Jump to content

Malwarebytes Blocking Outgoing svshost.exe help?


Recommended Posts

About an hour ago I had a message pop-up. Telling me that Adobe Flash needed my permission to update. This was about 5 minutes after Malwarebytes told me it had blocked something nasty, so i didn't trust it. Everytime i tried to press cancel on the request it popped right back up again. An AVG scan found a couple of viruses & apparently cleaned them out. I restarted the PC & I haven't had the pop-up since. Since then, though, I'm constantly getting messages telling me that Malwarebytes is blocking outgoing information based on svchost.exe & occassionaly explorer.exe. Almost always to the same IP, which a quick google search revealed to be in Holland somewhere.

This is what DDS gave me.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32

Run by Rich at 23:50:36 on 2012-07-04

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2046.773 [GMT 1:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\PnkBstrB.exe

C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Vtune\TBPANEL.exe

C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [TBPanel] c:\program files\vtune\TBPanel.exe /A

uRun: [Google Update] "c:\users\rich\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [Microsoft Firewall 2.9] c:\users\rich\appdata\roaming\WMPRWISE.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3200\WNDA3200WPSMgr.exe

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{7FE3267E-2232-4DF2-A164-961D7C673B75} : DhcpNameServer = 194.168.4.100 194.168.8.100

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\rich\appdata\roaming\mozilla\firefox\profiles\orx39u25.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\rich\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-5-8 20384]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-13 654408]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272]

R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2012-5-8 1564160]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-13 22344]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-4 40776]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-5-23 148800]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-5-23 1262400]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-8 250056]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2012-5-13 135584]

S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wnda3200\jswpsapi.exe [2012-5-8 954368]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 113120]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]

S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]

.

=============== Created Last 30 ================

.

2012-07-04 22:03:41 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-07-04 14:27:53 -------- d-----w- c:\users\rich\appdata\local\{27F48031-9F59-45E6-90F5-0E95DBED12F7}

2012-07-04 14:27:41 -------- d-----w- c:\users\rich\appdata\local\{AA1E687D-51B4-46EA-B9DE-1AE86A5F79C3}

2012-07-04 13:22:32 -------- d-----w- c:\users\rich\appdata\local\{5061FE4C-0284-4C50-B5E8-86E9A6C6BAF6}

2012-07-04 13:22:20 -------- d-----w- c:\users\rich\appdata\local\{1C4D7ABE-E964-4BC7-B5EC-8F687BB7142D}

2012-07-03 12:36:49 -------- d-----w- c:\users\rich\appdata\local\{E336E4AD-974D-490A-846D-0B0B39D04AF0}

2012-07-03 12:36:36 -------- d-----w- c:\users\rich\appdata\local\{5895672B-47DE-482A-8C91-A7FC126BAB85}

2012-07-03 09:14:46 -------- d-----w- c:\users\rich\appdata\local\{10D73ED5-BA41-43B7-A5FB-A9908E44A94E}

2012-07-02 15:26:49 -------- d-----w- c:\users\rich\appdata\local\{E7459CDC-B4BD-408A-80EE-237EF3363972}

2012-07-02 15:26:38 -------- d-----w- c:\users\rich\appdata\local\{53F1891B-085C-46C4-8005-5F4EB01FE222}

2012-07-01 13:24:48 -------- d-----w- c:\users\rich\appdata\local\{2F9D7173-8F17-43E1-85C1-149328481A3A}

2012-07-01 13:24:36 -------- d-----w- c:\users\rich\appdata\local\{F0C8F6BD-3E1F-4088-B74B-CFE834C5B8DC}

2012-06-30 13:34:04 -------- d-----w- c:\users\rich\appdata\local\{06BE3E4F-82F1-41B4-8DBB-5BCFDE38A2AC}

2012-06-30 13:33:52 -------- d-----w- c:\users\rich\appdata\local\{6A072764-C383-4A67-AE5C-4530AA66499F}

2012-06-29 21:02:17 -------- d-----w- c:\users\rich\appdata\local\{12553D91-58E0-4A60-8ED6-F1E5D5A08553}

2012-06-29 21:01:53 -------- d-----w- c:\users\rich\appdata\local\{A262BA4E-ED30-49B8-9BDA-66C99EFC5597}

2012-06-29 09:01:25 -------- d-----w- c:\users\rich\appdata\local\{11AAC49D-26C9-4A39-88A0-7AFEE8264CAD}

2012-06-29 09:01:09 -------- d-----w- c:\users\rich\appdata\local\{9878334A-C5B4-44E0-B019-43E54D5E3324}

2012-06-28 11:22:47 -------- d-----w- c:\users\rich\appdata\local\{A856636F-C02C-4DA4-85AE-BEE224B8554B}

2012-06-28 11:22:35 -------- d-----w- c:\users\rich\appdata\local\{283F0A5E-A164-47AE-9E2E-64B08F2439C8}

2012-06-27 20:51:28 -------- d-----w- c:\users\rich\appdata\local\HotheadGames

2012-06-27 14:01:39 -------- d-----w- c:\users\rich\appdata\local\{06B3447D-0192-4CAE-AE6D-308BB76870BA}

2012-06-27 14:01:26 -------- d-----w- c:\users\rich\appdata\local\{779318F6-1605-4528-BCCB-F79802734DE9}

2012-06-27 10:54:53 -------- d-----w- c:\users\rich\appdata\local\{49888081-D5F9-4B84-B158-5905D901ACAF}

2012-06-26 15:25:07 -------- d-----w- c:\users\rich\appdata\local\{C87A99ED-459E-47C9-8BD2-DD1473A68FA2}

2012-06-26 15:24:50 -------- d-----w- c:\users\rich\appdata\local\{5CF3AD09-DBC2-4A02-BAD3-4F477BFC25C2}

2012-06-26 13:59:09 -------- d-----w- c:\users\rich\appdata\local\{AC7A7112-5637-4534-99D3-8B1BB9158213}

2012-06-25 19:44:18 -------- d-----w- c:\users\rich\appdata\local\{DA4383E5-0F92-49F6-91F0-C40248B766A5}

2012-06-25 19:44:04 -------- d-----w- c:\users\rich\appdata\local\{B57E270C-287D-4117-AB35-49FB82E86F15}

2012-06-24 17:53:02 -------- d-----w- c:\users\rich\appdata\local\{87C4865F-CC99-4947-A904-20DF9E133030}

2012-06-23 21:03:16 -------- d-----w- c:\users\rich\appdata\local\Macromedia

2012-06-23 09:30:51 -------- d-----w- c:\users\rich\appdata\local\{D1EE2B11-600B-4BD0-A72A-76B5627FB354}

2012-06-23 09:30:35 -------- d-----w- c:\users\rich\appdata\local\{9A1226E6-1039-472E-AA45-177C981AAA21}

2012-06-21 08:05:15 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 08:05:05 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 08:04:55 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-21 08:04:55 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 08:01:50 -------- d-----w- c:\users\rich\appdata\local\{5B9EE0DC-F464-4F34-A4C1-50B6B3AE008E}

2012-06-21 08:01:36 -------- d-----w- c:\users\rich\appdata\local\{89737B9E-6ABB-4C01-846B-F367C4E55DF8}

2012-06-20 16:42:09 -------- d-----w- c:\users\rich\appdata\local\{729E8BF3-F179-49D3-9ED0-8FC474E88C19}

2012-06-20 16:41:57 -------- d-----w- c:\users\rich\appdata\local\{3C7E8E58-2CDB-481B-85B3-1B490C7602C4}

2012-06-20 11:38:30 -------- d-----w- c:\users\rich\appdata\local\{7DBD4674-AAA3-45A1-9B66-D7712E656244}

2012-06-20 11:38:17 -------- d-----w- c:\users\rich\appdata\local\{E5A29916-0027-49CF-A1DD-595B4C0B6C7C}

2012-06-19 13:06:49 -------- d-----w- c:\users\rich\appdata\local\{705DF180-E7E2-4C67-B381-2D0944C593B2}

2012-06-19 13:06:37 -------- d-----w- c:\users\rich\appdata\local\{F9AB64EA-F592-4E6A-B0D3-7E5987285901}

2012-06-18 20:34:35 -------- d-----w- c:\users\rich\appdata\local\{624FD0ED-723E-43AE-9A92-8D159630C2C4}

2012-06-18 08:34:11 -------- d-----w- c:\users\rich\appdata\local\{803410B4-54D1-4BEC-A001-5CC4AF40F025}

2012-06-17 17:27:42 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll

2012-06-17 17:27:42 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll

2012-06-17 12:51:38 -------- d-----w- c:\users\rich\appdata\local\{A41C0294-F354-4B53-94EC-E3CBB20C3BD4}

