Jump to content

Internet browsers being redirected

azj2k
 Share

Recommended Posts

azj2k

azj2k

Posted
Posted

Internet Explorer, Google Chrome, and Firefox are all redirecting to ad sites from search results. The default homepage is also being redirected in Google Chrome. I have run a Malwarebytes full scan (the PRO edition), and everything comes up clean. Please see attached the DDS logs that were created:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by Jason at 12:16:43 on 2012-05-21

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2316 [GMT -7:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files (x86)\Sony\Walkman\ContentTransferWMDetector.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Users\Jason\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\Users\Jason\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe

C:\Program Files (x86)\Common Files\ARCSOFT\CONNECTION SERVICE\BIN\ACDaemon.exe

C:\Program Files (x86)\Common Files\ARCSOFT\CONNECTION SERVICE\BIN\ArcCon.ac

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\DeviceDisplayObjectProvider.exe

C:\Windows\system32\DXPServer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: H - No File

mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Google Update] "C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Walkman\ContentTransferWMDetector.exe

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe

StartupFolder: C:\Users\Jason\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

LSP: mswsock.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{1F0369E0-70BE-4DCD-A36F-7B94DC8530CE} : DhcpNameServer = 192.168.1.1

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

BHO-X64: AMD SteadyVideo BHO - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

mRun-x64: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Walkman\ContentTransferWMDetector.exe

mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe

.

============= SERVICES / DRIVERS ===============

.

R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-21 654408]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AODDriver;AODDriver;C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-3-12 52280]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-10-5 30528]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-12 257696]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-10-5 25640]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-05-21 18:28:59 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-05-21 18:28:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-05-21 17:54:39 105383 ----a-w- C:\ProgramData\1337622602.bdinstall.bin

2012-05-21 17:38:12 -------- d-----w- C:\Users\Jason\AppData\Local\ElevatedDiagnostics

2012-05-21 15:50:55 223044 ----a-w- C:\ProgramData\1337615247.bdinstall.bin

2012-05-21 15:50:24 -------- d-----w- C:\ProgramData\BDLogging

2012-05-21 15:47:46 -------- d-----w- C:\Program Files\Bitdefender

2012-05-21 15:47:40 -------- d-----w- C:\Users\Jason\AppData\Roaming\QuickScan

2012-05-21 15:47:20 -------- d-----w- C:\Program Files\Common Files\Bitdefender

2012-05-21 15:47:18 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender

2012-05-21 12:43:56 -------- d-----w- C:\Users\Jason\AppData\Local\{BFC9361D-07E2-4F64-897B-BBFCAC0757C3}

2012-05-21 12:43:33 -------- d-----w- C:\Users\Jason\AppData\Local\{1F7C752B-7789-4A26-99EB-066FF1DCDE92}

2012-05-21 11:40:31 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll

2012-05-21 11:40:31 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll

2012-05-21 11:40:31 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe

2012-05-21 11:40:31 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll

2012-05-21 11:40:31 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll

2012-05-21 11:40:30 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll

2012-05-21 11:40:30 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll

2012-05-21 11:03:53 -------- d-----w- C:\Program Files (x86)\Atari

2012-05-21 11:03:29 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll

2012-05-21 11:03:29 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll

2012-05-21 11:03:29 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe

2012-05-21 11:03:29 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll

2012-05-21 11:03:29 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll

2012-05-21 11:03:28 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll

2012-05-21 11:03:28 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll

2012-05-21 00:43:17 -------- d-----w- C:\Users\Jason\AppData\Local\{9D8D47A4-7D46-434F-AF01-2BC9995C01C3}

2012-05-21 00:42:54 -------- d-----w- C:\Users\Jason\AppData\Local\{CBD29E77-AE77-47A8-A4C0-95A5B2D88C99}

2012-05-20 15:48:20 -------- d-----w- C:\Users\Jason\AppData\Local\CrashDumps

2012-05-20 12:42:41 -------- d-----w- C:\Users\Jason\AppData\Local\{DA05F905-7D97-4FDE-BF7E-02136322489D}

2012-05-20 12:42:18 -------- d-----w- C:\Users\Jason\AppData\Local\{8326ACAB-E700-4FE1-9D94-A4423DE7692E}

2012-05-20 00:42:07 -------- d-----w- C:\Users\Jason\AppData\Local\{C88B5094-470E-4364-8F55-B48A23FFFA16}

2012-05-20 00:41:46 -------- d-----w- C:\Users\Jason\AppData\Local\{027E0B54-8CF5-4644-98EA-74C62E4C6CEA}

2012-05-19 12:41:34 -------- d-----w- C:\Users\Jason\AppData\Local\{27A16C62-5024-4863-8104-455860C9E135}

2012-05-19 12:41:12 -------- d-----w- C:\Users\Jason\AppData\Local\{D97AD9FC-425A-4202-9196-8086ACCFA5F8}

2012-05-18 10:30:48 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls

2012-05-18 10:22:41 -------- d-----w- C:\Program Files (x86)\Cyanide

2012-05-17 19:12:15 -------- d-----w- C:\Users\Jason\AppData\Local\{5212C9F0-601D-4353-AA0C-0426A8B4B3AF}

2012-05-17 19:12:05 -------- d-----w- C:\Users\Jason\AppData\Local\{AFA6E3E3-A843-44E7-B6DF-F788045CA86C}

2012-05-17 18:58:29 -------- d-----w- C:\ProgramData\Protexis

2012-05-17 18:56:49 -------- d-----w- C:\Users\Jason\AppData\Local\Corel PaintShop Pro

2012-05-17 18:56:23 -------- d-----w- C:\ProgramData\Corel

2012-05-17 18:56:23 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis

2012-05-17 18:55:09 -------- d-----w- C:\Program Files (x86)\Corel

2012-05-17 17:05:57 8955792 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll

2012-05-17 04:32:55 -------- d-----w- C:\Users\Jason\AppData\Roaming\Malwarebytes

2012-05-17 04:32:50 -------- d-----w- C:\ProgramData\Malwarebytes

2012-05-16 21:25:27 -------- d-----w- C:\Users\Jason\AppData\Local\{B143363E-5F39-4B06-9EE8-961E53C570C5}

2012-05-16 17:32:29 748336 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

2012-05-16 14:20:20 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys

2012-05-15 20:26:27 -------- d-----w- C:\Users\Jason\AppData\Local\dxhr

2012-05-15 20:25:24 -------- d-----w- C:\Users\Jason\AppData\Local\28050

2012-05-15 19:37:23 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-05-15 17:59:25 -------- d-----w- C:\Program Files (x86)\2K Games

2012-05-15 00:02:26 -------- d-----w- C:\Program Files (x86)\Oracle

2012-05-15 00:02:08 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-05-14 08:08:30 -------- d-----w- C:\Users\Jason\AppData\Local\Diagnostics

2012-05-14 07:04:50 -------- d-----w- C:\Program Files (x86)\Warcraft III (Dota - latest)

2012-05-13 21:59:40 -------- d-----w- C:\Users\Jason\AppData\Roaming\DarknessII

2012-05-13 20:44:44 -------- d-----w- C:\Users\Jason\AppData\Local\BladesOfTime

2012-05-13 17:30:47 -------- d-----w- C:\Users\Jason\AppData\Local\Risen2

2012-05-12 15:50:14 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-05-12 15:36:34 -------- d-----w- C:\ProgramData\Blizzard Entertainment

2012-05-12 15:36:34 -------- d-----w- C:\Program Files (x86)\StarCraft II

2012-05-12 15:36:34 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment

2012-05-12 15:24:36 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-12 07:38:19 -------- d-----w- C:\Program Files (x86)\GOG.com

2012-05-12 04:31:24 -------- d-----w- C:\ProgramData\RELOADED

2012-05-11 23:49:18 -------- d-----w- C:\ProgramData\Pendulo Studios

2012-05-11 23:33:24 -------- d-----w- C:\Users\Jason\AppData\Local\Risen

2012-05-11 23:31:09 314016 ----a-w- C:\Windows\System32\drivers\atksgt.sys

2012-05-11 23:31:06 43680 ----a-w- C:\Windows\System32\drivers\lirsgt.sys

2012-05-11 23:31:05 -------- d-----w- C:\Windows\1C4551A64743409391E41477CD655043.TMP

2012-05-11 23:26:14 -------- d-----w- C:\Program Files (x86)\Deep Silver

2012-05-11 23:20:34 -------- d-----w- C:\Users\Jason\AppData\Local\signal studios

2012-05-11 23:06:52 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-05-11 23:06:52 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-05-11 23:06:52 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-05-11 23:06:52 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2012-05-11 23:06:52 -------- d-----w- C:\Program Files (x86)\OpenAL

2012-05-11 18:40:11 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-05-11 18:40:11 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-05-11 18:40:11 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-05-11 18:40:11 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-05-11 18:40:11 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-05-11 18:40:11 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-05-11 18:40:11 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-05-11 18:38:35 -------- d-----w- C:\Program Files (x86)\AMD AVT

2012-05-11 18:38:27 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-05-11 18:37:54 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-05-11 18:37:54 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-05-11 18:37:51 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-11 18:37:49 3146240 ----a-w- C:\Windows\System32\win32k.sys

2012-05-11 18:37:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-11 18:37:47 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-11 18:36:34 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-11 18:36:33 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-11 18:36:28 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 18:36:28 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-11 18:36:28 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-05-11 18:36:28 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-11 18:36:28 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 16:52:14 -------- d-----w- C:\Users\Jason\AppData\Roaming\LS

2012-05-06 06:21:40 -------- d-----w- C:\ProgramData\Reflexive

2012-05-03 23:41:12 -------- d-----w- C:\Users\Jason\AppData\Local\{B7EEDF0B-16A9-4B31-A2C8-5E153DB1C53D}

2012-05-03 23:30:26 -------- d-----w- C:\Users\Jason\AppData\Local\{45A0E8A3-19AA-4677-A458-5C25D5094CF3}

2012-05-03 21:21:13 -------- d-----w- C:\Users\Jason\AppData\Local\{CC938591-882E-4CC4-8DAA-D425876914ED}

2012-04-25 16:17:23 -------- d-----w- C:\Users\Jason\AppData\Local\{9697B3FA-63AF-45EE-98EE-9602CB40F2ED}

2012-04-25 01:18:42 -------- d-----w- C:\Users\Jason\AppData\Local\{10F98ED2-0E0F-4B97-99C8-D777050A531F}

2012-04-24 20:41:13 -------- d-----w- C:\Users\Jason\AppData\Local\{7C69E634-13EA-47B0-9472-BF8FE8625818}

2012-04-23 06:14:36 -------- d-----w- C:\Users\Jason\AppData\Local\{6D320A96-AF9E-4559-B16D-61B1C39CE4B3}

2012-04-22 22:53:31 -------- d-----w- C:\Users\Jason\AppData\Local\{A1917FD2-50E3-4264-8930-3C0CC4037830}

.

==================== Find3M ====================

.

2012-05-21 18:31:29 30528 ----a-w- C:\Windows\GVTDrv64.sys

2012-05-21 18:31:15 25640 ----a-w- C:\Windows\gdrv.sys

2012-05-15 16:49:23 25640 ----a-w- C:\Windows\etdrv.sys

2012-05-12 15:51:09 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-06 05:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-04-06 05:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-04-06 05:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-04-06 05:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-04-06 05:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-04-06 05:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll

2012-04-06 05:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll

2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe

2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll

2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll

2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll

2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll

2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll

2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-04-05 01:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-03-10 13:37:24 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-03-10 13:37:24 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-03-09 21:07:04 29184 ----a-w- C:\Windows\System32\kdbsdk64.dll

2012-03-09 21:06:14 24576 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll

2012-03-09 01:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-23 17:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-23 12:32:04 95760 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

.

============= FINISH: 12:16:57.13 ===============

Any feedback would be appreciated. Please let me know if any additional information is needed. Thanks!

Link to post
Share on other sites
  • Replies 141
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Maniac

Maniac

Posted
Posted

Hello azj2k and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

What about Attach.txt (part of DDS)?

Link to post
Share on other sites
azj2k

azj2k

Posted
  • Author
Posted

Maniac -

Here is the Attach.txt log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 10/5/2011 9:05:28 PM

System Uptime: 5/21/2012 11:30:47 AM (2 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | GA-78LMT-S2P

Processor: AMD Phenom II X4 B55 Processor | Socket M2 | 3300/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 153 GiB total, 6.657 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: archlp

Device ID: ROOT\LEGACY_ARCHLP\0000

Manufacturer:

Name: archlp

PNP Device ID: ROOT\LEGACY_ARCHLP\0000

Service: archlp

.

==== System Restore Points ===================

.

RP240: 5/21/2012 4:03:54 AM - Installed Neverwinter Nights 2

RP241: 5/21/2012 4:12:55 AM - Installed DirectX

RP242: 5/21/2012 4:41:00 AM - Installed Mask of the Betrayer

RP243: 5/21/2012 8:03:32 AM - Installed Storm of Zehir

RP244: 5/21/2012 10:25:11 AM - Windows Update

.

==== Installed Programs ======================

.

