Jump to content

KristianK

Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by KristianK

  1. Everything is running smooth. Thanks a ton. Thought I was going to re-install Windows. Re-downloading everything would have taken ages. Again, thanks.
  2. How is the computer running now?: It is running pretty smooth now. No more redirects at the moment. Hopefully this was the fix. Thanks a ton. OTL Fix log: All processes killed ========== FILES ========== C:\Users\kristian\Downloads\speedupmypc.exe moved successfully. C:\Users\kristian\Downloads\Windows+Live+Messenger.exe moved successfully. File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7F8S0IR9\cat-and-dolphin-playing-together .htm not found. File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7F8S0IR9\cat-and-dolphin-playing-together .htm not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: kristian ->Temp folder emptied: 45027782 bytes ->Temporary Internet Files folder emptied: 11858974 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 82113272 bytes ->Flash cache emptied: 681 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 22283381 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 154.00 mb OTL by OldTimer - Version 3.2.61.3 log created on 09142012_154230 Files\Folders moved on Reboot... C:\Users\kristian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZL4D1ALH\7407185e[1].htm moved successfully. C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZL4D1ALH\server-dissd.source[1].htm moved successfully. C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SCGF64LC\embedded[1].htm moved successfully. C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3IIUSOO\127[1].htm moved successfully. C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3IIUSOO\htm[2].htm moved successfully. C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3IIUSOO\stat_target[2].htm moved successfully. C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E31L3SZU\stat[1].htm moved successfully. C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E31L3SZU\stat[3].htm moved successfully. C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E31L3SZU\stat_target[1].htm moved successfully. C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully. C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  3. MBAM log: Malwarebytes Anti-Malware (PRO) 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.14.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 kristian :: KRISTIAN-PC [administrator] Protection: Enabled 9/14/2012 12:36:08 PM mbam-log-2012-09-14 (12-36-08).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 398106 Time elapsed: 20 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) ESET log: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=b8a5cf7b614df344b3b5893c4eea9747 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-09-14 06:54:16 # local_time=2012-09-14 01:54:16 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 66 94 56405195 99189856 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=189487 # found=19 # cleaned=0 # scan_time=2450 C:\Program Files (x86)\StartNow Toolbar\Reactivate.exe a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\StartNow Toolbar\ToolbarBroker.exe a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I C:\TDSSKiller_Quarantine\13.09.2012_22.45.12\zasubsys0000\file0000\tsk0000.dta Win64/Patched.B.Gen trojan (unable to clean) 00000000000000000000000000000000 I C:\TDSSKiller_Quarantine\13.09.2012_22.45.12\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.AD trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\kristian\Downloads\speedupmypc.exe Win32/SpeedUpMyPC application (unable to clean) 00000000000000000000000000000000 I C:\Users\kristian\Downloads\Windows+Live+Messenger.exe multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7F8S0IR9\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7F8S0IR9\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\_OTL\MovedFiles\09132012_223937\C_Windows\assembly\GAC_32\Desktop.ini Win32/Sirefef.EZ trojan (unable to clean) 00000000000000000000000000000000 I C:\_OTL\MovedFiles\09132012_223937\C_Windows\assembly\GAC_64\Desktop.ini Win64/Sirefef.AD trojan (unable to clean) 00000000000000000000000000000000 I C:\_OTL\MovedFiles\09132012_223937\C_Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\00000004.@ Win64/Conedex.C trojan (unable to clean) 00000000000000000000000000000000 I C:\_OTL\MovedFiles\09132012_223937\C_Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\00000008.@ Win64/Agent.BA trojan (unable to clean) 00000000000000000000000000000000 I C:\_OTL\MovedFiles\09132012_223937\C_Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\000000cb.@ Win64/Conedex.B trojan (unable to clean) 00000000000000000000000000000000 I C:\_OTL\MovedFiles\09132012_223937\C_Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\80000000.@ Win64/Sirefef.AP trojan (unable to clean) 00000000000000000000000000000000 I C:\_OTL\MovedFiles\09132012_223937\C_Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\80000032.@ Win32/Sirefef.FD trojan (unable to clean) 00000000000000000000000000000000 I C:\_OTL\MovedFiles\09132012_223937\C_Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\80000064.@ Win64/Sirefef.AN trojan (unable to clean) 00000000000000000000000000000000 I ${Memory} a variant of Win32/Toolbar.Zugo application 00000000000000000000000000000000 I
  4. OTL Fix Log: All processes killed ========== OTL ========== Service dzyi stopped successfully! Service dzyi deleted successfully! C:\Windows\SysWOW64\drivers\ymmm.sys moved successfully. Service vgumue stopped successfully! Service vgumue deleted successfully! C:\Windows\SysWOW64\drivers\pgmoeso.sys moved successfully. Service jxgcu stopped successfully! Service jxgcu deleted successfully! C:\Windows\SysWOW64\drivers\grif.sys moved successfully. ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully. ========== FILES ========== C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U folder moved successfully. C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\L folder moved successfully. C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c} folder moved successfully. C:\Users\kristian\AppData\Local\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U folder moved successfully. C:\Users\kristian\AppData\Local\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\L folder moved successfully. C:\Users\kristian\AppData\Local\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c} folder moved successfully. C:\Windows\assembly\GAC_32\Desktop.ini moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: kristian ->Temp folder emptied: 547180164 bytes ->Temporary Internet Files folder emptied: 252163109 bytes ->Java cache emptied: 1146 bytes ->FireFox cache emptied: 310155459 bytes ->Flash cache emptied: 18976 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56475 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 401992569 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,442.00 mb OTL by OldTimer - Version 3.2.61.3 log created on 09132012_223937 Files\Folders moved on Reboot... C:\Users\kristian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Windows\temp\flaC44F.tmp not found! File\Folder C:\Windows\temp\flaD761.tmp not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... TDSSKiller Log: 22:45:12.0313 4896 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48 22:45:12.0828 4896 ============================================================ 22:45:12.0828 4896 Current date / time: 2012/09/13 22:45:12.0828 22:45:12.0828 4896 SystemInfo: 22:45:12.0828 4896 22:45:12.0828 4896 OS Version: 6.1.7601 ServicePack: 1.0 22:45:12.0828 4896 Product type: Workstation 22:45:12.0828 4896 ComputerName: KRISTIAN-PC 22:45:12.0828 4896 UserName: kristian 22:45:12.0828 4896 Windows directory: C:\Windows 22:45:12.0828 4896 System windows directory: C:\Windows 22:45:12.0828 4896 Running under WOW64 22:45:12.0828 4896 Processor architecture: Intel x64 22:45:12.0828 4896 Number of processors: 8 22:45:12.0828 4896 Page size: 0x1000 22:45:12.0828 4896 Boot type: Normal boot 22:45:12.0828 4896 ============================================================ 22:45:14.0388 4896 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 22:45:14.0388 4896 ============================================================ 22:45:14.0388 4896 \Device\Harddisk0\DR0: 22:45:14.0388 4896 MBR partitions: 22:45:14.0388 4896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 22:45:14.0388 4896 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800 22:45:14.0388 4896 ============================================================ 22:45:14.0419 4896 C: <-> \Device\Harddisk0\DR0\Partition2 22:45:14.0419 4896 ============================================================ 22:45:14.0419 4896 Initialize success 22:45:14.0419 4896 ============================================================ 22:45:33.0826 3528 ============================================================ 22:45:33.0826 3528 Scan started 22:45:33.0826 3528 Mode: Manual; TDLFS; 22:45:33.0826 3528 ============================================================ 22:45:33.0966 3528 ================ Scan system memory ======================== 22:45:33.0966 3528 System memory - ok 22:45:33.0966 3528 ================ Scan services ============================= 22:45:34.0091 3528 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 22:45:34.0091 3528 1394ohci - ok 22:45:34.0122 3528 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 22:45:34.0122 3528 ACPI - ok 22:45:34.0138 3528 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 22:45:34.0153 3528 AcpiPmi - ok 22:45:34.0247 3528 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 22:45:34.0247 3528 AdobeARMservice - ok 22:45:34.0372 3528 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 22:45:34.0372 3528 AdobeFlashPlayerUpdateSvc - ok 22:45:34.0403 3528 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 22:45:34.0403 3528 adp94xx - ok 22:45:34.0450 3528 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 22:45:34.0450 3528 adpahci - ok 22:45:34.0481 3528 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 22:45:34.0481 3528 adpu320 - ok 22:45:34.0497 3528 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 22:45:34.0497 3528 AeLookupSvc - ok 22:45:34.0559 3528 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 22:45:34.0575 3528 AFD - ok 22:45:34.0637 3528 [ 48008D4EA73C1058F36D323A644410D4 ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe 22:45:34.0637 3528 AgereModemAudio - ok 22:45:34.0668 3528 [ DDF52C4C92D831A4CDB7788B37585E36 ] AGERESoftModem C:\Windows\system32\DRIVERS\agrsm64.sys 22:45:34.0684 3528 AGERESoftModem - ok 22:45:34.0715 3528 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 22:45:34.0715 3528 agp440 - ok 22:45:34.0731 3528 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 22:45:34.0731 3528 ALG - ok 22:45:34.0746 3528 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 22:45:34.0746 3528 aliide - ok 22:45:34.0746 3528 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 22:45:34.0746 3528 amdide - ok 22:45:34.0746 3528 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 22:45:34.0762 3528 AmdK8 - ok 22:45:34.0762 3528 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 22:45:34.0762 3528 AmdPPM - ok 22:45:34.0793 3528 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 22:45:34.0793 3528 amdsata - ok 22:45:34.0809 3528 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 22:45:34.0809 3528 amdsbs - ok 22:45:34.0840 3528 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 22:45:34.0840 3528 amdxata - ok 22:45:34.0840 3528 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 22:45:34.0855 3528 AppID - ok 22:45:34.0871 3528 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 22:45:34.0871 3528 AppIDSvc - ok 22:45:34.0871 3528 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 22:45:34.0871 3528 Appinfo - ok 22:45:34.0949 3528 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 22:45:34.0949 3528 Apple Mobile Device - ok 22:45:34.0980 3528 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 22:45:34.0980 3528 AppMgmt - ok 22:45:34.0996 3528 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 22:45:34.0996 3528 arc - ok 22:45:35.0011 3528 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 22:45:35.0011 3528 arcsas - ok 22:45:35.0027 3528 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 22:45:35.0027 3528 AsyncMac - ok 22:45:35.0058 3528 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 22:45:35.0058 3528 atapi - ok 22:45:35.0074 3528 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 22:45:35.0089 3528 AudioEndpointBuilder - ok 22:45:35.0105 3528 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 22:45:35.0105 3528 AudioSrv - ok 22:45:35.0121 3528 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 22:45:35.0121 3528 AxInstSV - ok 22:45:35.0136 3528 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 22:45:35.0152 3528 b06bdrv - ok 22:45:35.0167 3528 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 22:45:35.0183 3528 b57nd60a - ok 22:45:35.0199 3528 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 22:45:35.0199 3528 BDESVC - ok 22:45:35.0214 3528 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 22:45:35.0214 3528 Beep - ok 22:45:35.0245 3528 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 22:45:35.0245 3528 blbdrive - ok 22:45:35.0323 3528 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 22:45:35.0323 3528 Bonjour Service - ok 22:45:35.0355 3528 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 22:45:35.0355 3528 bowser - ok 22:45:35.0370 3528 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 22:45:35.0370 3528 BrFiltLo - ok 22:45:35.0386 3528 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 22:45:35.0386 3528 BrFiltUp - ok 22:45:35.0401 3528 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll 22:45:35.0401 3528 Browser - ok 22:45:35.0417 3528 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 22:45:35.0433 3528 Brserid - ok 22:45:35.0448 3528 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 22:45:35.0448 3528 BrSerWdm - ok 22:45:35.0448 3528 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 22:45:35.0448 3528 BrUsbMdm - ok 22:45:35.0448 3528 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 22:45:35.0448 3528 BrUsbSer - ok 22:45:35.0464 3528 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 22:45:35.0464 3528 BTHMODEM - ok 22:45:35.0479 3528 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 22:45:35.0479 3528 bthserv - ok 22:45:35.0495 3528 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 22:45:35.0495 3528 cdfs - ok 22:45:35.0511 3528 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 22:45:35.0511 3528 cdrom - ok 22:45:35.0526 3528 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 22:45:35.0526 3528 CertPropSvc - ok 22:45:35.0542 3528 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 22:45:35.0542 3528 circlass - ok 22:45:35.0557 3528 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 22:45:35.0557 3528 CLFS - ok 22:45:35.0620 3528 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:45:35.0620 3528 clr_optimization_v2.0.50727_32 - ok 22:45:35.0682 3528 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:45:35.0682 3528 clr_optimization_v2.0.50727_64 - ok 22:45:35.0745 3528 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:45:35.0791 3528 clr_optimization_v4.0.30319_32 - ok 22:45:35.0838 3528 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 22:45:35.0838 3528 clr_optimization_v4.0.30319_64 - ok 22:45:35.0854 3528 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 22:45:35.0854 3528 CmBatt - ok 22:45:35.0869 3528 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 22:45:35.0869 3528 cmdide - ok 22:45:35.0901 3528 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 22:45:35.0916 3528 CNG - ok 22:45:35.0932 3528 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 22:45:35.0932 3528 Compbatt - ok 22:45:35.0947 3528 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 22:45:35.0947 3528 CompositeBus - ok 22:45:35.0963 3528 COMSysApp - ok 22:45:35.0979 3528 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 22:45:35.0979 3528 crcdisk - ok 22:45:36.0010 3528 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll 22:45:36.0010 3528 CryptSvc - ok 22:45:36.0041 3528 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 22:45:36.0041 3528 CSC - ok 22:45:36.0072 3528 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 22:45:36.0088 3528 CscService - ok 22:45:36.0119 3528 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 22:45:36.0119 3528 DcomLaunch - ok 22:45:36.0150 3528 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 22:45:36.0166 3528 defragsvc - ok 22:45:36.0166 3528 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 22:45:36.0181 3528 DfsC - ok 22:45:36.0213 3528 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 22:45:36.0213 3528 Dhcp - ok 22:45:36.0228 3528 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 22:45:36.0228 3528 discache - ok 22:45:36.0228 3528 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 22:45:36.0228 3528 Disk - ok 22:45:36.0259 3528 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 22:45:36.0259 3528 dmvsc - ok 22:45:36.0291 3528 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 22:45:36.0291 3528 Dnscache - ok 22:45:36.0337 3528 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 22:45:36.0337 3528 dot3svc - ok 22:45:36.0353 3528 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 22:45:36.0353 3528 DPS - ok 22:45:36.0384 3528 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 22:45:36.0384 3528 drmkaud - ok 22:45:36.0400 3528 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 22:45:36.0415 3528 DXGKrnl - ok 22:45:36.0447 3528 [ 1F20AEAAD1BE0121647257235B788224 ] e1yexpress C:\Windows\system32\DRIVERS\e1y62x64.sys 22:45:36.0447 3528 e1yexpress - ok 22:45:36.0447 3528 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 22:45:36.0462 3528 EapHost - ok 22:45:36.0525 3528 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 22:45:36.0587 3528 ebdrv - ok 22:45:36.0618 3528 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 22:45:36.0618 3528 EFS - ok 22:45:36.0665 3528 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 22:45:36.0681 3528 ehRecvr - ok 22:45:36.0696 3528 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 22:45:36.0696 3528 ehSched - ok 22:45:36.0712 3528 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 22:45:36.0727 3528 elxstor - ok 22:45:36.0743 3528 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 22:45:36.0743 3528 ErrDev - ok 22:45:36.0774 3528 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 22:45:36.0774 3528 EventSystem - ok 22:45:36.0790 3528 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 22:45:36.0805 3528 exfat - ok 22:45:36.0821 3528 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 22:45:36.0821 3528 fastfat - ok 22:45:36.0837 3528 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 22:45:36.0852 3528 Fax - ok 22:45:36.0868 3528 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 22:45:36.0868 3528 fdc - ok 22:45:36.0883 3528 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 22:45:36.0883 3528 fdPHost - ok 22:45:36.0899 3528 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 22:45:36.0899 3528 FDResPub - ok 22:45:36.0915 3528 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 22:45:36.0915 3528 FileInfo - ok 22:45:36.0930 3528 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 22:45:36.0930 3528 Filetrace - ok 22:45:36.0946 3528 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 22:45:36.0946 3528 flpydisk - ok 22:45:36.0961 3528 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 22:45:36.0961 3528 FltMgr - ok 22:45:37.0024 3528 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 22:45:37.0039 3528 FontCache - ok 22:45:37.0071 3528 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:45:37.0071 3528 FontCache3.0.0.0 - ok 22:45:37.0086 3528 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 22:45:37.0086 3528 FsDepends - ok 22:45:37.0117 3528 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 22:45:37.0117 3528 Fs_Rec - ok 22:45:37.0133 3528 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 22:45:37.0149 3528 fvevol - ok 22:45:37.0149 3528 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 22:45:37.0149 3528 gagp30kx - ok 22:45:37.0180 3528 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 22:45:37.0180 3528 GEARAspiWDM - ok 22:45:37.0195 3528 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 22:45:37.0211 3528 gpsvc - ok 22:45:37.0242 3528 [ B9893A68032A6D9ADDB5B98287C630F7 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys 22:45:37.0242 3528 grmnusb - ok 22:45:37.0273 3528 [ 215DCB833B0747FBAD8AE28C85B5381C ] gwfilt64 C:\Windows\system32\drivers\gwfilt64.sys 22:45:37.0273 3528 gwfilt64 - ok 22:45:37.0289 3528 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 22:45:37.0289 3528 hcw85cir - ok 22:45:37.0320 3528 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 22:45:37.0320 3528 HdAudAddService - ok 22:45:37.0336 3528 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 22:45:37.0336 3528 HDAudBus - ok 22:45:37.0351 3528 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 22:45:37.0351 3528 HidBatt - ok 22:45:37.0367 3528 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 22:45:37.0367 3528 HidBth - ok 22:45:37.0383 3528 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 22:45:37.0383 3528 HidIr - ok 22:45:37.0398 3528 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 22:45:37.0398 3528 hidserv - ok 22:45:37.0414 3528 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 22:45:37.0414 3528 HidUsb - ok 22:45:37.0429 3528 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 22:45:37.0429 3528 hkmsvc - ok 22:45:37.0445 3528 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 22:45:37.0461 3528 HomeGroupListener - ok 22:45:37.0492 3528 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 22:45:37.0492 3528 HomeGroupProvider - ok 22:45:37.0507 3528 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 22:45:37.0507 3528 HpSAMD - ok 22:45:37.0539 3528 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 22:45:37.0539 3528 HTTP - ok 22:45:37.0554 3528 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 22:45:37.0554 3528 hwpolicy - ok 22:45:37.0554 3528 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 22:45:37.0570 3528 i8042prt - ok 22:45:37.0601 3528 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 22:45:37.0601 3528 iaStor - ok 22:45:37.0679 3528 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 22:45:37.0679 3528 IAStorDataMgrSvc - ok 22:45:37.0695 3528 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 22:45:37.0710 3528 iaStorV - ok 22:45:37.0757 3528 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:45:37.0757 3528 idsvc - ok 22:45:37.0788 3528 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 22:45:37.0788 3528 iirsp - ok 22:45:37.0804 3528 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 22:45:37.0819 3528 IKEEXT - ok 22:45:37.0929 3528 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 22:45:37.0944 3528 IntcAzAudAddService - ok 22:45:37.0975 3528 [ CE30E176D5F67728DE368242108B9C34 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe 22:45:37.0975 3528 Intel® PROSet Monitoring Service - ok 22:45:37.0991 3528 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 22:45:37.0991 3528 intelide - ok 22:45:38.0007 3528 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 22:45:38.0007 3528 intelppm - ok 22:45:38.0022 3528 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 22:45:38.0022 3528 IPBusEnum - ok 22:45:38.0038 3528 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:45:38.0053 3528 IpFilterDriver - ok 22:45:38.0069 3528 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 22:45:38.0069 3528 IPMIDRV - ok 22:45:38.0085 3528 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 22:45:38.0085 3528 IPNAT - ok 22:45:38.0131 3528 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 22:45:38.0147 3528 iPod Service - ok 22:45:38.0163 3528 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 22:45:38.0163 3528 IRENUM - ok 22:45:38.0178 3528 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 22:45:38.0178 3528 isapnp - ok 22:45:38.0209 3528 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 22:45:38.0209 3528 iScsiPrt - ok 22:45:38.0225 3528 [ C0D9BA660A41EE8A269EF804E6CD0D7B ] JRAID C:\Windows\system32\DRIVERS\jraid.sys 22:45:38.0225 3528 JRAID - ok 22:45:38.0256 3528 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 22:45:38.0256 3528 kbdclass - ok 22:45:38.0287 3528 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 22:45:38.0287 3528 kbdhid - ok 22:45:38.0287 3528 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 22:45:38.0287 3528 KeyIso - ok 22:45:38.0319 3528 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 22:45:38.0319 3528 KSecDD - ok 22:45:38.0334 3528 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 22:45:38.0334 3528 KSecPkg - ok 22:45:38.0350 3528 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 22:45:38.0350 3528 ksthunk - ok 22:45:38.0381 3528 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 22:45:38.0381 3528 KtmRm - ok 22:45:38.0428 3528 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 22:45:38.0428 3528 LanmanServer - ok 22:45:38.0443 3528 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 22:45:38.0443 3528 LanmanWorkstation - ok 22:45:38.0553 3528 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 22:45:38.0553 3528 LBTServ - ok 22:45:38.0615 3528 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 22:45:38.0615 3528 LHidFilt - ok 22:45:38.0646 3528 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 22:45:38.0646 3528 lltdio - ok 22:45:38.0662 3528 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 22:45:38.0662 3528 lltdsvc - ok 22:45:38.0677 3528 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 22:45:38.0693 3528 lmhosts - ok 22:45:38.0709 3528 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 22:45:38.0709 3528 LMouFilt - ok 22:45:38.0724 3528 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 22:45:38.0740 3528 LSI_FC - ok 22:45:38.0740 3528 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 22:45:38.0740 3528 LSI_SAS - ok 22:45:38.0755 3528 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 22:45:38.0755 3528 LSI_SAS2 - ok 22:45:38.0771 3528 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 22:45:38.0771 3528 LSI_SCSI - ok 22:45:38.0802 3528 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 22:45:38.0802 3528 luafv - ok 22:45:38.0818 3528 [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys 22:45:38.0818 3528 LUsbFilt - ok 22:45:38.0865 3528 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 22:45:38.0865 3528 MBAMProtector - ok 22:45:38.0896 3528 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 22:45:38.0911 3528 MBAMScheduler - ok 22:45:38.0927 3528 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 22:45:38.0943 3528 MBAMService - ok 22:45:38.0958 3528 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 22:45:38.0958 3528 Mcx2Svc - ok 22:45:38.0989 3528 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 22:45:38.0989 3528 megasas - ok 22:45:39.0005 3528 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 22:45:39.0005 3528 MegaSR - ok 22:45:39.0052 3528 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 22:45:39.0052 3528 MMCSS - ok 22:45:39.0067 3528 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 22:45:39.0067 3528 Modem - ok 22:45:39.0083 3528 [ E38AEF079CD3BCFA19F2072A214F829D ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys 22:45:39.0083 3528 MODEMCSA - ok 22:45:39.0083 3528 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 22:45:39.0083 3528 monitor - ok 22:45:39.0130 3528 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 22:45:39.0130 3528 mouclass - ok 22:45:39.0130 3528 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 22:45:39.0130 3528 mouhid - ok 22:45:39.0145 3528 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 22:45:39.0145 3528 mountmgr - ok 22:45:39.0192 3528 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 22:45:39.0192 3528 MozillaMaintenance - ok 22:45:39.0208 3528 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 22:45:39.0208 3528 mpio - ok 22:45:39.0208 3528 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 22:45:39.0223 3528 mpsdrv - ok 22:45:39.0223 3528 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 22:45:39.0239 3528 MRxDAV - ok 22:45:39.0270 3528 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 22:45:39.0270 3528 mrxsmb - ok 22:45:39.0286 3528 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:45:39.0286 3528 mrxsmb10 - ok 22:45:39.0317 3528 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:45:39.0317 3528 mrxsmb20 - ok 22:45:39.0317 3528 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 22:45:39.0317 3528 msahci - ok 22:45:39.0348 3528 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 22:45:39.0348 3528 msdsm - ok 22:45:39.0364 3528 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 22:45:39.0364 3528 MSDTC - ok 22:45:39.0395 3528 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 22:45:39.0395 3528 Msfs - ok 22:45:39.0411 3528 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 22:45:39.0411 3528 mshidkmdf - ok 22:45:39.0411 3528 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 22:45:39.0411 3528 msisadrv - ok 22:45:39.0426 3528 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 22:45:39.0426 3528 MSiSCSI - ok 22:45:39.0442 3528 msiserver - ok 22:45:39.0457 3528 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 22:45:39.0457 3528 MSKSSRV - ok 22:45:39.0473 3528 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 22:45:39.0473 3528 MSPCLOCK - ok 22:45:39.0473 3528 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 22:45:39.0489 3528 MSPQM - ok 22:45:39.0504 3528 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 22:45:39.0504 3528 MsRPC - ok 22:45:39.0535 3528 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 22:45:39.0535 3528 mssmbios - ok 22:45:39.0551 3528 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 22:45:39.0551 3528 MSTEE - ok 22:45:39.0567 3528 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 22:45:39.0567 3528 MTConfig - ok 22:45:39.0582 3528 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 22:45:39.0582 3528 Mup - ok 22:45:39.0598 3528 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 22:45:39.0613 3528 napagent - ok 22:45:39.0645 3528 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 22:45:39.0645 3528 NativeWifiP - ok 22:45:39.0691 3528 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys 22:45:39.0691 3528 NDIS - ok 22:45:39.0723 3528 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 22:45:39.0723 3528 NdisCap - ok 22:45:39.0738 3528 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 22:45:39.0738 3528 NdisTapi - ok 22:45:39.0738 3528 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 22:45:39.0738 3528 Ndisuio - ok 22:45:39.0754 3528 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 22:45:39.0754 3528 NdisWan - ok 22:45:39.0769 3528 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 22:45:39.0769 3528 NDProxy - ok 22:45:39.0785 3528 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 22:45:39.0785 3528 NetBIOS - ok 22:45:39.0801 3528 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 22:45:39.0801 3528 NetBT - ok 22:45:39.0816 3528 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 22:45:39.0816 3528 Netlogon - ok 22:45:39.0847 3528 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 22:45:39.0847 3528 Netman - ok 22:45:39.0879 3528 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 22:45:39.0879 3528 netprofm - ok 22:45:39.0925 3528 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:45:39.0925 3528 NetTcpPortSharing - ok 22:45:39.0941 3528 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 22:45:39.0941 3528 nfrd960 - ok 22:45:39.0957 3528 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 22:45:39.0972 3528 NlaSvc - ok 22:45:40.0003 3528 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 22:45:40.0003 3528 Npfs - ok 22:45:40.0003 3528 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 22:45:40.0003 3528 nsi - ok 22:45:40.0019 3528 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 22:45:40.0019 3528 nsiproxy - ok 22:45:40.0081 3528 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 