2012-06-16 10:04:12 -------- d-----w- c:\users\rich\appdata\local\{1A31915C-1C81-4605-98B4-09F04D1EAB25}

2012-06-15 11:34:27 -------- d-----w- c:\users\rich\appdata\local\{2CC2762C-2924-489B-A25A-65202BED30BC}

2012-06-14 14:16:32 -------- d-----w- c:\users\rich\appdata\local\{96C48549-B283-4705-9DC8-C9F1C0B2378E}

2012-06-14 14:16:20 -------- d-----w- c:\users\rich\appdata\local\{113F7F19-D85F-49AA-BBC6-39091FB24E9B}

2012-06-13 12:42:35 -------- d-----w- c:\users\rich\appdata\local\{A408B575-9F51-4ABA-ABF3-23E696E9E52A}

2012-06-13 12:42:22 -------- d-----w- c:\users\rich\appdata\local\{D3C96546-BE51-4792-8E92-4D71FA195EE5}

2012-06-12 14:16:17 -------- d-----w- c:\users\rich\appdata\local\{BFE587A2-728E-4EBC-935F-540EE76EBE25}

2012-06-12 14:16:02 -------- d-----w- c:\users\rich\appdata\local\{EACF61EB-48B3-4B44-8385-0010F25527A3}

2012-06-11 22:39:52 -------- d-----w- c:\users\rich\appdata\local\{F9D0AD91-FAF8-431D-8EFE-9FCBF9579484}

2012-06-11 22:39:37 -------- d-----w- c:\users\rich\appdata\local\{0FAED150-B161-4C9F-BC7C-3CA2860F5ECB}

2012-06-11 10:25:54 -------- d-----w- c:\users\rich\appdata\local\{9539CB8B-0F1F-4C3E-B92A-FA2A4D503BA7}

2012-06-11 10:25:40 -------- d-----w- c:\users\rich\appdata\local\{230A57C0-57A2-418C-903E-8A11FC983ECA}

2012-06-10 11:05:05 -------- d-----w- c:\users\rich\appdata\local\{C8ACDEB4-C905-4E3F-828D-C39F820C6FE3}

2012-06-10 11:04:47 -------- d-----w- c:\users\rich\appdata\local\{16F59312-4FA5-42DE-9637-6F58E8461B6F}

2012-06-08 22:48:58 -------- d-----w- c:\users\rich\appdata\local\{D45697FE-ACE4-47C2-972F-BD6B52C6AC08}

2012-06-08 22:48:46 -------- d-----w- c:\users\rich\appdata\local\{15DA8384-E1CF-42C0-BD8A-3112AF087EAA}

2012-06-08 10:37:22 -------- d-----w- c:\users\rich\appdata\local\{7607624D-F8D2-457D-B7F4-AA42E503DCC6}

2012-06-08 10:37:10 -------- d-----w- c:\users\rich\appdata\local\{5D108F12-ECED-489F-92CA-D9FAB1672F0D}

2012-06-07 10:28:08 -------- d-----w- c:\users\rich\appdata\local\{E9B37710-C387-46A0-8D29-5D7B08FA2B65}

2012-06-07 10:27:55 -------- d-----w- c:\users\rich\appdata\local\{A8FC8F80-67B4-43E8-AFF8-D5DA2300454B}

2012-06-07 10:26:08 -------- d-----w- c:\users\rich\appdata\local\{26BFC2A9-902E-4270-998C-2AF5F35B9AE5}

2012-06-06 10:31:03 -------- d-----w- c:\users\rich\appdata\local\{DE79B012-679E-4BB4-B61F-5A526A658A7C}

2012-06-06 10:30:49 -------- d-----w- c:\users\rich\appdata\local\{3EE3FF80-15A0-4542-8609-58C024598EBB}

2012-06-05 15:04:06 -------- d-----w- c:\users\rich\appdata\local\{35E4404D-4DEC-4446-8FB9-BA0DF5DB8198}

2012-06-05 15:03:49 -------- d-----w- c:\users\rich\appdata\local\{7FA64710-B97B-42D4-A330-333AC972F1A1}

2012-06-05 11:48:13 -------- d-----w- c:\users\rich\appdata\local\{FDD403D8-5B0E-43B3-AC56-4152288C6A42}

.

==================== Find3M ====================

.

2012-06-23 18:58:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-23 18:58:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-18 15:14:02 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2012-05-18 15:14:02 22328 ----a-w- c:\users\rich\appdata\roaming\PnkBstrK.sys

2012-05-18 15:13:38 107832 ----a-w- c:\windows\system32\PnkBstrB.exe

2012-05-18 15:13:15 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2012-05-18 15:13:15 2337865 ----a-w- c:\windows\system32\pbsvc.exe

2012-05-15 09:28:49 645440 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:28:49 62272 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:28:49 2621723 ----a-w- c:\windows\system32\nvcoproc.bin

2012-05-15 09:28:49 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:28:48 3931456 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 09:27:28 2759488 ----a-w- c:\windows\system32\nvsvc.dll

2012-05-15 01:21:50 423744 ----a-w- c:\windows\system32\nvStreaming.exe

2012-05-08 04:31:40 476960 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-05-08 04:31:40 472864 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-07 20:05:29 0 ----a-w- c:\windows\ativpsrm.bin

2012-04-19 03:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-04-18 17:08:07 27968 ----a-w- c:\windows\system32\nvhdap32.dll

2012-04-18 17:08:04 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys

2012-04-18 17:08:02 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll

.

============= FINISH: 23:52:28.87 ===============

Link to post
Share on other sites

Hello Duder1989! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

This is because your system is still infected. It is a trojan that distributes spam email messages. It also collects information about the affected computer, and sends it back to its command and control (C&C) server. The trojan has been observed stealing user names and passwords from specified applications, for example: Internet Explorer, Mozilla Firefox and The Bat! email application.

Please post the content of Attach.txt.

Link to post
Share on other sites

Thank you for the reply. After I posted this topic last night, Malwarebytes did a full system scan & found 5 different viruses & trojans. It apparently cured & removed the infections. I reset the PC & left it overnight while I slept. After waking up this morning I did another short scan & full system scan & it hasn't found anything else, nor has any of the warning messages popped up since.

I'm hoping it has been cured, but I know enough about computers to assume that it may just be hiding away. So i'll post fresh DDS logs.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32

Run by Rich at 11:46:13 on 2012-07-05

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2046.1125 [GMT 1:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\PnkBstrB.exe

C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Vtune\TBPANEL.exe

C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [TBPanel] c:\program files\vtune\TBPanel.exe /A

uRun: [Google Update] "c:\users\rich\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3200\WNDA3200WPSMgr.exe

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{7FE3267E-2232-4DF2-A164-961D7C673B75} : DhcpNameServer = 194.168.4.100 194.168.8.100

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\rich\appdata\roaming\mozilla\firefox\profiles\orx39u25.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\rich\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-5-8 20384]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-13 654408]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272]

R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\netgear\wnda3200\WifiDevChkSvc.exe [2012-5-8 167936]

R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2012-5-8 1564160]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-13 22344]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-5-23 148800]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-5-23 1262400]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-8 250056]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2012-5-13 135584]

S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wnda3200\jswpsapi.exe [2012-5-8 954368]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 113120]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]

S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]

.

=============== Created Last 30 ================

.