µTorrent

Adobe Reader X (10.1.3)

AMD VISION Engine Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Combined Community Codec Pack 2011-07-30

Content Transfer

Corel PaintShop Pro X4

D3DX10

DAEMON Tools Lite

Dual-Core Optimizer

Easy Tune 6 B11.0427.1

F.E.A.R. Plantinum

Game of Thrones version 1.0.0.0

Google Chrome

ICA

IPM_PSP_COM

Java Auto Updater

Java 6 Update 22

Java 6 Update 31

Java 7 Update 4

JavaFX 2.1.0

Lands Of Lore 1 and 2

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 1.1

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual J# 2.0 Redistributable Package

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

MSVCRT

Neverwinter Nights 2

NVIDIA PhysX

ON_OFF Charge B11.0110.1

OpenAL

OpenOffice.org 3.3

Pando Media Booster

PSPPContent

PSPPHelp

Realm of the Mad God

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1

Risen

Risen 2 - Dark Waters

Rockstar Games Social Club

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Setup

Shockwave

StarCraft II

Steam

System Requirements Lab CYRI

Team Fortress 2

The Darkness II

The Sims Medieval

The Sims Medieval Pirates and Nobles

Tropico 4 1.00

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Visual Studio 2008 x64 Redistributables

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

5/21/2012 12:17:31 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

5/21/2012 12:17:31 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

5/21/2012 11:31:13 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

5/21/2012 11:31:10 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: archlp

5/21/2012 11:31:09 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

5/21/2012 11:31:08 AM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.

5/21/2012 10:39:32 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.127.201.0).

5/20/2012 8:48:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

5/20/2012 8:48:47 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/18/2012 6:12:40 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Max\Jason SID (S-1-5-21-2817517564-1474398063-2356579836-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

5/17/2012 10:06:33 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.125.1854.0).

5/16/2012 3:32:32 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

5/16/2012 12:50:47 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

5/16/2012 12:50:47 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

5/16/2012 12:49:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

5/16/2012 12:49:41 PM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/16/2012 12:49:11 PM, Error: Service Control Manager [7022] - The Diagnostic Policy Service service hung on starting.

5/16/2012 12:47:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.

5/16/2012 12:47:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

5/16/2012 12:47:20 PM, Error: Service Control Manager [7000] - The Network Location Awareness service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/16/2012 12:46:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.

5/16/2012 12:46:50 PM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/16/2012 12:46:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.

5/16/2012 12:46:20 PM, Error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/16/2012 12:45:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.

5/16/2012 12:45:50 PM, Error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/16/2012 12:44:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

5/16/2012 10:16:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the szserver service.

5/16/2012 1:50:29 PM, Error: Service Control Manager [7022] - The Task Scheduler service hung on starting.

.

==== End Of File ===========================

Thanks for your help!

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Thanks!

Step 1

Please uninstall µTorrent, because of our policy:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Link to post
Share on other sites
azj2k

azj2k

Posted
  • Author
Posted

Maniac -

Please see below for the requested text files:

TDDS Killer:

09:26:00.0231 6296 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

09:26:00.0612 6296 ============================================================

09:26:00.0612 6296 Current date / time: 2012/05/22 09:26:00.0612

09:26:00.0612 6296 SystemInfo:

09:26:00.0612 6296

09:26:00.0612 6296 OS Version: 6.1.7601 ServicePack: 1.0

09:26:00.0612 6296 Product type: Workstation

09:26:00.0612 6296 ComputerName: MAX

09:26:00.0612 6296 UserName: Jason

09:26:00.0612 6296 Windows directory: C:\Windows

09:26:00.0612 6296 System windows directory: C:\Windows

09:26:00.0612 6296 Running under WOW64

09:26:00.0612 6296 Processor architecture: Intel x64

09:26:00.0612 6296 Number of processors: 4

09:26:00.0612 6296 Page size: 0x1000

09:26:00.0612 6296 Boot type: Normal boot

09:26:00.0612 6296 ============================================================

09:26:01.0429 6296 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

09:26:01.0433 6296 Drive \Device\Harddisk1\DR1 - Size: 0xEF800000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

09:26:01.0437 6296 ============================================================

09:26:01.0437 6296 \Device\Harddisk0\DR0:

09:26:01.0437 6296 MBR partitions:

09:26:01.0437 6296 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x132C4938

09:26:01.0437 6296 \Device\Harddisk1\DR1:

09:26:01.0438 6296 MBR partitions:

09:26:01.0439 6296 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x458, BlocksNum 0x77BBA8

09:26:01.0439 6296 ============================================================

09:26:01.0452 6296 C: <-> \Device\Harddisk0\DR0\Partition0

09:26:01.0452 6296 ============================================================

09:26:01.0452 6296 Initialize success

09:26:01.0452 6296 ============================================================

09:26:29.0679 8164 ============================================================

09:26:29.0679 8164 Scan started

09:26:29.0679 8164 Mode: Manual; SigCheck; TDLFS;

09:26:29.0679 8164 ============================================================

09:26:31.0126 8164 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

09:26:31.0189 8164 1394ohci - ok

09:26:31.0278 8164 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

09:26:31.0315 8164 ACDaemon - ok

09:26:31.0368 8164 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

09:26:31.0380 8164 ACPI - ok

09:26:31.0397 8164 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

09:26:31.0467 8164 AcpiPmi - ok

09:26:31.0518 8164 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

09:26:31.0525 8164 AdobeARMservice - ok

09:26:31.0646 8164 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

09:26:31.0655 8164 AdobeFlashPlayerUpdateSvc - ok

09:26:31.0712 8164 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

09:26:31.0726 8164 adp94xx - ok

09:26:31.0761 8164 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

09:26:31.0773 8164 adpahci - ok

09:26:31.0791 8164 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

09:26:31.0801 8164 adpu320 - ok

09:26:31.0825 8164 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

09:26:31.0931 8164 AeLookupSvc - ok

09:26:32.0022 8164 Afc (0d0e5281784c2c526ba43c2ecd374288) C:\Windows\syswow64\drivers\Afc.sys

09:26:32.0029 8164 Afc - ok

09:26:32.0086 8164 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

09:26:32.0144 8164 AFD - ok

09:26:32.0184 8164 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

09:26:32.0192 8164 agp440 - ok

09:26:32.0219 8164 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

09:26:32.0254 8164 ALG - ok

09:26:32.0275 8164 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

09:26:32.0282 8164 aliide - ok

09:26:32.0326 8164 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe

09:26:32.0406 8164 AMD External Events Utility - ok

09:26:32.0489 8164 AMD FUEL Service - ok

09:26:32.0530 8164 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

09:26:32.0538 8164 amdide - ok

09:26:32.0577 8164 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys

09:26:32.0584 8164 amdiox64 - ok

09:26:32.0619 8164 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

09:26:32.0673 8164 AmdK8 - ok

09:26:33.0174 8164 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys

09:26:33.0464 8164 amdkmdag - ok

09:26:33.0610 8164 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys

09:26:33.0636 8164 amdkmdap - ok

09:26:33.0672 8164 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

09:26:33.0704 8164 AmdPPM - ok

09:26:33.0735 8164 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

09:26:33.0743 8164 amdsata - ok

09:26:33.0770 8164 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

09:26:33.0780 8164 amdsbs - ok

09:26:33.0802 8164 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

09:26:33.0810 8164 amdxata - ok

09:26:33.0872 8164 AODDriver (b934322c68c30dceca96c0274a51f7b0) C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys

09:26:33.0879 8164 AODDriver - ok

09:26:33.0942 8164 AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

09:26:33.0949 8164 AODDriver4.01 - ok

09:26:33.0964 8164 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

09:26:33.0971 8164 AODDriver4.1 - ok

09:26:34.0004 8164 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

09:26:34.0047 8164 AppID - ok

09:26:34.0069 8164 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

09:26:34.0109 8164 AppIDSvc - ok

09:26:34.0150 8164 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

09:26:34.0181 8164 Appinfo - ok

09:26:34.0228 8164 AppleCharger (6be11ad81d4527d299f0cb5f3731aabc) C:\Windows\system32\DRIVERS\AppleCharger.sys

09:26:34.0234 8164 AppleCharger - ok

09:26:34.0245 8164 AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\Windows\system32\AppleChargerSrv.exe

09:26:34.0252 8164 AppleChargerSrv - ok

09:26:34.0291 8164 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

09:26:34.0334 8164 AppMgmt - ok

09:26:34.0369 8164 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

09:26:34.0377 8164 arc - ok

09:26:34.0432 8164 archlp - ok

09:26:34.0452 8164 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

09:26:34.0461 8164 arcsas - ok

09:26:34.0551 8164 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

09:26:34.0569 8164 aspnet_state - ok

09:26:34.0608 8164 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

09:26:34.0643 8164 AsyncMac - ok

09:26:34.0673 8164 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

09:26:34.0680 8164 atapi - ok

09:26:34.0716 8164 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys

09:26:34.0723 8164 AtiHDAudioService - ok

09:26:35.0223 8164 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys

09:26:35.0318 8164 atikmdag - ok

09:26:35.0470 8164 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys

09:26:35.0482 8164 atksgt - ok

09:26:35.0542 8164 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

09:26:35.0582 8164 AudioEndpointBuilder - ok

09:26:35.0588 8164 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

09:26:35.0615 8164 AudioSrv - ok

09:26:35.0662 8164 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

09:26:35.0719 8164 AxInstSV - ok

09:26:35.0771 8164 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

09:26:35.0796 8164 b06bdrv - ok

09:26:35.0836 8164 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

09:26:35.0871 8164 b57nd60a - ok

09:26:35.0917 8164 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

09:26:35.0958 8164 BDESVC - ok

09:26:35.0993 8164 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

09:26:36.0033 8164 Beep - ok

09:26:36.0138 8164 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

09:26:36.0184 8164 BFE - ok

09:26:36.0247 8164 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

09:26:36.0302 8164 BITS - ok

09:26:36.0349 8164 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

09:26:36.0369 8164 blbdrive - ok

09:26:36.0403 8164 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

09:26:36.0425 8164 bowser - ok

09:26:36.0435 8164 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

09:26:36.0494 8164 BrFiltLo - ok

09:26:36.0508 8164 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

09:26:36.0518 8164 BrFiltUp - ok

09:26:36.0549 8164 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

09:26:36.0582 8164 BridgeMP - ok

09:26:36.0619 8164 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

09:26:36.0661 8164 Browser - ok

09:26:36.0690 8164 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

09:26:36.0736 8164 Brserid - ok

09:26:36.0746 8164 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

09:26:36.0765 8164 BrSerWdm - ok

09:26:36.0774 8164 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

09:26:36.0789 8164 BrUsbMdm - ok

09:26:36.0793 8164 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

09:26:36.0805 8164 BrUsbSer - ok

09:26:36.0822 8164 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

09:26:36.0839 8164 BTHMODEM - ok

09:26:36.0860 8164 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

09:26:36.0899 8164 bthserv - ok

09:26:36.0921 8164 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

09:26:36.0949 8164 cdfs - ok

09:26:37.0002 8164 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

09:26:37.0037 8164 cdrom - ok

09:26:37.0085 8164 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

09:26:37.0135 8164 CertPropSvc - ok

09:26:37.0155 8164 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

09:26:37.0180 8164 circlass - ok

09:26:37.0224 8164 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

09:26:37.0237 8164 CLFS - ok

09:26:37.0300 8164 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:26:37.0307 8164 clr_optimization_v2.0.50727_32 - ok

09:26:37.0341 8164 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

09:26:37.0349 8164 clr_optimization_v2.0.50727_64 - ok

09:26:37.0424 8164 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:26:37.0466 8164 clr_optimization_v4.0.30319_32 - ok