22:45:40.0097 3528 Ntfs - ok 22:45:40.0128 3528 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 22:45:40.0128 3528 Null - ok 22:45:40.0362 3528 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 22:45:40.0425 3528 nvlddmkm - ok 22:45:40.0440 3528 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 22:45:40.0440 3528 nvraid - ok 22:45:40.0471 3528 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 22:45:40.0471 3528 nvstor - ok 22:45:40.0518 3528 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe 22:45:40.0534 3528 nvsvc - ok 22:45:40.0581 3528 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 22:45:40.0596 3528 nvUpdatusService - ok 22:45:40.0596 3528 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 22:45:40.0596 3528 nv_agp - ok 22:45:40.0612 3528 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 22:45:40.0627 3528 ohci1394 - ok 22:45:40.0643 3528 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 22:45:40.0643 3528 p2pimsvc - ok 22:45:40.0659 3528 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 22:45:40.0674 3528 p2psvc - ok 22:45:40.0690 3528 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 22:45:40.0690 3528 Parport - ok 22:45:40.0721 3528 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 22:45:40.0721 3528 partmgr - ok 22:45:40.0737 3528 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 22:45:40.0737 3528 PcaSvc - ok 22:45:40.0752 3528 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 22:45:40.0752 3528 pci - ok 22:45:40.0768 3528 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 22:45:40.0768 3528 pciide - ok 22:45:40.0783 3528 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 22:45:40.0783 3528 pcmcia - ok 22:45:40.0799 3528 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 22:45:40.0799 3528 pcw - ok 22:45:40.0815 3528 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 22:45:40.0830 3528 PEAUTH - ok 22:45:40.0893 3528 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 22:45:40.0908 3528 PeerDistSvc - ok 22:45:40.0971 3528 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 22:45:40.0971 3528 PerfHost - ok 22:45:41.0017 3528 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 22:45:41.0033 3528 pla - ok 22:45:41.0064 3528 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 22:45:41.0080 3528 PlugPlay - ok 22:45:41.0080 3528 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 22:45:41.0080 3528 PNRPAutoReg - ok 22:45:41.0095 3528 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 22:45:41.0095 3528 PNRPsvc - ok 22:45:41.0127 3528 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 22:45:41.0127 3528 PolicyAgent - ok 22:45:41.0158 3528 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 22:45:41.0158 3528 Power - ok 22:45:41.0173 3528 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 22:45:41.0173 3528 PptpMiniport - ok 22:45:41.0189 3528 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 22:45:41.0189 3528 Processor - ok 22:45:41.0220 3528 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 22:45:41.0220 3528 ProfSvc - ok 22:45:41.0220 3528 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 22:45:41.0220 3528 ProtectedStorage - ok 22:45:41.0236 3528 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 22:45:41.0236 3528 Psched - ok 22:45:41.0267 3528 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 22:45:41.0283 3528 ql2300 - ok 22:45:41.0298 3528 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 22:45:41.0298 3528 ql40xx - ok 22:45:41.0314 3528 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 22:45:41.0314 3528 QWAVE - ok 22:45:41.0329 3528 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 22:45:41.0329 3528 QWAVEdrv - ok 22:45:41.0345 3528 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 22:45:41.0345 3528 RasAcd - ok 22:45:41.0361 3528 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 22:45:41.0361 3528 RasAgileVpn - ok 22:45:41.0376 3528 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 22:45:41.0376 3528 RasAuto - ok 22:45:41.0392 3528 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 22:45:41.0392 3528 Rasl2tp - ok 22:45:41.0407 3528 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 22:45:41.0407 3528 RasMan - ok 22:45:41.0423 3528 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 22:45:41.0423 3528 RasPppoe - ok 22:45:41.0439 3528 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 22:45:41.0439 3528 RasSstp - ok 22:45:41.0454 3528 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 22:45:41.0470 3528 rdbss - ok 22:45:41.0470 3528 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 22:45:41.0470 3528 rdpbus - ok 22:45:41.0501 3528 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 22:45:41.0501 3528 RDPCDD - ok 22:45:41.0517 3528 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 22:45:41.0532 3528 RDPDR - ok 22:45:41.0532 3528 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 22:45:41.0532 3528 RDPENCDD - ok 22:45:41.0548 3528 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 22:45:41.0548 3528 RDPREFMP - ok 22:45:41.0579 3528 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 22:45:41.0579 3528 RdpVideoMiniport - ok 22:45:41.0610 3528 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 22:45:41.0610 3528 RDPWD - ok 22:45:41.0626 3528 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 22:45:41.0626 3528 rdyboost - ok 22:45:41.0641 3528 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 22:45:41.0641 3528 RemoteAccess - ok 22:45:41.0657 3528 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 22:45:41.0673 3528 RemoteRegistry - ok 22:45:41.0688 3528 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 22:45:41.0688 3528 RpcEptMapper - ok 22:45:41.0704 3528 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 22:45:41.0704 3528 RpcLocator - ok 22:45:41.0719 3528 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 22:45:41.0735 3528 RpcSs - ok 22:45:41.0751 3528 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 22:45:41.0751 3528 rspndr - ok 22:45:41.0782 3528 [ 2B12B0B32BA058F1DF2706E8FD7DBEBB ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 22:45:41.0782 3528 RSUSBSTOR - ok 22:45:41.0813 3528 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 22:45:41.0813 3528 s3cap - ok 22:45:41.0829 3528 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 22:45:41.0829 3528 SamSs - ok 22:45:41.0844 3528 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 22:45:41.0844 3528 sbp2port - ok 22:45:41.0860 3528 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 22:45:41.0860 3528 SCardSvr - ok 22:45:41.0875 3528 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 22:45:41.0875 3528 scfilter - ok 22:45:41.0907 3528 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 22:45:41.0922 3528 Schedule - ok 22:45:41.0938 3528 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 22:45:41.0938 3528 SCPolicySvc - ok 22:45:41.0953 3528 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 22:45:41.0969 3528 SDRSVC - ok 22:45:41.0969 3528 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 22:45:41.0969 3528 secdrv - ok 22:45:41.0985 3528 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 22:45:41.0985 3528 seclogon - ok 22:45:41.0985 3528 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 22:45:41.0985 3528 SENS - ok 22:45:42.0000 3528 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 22:45:42.0000 3528 SensrSvc - ok 22:45:42.0016 3528 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 22:45:42.0016 3528 Serenum - ok 22:45:42.0063 3528 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 22:45:42.0063 3528 Serial - ok 22:45:42.0063 3528 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 22:45:42.0063 3528 sermouse - ok 22:45:42.0094 3528 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 22:45:42.0094 3528 SessionEnv - ok 22:45:42.0109 3528 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 22:45:42.0125 3528 sffdisk - ok 22:45:42.0125 3528 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 22:45:42.0125 3528 sffp_mmc - ok 22:45:42.0141 3528 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 22:45:42.0141 3528 sffp_sd - ok 22:45:42.0156 3528 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 22:45:42.0156 3528 sfloppy - ok 22:45:42.0172 3528 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 22:45:42.0187 3528 ShellHWDetection - ok 22:45:42.0203 3528 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 22:45:42.0203 3528 SiSRaid2 - ok 22:45:42.0219 3528 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 22:45:42.0219 3528 SiSRaid4 - ok 22:45:42.0219 3528 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 22:45:42.0219 3528 Smb - ok 22:45:42.0250 3528 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 22:45:42.0265 3528 SNMPTRAP - ok 22:45:42.0265 3528 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 22:45:42.0265 3528 spldr - ok 22:45:42.0281 3528 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe 22:45:42.0297 3528 Spooler - ok 22:45:42.0359 3528 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 22:45:42.0421 3528 sppsvc - ok 22:45:42.0437 3528 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 22:45:42.0437 3528 sppuinotify - ok 22:45:42.0484 3528 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 22:45:42.0484 3528 srv - ok 22:45:42.0499 3528 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 22:45:42.0515 3528 srv2 - ok 22:45:42.0546 3528 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 22:45:42.0546 3528 srvnet - ok 22:45:42.0562 3528 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 22:45:42.0577 3528 SSDPSRV - ok 22:45:42.0577 3528 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 22:45:42.0577 3528 SstpSvc - ok 22:45:42.0640 3528 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 22:45:42.0640 3528 Stereo Service - ok 22:45:42.0655 3528 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 22:45:42.0655 3528 stexstor - ok 22:45:42.0687 3528 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 22:45:42.0702 3528 stisvc - ok 22:45:42.0733 3528 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 22:45:42.0733 3528 storflt - ok 22:45:42.0733 3528 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 22:45:42.0733 3528 storvsc - ok 22:45:42.0796 3528 [ 85BF0B7CE3D9B6D1611E05872E1C3E56 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys 22:45:42.0796 3528 SWDUMon - ok 22:45:42.0811 3528 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 22:45:42.0811 3528 swenum - ok 22:45:42.0843 3528 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 22:45:42.0843 3528 swprv - ok 22:45:42.0858 3528 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys 22:45:42.0858 3528 Synth3dVsc - ok 22:45:42.0905 3528 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 22:45:42.0936 3528 SysMain - ok 22:45:42.0952 3528 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 22:45:42.0952 3528 TabletInputService - ok 22:45:42.0983 3528 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 22:45:42.0983 3528 TapiSrv - ok 22:45:42.0999 3528 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 22:45:42.0999 3528 TBS - ok 22:45:43.0045 3528 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 22:45:43.0077 3528 Tcpip - ok 22:45:43.0108 3528 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 22:45:43.0123 3528 TCPIP6 - ok 22:45:43.0123 3528 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 22:45:43.0123 3528 tcpipreg - ok 22:45:43.0139 3528 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 22:45:43.0139 3528 TDPIPE - ok 22:45:43.0170 3528 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 22:45:43.0170 3528 TDTCP - ok 22:45:43.0201 3528 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 22:45:43.0201 3528 tdx - ok 22:45:43.0201 3528 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 22:45:43.0217 3528 TermDD - ok 22:45:43.0217 3528 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys 22:45:43.0217 3528 terminpt - ok 22:45:43.0248 3528 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 22:45:43.0248 3528 TermService - ok 22:45:43.0264 3528 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 22:45:43.0264 3528 Themes - ok 22:45:43.0279 3528 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 22:45:43.0279 3528 THREADORDER - ok 22:45:43.0311 3528 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 22:45:43.0311 3528 TrkWks - ok 22:45:43.0342 3528 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 22:45:43.0357 3528 TrustedInstaller - ok 22:45:43.0373 3528 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 22:45:43.0373 3528 tssecsrv - ok 22:45:43.0389 3528 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 22:45:43.0389 3528 TsUsbFlt - ok 22:45:43.0404 3528 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 22:45:43.0404 3528 TsUsbGD - ok 22:45:43.0420 3528 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys 22:45:43.0420 3528 tsusbhub - ok 22:45:43.0435 3528 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:45:43.0435 3528 tunnel - ok 22:45:43.0435 3528 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 22:45:43.0451 3528 uagp35 - ok 22:45:43.0467 3528 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:45:43.0467 3528 udfs - ok 22:45:43.0482 3528 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:45:43.0482 3528 UI0Detect - ok 22:45:43.0482 3528 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 22:45:43.0498 3528 uliagpkx - ok 22:45:43.0513 3528 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 22:45:43.0513 3528 umbus - ok 22:45:43.0513 3528 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 22:45:43.0513 3528 UmPass - ok 22:45:43.0545 3528 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 22:45:43.0545 3528 UmRdpService - ok 22:45:43.0623 3528 [ 1E9993AC255B3220BCE71FE9E056BBC9 ] Updater Service for StartNow Toolbar C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe 22:45:43.0638 3528 Updater Service for StartNow Toolbar - ok 22:45:43.0654 3528 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 22:45:43.0654 3528 upnphost - ok 22:45:43.0701 3528 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 22:45:43.0701 3528 USBAAPL64 - ok 22:45:43.0732 3528 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 22:45:43.0732 3528 usbccgp - ok 22:45:43.0747 3528 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 22:45:43.0747 3528 usbcir - ok 22:45:43.0763 3528 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 22:45:43.0763 3528 usbehci - ok 22:45:43.0779 3528 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 22:45:43.0779 3528 usbhub - ok 22:45:43.0794 3528 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 22:45:43.0794 3528 usbohci - ok 22:45:43.0810 3528 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 22:45:43.0810 3528 usbprint - ok 22:45:43.0841 3528 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 22:45:43.0841 3528 usbscan - ok 22:45:43.0841 3528 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:45:43.0857 3528 USBSTOR - ok 22:45:43.0857 3528 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 22:45:43.0857 3528 usbuhci - ok 22:45:43.0872 3528 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 22:45:43.0872 3528 UxSms - ok 22:45:43.0872 3528 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 22:45:43.0872 3528 VaultSvc - ok 22:45:43.0888 3528 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 22:45:43.0888 3528 vdrvroot - ok 22:45:43.0919 3528 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 22:45:43.0919 3528 vds - ok 22:45:43.0935 3528 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 22:45:43.0935 3528 vga - ok 22:45:43.0950 3528 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 22:45:43.0950 3528 VgaSave - ok 22:45:43.0950 3528 VGPU - ok 22:45:43.0966 3528 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 22:45:43.0966 3528 vhdmp - ok 22:45:43.0981 3528 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 22:45:43.0981 3528 viaide - ok 22:45:44.0013 3528 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 22:45:44.0013 3528 vmbus - ok 22:45:44.0028 3528 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 22:45:44.0028 3528 VMBusHID - ok 22:45:44.0044 3528 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 22:45:44.0044 3528 volmgr - ok 22:45:44.0059 3528 