2012-07-05 09:12:42 -------- d-----w- c:\users\rich\appdata\local\{BAD0BD85-933D-45B0-A102-AD419E8B001C}

2012-07-05 09:12:28 -------- d-----w- c:\users\rich\appdata\local\{7F09E8C7-76AA-40C1-AF89-F0683018B781}

2012-07-04 14:27:53 -------- d-----w- c:\users\rich\appdata\local\{27F48031-9F59-45E6-90F5-0E95DBED12F7}

2012-07-04 14:27:41 -------- d-----w- c:\users\rich\appdata\local\{AA1E687D-51B4-46EA-B9DE-1AE86A5F79C3}

2012-07-04 13:22:32 -------- d-----w- c:\users\rich\appdata\local\{5061FE4C-0284-4C50-B5E8-86E9A6C6BAF6}

2012-07-04 13:22:20 -------- d-----w- c:\users\rich\appdata\local\{1C4D7ABE-E964-4BC7-B5EC-8F687BB7142D}

2012-07-03 12:36:49 -------- d-----w- c:\users\rich\appdata\local\{E336E4AD-974D-490A-846D-0B0B39D04AF0}

2012-07-03 12:36:36 -------- d-----w- c:\users\rich\appdata\local\{5895672B-47DE-482A-8C91-A7FC126BAB85}

2012-07-03 09:14:46 -------- d-----w- c:\users\rich\appdata\local\{10D73ED5-BA41-43B7-A5FB-A9908E44A94E}

2012-07-02 15:26:49 -------- d-----w- c:\users\rich\appdata\local\{E7459CDC-B4BD-408A-80EE-237EF3363972}

2012-07-02 15:26:38 -------- d-----w- c:\users\rich\appdata\local\{53F1891B-085C-46C4-8005-5F4EB01FE222}

2012-07-01 13:24:48 -------- d-----w- c:\users\rich\appdata\local\{2F9D7173-8F17-43E1-85C1-149328481A3A}

2012-07-01 13:24:36 -------- d-----w- c:\users\rich\appdata\local\{F0C8F6BD-3E1F-4088-B74B-CFE834C5B8DC}

2012-06-30 13:34:04 -------- d-----w- c:\users\rich\appdata\local\{06BE3E4F-82F1-41B4-8DBB-5BCFDE38A2AC}

2012-06-30 13:33:52 -------- d-----w- c:\users\rich\appdata\local\{6A072764-C383-4A67-AE5C-4530AA66499F}

2012-06-29 21:02:17 -------- d-----w- c:\users\rich\appdata\local\{12553D91-58E0-4A60-8ED6-F1E5D5A08553}

2012-06-29 21:01:53 -------- d-----w- c:\users\rich\appdata\local\{A262BA4E-ED30-49B8-9BDA-66C99EFC5597}

2012-06-29 09:01:25 -------- d-----w- c:\users\rich\appdata\local\{11AAC49D-26C9-4A39-88A0-7AFEE8264CAD}

2012-06-29 09:01:09 -------- d-----w- c:\users\rich\appdata\local\{9878334A-C5B4-44E0-B019-43E54D5E3324}

2012-06-28 11:22:47 -------- d-----w- c:\users\rich\appdata\local\{A856636F-C02C-4DA4-85AE-BEE224B8554B}

2012-06-28 11:22:35 -------- d-----w- c:\users\rich\appdata\local\{283F0A5E-A164-47AE-9E2E-64B08F2439C8}

2012-06-27 20:51:28 -------- d-----w- c:\users\rich\appdata\local\HotheadGames

2012-06-27 14:01:39 -------- d-----w- c:\users\rich\appdata\local\{06B3447D-0192-4CAE-AE6D-308BB76870BA}

2012-06-27 14:01:26 -------- d-----w- c:\users\rich\appdata\local\{779318F6-1605-4528-BCCB-F79802734DE9}

2012-06-27 10:54:53 -------- d-----w- c:\users\rich\appdata\local\{49888081-D5F9-4B84-B158-5905D901ACAF}

2012-06-26 15:25:07 -------- d-----w- c:\users\rich\appdata\local\{C87A99ED-459E-47C9-8BD2-DD1473A68FA2}

2012-06-26 15:24:50 -------- d-----w- c:\users\rich\appdata\local\{5CF3AD09-DBC2-4A02-BAD3-4F477BFC25C2}

2012-06-26 13:59:09 -------- d-----w- c:\users\rich\appdata\local\{AC7A7112-5637-4534-99D3-8B1BB9158213}

2012-06-25 19:44:18 -------- d-----w- c:\users\rich\appdata\local\{DA4383E5-0F92-49F6-91F0-C40248B766A5}

2012-06-25 19:44:04 -------- d-----w- c:\users\rich\appdata\local\{B57E270C-287D-4117-AB35-49FB82E86F15}

2012-06-24 17:53:02 -------- d-----w- c:\users\rich\appdata\local\{87C4865F-CC99-4947-A904-20DF9E133030}

2012-06-23 21:03:16 -------- d-----w- c:\users\rich\appdata\local\Macromedia

2012-06-23 09:30:51 -------- d-----w- c:\users\rich\appdata\local\{D1EE2B11-600B-4BD0-A72A-76B5627FB354}

2012-06-23 09:30:35 -------- d-----w- c:\users\rich\appdata\local\{9A1226E6-1039-472E-AA45-177C981AAA21}

2012-06-21 08:05:15 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 08:05:05 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 08:04:55 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-21 08:04:55 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 08:01:50 -------- d-----w- c:\users\rich\appdata\local\{5B9EE0DC-F464-4F34-A4C1-50B6B3AE008E}

2012-06-21 08:01:36 -------- d-----w- c:\users\rich\appdata\local\{89737B9E-6ABB-4C01-846B-F367C4E55DF8}

2012-06-20 16:42:09 -------- d-----w- c:\users\rich\appdata\local\{729E8BF3-F179-49D3-9ED0-8FC474E88C19}

2012-06-20 16:41:57 -------- d-----w- c:\users\rich\appdata\local\{3C7E8E58-2CDB-481B-85B3-1B490C7602C4}

2012-06-20 11:38:30 -------- d-----w- c:\users\rich\appdata\local\{7DBD4674-AAA3-45A1-9B66-D7712E656244}

2012-06-20 11:38:17 -------- d-----w- c:\users\rich\appdata\local\{E5A29916-0027-49CF-A1DD-595B4C0B6C7C}

2012-06-19 13:06:49 -------- d-----w- c:\users\rich\appdata\local\{705DF180-E7E2-4C67-B381-2D0944C593B2}

2012-06-19 13:06:37 -------- d-----w- c:\users\rich\appdata\local\{F9AB64EA-F592-4E6A-B0D3-7E5987285901}

2012-06-18 20:34:35 -------- d-----w- c:\users\rich\appdata\local\{624FD0ED-723E-43AE-9A92-8D159630C2C4}

2012-06-18 08:34:11 -------- d-----w- c:\users\rich\appdata\local\{803410B4-54D1-4BEC-A001-5CC4AF40F025}

2012-06-17 17:27:42 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll

2012-06-17 17:27:42 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll

2012-06-17 12:51:38 -------- d-----w- c:\users\rich\appdata\local\{A41C0294-F354-4B53-94EC-E3CBB20C3BD4}

2012-06-16 10:04:12 -------- d-----w- c:\users\rich\appdata\local\{1A31915C-1C81-4605-98B4-09F04D1EAB25}

2012-06-15 11:34:27 -------- d-----w- c:\users\rich\appdata\local\{2CC2762C-2924-489B-A25A-65202BED30BC}

2012-06-14 14:16:32 -------- d-----w- c:\users\rich\appdata\local\{96C48549-B283-4705-9DC8-C9F1C0B2378E}

2012-06-14 14:16:20 -------- d-----w- c:\users\rich\appdata\local\{113F7F19-D85F-49AA-BBC6-39091FB24E9B}

2012-06-13 12:42:35 -------- d-----w- c:\users\rich\appdata\local\{A408B575-9F51-4ABA-ABF3-23E696E9E52A}

2012-06-13 12:42:22 -------- d-----w- c:\users\rich\appdata\local\{D3C96546-BE51-4792-8E92-4D71FA195EE5}

2012-06-12 14:16:17 -------- d-----w- c:\users\rich\appdata\local\{BFE587A2-728E-4EBC-935F-540EE76EBE25}

2012-06-12 14:16:02 -------- d-----w- c:\users\rich\appdata\local\{EACF61EB-48B3-4B44-8385-0010F25527A3}

2012-06-11 22:39:52 -------- d-----w- c:\users\rich\appdata\local\{F9D0AD91-FAF8-431D-8EFE-9FCBF9579484}

2012-06-11 22:39:37 -------- d-----w- c:\users\rich\appdata\local\{0FAED150-B161-4C9F-BC7C-3CA2860F5ECB}

2012-06-11 10:25:54 -------- d-----w- c:\users\rich\appdata\local\{9539CB8B-0F1F-4C3E-B92A-FA2A4D503BA7}

2012-06-11 10:25:40 -------- d-----w- c:\users\rich\appdata\local\{230A57C0-57A2-418C-903E-8A11FC983ECA}

2012-06-10 11:05:05 -------- d-----w- c:\users\rich\appdata\local\{C8ACDEB4-C905-4E3F-828D-C39F820C6FE3}

2012-06-10 11:04:47 -------- d-----w- c:\users\rich\appdata\local\{16F59312-4FA5-42DE-9637-6F58E8461B6F}

2012-06-08 22:48:58 -------- d-----w- c:\users\rich\appdata\local\{D45697FE-ACE4-47C2-972F-BD6B52C6AC08}

2012-06-08 22:48:46 -------- d-----w- c:\users\rich\appdata\local\{15DA8384-E1CF-42C0-BD8A-3112AF087EAA}