09:26:37.0485 8164 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

09:26:37.0494 8164 clr_optimization_v4.0.30319_64 - ok

09:26:37.0516 8164 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

09:26:37.0542 8164 CmBatt - ok

09:26:37.0585 8164 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

09:26:37.0593 8164 cmdide - ok

09:26:37.0657 8164 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

09:26:37.0676 8164 CNG - ok

09:26:37.0695 8164 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

09:26:37.0702 8164 Compbatt - ok

09:26:37.0721 8164 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

09:26:37.0749 8164 CompositeBus - ok

09:26:37.0751 8164 COMSysApp - ok

09:26:37.0770 8164 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

09:26:37.0778 8164 crcdisk - ok

09:26:37.0816 8164 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

09:26:37.0850 8164 CryptSvc - ok

09:26:37.0894 8164 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

09:26:37.0951 8164 CSC - ok

09:26:37.0992 8164 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

09:26:38.0017 8164 CscService - ok

09:26:38.0078 8164 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

09:26:38.0114 8164 DcomLaunch - ok

09:26:38.0136 8164 ddhgxpxd - ok

09:26:38.0166 8164 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

09:26:38.0194 8164 defragsvc - ok

09:26:38.0241 8164 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

09:26:38.0284 8164 DfsC - ok

09:26:38.0324 8164 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

09:26:38.0362 8164 Dhcp - ok

09:26:38.0384 8164 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

09:26:38.0420 8164 discache - ok

09:26:38.0443 8164 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

09:26:38.0451 8164 Disk - ok

09:26:38.0473 8164 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

09:26:38.0493 8164 Dnscache - ok

09:26:38.0536 8164 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

09:26:38.0568 8164 dot3svc - ok

09:26:38.0600 8164 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

09:26:38.0632 8164 DPS - ok

09:26:38.0662 8164 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

09:26:38.0682 8164 drmkaud - ok

09:26:38.0721 8164 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

09:26:38.0731 8164 dtsoftbus01 - ok

09:26:38.0793 8164 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

09:26:38.0815 8164 DXGKrnl - ok

09:26:38.0833 8164 EagleX64 - ok

09:26:38.0864 8164 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

09:26:38.0899 8164 EapHost - ok

09:26:39.0117 8164 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

09:26:39.0186 8164 ebdrv - ok

09:26:39.0276 8164 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

09:26:39.0323 8164 EFS - ok

09:26:39.0397 8164 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

09:26:39.0459 8164 ehRecvr - ok

09:26:39.0490 8164 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

09:26:39.0535 8164 ehSched - ok

09:26:39.0609 8164 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

09:26:39.0625 8164 elxstor - ok

09:26:39.0655 8164 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

09:26:39.0674 8164 ErrDev - ok

09:26:39.0724 8164 etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys

09:26:39.0730 8164 etdrv - ok

09:26:39.0766 8164 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

09:26:39.0800 8164 EventSystem - ok

09:26:39.0831 8164 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

09:26:39.0865 8164 exfat - ok

09:26:39.0884 8164 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

09:26:39.0928 8164 fastfat - ok

09:26:40.0003 8164 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

09:26:40.0031 8164 Fax - ok

09:26:40.0045 8164 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

09:26:40.0064 8164 fdc - ok

09:26:40.0089 8164 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

09:26:40.0136 8164 fdPHost - ok

09:26:40.0150 8164 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

09:26:40.0187 8164 FDResPub - ok

09:26:40.0209 8164 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

09:26:40.0217 8164 FileInfo - ok

09:26:40.0225 8164 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

09:26:40.0260 8164 Filetrace - ok

09:26:40.0274 8164 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

09:26:40.0282 8164 flpydisk - ok

09:26:40.0320 8164 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

09:26:40.0331 8164 FltMgr - ok

09:26:40.0410 8164 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

09:26:40.0464 8164 FontCache - ok

09:26:40.0537 8164 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

09:26:40.0543 8164 FontCache3.0.0.0 - ok

09:26:40.0571 8164 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

09:26:40.0579 8164 FsDepends - ok

09:26:40.0602 8164 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

09:26:40.0609 8164 Fs_Rec - ok

09:26:40.0659 8164 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

09:26:40.0672 8164 fvevol - ok

09:26:40.0700 8164 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

09:26:40.0708 8164 gagp30kx - ok

09:26:40.0736 8164 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys

09:26:40.0741 8164 gdrv - ok

09:26:40.0798 8164 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

09:26:40.0842 8164 gpsvc - ok

09:26:40.0866 8164 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys

09:26:40.0872 8164 GVTDrv64 - ok

09:26:40.0895 8164 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

09:26:40.0935 8164 hcw85cir - ok

09:26:40.0988 8164 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

09:26:41.0003 8164 HdAudAddService - ok

09:26:41.0027 8164 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

09:26:41.0056 8164 HDAudBus - ok

09:26:41.0082 8164 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

09:26:41.0102 8164 HidBatt - ok

09:26:41.0125 8164 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

09:26:41.0160 8164 HidBth - ok

09:26:41.0163 8164 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

09:26:41.0191 8164 HidIr - ok

09:26:41.0206 8164 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

09:26:41.0239 8164 hidserv - ok

09:26:41.0288 8164 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

09:26:41.0296 8164 HidUsb - ok

09:26:41.0327 8164 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

09:26:41.0389 8164 hkmsvc - ok

09:26:41.0427 8164 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

09:26:41.0474 8164 HomeGroupListener - ok

09:26:41.0505 8164 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

09:26:41.0521 8164 HomeGroupProvider - ok

09:26:41.0563 8164 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

09:26:41.0572 8164 HpSAMD - ok

09:26:41.0617 8164 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

09:26:41.0655 8164 HTTP - ok

09:26:41.0682 8164 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

09:26:41.0689 8164 hwpolicy - ok

09:26:41.0715 8164 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

09:26:41.0724 8164 i8042prt - ok

09:26:41.0756 8164 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

09:26:41.0770 8164 iaStorV - ok

09:26:41.0842 8164 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

09:26:41.0858 8164 IDriverT ( UnsignedFile.Multi.Generic ) - warning

09:26:41.0858 8164 IDriverT - detected UnsignedFile.Multi.Generic (1)

09:26:41.0954 8164 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

09:26:41.0974 8164 idsvc - ok

09:26:42.0043 8164 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

09:26:42.0050 8164 iirsp - ok

09:26:42.0111 8164 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

09:26:42.0177 8164 IKEEXT - ok

09:26:42.0328 8164 IntcAzAudAddService (9297bc7fb61f58670ee176dd18f4dd92) C:\Windows\system32\drivers\RTKVHD64.sys

09:26:42.0376 8164 IntcAzAudAddService - ok

09:26:42.0489 8164 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

09:26:42.0496 8164 intelide - ok

09:26:42.0532 8164 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

09:26:42.0547 8164 intelppm - ok

09:26:42.0572 8164 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

09:26:42.0610 8164 IPBusEnum - ok

09:26:42.0637 8164 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:26:42.0686 8164 IpFilterDriver - ok

09:26:42.0755 8164 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

09:26:42.0795 8164 iphlpsvc - ok

09:26:42.0820 8164 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

09:26:42.0842 8164 IPMIDRV - ok

09:26:42.0872 8164 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

09:26:42.0907 8164 IPNAT - ok

09:26:42.0925 8164 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

09:26:42.0967 8164 IRENUM - ok

09:26:42.0999 8164 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

09:26:43.0006 8164 isapnp - ok

09:26:43.0026 8164 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

09:26:43.0038 8164 iScsiPrt - ok

09:26:43.0060 8164 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

09:26:43.0068 8164 kbdclass - ok

09:26:43.0083 8164 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

09:26:43.0108 8164 kbdhid - ok

09:26:43.0135 8164 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:26:43.0142 8164 KeyIso - ok

09:26:43.0156 8164 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

09:26:43.0165 8164 KSecDD - ok

09:26:43.0179 8164 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

09:26:43.0188 8164 KSecPkg - ok

09:26:43.0213 8164 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

09:26:43.0251 8164 ksthunk - ok

09:26:43.0292 8164 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

09:26:43.0333 8164 KtmRm - ok

09:26:43.0380 8164 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

09:26:43.0413 8164 LanmanServer - ok

09:26:43.0451 8164 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

09:26:43.0484 8164 LanmanWorkstation - ok

09:26:43.0532 8164 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys

09:26:43.0539 8164 lirsgt - ok

09:26:43.0647 8164 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

09:26:43.0686 8164 lltdio - ok

09:26:43.0723 8164 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

09:26:43.0759 8164 lltdsvc - ok

09:26:43.0769 8164 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

09:26:43.0793 8164 lmhosts - ok

09:26:43.0821 8164 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

09:26:43.0830 8164 LSI_FC - ok

09:26:43.0846 8164 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

09:26:43.0855 8164 LSI_SAS - ok

09:26:43.0865 8164 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

09:26:43.0874 8164 LSI_SAS2 - ok

09:26:43.0890 8164 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

09:26:43.0899 8164 LSI_SCSI - ok

09:26:43.0918 8164 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

09:26:43.0953 8164 luafv - ok

09:26:43.0988 8164 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

09:26:43.0996 8164 MBAMProtector - ok

09:26:44.0067 8164 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

09:26:44.0083 8164 MBAMService - ok

09:26:44.0112 8164 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys

09:26:44.0123 8164 mcdbus - ok

09:26:44.0156 8164 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

09:26:44.0166 8164 Mcx2Svc - ok

09:26:44.0186 8164 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

09:26:44.0194 8164 megasas - ok

09:26:44.0219 8164 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

09:26:44.0230 8164 MegaSR - ok

09:26:44.0269 8164 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

09:26:44.0304 8164 MMCSS - ok

09:26:44.0320 8164 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

09:26:44.0352 8164 Modem - ok

09:26:44.0366 8164 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

09:26:44.0390 8164 monitor - ok

09:26:44.0431 8164 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

09:26:44.0439 8164 mouclass - ok

09:26:44.0458 8164 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

09:26:44.0480 8164 mouhid - ok

09:26:44.0533 8164 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

09:26:44.0541 8164 mountmgr - ok

09:26:44.0563 8164 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

09:26:44.0572 8164 mpio - ok

09:26:44.0590 8164 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

09:26:44.0615 8164 mpsdrv - ok

09:26:44.0650 8164 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

09:26:44.0680 8164 MRxDAV - ok

09:26:44.0716 8164 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

09:26:44.0743 8164 mrxsmb - ok

09:26:44.0769 8164 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:26:44.0789 8164 mrxsmb10 - ok

09:26:44.0804 8164 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:26:44.0813 8164 mrxsmb20 - ok

09:26:44.0838 8164 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

09:26:44.0846 8164 msahci - ok

09:26:44.0872 8164 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

09:26:44.0882 8164 msdsm - ok

09:26:44.0907 8164 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

09:26:44.0933 8164 MSDTC - ok

09:26:44.0968 8164 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

09:26:44.0992 8164 Msfs - ok

09:26:45.0004 8164 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

09:26:45.0028 8164 mshidkmdf - ok

09:26:45.0055 8164 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

09:26:45.0062 8164 msisadrv - ok

09:26:45.0093 8164 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

09:26:45.0125 8164 MSiSCSI - ok

09:26:45.0127 8164 msiserver - ok

09:26:45.0148 8164 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

09:26:45.0196 8164 MSKSSRV - ok

09:26:45.0210 8164 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

09:26:45.0243 8164 MSPCLOCK - ok

09:26:45.0256 8164 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

09:26:45.0291 8164 MSPQM - ok

09:26:45.0327 8164 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

09:26:45.0341 8164 MsRPC - ok

09:26:45.0372 8164 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

09:26:45.0380 8164 mssmbios - ok

09:26:45.0410 8164 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

09:26:45.0445 8164 MSTEE - ok

09:26:45.0460 8164 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

09:26:45.0477 8164 MTConfig - ok

09:26:45.0489 8164 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

09:26:45.0497 8164 Mup - ok

09:26:45.0551 8164 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

09:26:45.0590 8164 napagent - ok

09:26:45.0641 8164 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

09:26:45.0672 8164 NativeWifiP - ok

09:26:45.0742 8164 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

09:26:45.0763 8164 NDIS - ok

09:26:45.0777 8164 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

09:26:45.0802 8164 NdisCap - ok

09:26:45.0823 8164 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

09:26:45.0860 8164 NdisTapi - ok

09:26:45.0892 8164 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

09:26:45.0928 8164 Ndisuio - ok

09:26:45.0963 8164 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

09:26:45.0999 8164 NdisWan - ok

09:26:46.0014 8164 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

09:26:46.0038 8164 NDProxy - ok

09:26:46.0057 8164 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

09:26:46.0090 8164 NetBIOS - ok

09:26:46.0123 8164 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

09:26:46.0149 8164 NetBT - ok

09:26:46.0184 8164 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:26:46.0192 8164 Netlogon - ok

09:26:46.0244 8164 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

09:26:46.0279 8164 Netman - ok

09:26:46.0376 8164 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:26:46.0384 8164 NetMsmqActivator - ok

09:26:46.0399 8164 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:26:46.0406 8164 NetPipeActivator - ok

09:26:46.0442 8164 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

09:26:46.0478 8164 netprofm - ok

09:26:46.0488 8164 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:26:46.0495 8164 NetTcpActivator - ok

09:26:46.0498 8164 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:26:46.0505 8164 NetTcpPortSharing - ok

09:26:46.0553 8164 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

09:26:46.0561 8164 nfrd960 - ok

09:26:46.0611 8164 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

09:26:46.0644 8164 NlaSvc - ok

09:26:46.0657 8164 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

09:26:46.0681 8164 Npfs - ok

09:26:46.0700 8164 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

09:26:46.0742 8164 nsi - ok

09:26:46.0753 8164 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

09:26:46.0789 8164 nsiproxy - ok

09:26:46.0886 8164 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

09:26:46.0919 8164 Ntfs - ok

09:26:47.0028 8164 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

09:26:47.0064 8164 Null - ok

09:26:47.0107 8164 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

09:26:47.0116 8164 nvraid - ok

09:26:47.0138 8164 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

09:26:47.0148 8164 nvstor - ok

09:26:47.0170 8164 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

09:26:47.0179 8164 nv_agp - ok

09:26:47.0189 8164 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

09:26:47.0205 8164 ohci1394 - ok

09:26:47.0236 8164 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

09:26:47.0273 8164 p2pimsvc - ok

09:26:47.0314 8164 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

09:26:47.0328 8164 p2psvc - ok

09:26:47.0358 8164 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

09:26:47.0367 8164 Parport - ok

09:26:47.0385 8164 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

09:26:47.0393 8164 partmgr - ok

09:26:47.0410 8164 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

09:26:47.0435 8164 PcaSvc - ok

09:26:47.0475 8164 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

09:26:47.0484 8164 pci - ok

09:26:47.0496 8164 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

09:26:47.0503 8164 pciide - ok

09:26:47.0556 8164 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

09:26:47.0566 8164 pcmcia - ok

09:26:47.0584 8164 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

09:26:47.0592 8164 pcw - ok

09:26:47.0630 8164 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

09:26:47.0669 8164 PEAUTH - ok

09:26:47.0747 8164 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

09:26:47.0795 8164 PeerDistSvc - ok

09:26:47.0864 8164 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

09:26:47.0879 8164 PerfHost - ok

09:26:48.0007 8164 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

09:26:48.0054 8164 pla - ok

09:26:48.0091 8164 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

09:26:48.0126 8164 PlugPlay - ok

09:26:48.0144 8164 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

09:26:48.0167 8164 PNRPAutoReg - ok

09:26:48.0194 8164 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

09:26:48.0205 8164 PNRPsvc - ok

09:26:48.0271 8164 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys

09:26:48.0278 8164 Point64 - ok

09:26:48.0331 8164 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

09:26:48.0373 8164 PolicyAgent - ok

09:26:48.0398 8164 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

09:26:48.0435 8164 Power - ok

09:26:48.0472 8164 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

09:26:48.0496 8164 PptpMiniport - ok

09:26:48.0520 8164 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

09:26:48.0536 8164 Processor - ok

09:26:48.0555 8164 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

09:26:48.0596 8164 ProfSvc - ok

09:26:48.0626 8164 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:26:48.0633 8164 ProtectedStorage - ok