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:45:44.0075 3528 volmgrx - ok 22:45:44.0091 3528 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 22:45:44.0091 3528 volsnap - ok 22:45:44.0106 3528 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 22:45:44.0106 3528 vsmraid - ok 22:45:44.0137 3528 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 22:45:44.0169 3528 VSS - ok 22:45:44.0184 3528 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 22:45:44.0200 3528 vwifibus - ok 22:45:44.0215 3528 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 22:45:44.0215 3528 W32Time - ok 22:45:44.0247 3528 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 22:45:44.0247 3528 WacomPen - ok 22:45:44.0262 3528 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 22:45:44.0262 3528 WANARP - ok 22:45:44.0262 3528 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 22:45:44.0262 3528 Wanarpv6 - ok 22:45:44.0325 3528 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 22:45:44.0340 3528 WatAdminSvc - ok 22:45:44.0387 3528 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 22:45:44.0403 3528 wbengine - ok 22:45:44.0418 3528 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 22:45:44.0418 3528 WbioSrvc - ok 22:45:44.0449 3528 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:45:44.0449 3528 wcncsvc - ok 22:45:44.0465 3528 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:45:44.0465 3528 WcsPlugInService - ok 22:45:44.0481 3528 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 22:45:44.0481 3528 Wd - ok 22:45:44.0496 3528 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:45:44.0512 3528 Wdf01000 - ok 22:45:44.0512 3528 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:45:44.0512 3528 WdiServiceHost - ok 22:45:44.0512 3528 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:45:44.0527 3528 WdiSystemHost - ok 22:45:44.0527 3528 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 22:45:44.0543 3528 WebClient - ok 22:45:44.0543 3528 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:45:44.0559 3528 Wecsvc - ok 22:45:44.0559 3528 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:45:44.0559 3528 wercplsupport - ok 22:45:44.0574 3528 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 22:45:44.0574 3528 WerSvc - ok 22:45:44.0590 3528 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 22:45:44.0590 3528 WfpLwf - ok 22:45:44.0605 3528 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 22:45:44.0605 3528 WIMMount - ok 22:45:44.0605 3528 WinHttpAutoProxySvc - ok 22:45:44.0652 3528 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:45:44.0652 3528 Winmgmt - ok 22:45:44.0699 3528 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 22:45:44.0730 3528 WinRM - ok 22:45:44.0777 3528 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 22:45:44.0777 3528 Wlansvc - ok 22:45:44.0855 3528 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 22:45:44.0902 3528 wlidsvc - ok 22:45:44.0917 3528 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 22:45:44.0917 3528 WmiAcpi - ok 22:45:44.0933 3528 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:45:44.0933 3528 wmiApSrv - ok 22:45:44.0949 3528 WMPNetworkSvc - ok 22:45:44.0964 3528 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:45:44.0964 3528 WPCSvc - ok 22:45:44.0980 3528 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:45:44.0980 3528 WPDBusEnum - ok 22:45:44.0980 3528 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:45:44.0980 3528 ws2ifsl - ok 22:45:44.0980 3528 WSearch - ok 22:45:45.0011 3528 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 22:45:45.0027 3528 WudfPf - ok 22:45:45.0042 3528 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 22:45:45.0042 3528 WUDFRd - ok 22:45:45.0058 3528 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:45:45.0058 3528 wudfsvc - ok 22:45:45.0073 3528 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 22:45:45.0073 3528 WwanSvc - ok 22:45:45.0089 3528 ================ Scan global =============================== 22:45:45.0120 3528 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 22:45:45.0151 3528 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 22:45:45.0151 3528 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 22:45:45.0183 3528 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 22:45:45.0214 3528 [ 014A9CB92514E27C0107614DF764BC06 ] C:\Windows\system32\services.exe 22:45:45.0214 3528 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected 22:45:45.0214 3528 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0) 22:45:45.0214 3528 ================ Scan MBR ================================== 22:45:45.0229 3528 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 22:45:45.0713 3528 \Device\Harddisk0\DR0 - ok 22:45:45.0713 3528 ================ Scan VBR ================================== 22:45:45.0729 3528 [ 80ACB7B8E3A9982CC8220C2558091E0C ] \Device\Harddisk0\DR0\Partition1 22:45:45.0729 3528 \Device\Harddisk0\DR0\Partition1 - ok 22:45:45.0760 3528 [ F8FC8EE91D2554DE967CBB4B5B7FCD31 ] \Device\Harddisk0\DR0\Partition2 22:45:45.0760 3528 \Device\Harddisk0\DR0\Partition2 - ok 22:45:45.0760 3528 ============================================================ 22:45:45.0760 3528 Scan finished 22:45:45.0760 3528 ============================================================ 22:45:45.0760 4108 Detected object count: 1 22:45:45.0760 4108 Actual detected object count: 1 22:45:57.0444 4108 C:\Windows\system32\services.exe - copied to quarantine 22:45:57.0787 4108 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine 22:45:57.0787 4108 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine 22:46:12.0467 4108 Backup copy found, using it.. 22:46:12.0514 4108 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot 22:46:12.0514 4108 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot 22:46:12.0561 4108 C:\Windows\system32\services.exe - will be cured on reboot 22:46:12.0561 4108 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure 22:46:26.0959 1272 Deinitialize success
  5. OTL log: OTL logfile created on: 9/13/2012 9:28:54 PM - Run 1 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\kristian\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.99 Gb Total Physical Memory | 7.50 Gb Available Physical Memory | 83.41% Memory free 17.98 Gb Paging File | 15.87 Gb Available in Paging File | 88.28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297.99 Gb Total Space | 153.74 Gb Free Space | 51.59% Space Free | Partition Type: NTFS Drive D: | 5.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 3.73 Gb Total Space | 3.68 Gb Free Space | 98.63% Space Free | Partition Type: FAT32 Computer Name: KRISTIAN-PC | User Name: kristian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/13 21:28:04 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\kristian\Desktop\OTL.exe PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/08/28 13:26:21 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/06/22 08:55:48 | 000,265,952 | ---- | M] () -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe PRC - [2012/06/16 22:38:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011/01/12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011/01/12 19:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2012/08/28 13:26:21 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll MOD - [2012/06/16 22:38:41 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012/06/14 03:31:25 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll MOD - [2012/06/14 03:24:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/14 03:24:34 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2012/05/10 03:34:26 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll MOD - [2012/05/10 03:25:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/05/10 03:25:12 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/10 03:25:07 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c764ad83cd3287fc59a3dc02e08ad1ea\System.Xml.ni.dll MOD - [2012/05/10 03:25:04 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/10 03:25:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/10 03:24:57 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/11/20 22:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll ========== Services (SafeList) ========== SRV:64bit: - [2011/09/27 14:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2011/04/11 15:44:46 | 000,171,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® SRV:64bit: - [2009/12/03 21:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/08/28 13:26:21 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/06/22 08:55:48 | 000,265,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar) SRV - [2012/06/16 22:38:42 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/15 05:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011/01/12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/08/21 12:08:02 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon) DRV:64bit: - [2012/08/21 11:37:05 | 000,244,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2012/08/21 11:22:27 | 000,034,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gwfilt64.sys -- (gwfilt64) DRV:64bit: - [2012/04/18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/11/28 19:23:21 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2011/09/02 01:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011/09/02 01:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011/09/02 01:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/11/20 22:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/20 22:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/04/07 17:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) DRV:64bit: - [2010/01/26 18:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AGERESoftModem) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 19:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2012/09/13 02:33:56 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\ymmm.sys -- (dzyi) DRV - [2012/09/13 02:27:22 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\pgmoeso.sys -- (vgumue) DRV - [2012/09/13 02:21:54 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\grif.sys -- (jxgcu) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3198785 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF 6E 52 5C 25 AE CC 01 [binary data] IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found IE - HKCU\..\URLSearchHook: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=YYYYYYYYUS&apn_uid=5B5467E0-5BA3-4009-843D-FFCF42FCCFA6&apn_sauid=DA271942-16BB-4A69-A158-24525C00A860 IE - HKCU\..\SearchScopes\{32CAE83D-7984-411D-AE62-E0E517DC82B3}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=YYYYYYYYUS&apn_uid=5B5467E0-5BA3-4009-843D-FFCF42FCCFA6&apn_sauid=DA271942-16BB-4A69-A158-24525C00A860 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={C5640841-B097-48CA-A16D-7564EBB4D51F}&mid=d23c68610c2847d18ab9d16b2e823c6a-0388553eb65d88b5a7cde0d41c349c3d3db94a56〈=en&ds=AVG&pr=fr&d=2012-07-29 07:34:50&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{E7413127-AC14-45C8-A30C-FCEC10E5C7AB}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..CT3198785.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3198785&SearchSource=13" FF - prefs.js..extensions.enabledAddons: m3ffxtbr@mywebsearch.com:1.3 FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.1.0 FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.13.0.6 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.5.0 FF - prefs.js..extensions.enabledAddons: {cce665dd-f6dd-4808-968e-eaec971f70ef}:10.10.20.14 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 22:38:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/28 18:29:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kristian\AppData\Roaming\Mozilla\Extensions [2012/07/29 07:30:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\extensions [2012/05/15 21:40:04 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012/09/04 01:30:52 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} [2012/07/13 09:47:55 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2012/07/29 07:30:49 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2012/07/29 07:30:57 | 000,000,000 | ---D | M] (WhiteSmoke US) -- C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef} [2012/02/08 16:45:52 | 000,000,000 | ---D | M] (My Web Search) -- C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\extensions\m3ffxtbr@mywebsearch.com [2012/04/20 14:02:59 | 000,002,580 | ---- | M] () -- C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\searchplugins\askcom.xml [2011/11/28 19:34:13 | 000,001,945 | ---- | M] () -- C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\searchplugins\bing-zugo.xml [2012/07/29 07:51:25 | 000,000,919 | ---- | M] () -- C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\searchplugins\conduit.xml [2012/08/31 10:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/07/13 09:47:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012/08/31 10:16:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012/06/16 22:38:42 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/08/30 14:29:19 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012/02/11 19:52:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old [2012/02/11 19:52:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.2\PriceGongIE.dll (PriceGong) O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll () O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (WhiteSmoke US Toolbar) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll () O3 - HKLM\..\Toolbar: (WhiteSmoke US Toolbar) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (WhiteSmoke US Toolbar) - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found O4 - HKCU..\Run: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe (PC Drivers Headquarters) O4 - Startup: C:\Users\kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{340648C2-F80E-44DA-864B-B523132B83E1}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/05/13 22:18:59 | 000,000,022 | R--- | M] () - D:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2011/08/04 18:13:52 | 000,000,110 | -H-- | M] () - E:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/09/13 21:28:04 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\kristian\Desktop\OTL.exe [2012/09/13 11:26:37 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{1CF530CC-DA11-4BFB-80B6-FE4860B57CE7} [2012/09/13 02:33:27 | 000,000,000 | ---D | C] -- C:\Users\kristian\Desktop\avenger [2012/09/12 23:26:13 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{6C66DE01-B04C-462C-8401-D9ACAB8FF273} [2012/09/12 11:26:02 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{2D9CB7AE-B9DC-409E-BBDD-8560E996E171} [2012/09/11 23:25:50 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{29B0B888-9598-4CE1-9E72-87DA13331C5C} [2012/09/11 23:20:40 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{38E5D888-E5B6-4ABE-BE11-6B4C42F5BC44} [2012/09/11 23:04:59 | 000,000,000 | ---D | C] -- C:\FRST [2012/09/11 11:14:09 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{79810B59-036F-40B2-83DC-88D59160C5A6} [2012/09/10 23:51:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/09/10 23:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2012/09/10 23:13:45 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{ADDA627F-A036-43D7-B8D2-512F42A27806} [2012/09/10 23:07:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/09/10 11:13:21 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{380FD162-45E5-40E2-9E7F-DF8A1776FF4D} [2012/09/09 23:13:10 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{D0889A30-F941-45CE-968F-4643453685DB} [2012/09/09 11:12:58 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{7AF7F121-E15D-4DBA-B37D-30898A9DA59A} [2012/09/08 23:12:47 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{C19C1A42-00F1-4E1B-90E8-EBA2887E13F4} [2012/09/08 11:12:35 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{0066C8D0-8B42-4781-9ACB-51CA781BD4BB} [2012/09/07 23:12:24 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{76589D94-CB1D-4269-BE98-206EC1D6228D} [2012/09/07 11:12:12 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{E833B61A-7D0A-46AD-8EB5-6453EEDCB931} [2012/09/06 23:12:01 