2012-06-08 10:37:22 -------- d-----w- c:\users\rich\appdata\local\{7607624D-F8D2-457D-B7F4-AA42E503DCC6}

2012-06-08 10:37:10 -------- d-----w- c:\users\rich\appdata\local\{5D108F12-ECED-489F-92CA-D9FAB1672F0D}

2012-06-07 10:28:08 -------- d-----w- c:\users\rich\appdata\local\{E9B37710-C387-46A0-8D29-5D7B08FA2B65}

2012-06-07 10:27:55 -------- d-----w- c:\users\rich\appdata\local\{A8FC8F80-67B4-43E8-AFF8-D5DA2300454B}

2012-06-07 10:26:08 -------- d-----w- c:\users\rich\appdata\local\{26BFC2A9-902E-4270-998C-2AF5F35B9AE5}

2012-06-06 10:31:03 -------- d-----w- c:\users\rich\appdata\local\{DE79B012-679E-4BB4-B61F-5A526A658A7C}

2012-06-06 10:30:49 -------- d-----w- c:\users\rich\appdata\local\{3EE3FF80-15A0-4542-8609-58C024598EBB}

2012-06-05 15:04:06 -------- d-----w- c:\users\rich\appdata\local\{35E4404D-4DEC-4446-8FB9-BA0DF5DB8198}

2012-06-05 15:03:49 -------- d-----w- c:\users\rich\appdata\local\{7FA64710-B97B-42D4-A330-333AC972F1A1}

2012-06-05 11:48:13 -------- d-----w- c:\users\rich\appdata\local\{FDD403D8-5B0E-43B3-AC56-4152288C6A42}

.

==================== Find3M ====================

.

2012-06-23 18:58:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-23 18:58:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-18 15:14:02 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2012-05-18 15:14:02 22328 ----a-w- c:\users\rich\appdata\roaming\PnkBstrK.sys

2012-05-18 15:13:38 107832 ----a-w- c:\windows\system32\PnkBstrB.exe

2012-05-18 15:13:15 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2012-05-18 15:13:15 2337865 ----a-w- c:\windows\system32\pbsvc.exe

2012-05-15 09:28:49 645440 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:28:49 62272 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:28:49 2621723 ----a-w- c:\windows\system32\nvcoproc.bin

2012-05-15 09:28:49 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:28:48 3931456 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 09:27:28 2759488 ----a-w- c:\windows\system32\nvsvc.dll

2012-05-15 01:21:50 423744 ----a-w- c:\windows\system32\nvStreaming.exe

2012-05-08 04:31:40 476960 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-05-08 04:31:40 472864 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-07 20:05:29 0 ----a-w- c:\windows\ativpsrm.bin

2012-04-19 03:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-04-18 17:08:07 27968 ----a-w- c:\windows\system32\nvhdap32.dll

2012-04-18 17:08:04 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys

2012-04-18 17:08:02 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll

.

============= FINISH: 11:46:56.68 ===============

Link to post
Share on other sites

& the Attach log.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 08/05/2012 05:10:50

System Uptime: 05/07/2012 10:11:32 (1 hours ago)

.

Motherboard: Acer | | MRS600M

Processor: Intel® Pentium® D CPU 2.80GHz | Socket 775 | 2800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 153 GiB total, 25.884 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Multimedia Controller

Device ID: PCI\VEN_12AB&DEV_1E3C&SUBSYS_1E3C12AB&REV_01\4&C9A676E&0&00A4

Manufacturer:

Name: Multimedia Controller

PNP Device ID: PCI\VEN_12AB&DEV_1E3C&SUBSYS_1E3C12AB&REV_01\4&C9A676E&0&00A4

Service:

.

==== System Restore Points ===================

.

RP49: 21/06/2012 09:04:37 - Windows Update

RP50: 28/06/2012 18:54:42 - Scheduled Checkpoint

.

==== Installed Programs ======================

.

7-Zip 9.20

Adobe Flash Player 11 Plugin

Adobe Shockwave Player 11.6

Alien Swarm

Amnesia: The Dark Descent

Audiosurf

AVG 2012

Bastion

Beat Hazard

D3DX10

Darwinia

DEFCON

Dungeon Defenders

Futuremark SystemInfo

Google Chrome

Hitman: Blood Money

Java Auto Updater

Java 6 Update 32

Left 4 Dead

Left 4 Dead 2

LIMBO

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Application Error Reporting

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft XNA Framework Redistributable 3.1

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

Multiwinia

NETGEAR WNDA3200 wireless adapter Setup

NVIDIA 3D Vision Controller Driver 301.42

NVIDIA 3D Vision Driver 301.42

NVIDIA Control Panel 301.42

NVIDIA Graphics Driver 301.42

NVIDIA HD Audio Driver 1.3.16.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.8.15

NVIDIA Update Components

Oblivion mod manager 1.1.12

On the Rain-Slick Precipice of Darkness, Episode One

On the Rain-Slick Precipice of Darkness, Episode Two

Plants vs. Zombies: Game of the Year

Psychonauts

PunkBuster Services

Sonic and SEGA All Stars Racing

Steam

Super Monday Night Combat

Superbrothers: Sword & Sworcery EP

swMSM

System Requirements Lab CYRI

Team Fortress 2

The Elder Scrolls IV: Oblivion

Tom Clancy's Rainbow Six: Vegas 2

Torchlight

Uplink

Vtune 7.22

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

YTD YouTube Downloader & Converter 3.7

.

==== Event Viewer Messages From Past Week ========

.

05/07/2012 10:14:05, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

05/07/2012 10:14:05, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

05/07/2012 00:39:58, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

05/07/2012 00:39:58, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.

05/07/2012 00:39:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

02/07/2012 13:59:18, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

.

==== End Of File ===========================

Link to post
Share on other sites

I made a note of the blocked I.P when I was having the problem yesterday - 109.236.84.153.

Latest Malwarebytes log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.13.04

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

Rich :: RICH-PC [administrator]

Protection: Disabled

14/05/2012 18:08:09

mbam-log-2012-05-14 (18-08-09).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 198497

Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

These are the logs I could find that mention the viruses.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.04.06

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

Rich :: RICH-PC [administrator]

Protection: Enabled

04/07/2012 23:03:56

mbam-log-2012-07-04 (23-03-56).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 377903

Time elapsed: 1 hour(s), 27 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

Registry Values Detected: 2

HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\n. -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Firewall 2.9 (Trojan.Agent.Gen) -> Data: C:\Users\Rich\AppData\Roaming\WMPRWISE.EXE -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\n (Trojan.Dropper.PE4) -> Delete on reboot.

C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

2012/05/13 21:22:50 +0100 RICH-PC Rich MESSAGE Starting protection

2012/05/13 21:22:54 +0100 RICH-PC Rich MESSAGE Protection started successfully

2012/05/13 21:22:57 +0100 RICH-PC Rich MESSAGE Starting IP protection

2012/05/13 21:23:02 +0100 RICH-PC Rich MESSAGE IP Protection started successfully

2012/05/13 21:23:34 +0100 RICH-PC Rich MESSAGE Executing scheduled update: Daily

2012/05/13 21:23:36 +0100 RICH-PC Rich MESSAGE Database already up-to-date

2012/05/13 23:10:18 +0100 RICH-PC Rich IP-BLOCK 95.154.250.105 (Type: outgoing, Port: 62267, Process: hl2.exe)

2012/05/13 23:10:19 +0100 RICH-PC Rich IP-BLOCK 95.154.250.105 (Type: outgoing, Port: 62267, Process: hl2.exe)

2012/05/13 23:10:19 +0100 RICH-PC Rich IP-BLOCK 95.154.250.150 (Type: outgoing, Port: 62267, Process: hl2.exe)

2012/05/13 23:10:19 +0100 RICH-PC Rich IP-BLOCK 95.154.250.105 (Type: outgoing, Port: 62267, Process: hl2.exe)

2012/05/13 23:10:19 +0100 RICH-PC Rich IP-BLOCK 95.154.250.126 (Type: outgoing, Port: 62267, Process: hl2.exe)

2012/05/13 23:10:19 +0100 RICH-PC Rich IP-BLOCK 95.154.250.105 (Type: outgoing, Port: 62267, Process: hl2.exe)

2012/05/13 23:10:52 +0100 RICH-PC Rich IP-BLOCK 95.154.250.126 (Type: outgoing, Port: 62269, Process: hl2.exe)

2012/05/13 23:10:52 +0100 RICH-PC Rich IP-BLOCK 217.199.218.178 (Type: outgoing, Port: 62269, Process: hl2.exe)