09:26:48.0710 8164 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

09:26:48.0735 8164 Psched - ok

09:26:48.0814 8164 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

09:26:48.0823 8164 PSI_SVC_2 - ok

09:26:48.0906 8164 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

09:26:48.0937 8164 ql2300 - ok

09:26:49.0061 8164 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

09:26:49.0071 8164 ql40xx - ok

09:26:49.0099 8164 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

09:26:49.0114 8164 QWAVE - ok

09:26:49.0125 8164 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

09:26:49.0149 8164 QWAVEdrv - ok

09:26:49.0164 8164 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

09:26:49.0192 8164 RasAcd - ok

09:26:49.0221 8164 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

09:26:49.0246 8164 RasAgileVpn - ok

09:26:49.0262 8164 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

09:26:49.0297 8164 RasAuto - ok

09:26:49.0327 8164 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

09:26:49.0358 8164 Rasl2tp - ok

09:26:49.0385 8164 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

09:26:49.0413 8164 RasMan - ok

09:26:49.0440 8164 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

09:26:49.0478 8164 RasPppoe - ok

09:26:49.0507 8164 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

09:26:49.0539 8164 RasSstp - ok

09:26:49.0572 8164 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

09:26:49.0608 8164 rdbss - ok

09:26:49.0623 8164 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

09:26:49.0643 8164 rdpbus - ok

09:26:49.0657 8164 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

09:26:49.0689 8164 RDPCDD - ok

09:26:49.0722 8164 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

09:26:49.0739 8164 RDPDR - ok

09:26:49.0756 8164 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

09:26:49.0793 8164 RDPENCDD - ok

09:26:49.0807 8164 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

09:26:49.0831 8164 RDPREFMP - ok

09:26:49.0882 8164 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

09:26:49.0906 8164 RdpVideoMiniport - ok

09:26:49.0936 8164 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

09:26:49.0966 8164 RDPWD - ok

09:26:49.0998 8164 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

09:26:50.0009 8164 rdyboost - ok

09:26:50.0031 8164 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

09:26:50.0068 8164 RemoteAccess - ok

09:26:50.0097 8164 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

09:26:50.0131 8164 RemoteRegistry - ok

09:26:50.0144 8164 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

09:26:50.0178 8164 RpcEptMapper - ok

09:26:50.0186 8164 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

09:26:50.0210 8164 RpcLocator - ok

09:26:50.0261 8164 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

09:26:50.0288 8164 RpcSs - ok

09:26:50.0310 8164 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

09:26:50.0334 8164 rspndr - ok

09:26:50.0369 8164 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys

09:26:50.0381 8164 RTL8167 - ok

09:26:50.0411 8164 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

09:26:50.0453 8164 s3cap - ok

09:26:50.0475 8164 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:26:50.0483 8164 SamSs - ok

09:26:50.0499 8164 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

09:26:50.0508 8164 sbp2port - ok

09:26:50.0534 8164 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys

09:26:50.0541 8164 SBRE - ok

09:26:50.0562 8164 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

09:26:50.0604 8164 SCardSvr - ok

09:26:50.0640 8164 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

09:26:50.0675 8164 scfilter - ok

09:26:50.0746 8164 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

09:26:50.0789 8164 Schedule - ok

09:26:50.0809 8164 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

09:26:50.0832 8164 SCPolicySvc - ok

09:26:50.0871 8164 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

09:26:50.0910 8164 SDRSVC - ok

09:26:50.0959 8164 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

09:26:50.0991 8164 secdrv - ok

09:26:51.0020 8164 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

09:26:51.0055 8164 seclogon - ok

09:26:51.0072 8164 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

09:26:51.0109 8164 SENS - ok

09:26:51.0118 8164 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

09:26:51.0138 8164 SensrSvc - ok

09:26:51.0162 8164 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

09:26:51.0181 8164 Serenum - ok

09:26:51.0207 8164 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

09:26:51.0216 8164 Serial - ok

09:26:51.0243 8164 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

09:26:51.0268 8164 sermouse - ok

09:26:51.0306 8164 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

09:26:51.0343 8164 SessionEnv - ok

09:26:51.0352 8164 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

09:26:51.0381 8164 sffdisk - ok

09:26:51.0390 8164 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

09:26:51.0402 8164 sffp_mmc - ok

09:26:51.0410 8164 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

09:26:51.0423 8164 sffp_sd - ok

09:26:51.0460 8164 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

09:26:51.0469 8164 sfloppy - ok

09:26:51.0509 8164 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

09:26:51.0560 8164 ShellHWDetection - ok

09:26:51.0586 8164 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

09:26:51.0594 8164 SiSRaid2 - ok

09:26:51.0603 8164 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

09:26:51.0612 8164 SiSRaid4 - ok

09:26:51.0636 8164 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

09:26:51.0677 8164 Smb - ok

09:26:51.0716 8164 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

09:26:51.0736 8164 SNMPTRAP - ok

09:26:51.0745 8164 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

09:26:51.0752 8164 spldr - ok

09:26:51.0799 8164 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

09:26:51.0830 8164 Spooler - ok

09:26:52.0012 8164 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

09:26:52.0086 8164 sppsvc - ok

09:26:52.0171 8164 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

09:26:52.0209 8164 sppuinotify - ok

09:26:52.0272 8164 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

09:26:52.0307 8164 srv - ok

09:26:52.0336 8164 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

09:26:52.0367 8164 srv2 - ok

09:26:52.0403 8164 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

09:26:52.0413 8164 srvnet - ok

09:26:52.0451 8164 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

09:26:52.0491 8164 SSDPSRV - ok

09:26:52.0514 8164 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

09:26:52.0540 8164 SstpSvc - ok

09:26:52.0599 8164 Steam Client Service - ok

09:26:52.0616 8164 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

09:26:52.0623 8164 stexstor - ok

09:26:52.0689 8164 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

09:26:52.0719 8164 stisvc - ok

09:26:52.0752 8164 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

09:26:52.0760 8164 storflt - ok

09:26:52.0779 8164 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

09:26:52.0787 8164 storvsc - ok

09:26:52.0799 8164 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

09:26:52.0806 8164 swenum - ok

09:26:52.0850 8164 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

09:26:52.0894 8164 swprv - ok

09:26:52.0906 8164 Synth3dVsc - ok

09:26:53.0028 8164 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

09:26:53.0075 8164 SysMain - ok

09:26:53.0165 8164 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

09:26:53.0178 8164 TabletInputService - ok

09:26:53.0201 8164 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

09:26:53.0239 8164 TapiSrv - ok

09:26:53.0261 8164 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

09:26:53.0286 8164 TBS - ok

09:26:53.0411 8164 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

09:26:53.0448 8164 Tcpip - ok

09:26:53.0636 8164 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

09:26:53.0662 8164 TCPIP6 - ok

09:26:53.0770 8164 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

09:26:53.0807 8164 tcpipreg - ok

09:26:53.0824 8164 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

09:26:53.0836 8164 TDPIPE - ok

09:26:53.0867 8164 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

09:26:53.0887 8164 TDTCP - ok

09:26:53.0928 8164 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

09:26:53.0952 8164 tdx - ok

09:26:53.0980 8164 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

09:26:53.0988 8164 TermDD - ok

09:26:54.0040 8164 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

09:26:54.0072 8164 TermService - ok

09:26:54.0095 8164 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

09:26:54.0107 8164 Themes - ok

09:26:54.0134 8164 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

09:26:54.0159 8164 THREADORDER - ok

09:26:54.0181 8164 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

09:26:54.0219 8164 TrkWks - ok

09:26:54.0276 8164 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

09:26:54.0301 8164 TrustedInstaller - ok

09:26:54.0332 8164 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

09:26:54.0364 8164 tssecsrv - ok

09:26:54.0382 8164 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

09:26:54.0402 8164 TsUsbFlt - ok

09:26:54.0405 8164 tsusbhub - ok

09:26:54.0452 8164 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

09:26:54.0483 8164 tunnel - ok

09:26:54.0505 8164 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

09:26:54.0514 8164 uagp35 - ok

09:26:54.0542 8164 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

09:26:54.0569 8164 udfs - ok

09:26:54.0597 8164 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

09:26:54.0607 8164 UI0Detect - ok

09:26:54.0640 8164 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

09:26:54.0649 8164 uliagpkx - ok

09:26:54.0668 8164 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

09:26:54.0685 8164 umbus - ok

09:26:54.0705 8164 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

09:26:54.0721 8164 UmPass - ok

09:26:54.0756 8164 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

09:26:54.0784 8164 UmRdpService - ok

09:26:54.0827 8164 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

09:26:54.0869 8164 upnphost - ok

09:26:54.0920 8164 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

09:26:54.0939 8164 usbaudio - ok

09:26:54.0963 8164 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

09:26:54.0978 8164 usbccgp - ok

09:26:54.0991 8164 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

09:26:55.0003 8164 usbcir - ok

09:26:55.0021 8164 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

09:26:55.0042 8164 usbehci - ok

09:26:55.0080 8164 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

09:26:55.0104 8164 usbhub - ok

09:26:55.0131 8164 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

09:26:55.0152 8164 usbohci - ok

09:26:55.0175 8164 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

09:26:55.0194 8164 usbprint - ok

09:26:55.0212 8164 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

09:26:55.0258 8164 USBSTOR - ok

09:26:55.0271 8164 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

09:26:55.0288 8164 usbuhci - ok

09:26:55.0338 8164 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

09:26:55.0350 8164 usbvideo - ok

09:26:55.0365 8164 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

09:26:55.0399 8164 UxSms - ok

09:26:55.0424 8164 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:26:55.0433 8164 VaultSvc - ok