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{D0D7DA70-AA82-40D0-B005-61BADA10D860} [2012/09/06 11:11:49 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{0532DB70-4E39-43D9-B7B7-7D4A19E6DF0B} [2012/09/05 23:11:38 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{86C25ADD-F9B0-4DB7-B01B-BAC76A5B9BBD} [2012/09/05 11:11:26 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{B6ABF8DA-DC32-44CD-9D73-303B4ED3E2B2} [2012/09/04 22:25:56 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{DDDEDBF3-61B0-451A-8751-C7F26B864F5D} [2012/09/04 10:25:44 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{515A7C01-48C1-4D45-AB4D-7412DB32E9B1} [2012/09/03 22:17:46 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{52E40F3D-E64E-4278-922C-53C78721096B} [2012/09/03 10:17:35 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{872F6C20-7380-4702-AB76-D1A62BA6BF92} [2012/09/02 22:17:23 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{BB34BFE2-A294-4E9C-AD58-C24E8355F82F} [2012/09/02 10:17:12 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{FE20391E-63C2-4DF3-B377-4B3F251F166C} [2012/09/01 22:17:01 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{7B95CFB9-8D3F-42D3-976E-EBB0BB7E46E7} [2012/09/01 10:16:49 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{0FAB122B-F345-4005-B7DF-122A120CFC38} [2012/08/31 22:16:38 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{EF34F63A-10CA-48F0-BF3A-5F18D2DCECB6} [2012/08/31 10:16:28 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012/08/31 10:16:28 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012/08/31 10:16:28 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012/08/31 10:16:19 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{6FFE5DBD-FAE2-463F-B592-77FF6B9681AF} [2012/08/30 22:16:07 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{E4379F55-7F11-47F1-AFC1-B0AC0244D12B} [2012/08/30 10:10:28 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{89F7C252-C3BE-42EB-A65A-BCD6BE310DAB} [2012/08/29 22:10:17 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{91376EE2-F58F-40D3-9921-7C14FA27A07C} [2012/08/29 07:21:47 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{353F7BA9-27CE-4CC7-A892-656829AFA05C} [2012/08/28 13:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2 [2012/08/28 13:26:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2 [2012/08/28 13:26:42 | 000,000,000 | ---D | C] -- C:\Users\kristian\Documents\Guild Wars 2 [2012/08/28 12:48:23 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{73CCE3BA-FAFF-4FC3-959C-D7AC062574DA} [2012/08/27 22:13:06 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{AB7DFA75-0AEC-44F7-9083-E01305ABEDC7} [2012/08/27 09:59:30 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{79FD70C2-FD01-4C0F-84DC-DE1C7EDB60D4} [2012/08/26 16:20:35 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{EDFB2A65-9D72-4479-9732-6302F2EAEEB2} [2012/08/25 23:31:26 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{788458D4-3FEA-4CD9-8569-76BA142E1BC6} [2012/08/25 10:22:06 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{37A2B3BB-54B8-4984-A720-5DEA2063C235} [2012/08/24 21:07:34 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{8A932766-160A-463A-AFE6-155EA76D4CC5} [2012/08/24 09:01:58 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{B61BF37A-68BC-446C-9A30-BEF269A59AAC} [2012/08/23 12:19:58 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{C9538CA9-2ED0-4957-9F0C-D98E0547BB3C} [2012/08/23 00:19:47 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{9C124C90-9CF2-49AB-A8C7-781BEEE6F488} [2012/08/22 12:19:35 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{C0980BBF-8A37-46E7-A312-E009F51A7BBD} [2012/08/22 00:19:24 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{858856F8-E874-445B-8049-4045A096E09C} [2012/08/21 12:20:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2012/08/21 12:18:57 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{A0153AD7-F331-42FB-8097-A02CDE5A4250} [2012/08/21 11:37:34 | 009,882,112 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsUStoricon.dll [2012/08/21 11:37:34 | 000,244,224 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys [2012/08/21 11:27:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012/08/21 11:27:32 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012/08/21 11:27:32 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012/08/21 11:27:31 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2012/08/21 11:27:31 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2012/08/21 11:27:31 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2012/08/21 11:27:30 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2012/08/21 11:27:30 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2012/08/21 11:27:30 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012/08/21 11:27:30 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012/08/21 11:27:30 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2012/08/21 11:27:30 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012/08/21 11:27:30 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012/08/21 11:27:30 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll [2012/08/21 11:27:29 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2012/08/21 11:27:29 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012/08/21 11:27:29 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012/08/21 11:27:29 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll [2012/08/21 11:27:21 | 000,083,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll [2012/08/21 11:27:20 | 000,897,152 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll [2012/08/21 11:27:20 | 000,753,280 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll [2012/08/21 11:27:20 | 000,065,112 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll [2012/08/21 11:27:20 | 000,060,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBPPCn64.dll [2012/08/21 11:26:55 | 000,034,840 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\gwfilt64.sys [2012/08/21 11:26:54 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012/08/21 11:19:15 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Roaming\Leadertech [2012/08/21 11:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd [2012/08/21 11:19:03 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2012/08/21 11:18:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2012/08/21 11:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012/08/21 11:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd [2012/08/21 11:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2012/08/21 11:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd [2012/08/21 11:17:39 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Roaming\Logitech [2012/08/21 11:17:39 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Roaming\Logishrd [2012/08/21 11:15:07 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\SlimWare Utilities Inc [2012/08/21 11:15:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate [2012/08/21 11:14:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers [2012/08/19 13:21:43 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{661B5887-96FA-4642-8A23-E70EFAE7D722} [2012/08/19 12:04:33 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{01824968-B922-463D-A0F4-8392711C13A1} [2012/08/19 11:35:00 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{F46F7206-1ABC-4089-A913-B566422D9AFF} [2012/08/19 11:05:54 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{4D8A8EB0-1A21-4816-B193-3A58643E94F8} [2012/08/19 05:02:30 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{F7E76940-8282-4FB8-AA29-5C07CB857CD2} [2012/08/18 08:59:00 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{305F60A5-9B86-40C0-8463-2519678A61E2} [2012/08/18 08:58:49 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{3C5BF993-72C8-47FE-93BD-2CBD61AFEBA9} [2012/08/17 07:54:03 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{4B1E8034-BED1-4C4E-9F1B-A2045BD3975C} [2012/08/17 07:53:52 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{EB88B13C-8E72-43A1-B33B-F5FD7E5781DD} [2012/08/16 16:46:40 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{B3133FE0-7730-4D2B-9C7F-A1C669C205AA} [2012/08/16 16:46:29 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{23FA1B58-5A95-4819-98F8-03FE35E98676} [2012/08/15 21:39:28 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{8E309B04-7804-4AB4-8E56-8757B7310FD7} [2012/08/15 21:39:16 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{697D9CC5-B011-48A7-A579-CD78027771D1} [2012/08/15 07:09:47 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{4D72C0ED-F827-498E-9713-F1949298E5D9} [2012/08/15 07:09:36 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{29661A2A-FBCA-4793-93FA-333F77BFED40} ========== Files - Modified Within 30 Days ========== [2012/09/13 21:28:04 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\kristian\Desktop\OTL.exe [2012/09/13 21:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/09/13 11:09:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/13 03:14:26 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/13 03:14:26 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/13 02:39:10 | 000,726,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/09/13 02:39:10 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/09/13 02:39:10 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/09/13 02:34:41 | 2945,847,295 | -HS- | M] () -- C:\hiberfil.sys [2012/09/13 02:33:56 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\ymmm.sys [2012/09/13 02:32:51 | 000,724,952 | ---- | M] () -- C:\Users\kristian\Desktop\avenger.zip [2012/09/13 02:27:22 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\pgmoeso.sys [2012/09/13 02:21:54 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\grif.sys [2012/09/11 22:22:24 | 000,002,860 | ---- | M] () -- C:\Users\kristian\Desktop\Flash info.rtf [2012/09/10 23:07:08 | 357,071,364 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/09/10 22:17:08 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/09/04 01:31:58 | 000,001,354 | ---- | M] () -- C:\Users\kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012/08/28 20:24:53 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012/08/28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012/08/28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012/08/28 13:26:56 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2012/08/28 13:26:21 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/08/28 13:26:21 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/08/24 10:14:28 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012/08/21 12:08:02 | 000,015,712 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys [2012/08/21 11:37:06 | 009,882,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsUStoricon.dll [2012/08/21 11:37:05 | 000,244,224 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys [2012/08/21 11:35:04 | 000,053,248 | ---- | M] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2012/08/21 11:22:40 | 000,518,896 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012/08/21 11:22:40 | 000,155,888 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012/08/21 11:22:39 | 001,560,168 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2012/08/21 11:22:38 | 002,674,320 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2012/08/21 11:22:38 | 000,331,880 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2012/08/21 11:22:36 | 003,615,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2012/08/21 11:22:36 | 000,869,520 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2012/08/21 11:22:36 | 000,375,128 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012/08/21 11:22:36 | 000,204,120 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012/08/21 11:22:36 | 000,149,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2012/08/21 11:22:36 | 000,101,208 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012/08/21 11:22:36 | 000,078,680 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012/08/21 11:22:36 | 000,014,952 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll [2012/08/21 11:22:35 | 001,262,696 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2012/08/21 11:22:35 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012/08/21 11:22:35 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012/08/21 11:22:35 | 000,293,889 | ---- | M] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2012/08/21 11:22:34 | 000,105,616 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll [2012/08/21 11:22:31 | 000,897,152 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll [2012/08/21 11:22:31 | 000,753,280 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll [2012/08/21 11:22:31 | 000,083,072 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll [2012/08/21 11:22:31 | 000,065,112 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll [2012/08/21 11:22:31 | 000,060,504 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBPPCn64.dll [2012/08/21 11:22:27 | 000,034,840 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\gwfilt64.sys [2012/08/21 11:22:26 | 002,533,952 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012/08/21 11:22:07 | 001,706,640 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2012/08/21 11:19:03 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys ========== Files Created - No Company Name ========== [2012/09/13 02:33:56 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\ymmm.sys [2012/09/13 02:32:51 | 000,724,952 | ---- | C] () -- C:\Users\kristian\Desktop\avenger.zip [2012/09/13 02:27:22 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\pgmoeso.sys [2012/09/13 02:21:54 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\grif.sys [2012/09/11 22:22:24 | 000,002,860 | ---- | C] () -- C:\Users\kristian\Desktop\Flash info.rtf [2012/09/10 23:04:45 | 357,071,364 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/09/10 22:53:16 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\00000008.@ [2012/09/10 22:53:14 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\80000000.@ [2012/09/10 22:53:13 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\000000cb.@ [2012/09/04 01:31:58 | 000,001,354 | ---- | C] () -- C:\Users\kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2012/08/28 13:26:56 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2012/08/21 12:08:34 | 000,090,624 | ---- | C] () -- C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\80000032.@ [2012/08/21 11:27:29 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2012/08/21 11:15:08 | 000,015,712 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys [2012/07/29 13:24:29 | 000,027,520 | ---- | C] () -- C:\Users\kristian\AppData\Local\dt.dat [2012/07/10 17:35:00 | 000,077,824 | ---- | C] () -- C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\80000064.@ [2012/07/10 17:35:00 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\L\00000004.@ [2012/07/10 17:34:59 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\00000004.@ [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012/01/11 15:14:42 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\@ [2012/01/11 15:14:42 | 000,002,048 | -HS- | C] () -- C:\Users\kristian\AppData\Local\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\@ [2011/12/15 13:40:17 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2011/12/15 13:40:17 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2011/12/15 13:40:17 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2011/12/15 13:31:10 | 000,039,915 | ---- | C] () -- C:\Windows\DIIUnin.dat [2011/11/29 18:47:23 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report >
  6. Went into the Avenger to try and pull up the log and it said, "No log file found. Either Avenger has not been run yet or a log was not saved successfully.
  7. I did what you asked, but I didn't get a small black box or a log to appear. Double checked everything and did it exactly right, just no log or black box.
  8. SystemLook Log SystemLook 27.08.10 by jpshortstuff Log created at 22:18 on 12/09/2012 by kristian Administrator - Elevation successful ========== filefind ========== Searching for "services.exe" C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06 C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB -= EOF =-