2012/05/13 23:15:17 +0100 RICH-PC Rich IP-BLOCK 95.154.250.150 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:17 +0100 RICH-PC Rich IP-BLOCK 95.154.250.126 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:18 +0100 RICH-PC Rich IP-BLOCK 109.236.86.140 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:18 +0100 RICH-PC Rich IP-BLOCK 93.190.140.205 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:18 +0100 RICH-PC Rich IP-BLOCK 109.236.86.140 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:18 +0100 RICH-PC Rich IP-BLOCK 46.249.51.229 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:18 +0100 RICH-PC Rich IP-BLOCK 109.236.86.140 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:18 +0100 RICH-PC Rich IP-BLOCK 109.236.86.140 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:18 +0100 RICH-PC Rich IP-BLOCK 213.246.38.82 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:26 +0100 RICH-PC Rich IP-BLOCK 213.246.38.82 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:26 +0100 RICH-PC Rich IP-BLOCK 213.246.38.82 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:26 +0100 RICH-PC Rich IP-BLOCK 88.86.119.233 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:26 +0100 RICH-PC Rich IP-BLOCK 88.86.119.233 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:26 +0100 RICH-PC Rich IP-BLOCK 88.86.119.233 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:26 +0100 RICH-PC Rich IP-BLOCK 88.86.119.233 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:34 +0100 RICH-PC Rich IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:34 +0100 RICH-PC Rich IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:34 +0100 RICH-PC Rich IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:34 +0100 RICH-PC Rich IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:34 +0100 RICH-PC Rich IP-BLOCK 91.211.118.43 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:34 +0100 RICH-PC Rich IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:34 +0100 RICH-PC Rich IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:34 +0100 RICH-PC Rich IP-BLOCK 217.199.218.178 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 83.222.109.43 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 83.222.109.43 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 83.222.109.45 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 83.222.109.45 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 83.222.109.45 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 83.222.109.45 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 83.222.109.45 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 83.222.109.45 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 83.222.109.45 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 92.243.76.11 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 83.222.109.45 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:15:35 +0100 RICH-PC Rich IP-BLOCK 217.199.218.178 (Type: outgoing, Port: 59201, Process: hl2.exe)

2012/05/13 23:28:01 +0100 RICH-PC Rich IP-BLOCK 95.154.250.126 (Type: outgoing, Port: 57183, Process: hl2.exe)

2012/05/13 23:28:01 +0100 RICH-PC Rich IP-BLOCK 217.199.218.178 (Type: outgoing, Port: 57183, Process: hl2.exe)

Link to post
Share on other sites

That's what I would like to know. Thanks! :)

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

  • TDSSKiller log
  • OTL log with Extras.txt

Link to post
Share on other sites

Okay, I've done all of that. Here are the reports.

13:09:06.0136 3356 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08

13:09:06.0293 3356 ============================================================

13:09:06.0293 3356 Current date / time: 2012/07/05 13:09:06.0293

13:09:06.0293 3356 SystemInfo:

13:09:06.0293 3356

13:09:06.0293 3356 OS Version: 6.1.7601 ServicePack: 1.0

13:09:06.0293 3356 Product type: Workstation

13:09:06.0294 3356 ComputerName: RICH-PC

13:09:06.0294 3356 UserName: Rich

13:09:06.0294 3356 Windows directory: C:\Windows

13:09:06.0294 3356 System windows directory: C:\Windows

13:09:06.0294 3356 Processor architecture: Intel x86

13:09:06.0294 3356 Number of processors: 2

13:09:06.0294 3356 Page size: 0x1000

13:09:06.0294 3356 Boot type: Normal boot

13:09:06.0294 3356 ============================================================

13:09:07.0609 3356 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x531A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050

13:09:07.0684 3356 ============================================================

13:09:07.0684 3356 \Device\Harddisk0\DR0:

13:09:07.0684 3356 MBR partitions:

13:09:07.0684 3356 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

13:09:07.0684 3356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x13292000

13:09:07.0684 3356 ============================================================

13:09:07.0708 3356 C: <-> \Device\Harddisk0\DR0\Partition1

13:09:07.0709 3356 ============================================================

13:09:07.0709 3356 Initialize success

13:09:07.0709 3356 ============================================================

13:09:58.0171 2140 ============================================================

13:09:58.0171 2140 Scan started

13:09:58.0171 2140 Mode: Manual; SigCheck; TDLFS;

13:09:58.0171 2140 ============================================================

13:09:58.0654 2140 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys

13:09:58.0792 2140 1394ohci - ok

13:09:58.0819 2140 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

13:09:58.0844 2140 ACPI - ok

13:09:58.0870 2140 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

13:09:58.0932 2140 AcpiPmi - ok

13:09:58.0976 2140 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

13:09:58.0998 2140 AdobeFlashPlayerUpdateSvc - ok

13:09:59.0044 2140 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys

13:09:59.0073 2140 adp94xx - ok

13:09:59.0095 2140 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys

13:09:59.0120 2140 adpahci - ok

13:09:59.0137 2140 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys

13:09:59.0160 2140 adpu320 - ok

13:09:59.0191 2140 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

13:09:59.0313 2140 AeLookupSvc - ok

13:09:59.0360 2140 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

13:09:59.0421 2140 AFD - ok

13:09:59.0454 2140 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

13:09:59.0477 2140 agp440 - ok

13:09:59.0515 2140 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys

13:09:59.0539 2140 aic78xx - ok

13:09:59.0568 2140 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

13:09:59.0613 2140 ALG - ok

13:09:59.0635 2140 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

13:09:59.0655 2140 aliide - ok

13:09:59.0672 2140 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

13:09:59.0693 2140 amdagp - ok

13:09:59.0708 2140 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

13:09:59.0727 2140 amdide - ok

13:09:59.0753 2140 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys

13:09:59.0792 2140 AmdK8 - ok

13:09:59.0821 2140 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys

13:09:59.0866 2140 AmdPPM - ok

13:09:59.0894 2140 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys

13:09:59.0916 2140 amdsata - ok

13:09:59.0936 2140 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys

13:09:59.0958 2140 amdsbs - ok

13:09:59.0973 2140 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys

13:09:59.0995 2140 amdxata - ok

13:10:00.0019 2140 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

13:10:00.0082 2140 AppID - ok

13:10:00.0110 2140 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

13:10:00.0168 2140 AppIDSvc - ok

13:10:00.0187 2140 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll

13:10:00.0229 2140 Appinfo - ok

13:10:00.0264 2140 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll

13:10:00.0309 2140 AppMgmt - ok

13:10:00.0337 2140 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys

13:10:00.0357 2140 arc - ok

13:10:00.0365 2140 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys

13:10:00.0388 2140 arcsas - ok

13:10:00.0414 2140 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

13:10:00.0506 2140 AsyncMac - ok

13:10:00.0527 2140 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

13:10:00.0545 2140 atapi - ok

13:10:00.0628 2140 athur (3426386f125dd820e0651e5833f9849b) C:\Windows\system32\DRIVERS\athur.sys

13:10:00.0681 2140 athur - ok

13:10:00.0953 2140 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys

13:10:01.0064 2140 atikmdag - ok

13:10:01.0189 2140 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

13:10:01.0240 2140 AudioEndpointBuilder - ok

13:10:01.0248 2140 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

13:10:01.0290 2140 Audiosrv - ok

13:10:01.0344 2140 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys

13:10:01.0387 2140 AVGIDSHX - ok

13:10:01.0409 2140 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys

13:10:01.0427 2140 Avgldx86 - ok

13:10:01.0443 2140 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys

13:10:01.0458 2140 Avgmfx86 - ok

13:10:01.0483 2140 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys

13:10:01.0497 2140 Avgrkx86 - ok

13:10:01.0562 2140 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

13:10:01.0582 2140 avgwd - ok

13:10:01.0610 2140 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll

13:10:01.0690 2140 AxInstSV - ok

13:10:01.0738 2140 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys

13:10:01.0787 2140 b06bdrv - ok

13:10:01.0829 2140 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

13:10:01.0874 2140 b57nd60x - ok

13:10:01.0909 2140 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

13:10:01.0952 2140 BDESVC - ok

13:10:01.0979 2140 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

13:10:02.0024 2140 Beep - ok

13:10:02.0073 2140 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll

13:10:02.0124 2140 BFE - ok

13:10:02.0177 2140 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll

13:10:02.0224 2140 BITS - ok

13:10:02.0248 2140 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

13:10:02.0281 2140 blbdrive - ok

13:10:02.0317 2140 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

13:10:02.0359 2140 bowser - ok

13:10:02.0374 2140 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys

13:10:02.0421 2140 BrFiltLo - ok

13:10:02.0442 2140 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys

13:10:02.0474 2140 BrFiltUp - ok

13:10:02.0509 2140 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll

13:10:02.0554 2140 Browser - ok

13:10:02.0599 2140 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

13:10:02.0644 2140 Brserid - ok

13:10:02.0651 2140 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

13:10:02.0689 2140 BrSerWdm - ok

13:10:02.0705 2140 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:10:02.0743 2140 BrUsbMdm - ok