09:26:55.0468 8164 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

09:26:55.0476 8164 vdrvroot - ok

09:26:55.0524 8164 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

09:26:55.0555 8164 vds - ok

09:26:55.0579 8164 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

09:26:55.0589 8164 vga - ok

09:26:55.0598 8164 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

09:26:55.0634 8164 VgaSave - ok

09:26:55.0648 8164 VGPU - ok

09:26:55.0680 8164 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

09:26:55.0690 8164 vhdmp - ok

09:26:55.0723 8164 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

09:26:55.0730 8164 viaide - ok

09:26:55.0747 8164 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

09:26:55.0757 8164 vmbus - ok

09:26:55.0767 8164 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

09:26:55.0784 8164 VMBusHID - ok

09:26:55.0800 8164 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

09:26:55.0808 8164 volmgr - ok

09:26:55.0847 8164 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

09:26:55.0860 8164 volmgrx - ok

09:26:55.0875 8164 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

09:26:55.0887 8164 volsnap - ok

09:26:55.0927 8164 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

09:26:55.0937 8164 vsmraid - ok

09:26:56.0033 8164 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

09:26:56.0082 8164 VSS - ok

09:26:56.0182 8164 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

09:26:56.0200 8164 vwifibus - ok

09:26:56.0250 8164 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

09:26:56.0279 8164 W32Time - ok

09:26:56.0293 8164 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

09:26:56.0316 8164 WacomPen - ok

09:26:56.0375 8164 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

09:26:56.0400 8164 WANARP - ok

09:26:56.0402 8164 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

09:26:56.0426 8164 Wanarpv6 - ok

09:26:56.0526 8164 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

09:26:56.0553 8164 WatAdminSvc - ok

09:26:56.0635 8164 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

09:26:56.0686 8164 wbengine - ok

09:26:56.0775 8164 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

09:26:56.0790 8164 WbioSrvc - ok

09:26:56.0835 8164 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

09:26:56.0864 8164 wcncsvc - ok

09:26:56.0880 8164 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

09:26:56.0893 8164 WcsPlugInService - ok

09:26:56.0933 8164 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

09:26:56.0941 8164 Wd - ok

09:26:56.0979 8164 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

09:26:56.0997 8164 Wdf01000 - ok

09:26:57.0024 8164 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

09:26:57.0086 8164 WdiServiceHost - ok

09:26:57.0089 8164 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

09:26:57.0101 8164 WdiSystemHost - ok

09:26:57.0140 8164 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

09:26:57.0162 8164 WebClient - ok

09:26:57.0192 8164 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

09:26:57.0232 8164 Wecsvc - ok

09:26:57.0249 8164 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

09:26:57.0283 8164 wercplsupport - ok

09:26:57.0310 8164 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

09:26:57.0347 8164 WerSvc - ok

09:26:57.0402 8164 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

09:26:57.0428 8164 WfpLwf - ok

09:26:57.0447 8164 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

09:26:57.0455 8164 WIMMount - ok

09:26:57.0492 8164 WinDefend - ok

09:26:57.0500 8164 WinHttpAutoProxySvc - ok

09:26:57.0556 8164 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

09:26:57.0595 8164 Winmgmt - ok

09:26:57.0708 8164 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

09:26:57.0770 8164 WinRM - ok

09:26:57.0906 8164 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

09:26:57.0916 8164 WinUsb - ok

09:26:57.0974 8164 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

09:26:58.0008 8164 Wlansvc - ok

09:26:58.0204 8164 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

09:26:58.0245 8164 wlidsvc - ok

09:26:58.0368 8164 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys

09:26:58.0375 8164 WmBEnum - ok

09:26:58.0410 8164 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys

09:26:58.0416 8164 WmFilter - ok

09:26:58.0444 8164 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

09:26:58.0463 8164 WmiAcpi - ok

09:26:58.0518 8164 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

09:26:58.0536 8164 wmiApSrv - ok

09:26:58.0569 8164 WMPNetworkSvc - ok

09:26:58.0607 8164 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys

09:26:58.0613 8164 WmVirHid - ok

09:26:58.0625 8164 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys

09:26:58.0632 8164 WmXlCore - ok

09:26:58.0650 8164 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

09:26:58.0669 8164 WPCSvc - ok

09:26:58.0706 8164 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

09:26:58.0718 8164 WPDBusEnum - ok

09:26:58.0735 8164 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

09:26:58.0777 8164 ws2ifsl - ok

09:26:58.0833 8164 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

09:26:58.0857 8164 wscsvc - ok

09:26:58.0860 8164 WSearch - ok

09:26:58.0992 8164 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

09:26:59.0059 8164 wuauserv - ok

09:26:59.0178 8164 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

09:26:59.0202 8164 WudfPf - ok

09:26:59.0217 8164 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

09:26:59.0242 8164 WUDFRd - ok

09:26:59.0257 8164 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

09:26:59.0281 8164 wudfsvc - ok

09:26:59.0310 8164 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

09:26:59.0338 8164 WwanSvc - ok

09:26:59.0366 8164 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys

09:26:59.0392 8164 xusb21 - ok

09:26:59.0408 8164 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

09:26:59.0708 8164 \Device\Harddisk0\DR0 - ok

09:26:59.0713 8164 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk1\DR1

09:26:59.0917 8164 \Device\Harddisk1\DR1 - ok

09:26:59.0920 8164 Boot (0x1200) (0507457804b306d31b3a3d6bd3d6accb) \Device\Harddisk0\DR0\Partition0

09:26:59.0921 8164 \Device\Harddisk0\DR0\Partition0 - ok

09:26:59.0927 8164 Boot (0x1200) (f7277619ea6d297af1f6f52f297a6120) \Device\Harddisk1\DR1\Partition0

09:26:59.0928 8164 \Device\Harddisk1\DR1\Partition0 - ok

09:26:59.0929 8164 ============================================================

09:26:59.0929 8164 Scan finished

09:26:59.0929 8164 ============================================================

09:26:59.0938 5584 Detected object count: 1

09:26:59.0938 5584 Actual detected object count: 1

09:27:30.0469 5584 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

09:27:30.0469 5584 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:58:48.0165 6660 Deinitialize success

Link to post
Share on other sites
azj2k

azj2k

Posted
  • Author
Posted

MBAM:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.22.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Jason :: MAX [administrator]

Protection: Enabled

5/22/2012 5:03:01 PM

mbam-log-2012-05-22 (17-03-01).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204767

Time elapsed: 2 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by Jason at 17:06:06 on 2012-05-22

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.1435 [GMT -7:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files (x86)\Sony\Walkman\ContentTransferWMDetector.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Users\Jason\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Users\Jason\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe

C:\Program Files (x86)\Common Files\ARCSOFT\CONNECTION SERVICE\BIN\ACDaemon.exe

C:\Program Files (x86)\Common Files\ARCSOFT\CONNECTION SERVICE\BIN\ArcCon.ac

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Deep Silver\Risen\bin\Risen.exe

C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: H - No File

mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Google Update] "C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Walkman\ContentTransferWMDetector.exe

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe

StartupFolder: C:\Users\Jason\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

LSP: mswsock.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{1F0369E0-70BE-4DCD-A36F-7B94DC8530CE} : DhcpNameServer = 192.168.1.1

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

BHO-X64: AMD SteadyVideo BHO - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

mRun-x64: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Walkman\ContentTransferWMDetector.exe

mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe

.

============= SERVICES / DRIVERS ===============

.

R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-21 654408]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AODDriver;AODDriver;C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-3-12 52280]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-10-5 30528]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-12 257696]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-10-5 25640]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-05-22 00:44:44 -------- d-----w- C:\Users\Jason\AppData\Local\{8C84AF60-98FF-4BB5-91F1-39436DEAFC84}

2012-05-22 00:44:22 -------- d-----w- C:\Users\Jason\AppData\Local\{A35A14A0-FAE6-452E-B041-15F908CAB677}

2012-05-21 18:28:59 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-05-21 18:28:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-05-21 17:54:39 105383 ----a-w- C:\ProgramData\1337622602.bdinstall.bin

2012-05-21 17:38:12 -------- d-----w- C:\Users\Jason\AppData\Local\ElevatedDiagnostics

2012-05-21 15:50:55 223044 ----a-w- C:\ProgramData\1337615247.bdinstall.bin

2012-05-21 15:50:24 -------- d-----w- C:\ProgramData\BDLogging

2012-05-21 15:47:46 -------- d-----w- C:\Program Files\Bitdefender

2012-05-21 15:47:40 -------- d-----w- C:\Users\Jason\AppData\Roaming\QuickScan

2012-05-21 15:47:20 -------- d-----w- C:\Program Files\Common Files\Bitdefender

2012-05-21 15:47:18 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender

2012-05-21 12:43:56 -------- d-----w- C:\Users\Jason\AppData\Local\{BFC9361D-07E2-4F64-897B-BBFCAC0757C3}

2012-05-21 12:43:33 -------- d-----w- C:\Users\Jason\AppData\Local\{1F7C752B-7789-4A26-99EB-066FF1DCDE92}

2012-05-21 11:40:31 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll

2012-05-21 11:40:31 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll

2012-05-21 11:40:31 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe

2012-05-21 11:40:31 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll

2012-05-21 11:40:31 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll

2012-05-21 11:40:30 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll

2012-05-21 11:40:30 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll

2012-05-21 11:03:53 -------- d-----w- C:\Program Files (x86)\Atari

2012-05-21 11:03:29 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll

2012-05-21 11:03:29 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll

2012-05-21 11:03:29 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe

2012-05-21 11:03:29 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll

2012-05-21 11:03:29 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll

2012-05-21 11:03:28 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll

2012-05-21 11:03:28 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll

2012-05-21 00:43:17 -------- d-----w- C:\Users\Jason\AppData\Local\{9D8D47A4-7D46-434F-AF01-2BC9995C01C3}

2012-05-21 00:42:54 -------- d-----w- C:\Users\Jason\AppData\Local\{CBD29E77-AE77-47A8-A4C0-95A5B2D88C99}

2012-05-20 15:48:20 -------- d-----w- C:\Users\Jason\AppData\Local\CrashDumps

2012-05-20 12:42:41 -------- d-----w- C:\Users\Jason\AppData\Local\{DA05F905-7D97-4FDE-BF7E-02136322489D}

2012-05-20 12:42:18 -------- d-----w- C:\Users\Jason\AppData\Local\{8326ACAB-E700-4FE1-9D94-A4423DE7692E}

2012-05-20 00:42:07 -------- d-----w- C:\Users\Jason\AppData\Local\{C88B5094-470E-4364-8F55-B48A23FFFA16}

2012-05-20 00:41:46 -------- d-----w- C:\Users\Jason\AppData\Local\{027E0B54-8CF5-4644-98EA-74C62E4C6CEA}

2012-05-19 12:41:34 -------- d-----w- C:\Users\Jason\AppData\Local\{27A16C62-5024-4863-8104-455860C9E135}

2012-05-19 12:41:12 -------- d-----w- C:\Users\Jason\AppData\Local\{D97AD9FC-425A-4202-9196-8086ACCFA5F8}

2012-05-18 10:30:48 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls

2012-05-18 10:22:41 -------- d-----w- C:\Program Files (x86)\Cyanide

2012-05-17 19:12:15 -------- d-----w- C:\Users\Jason\AppData\Local\{5212C9F0-601D-4353-AA0C-0426A8B4B3AF}

2012-05-17 19:12:05 -------- d-----w- C:\Users\Jason\AppData\Local\{AFA6E3E3-A843-44E7-B6DF-F788045CA86C}

2012-05-17 18:58:29 -------- d-----w- C:\ProgramData\Protexis

2012-05-17 18:56:49 -------- d-----w- C:\Users\Jason\AppData\Local\Corel PaintShop Pro

2012-05-17 18:56:23 -------- d-----w- C:\ProgramData\Corel

2012-05-17 18:56:23 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis

2012-05-17 18:55:09 -------- d-----w- C:\Program Files (x86)\Corel

2012-05-17 17:05:57 8955792 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll

2012-05-17 04:32:55 -------- d-----w- C:\Users\Jason\AppData\Roaming\Malwarebytes

2012-05-17 04:32:50 -------- d-----w- C:\ProgramData\Malwarebytes

2012-05-16 21:25:27 -------- d-----w- C:\Users\Jason\AppData\Local\{B143363E-5F39-4B06-9EE8-961E53C570C5}

2012-05-16 17:32:29 748336 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

2012-05-16 14:20:20 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys

2012-05-15 20:26:27 -------- d-----w- C:\Users\Jason\AppData\Local\dxhr

2012-05-15 20:25:24 -------- d-----w- C:\Users\Jason\AppData\Local\28050

2012-05-15 19:37:23 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-05-15 17:59:25 -------- d-----w- C:\Program Files (x86)\2K Games

2012-05-15 00:02:26 -------- d-----w- C:\Program Files (x86)\Oracle

2012-05-15 00:02:08 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-05-14 08:08:30 -------- d-----w- C:\Users\Jason\AppData\Local\Diagnostics

2012-05-14 07:04:50 -------- d-----w- C:\Program Files (x86)\Warcraft III (Dota - latest)

2012-05-13 21:59:40 -------- d-----w- C:\Users\Jason\AppData\Roaming\DarknessII

2012-05-13 20:44:44 -------- d-----w- C:\Users\Jason\AppData\Local\BladesOfTime

2012-05-13 17:30:47 -------- d-----w- C:\Users\Jason\AppData\Local\Risen2

2012-05-12 15:50:14 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-05-12 15:36:34 -------- d-----w- C:\ProgramData\Blizzard Entertainment

2012-05-12 15:36:34 -------- d-----w- C:\Program Files (x86)\StarCraft II

2012-05-12 15:36:34 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment

2012-05-12 15:24:36 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-12 07:38:19 -------- d-----w- C:\Program Files (x86)\GOG.com

2012-05-12 04:31:24 -------- d-----w- C:\ProgramData\RELOADED

2012-05-11 23:49:18 -------- d-----w- C:\ProgramData\Pendulo Studios

2012-05-11 23:33:24 -------- d-----w- C:\Users\Jason\AppData\Local\Risen

2012-05-11 23:31:09 314016 ----a-w- C:\Windows\System32\drivers\atksgt.sys

2012-05-11 23:31:06 43680 ----a-w- C:\Windows\System32\drivers\lirsgt.sys

2012-05-11 23:31:05 -------- d-----w- C:\Windows\1C4551A64743409391E41477CD655043.TMP

2012-05-11 23:26:14 -------- d-----w- C:\Program Files (x86)\Deep Silver

2012-05-11 23:20:34 -------- d-----w- C:\Users\Jason\AppData\Local\signal studios

2012-05-11 23:06:52 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-05-11 23:06:52 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-05-11 23:06:52 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-05-11 23:06:52 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2012-05-11 23:06:52 -------- d-----w- C:\Program Files (x86)\OpenAL

2012-05-11 18:40:11 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-05-11 18:40:11 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-05-11 18:40:11 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-05-11 18:40:11 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-05-11 18:40:11 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-05-11 18:40:11 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-05-11 18:40:11 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-05-11 18:38:35 -------- d-----w- C:\Program Files (x86)\AMD AVT

2012-05-11 18:38:27 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-05-11 18:37:54 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-05-11 18:37:54 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-05-11 18:37:51 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-11 18:37:49 3146240 ----a-w- C:\Windows\System32\win32k.sys

2012-05-11 18:37:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-11 18:37:47 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-11 18:36:34 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-11 18:36:33 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-11 18:36:28 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 18:36:28 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-11 18:36:28 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-05-11 18:36:28 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-11 18:36:28 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 16:52:14 -------- d-----w- C:\Users\Jason\AppData\Roaming\LS

2012-05-06 06:21:40 -------- d-----w- C:\ProgramData\Reflexive

2012-05-03 23:41:12 -------- d-----w- C:\Users\Jason\AppData\Local\{B7EEDF0B-16A9-4B31-A2C8-5E153DB1C53D}

2012-05-03 23:30:26 -------- d-----w- C:\Users\Jason\AppData\Local\{45A0E8A3-19AA-4677-A458-5C25D5094CF3}

2012-05-03 21:21:13 -------- d-----w- C:\Users\Jason\AppData\Local\{CC938591-882E-4CC4-8DAA-D425876914ED}

2012-04-25 16:17:23 -------- d-----w- C:\Users\Jason\AppData\Local\{9697B3FA-63AF-45EE-98EE-9602CB40F2ED}

2012-04-25 01:18:42 -------- d-----w- C:\Users\Jason\AppData\Local\{10F98ED2-0E0F-4B97-99C8-D777050A531F}

2012-04-24 20:41:13 -------- d-----w- C:\Users\Jason\AppData\Local\{7C69E634-13EA-47B0-9472-BF8FE8625818}

2012-04-23 06:14:36 -------- d-----w- C:\Users\Jason\AppData\Local\{6D320A96-AF9E-4559-B16D-61B1C39CE4B3}

.