  9. I ran it from the Safe mode command promt due to not having the "repair your computer" options available.
  10. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2012 01 Ran by kristian at 11-09-2012 23:23:30 Running from E:\ Service Pack 1 (X64) OS Language: English(US) Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process. ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY. ==================== One Month Created Files and Folders ====================== 2012-09-11 23:20 - 2012-09-11 23:20 - 00000000 ____D C:\Users\kristian\AppData\Local\{38E5D888-E5B6-4ABE-BE11-6B4C42F5BC44} 2012-09-11 23:04 - 2012-09-11 23:23 - 00000000 ____D C:\FRST 2012-09-11 22:56 - 2012-09-11 22:56 - 01453499 ____A (Farbar) C:\Users\kristian\Downloads\FRST64.exe 2012-09-11 11:14 - 2012-09-11 11:14 - 00000000 ____D C:\Users\kristian\AppData\Local\{79810B59-036F-40B2-83DC-88D59160C5A6} 2012-09-11 00:08 - 2012-09-11 00:08 - 00006936 ____A C:\Users\kristian\Desktop\Attach.txt 2012-09-11 00:07 - 2012-09-11 00:07 - 00023549 ____A C:\Users\kristian\Desktop\DDS.txt 2012-09-11 00:06 - 2012-09-11 00:06 - 00607260 ____R (Swearware) C:\Users\kristian\Downloads\dds.scr 2012-09-10 23:28 - 2012-09-10 23:28 - 06161240 ____A (Uniblue Systems Ltd ) C:\Users\kristian\Downloads\speedupmypc.exe 2012-09-10 23:14 - 2012-09-10 23:58 - 00000000 ____D C:\Users\All Users\SecTaskMan 2012-09-10 23:14 - 2012-09-10 23:14 - 02095024 ____A C:\Users\kristian\Downloads\SecurityTaskManager_Setup.exe 2012-09-10 23:13 - 2012-09-10 23:13 - 00000000 ____D C:\Users\kristian\AppData\Local\{ADDA627F-A036-43D7-B8D2-512F42A27806} 2012-09-10 23:07 - 2012-09-10 23:07 - 00282760 ____A C:\Windows\Minidump\091012-16380-01.dmp 2012-09-10 23:07 - 2012-09-10 23:07 - 00000000 ____D C:\Windows\Minidump 2012-09-10 23:04 - 2012-09-10 23:07 - 357071364 ____A C:\Windows\MEMORY.DMP 2012-09-10 11:13 - 2012-09-10 11:13 - 00000000 ____D C:\Users\kristian\AppData\Local\{380FD162-45E5-40E2-9E7F-DF8A1776FF4D} 2012-09-09 23:13 - 2012-09-09 23:13 - 00000000 ____D C:\Users\kristian\AppData\Local\{D0889A30-F941-45CE-968F-4643453685DB} 2012-09-09 11:12 - 2012-09-09 11:13 - 00000000 ____D C:\Users\kristian\AppData\Local\{7AF7F121-E15D-4DBA-B37D-30898A9DA59A} 2012-09-08 23:12 - 2012-09-08 23:12 - 00000000 ____D C:\Users\kristian\AppData\Local\{C19C1A42-00F1-4E1B-90E8-EBA2887E13F4} 2012-09-08 11:12 - 2012-09-08 11:12 - 00000000 ____D C:\Users\kristian\AppData\Local\{0066C8D0-8B42-4781-9ACB-51CA781BD4BB} 2012-09-07 23:12 - 2012-09-07 23:12 - 00000000 ____D C:\Users\kristian\AppData\Local\{76589D94-CB1D-4269-BE98-206EC1D6228D} 2012-09-07 11:12 - 2012-09-07 11:12 - 00000000 ____D C:\Users\kristian\AppData\Local\{E833B61A-7D0A-46AD-8EB5-6453EEDCB931} 2012-09-06 23:12 - 2012-09-06 23:12 - 00000000 ____D C:\Users\kristian\AppData\Local\{D0D7DA70-AA82-40D0-B005-61BADA10D860} 2012-09-06 11:11 - 2012-09-06 11:12 - 00000000 ____D C:\Users\kristian\AppData\Local\{0532DB70-4E39-43D9-B7B7-7D4A19E6DF0B} 2012-09-05 23:11 - 2012-09-05 23:11 - 00000000 ____D C:\Users\kristian\AppData\Local\{86C25ADD-F9B0-4DB7-B01B-BAC76A5B9BBD} 2012-09-05 11:11 - 2012-09-05 11:11 - 00000000 ____D C:\Users\kristian\AppData\Local\{B6ABF8DA-DC32-44CD-9D73-303B4ED3E2B2} 2012-09-04 22:25 - 2012-09-04 22:26 - 00000000 ____D C:\Users\kristian\AppData\Local\{DDDEDBF3-61B0-451A-8751-C7F26B864F5D} 2012-09-04 10:25 - 2012-09-04 10:25 - 00000000 ____D C:\Users\kristian\AppData\Local\{515A7C01-48C1-4D45-AB4D-7412DB32E9B1} 2012-09-03 22:17 - 2012-09-03 22:17 - 00000000 ____D C:\Users\kristian\AppData\Local\{52E40F3D-E64E-4278-922C-53C78721096B} 2012-09-03 10:17 - 2012-09-03 10:17 - 00000000 ____D C:\Users\kristian\AppData\Local\{872F6C20-7380-4702-AB76-D1A62BA6BF92} 2012-09-02 22:17 - 2012-09-02 22:17 - 00000000 ____D C:\Users\kristian\AppData\Local\{BB34BFE2-A294-4E9C-AD58-C24E8355F82F} 2012-09-02 10:17 - 2012-09-02 10:17 - 00000000 ____D C:\Users\kristian\AppData\Local\{FE20391E-63C2-4DF3-B377-4B3F251F166C} 2012-09-01 22:17 - 2012-09-01 22:17 - 00000000 ____D C:\Users\kristian\AppData\Local\{7B95CFB9-8D3F-42D3-976E-EBB0BB7E46E7} 2012-09-01 10:16 - 2012-09-01 10:17 - 00000000 ____D C:\Users\kristian\AppData\Local\{0FAB122B-F345-4005-B7DF-122A120CFC38} 2012-08-31 22:16 - 2012-08-31 22:16 - 00000000 ____D C:\Users\kristian\AppData\Local\{EF34F63A-10CA-48F0-BF3A-5F18D2DCECB6} 2012-08-31 10:16 - 2012-08-31 10:16 - 00000000 ____D C:\Users\kristian\AppData\Local\{6FFE5DBD-FAE2-463F-B592-77FF6B9681AF} 2012-08-31 10:16 - 2012-08-28 20:10 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe 2012-08-31 10:16 - 2012-08-28 20:10 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe 2012-08-31 10:16 - 2012-08-28 20:09 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe 2012-08-31 10:15 - 2012-08-31 10:16 - 00002948 ____A C:\Windows\SysWOW64\jupdate-1.6.0_35-b10.log 2012-08-30 22:16 - 2012-08-30 22:16 - 00000000 ____D C:\Users\kristian\AppData\Local\{E4379F55-7F11-47F1-AFC1-B0AC0244D12B} 2012-08-30 10:10 - 2012-08-30 10:10 - 00000000 ____D C:\Users\kristian\AppData\Local\{89F7C252-C3BE-42EB-A65A-BCD6BE310DAB} 2012-08-29 22:10 - 2012-08-29 22:10 - 00000000 ____D C:\Users\kristian\AppData\Local\{91376EE2-F58F-40D3-9921-7C14FA27A07C} 2012-08-29 07:21 - 2012-08-29 07:21 - 00000000 ____D C:\Users\kristian\AppData\Local\{353F7BA9-27CE-4CC7-A892-656829AFA05C} 2012-08-28 13:26 - 2012-08-29 07:24 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2 2012-08-28 13:26 - 2012-08-28 22:30 - 00000000 ____D C:\Users\kristian\Documents\Guild Wars 2 2012-08-28 13:26 - 2012-08-28 13:26 - 00000932 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk 2012-08-28 12:48 - 2012-08-28 12:48 - 00000000 ____D C:\Users\kristian\AppData\Local\{73CCE3BA-FAFF-4FC3-959C-D7AC062574DA} 2012-08-27 22:13 - 2012-08-27 22:13 - 00000000 ____D C:\Users\kristian\AppData\Local\{AB7DFA75-0AEC-44F7-9083-E01305ABEDC7} 2012-08-27 09:59 - 2012-08-27 09:59 - 00000000 ____D C:\Users\kristian\AppData\Local\{79FD70C2-FD01-4C0F-84DC-DE1C7EDB60D4} 2012-08-26 16:20 - 2012-08-26 16:20 - 00000000 ____D C:\Users\kristian\AppData\Local\{EDFB2A65-9D72-4479-9732-6302F2EAEEB2} 2012-08-25 23:31 - 2012-08-25 23:31 - 00000000 ____D C:\Users\kristian\AppData\Local\{788458D4-3FEA-4CD9-8569-76BA142E1BC6} 2012-08-25 10:22 - 2012-08-25 10:22 - 00000000 ____D C:\Users\kristian\AppData\Local\{37A2B3BB-54B8-4984-A720-5DEA2063C235} 2012-08-24 21:07 - 2012-08-24 21:07 - 00000000 ____D C:\Users\kristian\AppData\Local\{8A932766-160A-463A-AFE6-155EA76D4CC5} 2012-08-24 09:01 - 2012-08-24 09:02 - 00000000 ____D C:\Users\kristian\AppData\Local\{B61BF37A-68BC-446C-9A30-BEF269A59AAC} 2012-08-23 12:19 - 2012-08-23 12:20 - 00000000 ____D C:\Users\kristian\AppData\Local\{C9538CA9-2ED0-4957-9F0C-D98E0547BB3C} 2012-08-23 00:19 - 2012-08-23 00:19 - 00000000 ____D C:\Users\kristian\AppData\Local\{9C124C90-9CF2-49AB-A8C7-781BEEE6F488} 2012-08-22 12:19 - 2012-08-22 12:19 - 00000000 ____D C:\Users\kristian\AppData\Local\{C0980BBF-8A37-46E7-A312-E009F51A7BBD} 2012-08-22 00:19 - 2012-08-22 00:19 - 00000000 ____D C:\Users\kristian\AppData\Local\{858856F8-E874-445B-8049-4045A096E09C} 2012-08-21 12:20 - 2012-08-21 12:21 - 00000000 ____D C:\Windows\System32\appmgmt 2012-08-21 12:18 - 2012-08-21 12:19 - 00000000 ____D C:\Users\kristian\AppData\Local\{A0153AD7-F331-42FB-8097-A02CDE5A4250} 2012-08-21 11:37 - 2012-08-21 11:37 - 09882112 ____A (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUStoricon.dll 2012-08-21 11:37 - 2012-08-21 11:37 - 00244224 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtsUStor.sys 2012-08-21 11:27 - 2012-08-21 11:27 - 00000000 ____D C:\Windows\SysWOW64\RTCOM 2012-08-21 11:27 - 2012-08-21 11:22 - 04065296 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys 2012-08-21 11:27 - 2012-08-21 11:22 - 03615888 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll 2012-08-21 11:27 - 2012-08-21 11:22 - 02674320 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll 2012-08-21 11:27 - 2012-08-21 11:22 - 01560168 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl 2012-08-21 11:27 - 2012-08-21 11:22 - 01262696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll 2012-08-21 11:27 - 2012-08-21 11:22 - 00897152 ____A (Creative Technology Ltd.) C:\Windows\System32\MBAPO64.dll 2012-08-21 11:27 - 2012-08-21 11:22 - 00869520 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll 2012-08-21 11:27 - 2012-08-21 11:22 - 00753280 ____A (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll 2012-08-21 11:27 - 2012-08-21 11:22 - 00518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll 2012-08-21 11:27 - 2012-08-21 11:22 - 00375128 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll 2012-08-21 11:27 - 2012-08-21 11:22 - 00331880 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll 2012-08-21 11:27 - 2012-08-21 11:22 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll 2012-08-21 11:27 - 2012-08-21 11:22 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll 2012-08-21 11:27 - 2012-08-21 11:22 - 00293889 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT 2012-08-21 11:27 - 2012-08-21 11:22 - 00204120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll 2012-08-21 11:27 - 2012-08-21 11:22 - 00155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll 2012-08-21 11:27 - 2012-08-21 11:22 - 00149608 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll 2012-08-21 11:27 - 2012-08-21 11:22 - 00105616 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll 2012-08-21 11:27 - 2012-08-21 11:22 - 00101208 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll 2012-08-21 11:27 - 2012-08-21 11:22 - 00083072 ____A (Creative Technology Ltd.) C:\Windows\System32\MBWrp64.dll 2012-08-21 11:27 - 2012-08-21 11:22 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll 2012-08-21 11:27 - 2012-08-21 11:22 - 00065112 ____A (Creative Technology Ltd.) C:\Windows\System32\MBppld64.dll 2012-08-21 11:27 - 2012-08-21 11:22 - 00060504 ____A (Creative Technology Ltd.) C:\Windows\System32\MBPPCn64.dll 2012-08-21 11:27 - 2012-08-21 11:22 - 00014952 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll 2012-08-21 11:26 - 2012-08-21 11:22 - 02533952 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll 2012-08-21 11:26 - 2012-08-21 11:22 - 00034840 ____A (Creative Technology Ltd.) C:\Windows\System32\Drivers\gwfilt64.sys 2012-08-21 11:19 - 2012-08-21 11:19 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys 2012-08-21 11:19 - 2012-08-21 11:19 - 00000339 ____A C:\Windows\LkmdfCoInst.log 2012-08-21 11:19 - 2012-08-21 11:19 - 00000000 ____D C:\Users\kristian\AppData\Roaming\Leadertech 2012-08-21 11:18 - 2012-08-21 11:19 - 00007314 ____A C:\Windows\LDPINST.LOG 2012-08-21 11:18 - 2012-08-21 11:19 - 00000000 ____D C:\Users\Public\Documents\LogiShrd 2012-08-21 11:18 - 2012-08-21 11:19 - 00000000 ____D C:\Users\All Users\Logishrd 2012-08-21 11:18 - 2012-08-21 11:19 - 00000000 ____D C:\Program Files\Common Files\Logishrd 2012-08-21 11:18 - 2012-08-21 11:18 - 00000000 ____D C:\Program Files\Logitech 2012-08-21 11:17 - 2012-08-21 11:19 - 00000000 ____D C:\Users\kristian\AppData\Roaming\Logitech 2012-08-21 11:17 - 2012-08-21 11:17 - 00000000 ____D C:\Users\kristian\AppData\Roaming\Logishrd 2012-08-21 11:15 - 2012-08-21 12:21 - 00000000 ____D C:\Program Files (x86)\DriverUpdate 2012-08-21 11:15 - 2012-08-21 12:08 - 00015712 ____A C:\Windows\System32\Drivers\SWDUMon.sys 2012-08-21 11:15 - 2012-08-21 11:15 - 00000000 ____D C:\Users\kristian\AppData\Local\SlimWare Utilities Inc 2012-08-21 11:14 - 2012-08-21 11:14 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2012-08-19 13:21 - 2012-08-21 00:18 - 00000000 ____D C:\Users\kristian\AppData\Local\{661B5887-96FA-4642-8A23-E70EFAE7D722} 2012-08-19 12:04 - 2012-08-19 12:04 - 00000000 ____D C:\Users\kristian\AppData\Local\{01824968-B922-463D-A0F4-8392711C13A1} 2012-08-19 11:35 - 2012-08-19 11:35 - 00000000 ____D C:\Users\kristian\AppData\Local\{F46F7206-1ABC-4089-A913-B566422D9AFF} 2012-08-19 11:05 - 2012-08-19 11:05 - 00000000 ____D C:\Users\kristian\AppData\Local\{4D8A8EB0-1A21-4816-B193-3A58643E94F8} 2012-08-19 05:02 - 2012-08-19 05:02 - 00000000 ____D C:\Users\kristian\AppData\Local\{F7E76940-8282-4FB8-AA29-5C07CB857CD2} 2012-08-18 08:59 - 2012-08-18 08:59 - 00000000 ____D C:\Users\kristian\AppData\Local\{305F60A5-9B86-40C0-8463-2519678A61E2} 2012-08-18 08:58 - 2012-08-18 08:59 - 00000000 ____D C:\Users\kristian\AppData\Local\{3C5BF993-72C8-47FE-93BD-2CBD61AFEBA9} 2012-08-17 07:54 - 2012-08-17 07:54 - 00000000 ____D C:\Users\kristian\AppData\Local\{4B1E8034-BED1-4C4E-9F1B-A2045BD3975C} 2012-08-17 07:53 - 2012-08-17 07:54 - 00000000 ____D C:\Users\kristian\AppData\Local\{EB88B13C-8E72-43A1-B33B-F5FD7E5781DD} 2012-08-16 16:46 - 2012-08-16 16:46 - 00000000 ____D C:\Users\kristian\AppData\Local\{B3133FE0-7730-4D2B-9C7F-A1C669C205AA} 2012-08-16 