot (0x1200) (865e9222f9ba25f00c38e21c9624a117) \Device\Harddisk0\DR0\Partition1 13:20:13.0724 4240 \Device\Harddisk0\DR0\Partition1 - ok 13:20:13.0728 4240 ============================================================ 13:20:13.0728 4240 Scan finished 13:20:13.0728 4240 ============================================================ 13:20:13.0744 5036 Detected object count: 2 13:20:13.0744 5036 Actual detected object count: 2 13:20:47.0194 5036 \Device\Harddisk0\DR0\# - copied to quarantine 13:20:47.0194 5036 \Device\Harddisk0\DR0 - copied to quarantine 13:20:47.0236 5036 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 13:20:47.0238 5036 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 13:20:47.0244 5036 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 13:20:47.0248 5036 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 13:20:47.0260 5036 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 13:20:47.0267 5036 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 13:20:47.0269 5036 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 13:20:47.0270 5036 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 13:20:47.0272 5036 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 13:20:47.0275 5036 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 13:20:47.0277 5036 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 13:20:47.0278 5036 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 13:20:47.0280 5036 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 13:20:47.0281 5036 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 13:20:47.0339 5036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 13:20:47.0345 5036 \Device\Harddisk0\DR0 - ok 13:20:47.0781 5036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 13:20:47.0782 5036 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 13:20:47.0782 5036 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 13:20:58.0068 4784 Deinitialize success

I forgot to add in my original description of the issues that this also causes frequent redirecting in browser (when clicking on google search result links for example) and occasional random reboots of the system (very infrequent has happened twice I believe?)

RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User: Aryylas [Admin rights] Mode: Scan -- Date: 08/11/2012 13:08:05 ¤¤¤ Bad processes: 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545050B9A300 ATA Device +++++ --- User --- [MBR] f3303991d5b74a996e8ec357ed534486 [bSP] cdd3c03a49747ac14386905d6b4f674b : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 56046b1ded5820549956538b4cc8a3a7 [bSP] cdd3c03a49747ac14386905d6b4f674b : Windows 7 MBR Code Partition table: 1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo 3 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 Mo Finished : << RKreport[1].txt >> RKreport[1].txt

Hi MrCharlie - quick question for you. My mouse runs off USB. I don't have any external usb storage devices plugged in but will the mouse be an issue?

This started when I noticed an extra svchost.exe file running and using huge amounts of memory. Description was winrscmde. Malwarebytes finds and quarentines an infected svchost.exe file each time I run it but after rebooting to remove the problem still remains. Malwarebytes is also giving pop ups that is is stopping the same exe file from sending out data to various ip addresses. Thank you in advance for your time and help! Attach.txt DDS.txt