==================== Find3M ====================

.

2012-05-22 04:06:48 30528 ----a-w- C:\Windows\GVTDrv64.sys

2012-05-22 04:06:33 25640 ----a-w- C:\Windows\gdrv.sys

2012-05-15 16:49:23 25640 ----a-w- C:\Windows\etdrv.sys

2012-05-12 15:51:09 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-06 05:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-04-06 05:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-04-06 05:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-04-06 05:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-04-06 05:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-04-06 05:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll

2012-04-06 05:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll

2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe

2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll

2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll

2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll

2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll

2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll

2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-04-05 01:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-03-10 13:37:24 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-03-10 13:37:24 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-03-09 21:07:04 29184 ----a-w- C:\Windows\System32\kdbsdk64.dll

2012-03-09 21:06:14 24576 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll

2012-03-09 01:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-23 17:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-23 12:32:04 95760 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

.

============= FINISH: 17:06:43.53 ===============

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 10/5/2011 9:05:28 PM

System Uptime: 5/21/2012 9:05:44 PM (20 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | GA-78LMT-S2P

Processor: AMD Phenom™ II X4 B55 Processor | Socket M2 | 3300/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 153 GiB total, 5.265 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: archlp

Device ID: ROOT\LEGACY_ARCHLP\0000

Manufacturer:

Name: archlp

PNP Device ID: ROOT\LEGACY_ARCHLP\0000

Service: archlp

.

==== System Restore Points ===================

.

RP243: 5/21/2012 8:03:32 AM - Installed Storm of Zehir

RP244: 5/21/2012 10:25:11 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe Reader X (10.1.3)

AMD VISION Engine Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Combined Community Codec Pack 2011-07-30

Content Transfer

Corel PaintShop Pro X4

D3DX10

DAEMON Tools Lite

Dual-Core Optimizer

Easy Tune 6 B11.0427.1

F.E.A.R. Plantinum

Game of Thrones version 1.0.0.0

Google Chrome

ICA

IPM_PSP_COM

Java Auto Updater

Java™ 6 Update 22

Java™ 6 Update 31

Java™ 7 Update 4

JavaFX 2.1.0

Lands Of Lore 1 and 2

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 1.1

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual J# 2.0 Redistributable Package

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

MSVCRT

Neverwinter Nights 2

NVIDIA PhysX

ON_OFF Charge B11.0110.1

OpenAL

OpenOffice.org 3.3

Pando Media Booster

PSPPContent

PSPPHelp

Realm of the Mad God

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1

Risen

Risen 2 - Dark Waters

Rockstar Games Social Club

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Setup

Shockwave

StarCraft II

Steam

System Requirements Lab CYRI

Team Fortress 2

The Darkness II

The Sims Medieval

The Sims Medieval Pirates and Nobles

Tropico 4 1.00

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Visual Studio 2008 x64 Redistributables

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

5/22/2012 3:59:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.127.390.0).

5/22/2012 3:59:23 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

5/21/2012 9:50:54 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

5/21/2012 9:50:54 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

5/21/2012 9:06:31 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

5/21/2012 9:06:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: archlp

5/21/2012 9:06:26 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.

5/21/2012 4:16:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.127.201.0).

5/20/2012 8:48:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

5/20/2012 8:48:47 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/18/2012 6:12:40 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Max\Jason SID (S-1-5-21-2817517564-1474398063-2356579836-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

5/17/2012 10:06:33 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.125.1854.0).

5/16/2012 3:32:32 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

5/16/2012 12:50:47 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

5/16/2012 12:50:47 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

5/16/2012 12:49:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

5/16/2012 12:49:41 PM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/16/2012 12:49:11 PM, Error: Service Control Manager [7022] - The Diagnostic Policy Service service hung on starting.

5/16/2012 12:47:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.

5/16/2012 12:47:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

5/16/2012 12:47:20 PM, Error: Service Control Manager [7000] - The Network Location Awareness service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/16/2012 12:46:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.

5/16/2012 12:46:50 PM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/16/2012 12:46:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.

5/16/2012 12:46:20 PM, Error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/16/2012 12:45:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.

5/16/2012 12:45:50 PM, Error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/16/2012 12:44:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

5/16/2012 10:16:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the szserver service.

5/16/2012 1:50:29 PM, Error: Service Control Manager [7022] - The Task Scheduler service hung on starting.

.

==== End Of File ===========================

Thanks for your help!

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites
azj2k

azj2k

Posted
  • Author
Posted

Maniac -

Combfix will not run. When the downloaded program is run, the install window shows the items extracting, however, once it is finished nothing happens. I have disabled MBAM and closed all other programs. Please advise. Thanks!

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Thanks for letting me know!

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites
azj2k

azj2k

Posted
  • Author
Posted

Maniac -

Here is the first log file, OTL.txt:

OTL logfile created on: 5/24/2012 10:07:17 AM - Run 1

OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Jason\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 69.04% Memory free

7.99 Gb Paging File | 6.58 Gb Available in Paging File | 82.31% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 153.38 Gb Total Space | 9.51 Gb Free Space | 6.20% Space Free | Partition Type: NTFS

Computer Name: MAX | User Name: Jason | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/24 10:06:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe

PRC - [2012/05/20 13:54:26 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Jason\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/03/10 06:37:25 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ARCSOFT\CONNECTION SERVICE\BIN\ACDaemon.exe

PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ARCSOFT\CONNECTION SERVICE\BIN\ArcCon.ac

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ARCSOFT\CONNECTION SERVICE\BIN\ACService.exe

PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2009/11/19 18:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Walkman\ContentTransferWMDetector.exe

PRC - [2009/07/13 18:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE

PRC - [2008/03/25 17:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe

========== Modules (No Company Name) ==========

MOD - [2011/04/26 14:57:32 | 000,303,104 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.dll

MOD - [2011/04/22 16:14:38 | 002,592,839 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll

MOD - [2011/04/18 13:59:22 | 000,417,859 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\work.dll

MOD - [2011/03/03 15:25:00 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll

MOD - [2011/03/01 19:00:58 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll

MOD - [2011/02/23 11:10:30 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\SF.dll

MOD - [2011/02/23 11:09:52 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll

MOD - [2010/12/02 16:01:10 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\HM.dll

MOD - [2010/10/19 10:59:46 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll

MOD - [2010/06/24 15:50:08 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll

MOD - [2010/06/10 15:52:24 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll

MOD - [2010/03/12 05:40:58 | 004,449,632 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\platform.dll

MOD - [2010/03/12 05:40:56 | 000,423,256 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\device.dll

MOD - [2009/12/22 16:52:04 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll

MOD - [2008/05/07 15:22:58 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll

MOD - [2008/03/25 17:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe

MOD - [2003/02/14 14:11:46 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2012/04/05 19:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)

SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/05/18 18:42:57 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/05/12 08:51:14 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/20 18:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ARCSOFT\CONNECTION SERVICE\BIN\ACService.exe -- (ACDaemon)

SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/11 16:31:09 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)

DRV:64bit: - [2012/05/11 16:31:06 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)

DRV:64bit: - [2012/04/05 22:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2012/04/05 22:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/04/05 18:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)

DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/23 05:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2012/01/12 09:28:48 | 000,057,976 | R--- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)

DRV:64bit: - [2011/12/22 17:22:40 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/13 04:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/01/10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)

DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)

DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)

DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)

DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)

DRV - [2012/05/24 07:21:51 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)

DRV - [2012/05/24 07:21:37 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2012/05/15 09:49:23 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)

DRV - [2010/03/12 05:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys -- (AODDriver)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2817517564-1474398063-2356579836-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2817517564-1474398063-2356579836-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-2817517564-1474398063-2356579836-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 D7 6C 6B 39 39 CD 01 [binary data]

IE - HKU\S-1-5-21-2817517564-1474398063-2356579836-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

IE - HKU\S-1-5-21-2817517564-1474398063-2356579836-1000\..\SearchScopes,DefaultScope = {D9BA4206-5162-495E-B236-62823DC940C6}

IE - HKU\S-1-5-21-2817517564-1474398063-2356579836-1000\..\SearchScopes\{D9BA4206-5162-495E-B236-62823DC940C6}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-2817517564-1474398063-2356579836-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jason\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jason\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jason\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/10 06:37:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/23 21:05:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/16 10:28:09 | 000,000,000 | ---D | M]

[2012/05/23 21:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions

[2012/05/23 21:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/04/20 18:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/04/20 18:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/04/20 18:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Jason\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jason\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jason\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Jason\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Jason\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: YouTube = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Google Search = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: Google Search = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Gmail = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

CHR - Extension: Gmail = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/16 07:24:33 | 000,001,256 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com

O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com

O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com

O1 - Hosts: 127.0.0.1 orbitservice.ubi.com

O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com

O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com

O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com

O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com

O1 - Hosts: 127.0.0.1 orbitservice.ubi.com

O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com

O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ARCSOFT\CONNECTION SERVICE\BIN\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Walkman\ContentTransferWMDetector.exe (Sony Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-2817517564-1474398063-2356579836-1000..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-2817517564-1474398063-2356579836-1000..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found

O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe ()

O4 - Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-21-2817517564-1474398063-2356579836-1000\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-21-2817517564-1474398063-2356579836-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O1364bit: - gopher Prefix: missing

O15 - HKU\S-1-5-21-2817517564-1474398063-2356579836-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2817517564-1474398063-2356579836-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2817517564-1474398063-2356579836-1000\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2817517564-1474398063-2356579836-1000\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F0369E0-70BE-4DCD-A36F-7B94DC8530CE}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{03ee025c-2cfc-11e1-96c8-50e549695040}\Shell - "" = AutoRun

O33 - MountPoints2\{03ee025c-2cfc-11e1-96c8-50e549695040}\Shell\AutoRun\command - "" = D:\autorun.exe

O33 - MountPoints2\{03ee025c-2cfc-11e1-96c8-50e549695040}\Shell\install\command - "" = D:\setup.exe

O33 - MountPoints2\{9cf8c366-efcf-11e0-a618-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{9cf8c366-efcf-11e0-a618-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-2817517564-1474398063-2356579836-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/24 10:06:18 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe

[2012/05/24 07:12:13 | 004,526,123 | R--- | C] (Swearware) -- C:\Users\Jason\Desktop\ComboFix.exe

[2012/05/24 03:51:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{969CE9BC-7975-4058-BAF4-47D2E2E0CA00}

[2012/05/24 03:50:50 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{2EEBEF73-2628-437B-987F-B8BB7747FE51}

[2012/05/23 21:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/05/23 21:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/05/23 21:02:43 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Unity

[2012/05/23 20:15:56 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Unity

[2012/05/23 15:50:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{D4A32F95-441A-4C8C-9B97-14CFCF3590A5}

[2012/05/23 15:50:05 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{C3FF4519-2ED6-47EC-AEEC-B13E81C328C8}

[2012/05/22 23:44:18 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{BC3ACC20-8378-4F0C-B0EF-1282E91C7C34}

[2012/05/22 23:44:06 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{D2044685-A1E7-4048-8C63-9299E6AA0CC6}

[2012/05/22 09:25:31 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jason\Desktop\tdsskiller.exe

[2012/05/21 17:44:44 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{8C84AF60-98FF-4BB5-91F1-39436DEAFC84}

[2012/05/21 17:44:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{A35A14A0-FAE6-452E-B041-15F908CAB677}

[2012/05/21 12:12:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jason\Desktop\dds.com

[2012/05/21 11:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/05/21 11:28:59 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/05/21 11:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/05/21 10:38:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\ElevatedDiagnostics

[2012/05/21 08:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging

[2012/05/21 08:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender

[2012/05/21 08:47:40 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\QuickScan

[2012/05/21 08:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender

[2012/05/21 08:47:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender

[2012/05/21 05:43:56 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{BFC9361D-07E2-4F64-897B-BBFCAC0757C3}

[2012/05/21 05:43:33 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{1F7C752B-7789-4A26-99EB-066FF1DCDE92}

[2012/05/21 04:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neverwinter Nights 2

[2012/05/21 04:12:44 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Neverwinter Nights 2

[2012/05/21 04:03:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari

[2012/05/20 17:43:17 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{9D8D47A4-7D46-434F-AF01-2BC9995C01C3}

[2012/05/20 17:42:54 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{CBD29E77-AE77-47A8-A4C0-95A5B2D88C99}

[2012/05/20 13:55:44 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/05/20 08:48:20 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\CrashDumps

[2012/05/20 05:42:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{DA05F905-7D97-4FDE-BF7E-02136322489D}

[2012/05/20 05:42:18 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{8326ACAB-E700-4FE1-9D94-A4423DE7692E}

[2012/05/19 17:42:07 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{C88B5094-470E-4364-8F55-B48A23FFFA16}

[2012/05/19 17:41:46 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{027E0B54-8CF5-4644-98EA-74C62E4C6CEA}

[2012/05/19 05:41:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{27A16C62-5024-4863-8104-455860C9E135}

[2012/05/19 05:41:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{D97AD9FC-425A-4202-9196-8086ACCFA5F8}

[2012/05/18 03:32:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Game of Thrones

[2012/05/18 03:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls

[2012/05/18 03:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyanide

[2012/05/18 03:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyanide

[2012/05/17 12:12:15 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{5212C9F0-601D-4353-AA0C-0426A8B4B3AF}