13:10:02.0748 2140 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

13:10:02.0783 2140 BrUsbSer - ok

13:10:02.0791 2140 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys

13:10:02.0822 2140 BTHMODEM - ok

13:10:02.0860 2140 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

13:10:02.0908 2140 bthserv - ok

13:10:02.0931 2140 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

13:10:02.0982 2140 cdfs - ok

13:10:03.0014 2140 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

13:10:03.0050 2140 cdrom - ok

13:10:03.0085 2140 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

13:10:03.0132 2140 CertPropSvc - ok

13:10:03.0164 2140 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys

13:10:03.0204 2140 circlass - ok

13:10:03.0231 2140 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

13:10:03.0253 2140 CLFS - ok

13:10:03.0297 2140 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:10:03.0314 2140 clr_optimization_v2.0.50727_32 - ok

13:10:03.0338 2140 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys

13:10:03.0374 2140 CmBatt - ok

13:10:03.0388 2140 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

13:10:03.0408 2140 cmdide - ok

13:10:03.0452 2140 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

13:10:03.0495 2140 CNG - ok

13:10:03.0507 2140 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys

13:10:03.0526 2140 Compbatt - ok

13:10:03.0561 2140 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys

13:10:03.0591 2140 CompositeBus - ok

13:10:03.0600 2140 COMSysApp - ok

13:10:03.0633 2140 cpuz135 - ok

13:10:03.0659 2140 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys

13:10:03.0678 2140 crcdisk - ok

13:10:03.0717 2140 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll

13:10:03.0755 2140 CryptSvc - ok

13:10:03.0791 2140 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

13:10:03.0837 2140 CSC - ok

13:10:03.0881 2140 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll

13:10:03.0920 2140 CscService - ok

13:10:03.0963 2140 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

13:10:04.0015 2140 DcomLaunch - ok

13:10:04.0053 2140 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

13:10:04.0113 2140 defragsvc - ok

13:10:04.0161 2140 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

13:10:04.0210 2140 DfsC - ok

13:10:04.0250 2140 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll

13:10:04.0301 2140 Dhcp - ok

13:10:04.0313 2140 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

13:10:04.0360 2140 discache - ok

13:10:04.0414 2140 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys

13:10:04.0435 2140 Disk - ok

13:10:04.0472 2140 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys

13:10:04.0519 2140 dmvsc - ok

13:10:04.0548 2140 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll

13:10:04.0590 2140 Dnscache - ok

13:10:04.0615 2140 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll

13:10:04.0666 2140 dot3svc - ok

13:10:04.0682 2140 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll

13:10:04.0737 2140 DPS - ok

13:10:04.0760 2140 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

13:10:04.0790 2140 drmkaud - ok

13:10:04.0835 2140 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

13:10:04.0869 2140 DXGKrnl - ok

13:10:04.0894 2140 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

13:10:04.0939 2140 EapHost - ok

13:10:05.0088 2140 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys

13:10:05.0186 2140 ebdrv - ok

13:10:05.0267 2140 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe

13:10:05.0330 2140 EFS - ok

13:10:05.0391 2140 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe

13:10:05.0435 2140 ehRecvr - ok

13:10:05.0450 2140 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

13:10:05.0486 2140 ehSched - ok

13:10:05.0558 2140 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys

13:10:05.0591 2140 elxstor - ok

13:10:05.0613 2140 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

13:10:05.0650 2140 ErrDev - ok

13:10:05.0696 2140 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

13:10:05.0747 2140 EventSystem - ok

13:10:05.0772 2140 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

13:10:05.0811 2140 exfat - ok

13:10:05.0821 2140 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

13:10:05.0878 2140 fastfat - ok

13:10:05.0918 2140 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe

13:10:05.0966 2140 Fax - ok

13:10:05.0992 2140 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

13:10:06.0027 2140 fdc - ok

13:10:06.0046 2140 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

13:10:06.0092 2140 fdPHost - ok

13:10:06.0106 2140 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

13:10:06.0145 2140 FDResPub - ok

13:10:06.0160 2140 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

13:10:06.0179 2140 FileInfo - ok

13:10:06.0193 2140 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

13:10:06.0239 2140 Filetrace - ok

13:10:06.0257 2140 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys

13:10:06.0292 2140 flpydisk - ok

13:10:06.0323 2140 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

13:10:06.0345 2140 FltMgr - ok

13:10:06.0403 2140 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll

13:10:06.0458 2140 FontCache - ok

13:10:06.0527 2140 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

13:10:06.0547 2140 FontCache3.0.0.0 - ok

13:10:06.0581 2140 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

13:10:06.0600 2140 FsDepends - ok

13:10:06.0639 2140 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys

13:10:06.0658 2140 Fs_Rec - ok

13:10:06.0741 2140 Futuremark SystemInfo Service (ae6f0a6562d3eccd613de1fd8612ac4e) C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe

13:10:06.0760 2140 Futuremark SystemInfo Service - ok

13:10:06.0799 2140 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

13:10:06.0829 2140 fvevol - ok

13:10:06.0857 2140 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys

13:10:06.0878 2140 gagp30kx - ok

13:10:06.0928 2140 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll

13:10:06.0983 2140 gpsvc - ok

13:10:07.0003 2140 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

13:10:07.0039 2140 hcw85cir - ok

13:10:07.0249 2140 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

13:10:07.0286 2140 HdAudAddService - ok

13:10:07.0306 2140 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:10:07.0343 2140 HDAudBus - ok

13:10:07.0372 2140 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys

13:10:07.0410 2140 HidBatt - ok

13:10:07.0435 2140 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys

13:10:07.0475 2140 HidBth - ok

13:10:07.0500 2140 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys

13:10:07.0533 2140 HidIr - ok

13:10:07.0556 2140 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll

13:10:07.0603 2140 hidserv - ok

13:10:07.0645 2140 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

13:10:07.0675 2140 HidUsb - ok

13:10:07.0693 2140 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll

13:10:07.0732 2140 hkmsvc - ok

13:10:07.0752 2140 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll

13:10:07.0795 2140 HomeGroupListener - ok

13:10:07.0830 2140 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll

13:10:07.0863 2140 HomeGroupProvider - ok

13:10:07.0897 2140 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

13:10:07.0918 2140 HpSAMD - ok

13:10:07.0954 2140 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

13:10:07.0998 2140 HTTP - ok

13:10:08.0011 2140 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

13:10:08.0032 2140 hwpolicy - ok

13:10:08.0055 2140 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

13:10:08.0083 2140 i8042prt - ok

13:10:08.0109 2140 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys

13:10:08.0135 2140 iaStorV - ok

13:10:08.0243 2140 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:10:08.0281 2140 idsvc - ok

13:10:08.0313 2140 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys

13:10:08.0336 2140 iirsp - ok

13:10:08.0397 2140 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll

13:10:08.0456 2140 IKEEXT - ok

13:10:08.0481 2140 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

13:10:08.0501 2140 intelide - ok

13:10:08.0528 2140 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

13:10:08.0550 2140 intelppm - ok

13:10:08.0569 2140 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

13:10:08.0608 2140 IPBusEnum - ok

13:10:08.0625 2140 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:10:08.0664 2140 IpFilterDriver - ok

13:10:08.0719 2140 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll

13:10:08.0761 2140 iphlpsvc - ok

13:10:08.0770 2140 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

13:10:08.0793 2140 IPMIDRV - ok

13:10:08.0802 2140 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

13:10:08.0846 2140 IPNAT - ok

13:10:08.0875 2140 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

13:10:08.0908 2140 IRENUM - ok

13:10:08.0922 2140 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

13:10:08.0942 2140 isapnp - ok

13:10:08.0973 2140 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

13:10:08.0996 2140 iScsiPrt - ok

13:10:09.0102 2140 jswpsapi (81534359f525f7c02b2b56b2653bd779) C:\Program Files\NETGEAR\WNDA3200\jswpsapi.exe

13:10:09.0132 2140 jswpsapi ( UnsignedFile.Multi.Generic ) - warning

13:10:09.0133 2140 jswpsapi - detected UnsignedFile.Multi.Generic (1)