16:46 - 2012-08-16 16:46 - 00000000 ____D C:\Users\kristian\AppData\Local\{23FA1B58-5A95-4819-98F8-03FE35E98676} 2012-08-15 21:39 - 2012-08-15 21:39 - 00000000 ____D C:\Users\kristian\AppData\Local\{8E309B04-7804-4AB4-8E56-8757B7310FD7} 2012-08-15 21:39 - 2012-08-15 21:39 - 00000000 ____D C:\Users\kristian\AppData\Local\{697D9CC5-B011-48A7-A579-CD78027771D1} 2012-08-15 07:09 - 2012-08-15 07:09 - 00000000 ____D C:\Users\kristian\AppData\Local\{4D72C0ED-F827-498E-9713-F1949298E5D9} 2012-08-15 07:09 - 2012-08-15 07:09 - 00000000 ____D C:\Users\kristian\AppData\Local\{29661A2A-FBCA-4793-93FA-333F77BFED40} 2012-08-14 19:55 - 2012-08-14 22:44 - 00000000 ____D C:\Users\kristian\AppData\Local\SWMonitor 2012-08-14 19:55 - 2012-08-14 19:55 - 00000953 ____A C:\Users\Public\Desktop\SWMoniTOR.lnk 2012-08-14 19:55 - 2012-08-14 19:55 - 00000000 ____D C:\Users\kristian\Documents\SWMonitor 2012-08-14 19:55 - 2012-08-14 19:55 - 00000000 ____D C:\Program Files (x86)\SWMoniTOR 2012-08-14 19:54 - 2012-08-14 19:54 - 00565680 ____A (Crisp Logic, Inc ) C:\Users\kristian\Downloads\swmonitor_1.0.1.exe 2012-08-14 19:09 - 2012-08-14 19:09 - 00000000 ____D C:\Users\kristian\AppData\Local\{6DD1ED45-5A46-4FC6-9A36-7ECA2BB8B1EF} 2012-08-14 19:09 - 2012-08-14 19:09 - 00000000 ____D C:\Users\kristian\AppData\Local\{2DB83FEC-40A7-4159-8D6C-ACF430E28A08} 2012-08-14 06:36 - 2012-08-14 06:36 - 00000000 ____D C:\Users\kristian\AppData\Local\{B8369675-AF17-482A-AEA1-44A321B5432A} 2012-08-14 06:36 - 2012-08-14 06:36 - 00000000 ____D C:\Users\kristian\AppData\Local\{12A0500E-426F-43FC-A675-85FE5CBA67E8} 2012-08-13 16:30 - 2012-08-13 16:30 - 00000000 ____D C:\Users\kristian\AppData\Local\{957821AF-6D45-4D8B-90F5-D27D86036AA4} 2012-08-13 16:30 - 2012-08-13 16:30 - 00000000 ____D C:\Users\kristian\AppData\Local\{0AC319DD-4C83-46CF-ACB9-E380CE667459} 2012-08-12 23:24 - 2012-08-12 23:24 - 00000000 ____D C:\Users\kristian\AppData\Local\{F73BB7F3-AA60-4324-B3CF-C997556E1DAC} 2012-08-12 23:24 - 2012-08-12 23:24 - 00000000 ____D C:\Users\kristian\AppData\Local\{2D1F9202-7CA1-4AFC-A343-DBDEDD43EB6D} 2012-08-12 10:33 - 2012-08-12 10:34 - 00000000 ____D C:\Users\kristian\AppData\Local\{D57EE4DE-C166-4FC9-AC4A-4C50069A6618} 2012-08-12 10:33 - 2012-08-12 10:33 - 00000000 ____D C:\Users\kristian\AppData\Local\{FEDDCC0B-D8F6-42CA-AAD2-D545A8843FFA} ==================== 3 Months Modified Files ================================ 2012-09-11 23:20 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-11 23:20 - 2009-07-13 23:51 - 00059292 ____A C:\Windows\setupact.log 2012-09-11 22:56 - 2012-09-11 22:56 - 01453499 ____A (Farbar) C:\Users\kristian\Downloads\FRST64.exe 2012-09-11 22:56 - 2009-07-14 00:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI 2012-09-11 16:15 - 2012-04-05 13:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-09-11 00:08 - 2012-09-11 00:08 - 00006936 ____A C:\Users\kristian\Desktop\Attach.txt 2012-09-11 00:07 - 2012-09-11 00:07 - 00023549 ____A C:\Users\kristian\Desktop\DDS.txt 2012-09-11 00:06 - 2012-09-11 00:06 - 00607260 ____R (Swearware) C:\Users\kristian\Downloads\dds.scr 2012-09-11 00:03 - 2009-07-13 23:45 - 00021472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-11 00:03 - 2009-07-13 23:45 - 00021472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-10 23:56 - 2010-11-20 22:47 - 00058452 ____A C:\Windows\PFRO.log 2012-09-10 23:28 - 2012-09-10 23:28 - 06161240 ____A (Uniblue Systems Ltd ) C:\Users\kristian\Downloads\speedupmypc.exe 2012-09-10 23:14 - 2012-09-10 23:14 - 02095024 ____A C:\Users\kristian\Downloads\SecurityTaskManager_Setup.exe 2012-09-10 23:07 - 2012-09-10 23:07 - 00282760 ____A C:\Windows\Minidump\091012-16380-01.dmp 2012-09-10 23:07 - 2012-09-10 23:04 - 357071364 ____A C:\Windows\MEMORY.DMP 2012-09-10 22:17 - 2012-07-12 19:55 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-09-07 17:04 - 2012-07-12 19:55 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-04 01:35 - 2011-11-28 18:17 - 01657582 ____A C:\Windows\WindowsUpdate.log 2012-08-31 10:16 - 2012-08-31 10:15 - 00002948 ____A C:\Windows\SysWOW64\jupdate-1.6.0_35-b10.log 2012-08-28 20:24 - 2012-07-12 06:39 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll 2012-08-28 20:24 - 2012-04-11 22:07 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll 2012-08-28 20:10 - 2012-08-31 10:16 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe 2012-08-28 20:10 - 2012-08-31 10:16 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe 2012-08-28 20:09 - 2012-08-31 10:16 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe 2012-08-28 13:26 - 2012-08-28 13:26 - 00000932 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk 2012-08-28 13:26 - 2012-04-05 13:10 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-28 13:26 - 2011-11-28 18:37 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-24 10:14 - 2012-07-13 22:00 - 00001064 ____A C:\Users\Public\Desktop\World of Warcraft.lnk 2012-08-21 12:08 - 2012-08-21 11:15 - 00015712 ____A C:\Windows\System32\Drivers\SWDUMon.sys 2012-08-21 11:37 - 2012-08-21 11:37 - 09882112 ____A (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUStoricon.dll 2012-08-21 11:37 - 2012-08-21 11:37 - 00244224 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtsUStor.sys 2012-08-21 11:35 - 2011-11-28 19:44 - 00053248 ____A (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 04065296 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys 2012-08-21 11:22 - 2012-08-21 11:27 - 03615888 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 02674320 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 01560168 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl 2012-08-21 11:22 - 2012-08-21 11:27 - 01262696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 00897152 ____A (Creative Technology Ltd.) C:\Windows\System32\MBAPO64.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 00869520 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 00753280 ____A (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 00518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 00375128 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 00331880 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 00293889 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT 2012-08-21 11:22 - 2012-08-21 11:27 - 00204120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 00155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 00149608 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 00105616 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 00101208 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 00083072 ____A (Creative Technology Ltd.) C:\Windows\System32\MBWrp64.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 00065112 ____A (Creative Technology Ltd.) C:\Windows\System32\MBppld64.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 00060504 ____A (Creative Technology Ltd.) C:\Windows\System32\MBPPCn64.dll 2012-08-21 11:22 - 2012-08-21 11:27 - 00014952 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll 2012-08-21 11:22 - 2012-08-21 11:26 - 02533952 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll 2012-08-21 11:22 - 2012-08-21 11:26 - 00034840 ____A (Creative Technology Ltd.) C:\Windows\System32\Drivers\gwfilt64.sys 2012-08-21 11:22 - 2011-11-28 19:37 - 01706640 ____A (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll 2012-08-21 11:19 - 2012-08-21 11:19 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys 2012-08-21 11:19 - 2012-08-21 11:19 - 00000339 ____A C:\Windows\LkmdfCoInst.log 2012-08-21 11:19 - 2012-08-21 11:18 - 00007314 ____A C:\Windows\LDPINST.LOG 2012-08-14 19:55 - 2012-08-14 19:55 - 00000953 ____A C:\Users\Public\Desktop\SWMoniTOR.lnk 2012-08-14 19:54 - 2012-08-14 19:54 - 00565680 ____A (Crisp Logic, Inc ) C:\Users\kristian\Downloads\swmonitor_1.0.1.exe 2012-07-29 13:24 - 2012-07-29 13:24 - 00027520 ____A C:\Users\kristian\AppData\Local\dt.dat 2012-07-29 07:30 - 2012-07-29 07:30 - 00000009 ____A C:\END 2012-07-29 07:29 - 2012-07-29 07:29 - 00370168 ____A C:\Users\kristian\Downloads\AVG-Anti-Virus-Free-Edition-2012Setup.exe 2012-07-15 11:47 - 2012-07-15 11:41 - 168454136 ____A (NVIDIA Corporation) C:\Users\kristian\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe 2012-07-13 22:00 - 2012-07-13 21:58 - 32160136 ____A C:\Users\kristian\Downloads\WoW-4.0.0-WOW-enUS-Installer.exe 2012-07-12 20:36 - 2012-07-12 20:36 - 00739856 ____A (Google Inc.) C:\Users\kristian\Downloads\ChromeSetup(1).exe 2012-07-12 20:34 - 2012-07-12 20:34 - 00739856 ____A (Google Inc.) C:\Users\kristian\Downloads\ChromeSetup.exe 2012-07-12 06:56 - 2012-07-12 06:56 - 08351056 ____A (AVG ) C:\Users\kristian\Downloads\avg_pct_stf_all_10_27_c5.exe 2012-07-12 03:20 - 2011-11-28 18:18 - 00000485 ____A C:\Users\kristian\Downloads\Desktop.lnk 2012-07-12 03:19 - 2009-07-13 23:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-12 03:01 - 2011-12-02 07:37 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-09 03:00 - 2012-07-09 03:00 - 00290616 ____A C:\Windows\msxml4-KB954430-enu.LOG 2012-07-09 03:00 - 2012-07-09 03:00 - 00288568 ____A C:\Windows\msxml4-KB973688-enu.LOG 2012-07-07 13:16 - 2012-07-07 13:16 - 00000531 ____A C:\Windows\KB893803v2.log 2012-06-24 21:10 - 2012-06-24 21:10 - 00001162 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2012-06-24 21:09 - 2012-06-24 21:09 - 29828512 ____A (TeamSpeak Systems GmbH) C:\Users\kristian\Downloads\TeamSpeak3-Client-win32-3.0.7.exe ZeroAccess: C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c} C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\@ C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\L C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\L\00000004.@ C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\L\1afb2d56 C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\L\201d3dde C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\00000004.@ C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\00000008.@ C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\000000cb.@ C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\80000000.@ C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\80000032.@ C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\80000064.@ ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ZeroAccess: C:\Users\kristian\AppData\Local\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c} C:\Users\kristian\AppData\Local\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\@ C:\Users\kristian\AppData\Local\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\L C:\Users\kristian\AppData\Local\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 9207.17 MB Available physical RAM: 7912.07 MB Total Pagefile: 18412.54 MB Available Pagefile: 17127.84 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Partitions ============================ 1 Drive c: () (Fixed) (Total:297.99 GB) (Free:155.45 GB) NTFS 2 Drive d: (GW2_DVD2) (CDROM) (Total:5.73 GB) (Free:0 GB) UDF 3 Drive e: () (Removable) (Total:3.73 GB) (Free:3.68 GB) FAT32 Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 3819 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 297 GB 101 MB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components) ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 297 GB Healthy Boot ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3818 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E FAT32 Removable 3818 MB Healthy ================================================================================== Last Boot: 2012-09-06 02:55 ==================== End Of Log =============================