[2012/05/17 12:12:05 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{AFA6E3E3-A843-44E7-B6DF-F788045CA86C}

[2012/05/17 11:58:30 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Corel

[2012/05/17 11:58:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis

[2012/05/17 11:56:50 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Ulead Systems

[2012/05/17 11:56:49 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Corel PaintShop Pro

[2012/05/17 11:56:49 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Corel PaintShop Pro

[2012/05/17 11:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis

[2012/05/17 11:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel

[2012/05/17 11:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X4

[2012/05/17 11:55:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel

[2012/05/16 21:32:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Malwarebytes

[2012/05/16 21:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/05/16 14:25:27 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{B143363E-5F39-4B06-9EE8-961E53C570C5}

[2012/05/16 14:14:05 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2012/05/16 10:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2012/05/16 10:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

[2012/05/16 10:27:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Updater5

[2012/05/16 07:20:20 | 000,057,976 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys

[2012/05/15 13:26:27 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\dxhr

[2012/05/15 13:25:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\28050

[2012/05/15 12:37:23 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/05/15 11:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games

[2012/05/15 10:59:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games

[2012/05/14 17:02:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/05/14 17:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle

[2012/05/14 01:08:30 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Diagnostics

[2012/05/14 00:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III (Dota - latest)

[2012/05/13 14:59:40 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\DarknessII

[2012/05/13 13:44:44 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\BladesOfTime

[2012/05/13 10:30:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Risen2

[2012/05/13 10:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver

[2012/05/12 08:57:08 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II

[2012/05/12 08:36:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\StarCraft II

[2012/05/12 08:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II

[2012/05/12 08:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II

[2012/05/12 08:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment

[2012/05/12 08:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment

[2012/05/12 00:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com

[2012/05/12 00:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GOG.com

[2012/05/11 21:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED

[2012/05/11 16:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Pendulo Studios

[2012/05/11 16:33:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Risen

[2012/05/11 16:26:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver

[2012/05/11 16:20:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\signal studios

[2012/05/11 16:06:52 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2012/05/11 16:06:52 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2012/05/11 16:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL

[2012/05/11 11:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012/05/11 11:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012/05/11 11:40:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012/05/11 11:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2012/05/11 11:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT

[2012/05/11 11:38:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP

[2012/05/11 11:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center

[2012/05/09 09:52:14 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\LS

[2012/05/05 23:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Reflexive

[2012/05/03 17:25:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TimeGate Studios

[2012/05/03 16:41:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{B7EEDF0B-16A9-4B31-A2C8-5E153DB1C53D}

[2012/05/03 16:30:26 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{45A0E8A3-19AA-4677-A458-5C25D5094CF3}

[2012/05/03 14:21:13 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{CC938591-882E-4CC4-8DAA-D425876914ED}

[2012/04/25 09:17:23 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{9697B3FA-63AF-45EE-98EE-9602CB40F2ED}

[2012/04/24 18:18:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{10F98ED2-0E0F-4B97-99C8-D777050A531F}

[2012/04/24 13:41:13 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{7C69E634-13EA-47B0-9472-BF8FE8625818}

[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/24 10:06:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe

[2012/05/24 09:59:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2817517564-1474398063-2356579836-1000UA.job

[2012/05/24 09:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/05/24 07:28:39 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/24 07:28:39 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/24 07:21:51 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys

[2012/05/24 07:21:51 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref

[2012/05/24 07:21:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/24 07:21:21 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/24 07:12:14 | 004,526,123 | R--- | M] (Swearware) -- C:\Users\Jason\Desktop\ComboFix.exe

[2012/05/23 21:06:00 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/05/23 13:59:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2817517564-1474398063-2356579836-1000Core.job

[2012/05/22 09:25:31 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jason\Desktop\tdsskiller.exe

[2012/05/21 13:41:52 | 000,001,696 | ---- | M] () -- C:\Users\Jason\Desktop\Neverwinter Nights 2.lnk

[2012/05/21 12:12:30 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jason\Desktop\dds.com

[2012/05/21 11:29:01 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/21 10:59:29 | 001,808,520 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB

[2012/05/21 10:54:39 | 000,105,383 | ---- | M] () -- C:\ProgramData\1337622602.bdinstall.bin

[2012/05/21 10:46:09 | 000,000,323 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml

[2012/05/21 10:31:03 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml

[2012/05/21 08:50:55 | 000,223,044 | ---- | M] () -- C:\ProgramData\1337615247.bdinstall.bin

[2012/05/21 08:50:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf

[2012/05/20 13:58:26 | 000,016,980 | ---- | M] () -- C:\Users\Jason\Documents\cc_20120520_135823.reg

[2012/05/18 18:42:07 | 000,000,219 | ---- | M] () -- C:\Users\Jason\Desktop\Team Fortress 2.url

[2012/05/18 03:29:10 | 000,002,307 | ---- | M] () -- C:\Users\Public\Desktop\Game of Thrones.lnk

[2012/05/17 12:06:46 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\Corel PaintShop Pro X4.lnk

[2012/05/16 21:26:19 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/05/16 21:22:15 | 000,669,432 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/05/16 21:22:15 | 000,125,514 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/05/16 12:22:41 | 000,007,593 | ---- | M] () -- C:\Users\Jason\AppData\Local\Resmon.ResmonCfg

[2012/05/16 11:18:35 | 000,018,528 | ---- | M] () -- C:\Users\Jason\Documents\cc_20120516_111830.reg

[2012/05/16 10:48:27 | 000,810,328 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/05/16 10:36:46 | 000,001,401 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/05/16 10:32:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2012/05/16 10:32:15 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2012/05/16 09:12:14 | 000,002,928 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg

[2012/05/16 07:24:33 | 000,001,256 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/05/15 13:04:34 | 000,000,082 | ---- | M] () -- C:\Users\Jason\Documents\cc_20120515_130432.reg

[2012/05/15 11:34:18 | 000,001,660 | ---- | M] () -- C:\Users\Jason\Desktop\Darkness II.lnk

[2012/05/15 10:54:20 | 000,001,654 | ---- | M] () -- C:\Users\Jason\Desktop\Warcraft III.lnk

[2012/05/15 10:50:38 | 000,013,300 | ---- | M] () -- C:\Users\Jason\Documents\cc_20120515_105035.reg

[2012/05/15 10:18:47 | 000,002,248 | ---- | M] () -- C:\Users\Jason\Documents\cc_20120515_101844.reg

[2012/05/13 10:30:35 | 000,001,864 | ---- | M] () -- C:\Users\Jason\Desktop\Risen 2.lnk

[2012/05/13 08:37:10 | 000,025,060 | ---- | M] () -- C:\Users\Jason\Documents\cc_20120513_083706.reg

[2012/05/12 08:52:12 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk

[2012/05/12 03:01:54 | 000,807,112 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/05/12 00:40:26 | 000,002,345 | ---- | M] () -- C:\Users\Public\Desktop\Lands Of Lore - The Throne of Chaos.lnk

[2012/05/12 00:40:26 | 000,002,345 | ---- | M] () -- C:\Users\Public\Desktop\Lands Of Lore - Guardians of Destiny.lnk

[2012/05/11 16:33:18 | 000,001,636 | ---- | M] () -- C:\Users\Jason\Desktop\Risen.lnk

[2012/05/11 16:31:09 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys

[2012/05/11 16:31:06 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys

[2012/05/11 16:06:52 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2012/05/11 16:06:52 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2012/05/11 11:53:06 | 000,294,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/05/05 07:39:47 | 000,004,378 | ---- | M] () -- C:\Users\Jason\Documents\cc_20120505_073944.reg

[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/23 21:06:00 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012/05/23 21:06:00 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/05/21 13:41:52 | 000,001,696 | ---- | C] () -- C:\Users\Jason\Desktop\Neverwinter Nights 2.lnk

[2012/05/21 11:29:01 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/21 10:58:57 | 001,808,520 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB

[2012/05/21 10:54:39 | 000,105,383 | ---- | C] () -- C:\ProgramData\1337622602.bdinstall.bin

[2012/05/21 10:31:03 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml

[2012/05/21 09:05:26 | 000,000,323 | ---- | C] () -- C:\Windows\SysNative\checkdnsid.xml

[2012/05/21 08:50:55 | 000,223,044 | ---- | C] () -- C:\ProgramData\1337615247.bdinstall.bin

[2012/05/21 08:50:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf

[2012/05/20 13:58:25 | 000,016,980 | ---- | C] () -- C:\Users\Jason\Documents\cc_20120520_135823.reg

[2012/05/20 13:54:39 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2817517564-1474398063-2356579836-1000UA.job

[2012/05/20 13:54:30 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2817517564-1474398063-2356579836-1000Core.job

[2012/05/18 18:42:07 | 000,000,219 | ---- | C] () -- C:\Users\Jason\Desktop\Team Fortress 2.url

[2012/05/18 03:29:10 | 000,002,307 | ---- | C] () -- C:\Users\Public\Desktop\Game of Thrones.lnk

[2012/05/17 11:55:48 | 000,001,050 | ---- | C] () -- C:\Users\Public\Desktop\Corel PaintShop Pro X4.lnk

[2012/05/16 14:23:01 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref

[2012/05/16 11:18:32 | 000,018,528 | ---- | C] () -- C:\Users\Jason\Documents\cc_20120516_111830.reg

[2012/05/16 10:49:30 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif

[2012/05/16 10:32:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2012/05/16 10:32:15 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2012/05/16 10:28:09 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012/05/16 07:27:03 | 000,002,928 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg

[2012/05/15 13:04:34 | 000,000,082 | ---- | C] () -- C:\Users\Jason\Documents\cc_20120515_130432.reg

[2012/05/15 11:34:18 | 000,001,660 | ---- | C] () -- C:\Users\Jason\Desktop\Darkness II.lnk

[2012/05/15 10:54:20 | 000,001,654 | ---- | C] () -- C:\Users\Jason\Desktop\Warcraft III.lnk

[2012/05/15 10:50:36 | 000,013,300 | ---- | C] () -- C:\Users\Jason\Documents\cc_20120515_105035.reg

[2012/05/15 10:18:45 | 000,002,248 | ---- | C] () -- C:\Users\Jason\Documents\cc_20120515_101844.reg

[2012/05/13 10:30:35 | 000,001,864 | ---- | C] () -- C:\Users\Jason\Desktop\Risen 2.lnk

[2012/05/13 08:37:07 | 000,025,060 | ---- | C] () -- C:\Users\Jason\Documents\cc_20120513_083706.reg

[2012/05/12 08:36:34 | 000,001,057 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk

[2012/05/12 08:24:37 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/05/12 00:40:26 | 000,002,345 | ---- | C] () -- C:\Users\Public\Desktop\Lands Of Lore - The Throne of Chaos.lnk

[2012/05/12 00:40:26 | 000,002,345 | ---- | C] () -- C:\Users\Public\Desktop\Lands Of Lore - Guardians of Destiny.lnk

[2012/05/11 16:33:18 | 000,001,636 | ---- | C] () -- C:\Users\Jason\Desktop\Risen.lnk

[2012/05/11 16:31:09 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys

[2012/05/11 16:31:06 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys

[2012/05/05 07:39:46 | 000,004,378 | ---- | C] () -- C:\Users\Jason\Documents\cc_20120505_073944.reg

[2012/03/25 18:59:19 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/03/25 18:57:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2011/12/20 16:44:51 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2011/12/12 17:20:20 | 000,000,093 | ---- | C] () -- C:\Users\Jason\AppData\Local\fusioncache.dat

[2011/11/02 18:46:51 | 000,000,170 | ---- | C] () -- C:\Windows\game.ini

[2011/10/29 12:27:35 | 000,810,328 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll

[2011/10/09 19:46:54 | 000,007,593 | ---- | C] () -- C:\Users\Jason\AppData\Local\Resmon.ResmonCfg

[2011/10/09 19:11:03 | 000,000,600 | ---- | C] () -- C:\Windows\Rtcw.INI

[2011/10/08 17:54:52 | 000,000,254 | ---- | C] () -- C:\Windows\PowerReg.dat

[2011/10/08 17:54:47 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll

[2011/10/06 17:10:03 | 000,205,824 | ---- | C] () -- C:\Windows\pw32a.dll

[2011/10/05 21:31:05 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys

[2011/10/05 21:10:19 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2011/10/05 21:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/11/02 18:50:08 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Activision

[2012/05/21 04:03:00 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\DAEMON Tools Lite

[2012/05/17 15:07:41 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\DarknessII

[2011/10/26 16:40:44 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Doublefine

[2011/10/24 21:00:01 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\fltk.org

[2011/10/26 16:40:00 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Hive Cluster

[2011/10/27 16:41:35 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Hothead Games

[2012/01/03 08:22:15 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Kalypso Media

[2011/10/11 18:12:15 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Leadertech

[2011/10/25 07:34:40 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Lionhead Studios

[2012/05/09 09:52:14 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\LS

[2012/02/18 20:33:22 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\OpenOffice.org

[2012/05/21 08:47:40 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\QuickScan

[2012/03/21 12:41:01 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\RotMG.Production

[2011/10/29 13:03:19 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Spore

[2011/12/31 10:02:14 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\SystemRequirementsLab

[2012/05/06 11:51:49 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Tropico 4

[2011/11/16 17:49:05 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Ubisoft

[2012/05/17 11:56:50 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Ulead Systems