13:10:09.0178 2140 jswpslwf (55c9b4252b751226b838eed2bc50bb64) C:\Windows\system32\DRIVERS\jswpslwf.sys

13:10:09.0228 2140 jswpslwf - ok

13:10:09.0258 2140 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

13:10:09.0280 2140 kbdclass - ok

13:10:09.0303 2140 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys

13:10:09.0333 2140 kbdhid - ok

13:10:09.0350 2140 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

13:10:09.0376 2140 KeyIso - ok

13:10:09.0390 2140 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

13:10:09.0410 2140 KSecDD - ok

13:10:09.0440 2140 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

13:10:09.0461 2140 KSecPkg - ok

13:10:09.0492 2140 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

13:10:09.0550 2140 KtmRm - ok

13:10:09.0592 2140 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll

13:10:09.0636 2140 LanmanServer - ok

13:10:09.0657 2140 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll

13:10:09.0697 2140 LanmanWorkstation - ok

13:10:09.0743 2140 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

13:10:09.0787 2140 lltdio - ok

13:10:09.0824 2140 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

13:10:09.0865 2140 lltdsvc - ok

13:10:09.0882 2140 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

13:10:09.0932 2140 lmhosts - ok

13:10:09.0964 2140 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys

13:10:09.0986 2140 LSI_FC - ok

13:10:10.0006 2140 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys

13:10:10.0026 2140 LSI_SAS - ok

13:10:10.0049 2140 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys

13:10:10.0072 2140 LSI_SAS2 - ok

13:10:10.0088 2140 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys

13:10:10.0108 2140 LSI_SCSI - ok

13:10:10.0133 2140 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

13:10:10.0183 2140 luafv - ok

13:10:10.0225 2140 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

13:10:10.0243 2140 MBAMProtector - ok

13:10:10.0305 2140 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

13:10:10.0344 2140 MBAMService - ok

13:10:10.0364 2140 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll

13:10:10.0393 2140 Mcx2Svc - ok

13:10:10.0421 2140 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys

13:10:10.0441 2140 megasas - ok

13:10:10.0471 2140 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys

13:10:10.0494 2140 MegaSR - ok

13:10:10.0523 2140 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

13:10:10.0569 2140 MMCSS - ok

13:10:10.0589 2140 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

13:10:10.0644 2140 Modem - ok

13:10:10.0661 2140 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

13:10:10.0694 2140 monitor - ok

13:10:10.0718 2140 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

13:10:10.0740 2140 mouclass - ok

13:10:10.0774 2140 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

13:10:10.0801 2140 mouhid - ok

13:10:10.0814 2140 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

13:10:10.0834 2140 mountmgr - ok

13:10:10.0876 2140 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

13:10:10.0894 2140 MozillaMaintenance - ok

13:10:10.0916 2140 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

13:10:10.0937 2140 mpio - ok

13:10:10.0952 2140 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

13:10:11.0002 2140 mpsdrv - ok

13:10:11.0051 2140 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll

13:10:11.0105 2140 MpsSvc - ok

13:10:11.0131 2140 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

13:10:11.0172 2140 MRxDAV - ok

13:10:11.0209 2140 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:10:11.0243 2140 mrxsmb - ok

13:10:11.0270 2140 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:10:11.0293 2140 mrxsmb10 - ok

13:10:11.0309 2140 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:10:11.0330 2140 mrxsmb20 - ok

13:10:11.0341 2140 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

13:10:11.0362 2140 msahci - ok

13:10:11.0393 2140 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

13:10:11.0413 2140 msdsm - ok

13:10:11.0443 2140 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

13:10:11.0477 2140 MSDTC - ok

13:10:11.0494 2140 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

13:10:11.0531 2140 Msfs - ok

13:10:11.0545 2140 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

13:10:11.0583 2140 mshidkmdf - ok

13:10:11.0594 2140 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

13:10:11.0613 2140 msisadrv - ok

13:10:11.0643 2140 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

13:10:11.0696 2140 MSiSCSI - ok

13:10:11.0703 2140 msiserver - ok

13:10:11.0740 2140 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

13:10:11.0788 2140 MSKSSRV - ok

13:10:11.0798 2140 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

13:10:11.0844 2140 MSPCLOCK - ok

13:10:11.0850 2140 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

13:10:11.0895 2140 MSPQM - ok

13:10:11.0913 2140 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

13:10:11.0934 2140 MsRPC - ok

13:10:11.0948 2140 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

13:10:11.0968 2140 mssmbios - ok

13:10:11.0982 2140 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

13:10:12.0020 2140 MSTEE - ok

13:10:12.0030 2140 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys

13:10:12.0060 2140 MTConfig - ok

13:10:12.0083 2140 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

13:10:12.0101 2140 Mup - ok

13:10:12.0140 2140 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll

13:10:12.0197 2140 napagent - ok

13:10:12.0244 2140 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

13:10:12.0284 2140 NativeWifiP - ok

13:10:12.0389 2140 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

13:10:12.0424 2140 NDIS - ok

13:10:12.0444 2140 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

13:10:12.0494 2140 NdisCap - ok

13:10:12.0511 2140 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

13:10:12.0553 2140 NdisTapi - ok

13:10:12.0571 2140 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

13:10:12.0619 2140 Ndisuio - ok

13:10:12.0637 2140 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

13:10:12.0686 2140 NdisWan - ok

13:10:12.0713 2140 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

13:10:12.0749 2140 NDProxy - ok

13:10:12.0774 2140 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

13:10:12.0819 2140 NetBIOS - ok

13:10:12.0838 2140 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

13:10:12.0877 2140 NetBT - ok

13:10:12.0899 2140 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

13:10:12.0922 2140 Netlogon - ok

13:10:12.0969 2140 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

13:10:13.0011 2140 Netman - ok

13:10:13.0038 2140 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

13:10:13.0094 2140 netprofm - ok

13:10:13.0163 2140 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:10:13.0187 2140 NetTcpPortSharing - ok

13:10:13.0223 2140 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys

13:10:13.0244 2140 nfrd960 - ok

13:10:13.0277 2140 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll

13:10:13.0323 2140 NlaSvc - ok

13:10:13.0337 2140 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

13:10:13.0386 2140 Npfs - ok

13:10:13.0400 2140 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

13:10:13.0439 2140 nsi - ok

13:10:13.0462 2140 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

13:10:13.0506 2140 nsiproxy - ok

13:10:13.0569 2140 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys

13:10:13.0614 2140 Ntfs - ok

13:10:13.0631 2140 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

13:10:13.0680 2140 Null - ok

13:10:13.0712 2140 NVHDA (a0a9e53b4aac3c6534a063aba69bc19f) C:\Windows\system32\drivers\nvhda32v.sys

13:10:13.0732 2140 NVHDA - ok

13:10:14.0238 2140 nvlddmkm (afb33a823aabc112fc7bd62afbcdb0cd) C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:10:14.0617 2140 nvlddmkm - ok

13:10:14.0723 2140 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys

13:10:14.0747 2140 nvraid - ok

13:10:14.0761 2140 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys

13:10:14.0783 2140 nvstor - ok

13:10:14.0846 2140 nvsvc (782945716ad010ac3d41758e8e52c735) C:\Windows\system32\nvvsvc.exe

13:10:14.0876 2140 nvsvc - ok

13:10:14.0973 2140 nvUpdatusService (a974e5c310b9b00894070ceb055d467f) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

13:10:15.0011 2140 nvUpdatusService - ok

13:10:15.0118 2140 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

13:10:15.0142 2140 nv_agp - ok

13:10:15.0149 2140 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

13:10:15.0188 2140 ohci1394 - ok

13:10:15.0220 2140 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

13:10:15.0271 2140 p2pimsvc - ok

13:10:15.0294 2140 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

13:10:15.0323 2140 p2psvc - ok

13:10:15.0359 2140 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

13:10:15.0382 2140 Parport - ok

13:10:15.0408 2140 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys

13:10:15.0429 2140 partmgr - ok

13:10:15.0439 2140 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

13:10:15.0470 2140 Parvdm - ok

13:10:15.0498 2140 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

13:10:15.0525 2140 PcaSvc - ok

13:10:15.0543 2140 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

13:10:15.0566 2140 pci - ok

13:10:15.0581 2140 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

13:10:15.0599 2140 pciide - ok

13:10:15.0633 2140 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys

13:10:15.0656 2140 pcmcia - ok

13:10:15.0676 2140 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

13:10:15.0696 2140 pcw - ok

13:10:15.0743 2140 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

13:10:15.0796 2140 PEAUTH - ok

13:10:15.0880 2140 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll

13:10:15.0929 2140 PeerDistSvc - ok

13:10:16.0027 2140 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll

13:10:16.0098 2140 pla - ok

13:10:16.0218 2140 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll

13:10:16.0263 2140 PlugPlay - ok

13:10:16.0319 2140 PnkBstrA (831883b107684301f48ace752c963984) C:\Windows\system32\PnkBstrA.exe