  11. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35 Run by kristian at 0:06:20 on 2012-09-11 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.9207.7200 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\LSI SoftModem\agr64svc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\IProsetMonitor.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\system32\taskhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File uURLSearchHooks: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll mURLSearchHooks: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll mWinlogon: Userinit=userinit.exe, BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.6.2\PriceGongIE.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll TB: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 StartupFolder: C:\Users\kristian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{340648C2-F80E-44DA-864B-B523132B83E1} : DhcpNameServer = 192.168.1.1 BHO-X64: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.2\PriceGongIE.dll BHO-X64: PriceGong - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll BHO-X64: StartNow Toolbar Helper - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll BHO-X64: WhiteSmoke US - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll TB-X64: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\ FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q= FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll FF - plugin: C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll FF - plugin: C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-7 13336] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-10 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-10 676936] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272] R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2012-6-22 265952] R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?] R3 gwfilt64;gwfilt64;C:\Windows\system32\drivers\gwfilt64.sys --> C:\Windows\system32\drivers\gwfilt64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-16 1262400] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250568] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys --> C:\Windows\system32\DRIVERS\SWDUMon.sys [?] S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?] S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-09-11 04:14:27 -------- d-----w- C:\ProgramData\SecTaskMan 2012-09-11 04:13:45 -------- d-----w- C:\Users\kristian\AppData\Local\{ADDA627F-A036-43D7-B8D2-512F42A27806} 2012-09-10 16:13:21 -------- d-----w- C:\Users\kristian\AppData\Local\{380FD162-45E5-40E2-9E7F-DF8A1776FF4D} 2012-09-10 04:13:10 -------- d-----w- C:\Users\kristian\AppData\Local\{D0889A30-F941-45CE-968F-4643453685DB} 2012-09-09 16:12:58 -------- d-----w- C:\Users\kristian\AppData\Local\{7AF7F121-E15D-4DBA-B37D-30898A9DA59A} 2012-09-09 04:12:47 -------- d-----w- C:\Users\kristian\AppData\Local\{C19C1A42-00F1-4E1B-90E8-EBA2887E13F4} 2012-09-08 16:12:35 -------- d-----w- C:\Users\kristian\AppData\Local\{0066C8D0-8B42-4781-9ACB-51CA781BD4BB} 2012-09-08 04:12:24 -------- d-----w- C:\Users\kristian\AppData\Local\{76589D94-CB1D-4269-BE98-206EC1D6228D} 2012-09-07 16:12:12 -------- d-----w- C:\Users\kristian\AppData\Local\{E833B61A-7D0A-46AD-8EB5-6453EEDCB931} 2012-09-07 04:12:01 -------- d-----w- C:\Users\kristian\AppData\Local\{D0D7DA70-AA82-40D0-B005-61BADA10D860} 2012-09-06 16:11:49 -------- d-----w- C:\Users\kristian\AppData\Local\{0532DB70-4E39-43D9-B7B7-7D4A19E6DF0B} 2012-09-06 04:11:38 -------- d-----w- C:\Users\kristian\AppData\Local\{86C25ADD-F9B0-4DB7-B01B-BAC76A5B9BBD} 2012-09-05 16:11:26 -------- d-----w- C:\Users\kristian\AppData\Local\{B6ABF8DA-DC32-44CD-9D73-303B4ED3E2B2} 2012-09-05 03:25:56 -------- d-----w- C:\Users\kristian\AppData\Local\{DDDEDBF3-61B0-451A-8751-C7F26B864F5D} 2012-09-04 15:25:44 -------- d-----w- C:\Users\kristian\AppData\Local\{515A7C01-48C1-4D45-AB4D-7412DB32E9B1} 2012-09-04 03:17:46 -------- d-----w- C:\Users\kristian\AppData\Local\{52E40F3D-E64E-4278-922C-53C78721096B} 2012-09-03 15:17:35 -------- d-----w- C:\Users\kristian\AppData\Local\{872F6C20-7380-4702-AB76-D1A62BA6BF92} 2012-09-03 03:17:23 -------- d-----w- C:\Users\kristian\AppData\Local\{BB34BFE2-A294-4E9C-AD58-C24E8355F82F} 2012-09-02 15:17:12 -------- d-----w- C:\Users\kristian\AppData\Local\{FE20391E-63C2-4DF3-B377-4B3F251F166C} 2012-09-02 03:17:01 -------- d-----w- C:\Users\kristian\AppData\Local\{7B95CFB9-8D3F-42D3-976E-EBB0BB7E46E7} 2012-09-01 15:16:49 -------- d-----w- C:\Users\kristian\AppData\Local\{0FAB122B-F345-4005-B7DF-122A120CFC38} 2012-09-01 03:16:38 -------- d-----w- C:\Users\kristian\AppData\Local\{EF34F63A-10CA-48F0-BF3A-5F18D2DCECB6} 2012-08-31 15:16:19 -------- d-----w- C:\Users\kristian\AppData\Local\{6FFE5DBD-FAE2-463F-B592-77FF6B9681AF} 2012-08-31 03:16:07 -------- d-----w- C:\Users\kristian\AppData\Local\{E4379F55-7F11-47F1-AFC1-B0AC0244D12B} 2012-08-30 15:10:28 -------- d-----w- C:\Users\kristian\AppData\Local\{89F7C252-C3BE-42EB-A65A-BCD6BE310DAB} 2012-08-30 03:10:17 -------- d-----w- C:\Users\kristian\AppData\Local\{91376EE2-F58F-40D3-9921-7C14FA27A07C} 2012-08-29 12:21:47 -------- d-----w- C:\Users\kristian\AppData\Local\{353F7BA9-27CE-4CC7-A892-656829AFA05C} 2012-08-28 18:26:56 -------- d-----w- C:\Program Files (x86)\Guild Wars 2 2012-08-28 17:48:23 -------- d-----w- C:\Users\kristian\AppData\Local\{73CCE3BA-FAFF-4FC3-959C-D7AC062574DA} 2012-08-28 03:13:06 -------- d-----w- C:\Users\kristian\AppData\Local\{AB7DFA75-0AEC-44F7-9083-E01305ABEDC7} 2012-08-27 14:59:30 -------- d-----w- C:\Users\kristian\AppData\Local\{79FD70C2-FD01-4C0F-84DC-DE1C7EDB60D4} 2012-08-26 21:20:35 -------- d-----w- C:\Users\kristian\AppData\Local\{EDFB2A65-9D72-4479-9732-6302F2EAEEB2} 2012-08-26 04:31:26 -------- d-----w- C:\Users\kristian\AppData\Local\{788458D4-3FEA-4CD9-8569-76BA142E1BC6} 2012-08-25 15:22:06 -------- d-----w- C:\Users\kristian\AppData\Local\{37A2B3BB-54B8-4984-A720-5DEA2063C235} 2012-08-25 02:07:34 -------- d-----w- C:\Users\kristian\AppData\Local\{8A932766-160A-463A-AFE6-155EA76D4CC5} 2012-08-24 14:01:58 -------- d-----w- C:\Users\kristian\AppData\Local\{B61BF37A-68BC-446C-9A30-BEF269A59AAC} 2012-08-23 17:19:58 -------- d-----w- C:\Users\kristian\AppData\Local\{C9538CA9-2ED0-4957-9F0C-D98E0547BB3C} 2012-08-23 05:19:47 -------- d-----w- C:\Users\kristian\AppData\Local\{9C124C90-9CF2-49AB-A8C7-781BEEE6F488} 2012-08-22 17:19:35 -------- d-----w- C:\Users\kristian\AppData\Local\{C0980BBF-8A37-46E7-A312-E009F51A7BBD} 2012-08-22 05:19:24 -------- d-----w- C:\Users\kristian\AppData\Local\{858856F8-E874-445B-8049-4045A096E09C} 2012-08-21 17:20:27 -------- d-----w- C:\Windows\System32\appmgmt 2012-08-21 17:18:57 -------- d-----w- C:\Users\kristian\AppData\Local\{A0153AD7-F331-42FB-8097-A02CDE5A4250} 2012-08-21 16:37:34 9882112 ----a-w- C:\Windows\SysWow64\RtsUStoricon.dll 2012-08-21 16:37:34 244224 ----a-w- C:\Windows\System32\drivers\RtsUStor.sys 2012-08-21 16:26:55 34840 ----a-w- C:\Windows\System32\drivers\gwfilt64.sys 2012-08-21 16:26:54 2533952 ----a-w- C:\Windows\System32\FMAPO64.dll 2012-08-21 16:26:04 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2012-08-21 16:19:55 53248 ----a-r- C:\Users\kristian\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-08-21 16:19:03 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2012-08-21 16:17:39 -------- d-----w- C:\Users\kristian\AppData\Roaming\Logishrd 2012-08-21 16:15:08 15712 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys 2012-08-21 16:15:07 -------- d-----w- C:\Users\kristian\AppData\Local\SlimWare Utilities Inc 2012-08-21 16:15:04 -------- d-----w- C:\Program Files (x86)\DriverUpdate 2012-08-19 18:21:43 -------- d-----w- C:\Users\kristian\AppData\Local\{661B5887-96FA-4642-8A23-E70EFAE7D722} 2012-08-19 17:04:33 -------- d-----w- C:\Users\kristian\AppData\Local\{01824968-B922-463D-A0F4-8392711C13A1} 2012-08-19 16:35:00 -------- d-----w- C:\Users\kristian\AppData\Local\{F46F7206-1ABC-4089-A913-B566422D9AFF} 2012-08-19 16:05:54 -------- d-----w- C:\Users\kristian\AppData\Local\{4D8A8EB0-1A21-4816-B193-3A58643E94F8} 2012-08-19 10:02:30 -------- d-----w- C:\Users\kristian\AppData\Local\{F7E76940-8282-4FB8-AA29-5C07CB857CD2} 2012-08-18 13:59:00 -------- d-----w- C:\Users\kristian\AppData\Local\{305F60A5-9B86-40C0-8463-2519678A61E2} 2012-08-18 13:58:49 -------- d-----w- C:\Users\kristian\AppData\Local\{3C5BF993-72C8-47FE-93BD-2CBD61AFEBA9} 2012-08-17 12:54:03 -------- d-----w- C:\Users\kristian\AppData\Local\{4B1E8034-BED1-4C4E-9F1B-A2045BD3975C} 2012-08-17 12:53:52 -------- d-----w- C:\Users\kristian\AppData\Local\{EB88B13C-8E72-43A1-B33B-F5FD7E5781DD} 2012-08-16 21:46:40 -------- d-----w- C:\Users\kristian\AppData\Local\{B3133FE0-7730-4D2B-9C7F-A1C669C205AA} 2012-08-16 21:46:29 -------- d-----w- C:\Users\kristian\AppData\Local\{23FA1B58-5A95-4819-98F8-03FE35E98676} 2012-08-16 02:39:28 -------- d-----w- C:\Users\kristian\AppData\Local\{8E309B04-7804-4AB4-8E56-8757B7310FD7} 2012-08-16 02:39:16 -------- d-----w- C:\Users\kristian\AppData\Local\{697D9CC5-B011-48A7-A579-CD78027771D1} 2012-08-15 12:09:47 -------- d-----w- C:\Users\kristian\AppData\Local\{4D72C0ED-F827-498E-9713-F1949298E5D9} 2012-08-15 12:09:36 -------- d-----w- C:\Users\kristian\AppData\Local\{29661A2A-FBCA-4793-93FA-333F77BFED40} 2012-08-15 00:55:09 -------- d-----w- C:\Users\kristian\AppData\Local\SWMonitor 2012-08-15 00:55:04 -------- d-----w- C:\Program Files (x86)\SWMoniTOR 2012-08-15 00:09:24 -------- d-----w- C:\Users\kristian\AppData\Local\{2DB83FEC-40A7-4159-8D6C-ACF430E28A08} 2012-08-15 00:09:13 -------- d-----w- C:\Users\kristian\AppData\Local\{6DD1ED45-5A46-4FC6-9A36-7ECA2BB8B1EF} 2012-08-14 11:36:20 -------- d-----w- C:\Users\kristian\AppData\Local\{12A0500E-426F-43FC-A675-85FE5CBA67E8} 2012-08-14 11:36:09 -------- d-----w- C:\Users\kristian\AppData\Local\{B8369675-AF17-482A-AEA1-44A321B5432A} 2012-08-13 21:30:42 -------- d-----w- C:\Users\kristian\AppData\Local\{957821AF-6D45-4D8B-90F5-D27D86036AA4} 2012-08-13 21:30:29 -------- d-----w- C:\Users\kristian\AppData\Local\{0AC319DD-4C83-46CF-ACB9-E380CE667459} 2012-08-13 04:24:27 -------- d-----w- C:\Users\kristian\AppData\Local\{F73BB7F3-AA60-4324-B3CF-C997556E1DAC} 2012-08-13 04:24:16 -------- d-----w- C:\Users\kristian\AppData\Local\{2D1F9202-7CA1-4AFC-A343-DBDEDD43EB6D} 2012-08-12 15:33:53 -------- d-----w- C:\Users\kristian\AppData\Local\{D57EE4DE-C166-4FC9-AC4A-4C50069A6618} 2012-08-12 15:33:42 -------- d-----w- C:\Users\kristian\AppData\Local\{FEDDCC0B-D8F6-42CA-AAD2-D545A8843FFA} . ==================== Find3M ==================== . 2012-09-07 22:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-29 01:24:56 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-08-29 01:24:53 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-28 18:26:21 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-28 18:26:21 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-21 16:35:04 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll . ============= FINISH: 0:06:42.63 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 11/28/2011 5:17:52 PM System Uptime: 9/10/2012 11:55:58 PM (1 hours ago) . Motherboard: Gateway | | TBGM01 Processor: Intel® Core i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 298 GiB total, 157.391 GiB free. D: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318} Description: Microsoft PS/2 Mouse Device ID: ACPI\PNP0F03\4&6730480&0 Manufacturer: Microsoft Name: Microsoft PS/2 Mouse PNP Device ID: ACPI\PNP0F03\4&6730480&0 Service: i8042prt . ==== System Restore Points =================== . RP84: 8/29/2012 12:33:56 AM - Scheduled Checkpoint RP85: 8/31/2012 10:15:27 AM - Installed Java 6 Update 35 RP86: 9/8/2012 3:24:58 AM - Scheduled Checkpoint RP87: 9/10/2012 11:28:23 PM - Uniblue SpeedUpMyPC installation RP88: 9/10/2012 11:51:16 PM - Removed AVG 2012 RP89: 9/10/2012 11:51:54 PM - Removed AVG 2012 . ==== Installed Programs ====================== . Action Replay Code Manager Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Apple Application Support Apple Software Update D3DX10 Diablo II Diablo III Driver Detective eReg Guild Wars Guild Wars 2 Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 35 JMicron JMB36X Driver Malwarebytes Anti-Malware version 1.65.0.1400 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK NVIDIA PhysX NVIDIA Stereoscopic 3D Driver PriceGong 2.6.2 Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Star Wars: The Old Republic StarCraft II StartNow Toolbar SWMoniTOR 1.0 TeamSpeak 3 Client Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Ventrilo Client Ventrilo Server Visual Studio 2008 x64 Redistributables WhiteSmoke US Toolbar Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack World of Warcraft . ==== Event Viewer Messages From Past Week ======== . 9/10/2012 11:58:39 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 9/10/2012 11:58:39 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 9/10/2012 11:57:03 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 9/10/2012 11:57:03 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 9/10/2012 11:56:33 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 9/10/2012 11:56:29 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 9/10/2012 11:56:26 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 9/10/2012 11:07:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 9/10/2012 11:07:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 9/10/2012 11:07:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 9/10/2012 11:07:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 9/10/2012 11:07:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 9/10/2012 11:07:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 9/10/2012 11:07:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800bf12b30, 0xfffffa800bf12e10, 0xfffff800037d3510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091012-16380-01. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.