[2012/05/23 21:02:43 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Unity

[2012/05/23 18:30:33 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >

Link to post
Share on other sites
azj2k

azj2k

Posted
  • Author
Posted

Maniac -

Here is the second log file, Extras.txt:

OTL Extras logfile created on: 5/24/2012 10:07:17 AM - Run 1

OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Jason\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 69.04% Memory free

7.99 Gb Paging File | 6.58 Gb Available in Paging File | 82.31% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 153.38 Gb Total Space | 9.51 Gb Free Space | 6.20% Space Free | Partition Type: NTFS

Computer Name: MAX | User Name: Jason | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2817517564-1474398063-2356579836-1000\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0015DE8E-8D9F-403E-8E5A-4098410E6125}" = PSPPro64

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel

"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2

"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2

"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In

"{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{00580795-581C-4587-B9F2-37320D7AB37F}" = Corel PaintShop Pro X4

"{00580795-581C-4587-B9F2-37320D7AB37F}" = ICA

"{006CAAEF-CA96-4181-AC22-FE56D61432E4}" = PSPPContent

"{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}" = Corel PaintShop Pro X4

"{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}" = IPM_PSP_COM

"{00D13418-7DDF-4D3D-A237-E297B103BB6B}" = Setup

"{00D74A7A-F7AD-4D00-ABD2-0973836292C7}" = PSPPHelp

"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0A7C4C5C-6DF9-48D5-BEF4-E5E6FB868EAF}_is1" = F.E.A.R. Plantinum

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0CC21836-A5D6-4641-B4AE-6FA01D021E41}" = The Sims Medieval Pirates and Nobles

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian

"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java 6 Update 22

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish

"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All

"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX

"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0427.1

"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese

"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai

"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional

"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German

"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common

"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English

"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish

"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish

"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer

"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish

"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer

"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean

"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center

"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2

"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"AGOT_is1" = Game of Thrones version 1.0.0.0

"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30

"DAEMON Tools Lite" = DAEMON Tools Lite

"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0427.1

"Lands Of Lore 1 and 2_is1" = Lands Of Lore 1 and 2

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"OpenAL" = OpenAL

"RealPlayer 15.0" = RealPlayer

"Risen 2 - Dark Waters_is1" = Risen 2 - Dark Waters

"Rockstar Games Social Club" = Rockstar Games Social Club

"Shockwave" = Shockwave

"StarCraft II" = StarCraft II

"Steam App 200210" = Realm of the Mad God

"Steam App 440" = Team Fortress 2

"The Darkness II_is1" = The Darkness II

"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2817517564-1474398063-2356579836-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Tropico 4" = Tropico 4 1.00

"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/21/2012 2:34:10 PM | Computer Name = Max | Source = Application Hang | ID = 1002

Description = The program mbam.exe version 1.60.0.80 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 11ac Start Time:

01cd37800868b313 Termination Time: 0 Application Path: C:\Program Files (x86)\Malwarebytes'

Anti-Malware\mbam.exe Report Id: 8b8b88f1-a373-11e1-8709-50e549695040

Error - 5/22/2012 11:17:26 PM | Computer Name = Max | Source = Application Error | ID = 1000

Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:

0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x7366e36c Faulting

process id: 0x2a4c Faulting application start time: 0x01cd3884cc377c14 Faulting application

path: c:\program files (x86)\steam\steamapps\azj2k\team fortress 2\hl2.exe Faulting

module path: filesystem_steam.dll Report Id: d1e89dc6-a485-11e1-abf6-50e549695040

Error - 5/23/2012 2:41:07 AM | Computer Name = Max | Source = Application Error | ID = 1000

Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:

0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x73bbe36c Faulting

process id: 0x1828 Faulting application start time: 0x01cd3897ceb8b5e9 Faulting application

path: c:\program files (x86)\steam\steamapps\azj2k\team fortress 2\hl2.exe Faulting

module path: filesystem_steam.dll Report Id: 45d7b03e-a4a2-11e1-abf6-50e549695040

Error - 5/23/2012 4:02:32 AM | Computer Name = Max | Source = Application Error | ID = 1000

Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:

0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x6c02e36c Faulting

process id: 0x978 Faulting application start time: 0x01cd38b0e1ea4454 Faulting application

path: c:\program files (x86)\steam\steamapps\azj2k\team fortress 2\hl2.exe Faulting

module path: filesystem_steam.dll Report Id: a5bfdf50-a4ad-11e1-ad5c-50e549695040

Error - 5/23/2012 10:47:17 AM | Computer Name = Max | Source = Application Error | ID = 1000

Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,

time stamp: 0x4d672ee4 Faulting module name: DUI70.dll, version: 6.1.7600.16385,

time stamp: 0x4a5bdf25 Exception code: 0xc0000005 Fault offset: 0x00000000000042bf

Faulting

process id: 0x6fc Faulting application start time: 0x01cd38af5e1988bc Faulting application

path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\DUI70.dll

Report

Id: 30dfef1b-a4e6-11e1-ad5c-50e549695040

Error - 5/23/2012 12:00:56 PM | Computer Name = Max | Source = Application Error | ID = 1000

Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:

0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x6b9fe36c Faulting

process id: 0x130c Faulting application start time: 0x01cd38f622e6e6a1 Faulting application

path: c:\program files (x86)\steam\steamapps\azj2k\team fortress 2\hl2.exe Faulting

module path: filesystem_steam.dll Report Id: 7ae0973f-a4f0-11e1-b572-50e549695040

Error - 5/23/2012 12:48:51 PM | Computer Name = Max | Source = Application Error | ID = 1000

Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:

0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x719ce36c Faulting

process id: 0x940 Faulting application start time: 0x01cd38fd41c49d60 Faulting application

path: c:\program files (x86)\steam\steamapps\azj2k\team fortress 2\hl2.exe Faulting

module path: filesystem_steam.dll Report Id: 2c59c0e7-a4f7-11e1-b572-50e549695040

Error - 5/23/2012 2:03:23 PM | Computer Name = Max | Source = Application Error | ID = 1000

Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:

0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x71a1e36c Faulting

process id: 0x11ac Faulting application start time: 0x01cd39078a1db0d3 Faulting application

path: c:\program files (x86)\steam\steamapps\azj2k\team fortress 2\hl2.exe Faulting

module path: filesystem_steam.dll Report Id: 96010c95-a501-11e1-b572-50e549695040

Error - 5/24/2012 3:22:51 AM | Computer Name = Max | Source = Application Error | ID = 1000

Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:

0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x7463e36c Faulting

process id: 0xe00 Faulting application start time: 0x01cd394e321978b3 Faulting application

path: c:\program files (x86)\steam\steamapps\azj2k\team fortress 2\hl2.exe Faulting

module path: filesystem_steam.dll Report Id: 452ba871-a571-11e1-a93b-50e549695040

Error - 5/24/2012 1:05:11 PM | Computer Name = Max | Source = Application Error | ID = 1000

Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:

0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x64d5e36c Faulting

process id: 0x10d8 Faulting application start time: 0x01cd39bc1026403e Faulting application

path: c:\program files (x86)\steam\steamapps\azj2k\team fortress 2\hl2.exe Faulting

module path: filesystem_steam.dll Report Id: 9ebdce2e-a5c2-11e1-a2cf-50e549695040

[ System Events ]

Error - 3/15/2012 7:26:57 PM | Computer Name = Max | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

archlp

Error - 3/15/2012 7:29:15 PM | Computer Name = Max | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Steam

Client Service service to connect.

Error - 3/15/2012 7:29:15 PM | Computer Name = Max | Source = Service Control Manager | ID = 7000

Description = The Steam Client Service service failed to start due to the following

error: %%1053

Error - 3/15/2012 8:11:22 PM | Computer Name = Max | Source = volsnap | ID = 393252

Description = The shadow copies of volume C: were aborted because the shadow copy

storage could not grow due to a user imposed limit.

Error - 3/15/2012 8:37:39 PM | Computer Name = Max | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

archlp

Error - 3/15/2012 9:43:38 PM | Computer Name = Max | Source = volsnap | ID = 393252

Description = The shadow copies of volume C: were aborted because the shadow copy

storage could not grow due to a user imposed limit.

Error - 3/17/2012 1:58:59 PM | Computer Name = Max | Source = EventLog | ID = 6008

Description = The previous system shutdown at 10:57:11 AM on ?3/?17/?2012 was unexpected.

Error - 3/17/2012 1:59:10 PM | Computer Name = Max | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

archlp

Error - 3/19/2012 3:08:24 AM | Computer Name = Max | Source = volsnap | ID = 393252

Description = The shadow copies of volume C: were aborted because the shadow copy

storage could not grow due to a user imposed limit.

Error - 3/19/2012 3:17:47 AM | Computer Name = Max | Source = volsnap | ID = 393252

Description = The shadow copies of volume C: were aborted because the shadow copy

storage could not grow due to a user imposed limit.

< End of report >

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O4 - HKU\S-1-5-21-2817517564-1474398063-2356579836-1000..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
    [2012/05/21 08:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
    [2012/05/21 08:47:40 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\QuickScan
    [2012/05/21 08:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
    [2012/05/21 08:47:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
    [2012/05/16 14:14:05 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2012/05/15 13:26:27 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\dxhr
    [2012/05/15 13:25:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\28050

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites
azj2k

azj2k

Posted
  • Author
Posted

Maniac -

Here is a copy of the OST fix log:

All processes killed

Error: Unable to interpret <:OTLO4 - HKU\S-1-5-21-2817517564-1474398063-2356579836-1000..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found[2012/05/21 08:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender[2012/05/21 08:47:40 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\QuickScan[2012/05/21 08:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender[2012/05/21 08:47:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender[2012/05/16 14:14:05 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW[2012/05/15 13:26:27 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\dxhr[2012/05/15 13:25:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\28050:Commands[emptytemp][clearallrestorepoints]> in the current context!

OTL by OldTimer - Version 3.2.43.1 log created on 05252012_084505

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites
azj2k

azj2k

Posted
  • Author
Posted

Maniac -

Sorry about that! Here is the OST.log file:

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-2817517564-1474398063-2356579836-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.

C:\Program Files\Bitdefender folder moved successfully.

C:\Users\Jason\AppData\Roaming\QuickScan folder moved successfully.

C:\Program Files\Common Files\Bitdefender\SetupInformation folder moved successfully.

C:\Program Files\Common Files\Bitdefender folder moved successfully.

C:\Program Files (x86)\Common Files\Bitdefender\setupinformation\extern folder moved successfully.

C:\Program Files (x86)\Common Files\Bitdefender\setupinformation folder moved successfully.

C:\Program Files (x86)\Common Files\Bitdefender folder moved successfully.

C:\32788R22FWJFW\N_ folder moved successfully.

C:\32788R22FWJFW\License folder moved successfully.

C:\32788R22FWJFW\EN-US folder moved successfully.

C:\32788R22FWJFW folder moved successfully.

C:\Users\Jason\AppData\Local\dxhr\cache\data\players folder moved successfully.

C:\Users\Jason\AppData\Local\dxhr\cache\data folder moved successfully.

C:\Users\Jason\AppData\Local\dxhr\cache folder moved successfully.

C:\Users\Jason\AppData\Local\dxhr folder moved successfully.

C:\Users\Jason\AppData\Local\28050\eidos\40f945f4\cache\temp folder moved successfully.

C:\Users\Jason\AppData\Local\28050\eidos\40f945f4\cache\persistent folder moved successfully.

C:\Users\Jason\AppData\Local\28050\eidos\40f945f4\cache folder moved successfully.

C:\Users\Jason\AppData\Local\28050\eidos\40f945f4 folder moved successfully.

C:\Users\Jason\AppData\Local\28050\eidos folder moved successfully.

C:\Users\Jason\AppData\Local\28050 folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Jason

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 15458273 bytes

->Java cache emptied: 283301 bytes

->FireFox cache emptied: 163505134 bytes

->Google Chrome cache emptied: 154191148 bytes

->Flash cache emptied: 501 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 200704 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1496403 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 83267560 bytes

Total Files Cleaned = 399.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.1 log created on 05262012_092827

Thanks!

Link to post
Share on other sites
azj2k

azj2k

Posted
  • Author
Posted

Hi LD!

I've tried Combofix again, with the same results. I also tried to delete the copy and download a new copy to the desktop. Same results. The program finishes extracting streamtools.exe. It then tries to create two output folders. The second folder created (I didn't see the first one) is located at C:\32788R22FWJFW. When opened, the folder opens as if I had clicked the Local Computer (C:) icon in the file directory. When running Combofix, all programs are closed and MBAM is disabled. Thanks for your help!

Link to post
Share on other sites
azj2k

azj2k

Posted
  • Author
Posted

It's only happening sporadically now, but it still happens. So far it has happened with Firefox and IE, but it has happened previously with Chrome as well. It happened on the first link I tried after being requested from your post, however, it has not happened anymore as of yet.

Link to post
Share on other sites
azj2k

azj2k

Posted
  • Author
Posted

Yes. A wireless router is connected to the cable modem. Since Maniac has started helping initially, the frequency I have been being redirected has decreased. I am using the trial version of MBAM with the website blocking, and I still get the notification that "The program is successfully blocking access to a potentially malicious website: 204.137.28.195; Type: outgoing; Port: 51336; Process: ping.exe" It happens about once every minute or so. The website is the same each time. I have googled the IP address, and it seems as if other people have had with probems with the same site redirecting them as well. Thanks!

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

I'm thinking the router might be infected

Resetting Router

Let’s try to reset the router to its default configuration.

  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.