13:10:16.0338 2140 PnkBstrA - ok

13:10:16.0385 2140 PnkBstrB (e24106a5eaecddff00b25497049dd65f) C:\Windows\system32\PnkBstrB.exe

13:10:16.0405 2140 PnkBstrB - ok

13:10:16.0425 2140 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

13:10:16.0463 2140 PNRPAutoReg - ok

13:10:16.0486 2140 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

13:10:16.0515 2140 PNRPsvc - ok

13:10:16.0550 2140 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll

13:10:16.0597 2140 PolicyAgent - ok

13:10:16.0624 2140 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll

13:10:16.0667 2140 Power - ok

13:10:16.0719 2140 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

13:10:16.0766 2140 PptpMiniport - ok

13:10:16.0789 2140 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys

13:10:16.0830 2140 Processor - ok

13:10:16.0877 2140 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll

13:10:16.0918 2140 ProfSvc - ok

13:10:16.0941 2140 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

13:10:16.0963 2140 ProtectedStorage - ok

13:10:17.0001 2140 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

13:10:17.0042 2140 Psched - ok

13:10:17.0126 2140 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys

13:10:17.0184 2140 ql2300 - ok

13:10:17.0277 2140 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys

13:10:17.0298 2140 ql40xx - ok

13:10:17.0329 2140 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

13:10:17.0363 2140 QWAVE - ok

13:10:17.0392 2140 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

13:10:17.0416 2140 QWAVEdrv - ok

13:10:17.0431 2140 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

13:10:17.0488 2140 RasAcd - ok

13:10:17.0541 2140 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:10:17.0576 2140 RasAgileVpn - ok

13:10:17.0593 2140 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

13:10:17.0645 2140 RasAuto - ok

13:10:17.0674 2140 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:10:17.0717 2140 Rasl2tp - ok

13:10:17.0756 2140 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll

13:10:17.0806 2140 RasMan - ok

13:10:17.0831 2140 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

13:10:17.0871 2140 RasPppoe - ok

13:10:17.0900 2140 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

13:10:17.0947 2140 RasSstp - ok

13:10:17.0978 2140 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

13:10:18.0023 2140 rdbss - ok

13:10:18.0040 2140 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

13:10:18.0063 2140 rdpbus - ok

13:10:18.0079 2140 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:10:18.0126 2140 RDPCDD - ok

13:10:18.0159 2140 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

13:10:18.0193 2140 RDPDR - ok

13:10:18.0227 2140 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

13:10:18.0271 2140 RDPENCDD - ok

13:10:18.0289 2140 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

13:10:18.0336 2140 RDPREFMP - ok

13:10:18.0370 2140 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

13:10:18.0416 2140 RdpVideoMiniport - ok

13:10:18.0457 2140 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys

13:10:18.0496 2140 RDPWD - ok

13:10:18.0523 2140 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

13:10:18.0547 2140 rdyboost - ok

13:10:18.0572 2140 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

13:10:18.0609 2140 RemoteAccess - ok

13:10:18.0633 2140 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

13:10:18.0675 2140 RemoteRegistry - ok

13:10:18.0701 2140 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

13:10:18.0748 2140 RpcEptMapper - ok

13:10:18.0768 2140 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

13:10:18.0797 2140 RpcLocator - ok

13:10:18.0829 2140 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

13:10:18.0870 2140 RpcSs - ok

13:10:18.0902 2140 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

13:10:18.0954 2140 rspndr - ok

13:10:18.0974 2140 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

13:10:19.0004 2140 s3cap - ok

13:10:19.0025 2140 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

13:10:19.0047 2140 SamSs - ok

13:10:19.0075 2140 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

13:10:19.0095 2140 sbp2port - ok

13:10:19.0123 2140 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

13:10:19.0175 2140 SCardSvr - ok

13:10:19.0194 2140 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

13:10:19.0243 2140 scfilter - ok

13:10:19.0287 2140 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll

13:10:19.0345 2140 Schedule - ok

13:10:19.0373 2140 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

13:10:19.0409 2140 SCPolicySvc - ok

13:10:19.0433 2140 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll

13:10:19.0484 2140 SDRSVC - ok

13:10:19.0513 2140 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

13:10:19.0564 2140 secdrv - ok

13:10:19.0585 2140 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

13:10:19.0630 2140 seclogon - ok

13:10:19.0659 2140 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll

13:10:19.0710 2140 SENS - ok

13:10:19.0726 2140 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

13:10:19.0765 2140 SensrSvc - ok

13:10:19.0785 2140 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

13:10:19.0807 2140 Serenum - ok

13:10:19.0832 2140 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

13:10:19.0864 2140 Serial - ok

13:10:19.0885 2140 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys

13:10:19.0908 2140 sermouse - ok

13:10:19.0957 2140 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll

13:10:20.0010 2140 SessionEnv - ok

13:10:20.0024 2140 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

13:10:20.0058 2140 sffdisk - ok

13:10:20.0063 2140 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

13:10:20.0095 2140 sffp_mmc - ok

13:10:20.0119 2140 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

13:10:20.0157 2140 sffp_sd - ok

13:10:20.0175 2140 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys

13:10:20.0197 2140 sfloppy - ok

13:10:20.0241 2140 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

13:10:20.0297 2140 SharedAccess - ok

13:10:20.0328 2140 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll

13:10:20.0379 2140 ShellHWDetection - ok

13:10:20.0409 2140 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

13:10:20.0429 2140 sisagp - ok

13:10:20.0455 2140 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys

13:10:20.0477 2140 SiSRaid2 - ok

13:10:20.0495 2140 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys

13:10:20.0517 2140 SiSRaid4 - ok

13:10:20.0533 2140 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

13:10:20.0571 2140 Smb - ok

13:10:20.0598 2140 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

13:10:20.0622 2140 SNMPTRAP - ok

13:10:20.0637 2140 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

13:10:20.0657 2140 spldr - ok

13:10:20.0684 2140 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe

13:10:20.0735 2140 Spooler - ok

13:10:20.0892 2140 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe

13:10:21.0010 2140 sppsvc - ok

13:10:21.0111 2140 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll

13:10:21.0167 2140 sppuinotify - ok

13:10:21.0220 2140 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

13:10:21.0267 2140 srv - ok

13:10:21.0312 2140 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

13:10:21.0348 2140 srv2 - ok

13:10:21.0380 2140 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

13:10:21.0414 2140 srvnet - ok

13:10:21.0446 2140 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

13:10:21.0499 2140 SSDPSRV - ok

13:10:21.0516 2140 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

13:10:21.0563 2140 SstpSvc - ok

13:10:21.0618 2140 Steam Client Service - ok

13:10:21.0711 2140 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

13:10:21.0734 2140 Stereo Service - ok

13:10:21.0758 2140 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys

13:10:21.0778 2140 stexstor - ok

13:10:21.0821 2140 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll

13:10:21.0866 2140 StiSvc - ok

13:10:21.0883 2140 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

13:10:21.0903 2140 storflt - ok

13:10:21.0922 2140 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

13:10:21.0943 2140 storvsc - ok

13:10:21.0963 2140 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

13:10:21.0986 2140 swenum - ok

13:10:22.0031 2140 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

13:10:22.0088 2140 swprv - ok

13:10:22.0120 2140 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\synth3dvsc.sys

13:10:22.0141 2140 Synth3dVsc - ok

13:10:22.0229 2140 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll

13:10:22.0283 2140 SysMain - ok

13:10:22.0311 2140 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll

13:10:22.0350 2140 TabletInputService - ok

13:10:22.0377 2140 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll

13:10:22.0418 2140 TapiSrv - ok

13:10:22.0499 2140 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\Windows\system32\drivers\TBPanel.sys

13:10:22.0518 2140 TBPanel - ok

13:10:22.0560 2140 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

13:10:22.0599 2140 TBS - ok

13:10:22.0674 2140 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys

13:10:22.0720 2140 Tcpip - ok

13:10:22.0750 2140 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys

13:10:22.0790 2140 TCPIP6 - ok

13:10:22.0816 2140 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

13:10:22.0859 2140 tcpipreg - ok

13:10:22.0881 2140 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

13:10:22.0901 2140 TDPIPE - ok

13:10:22.0922 2140 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys

13:10:22.0943 2140 TDTCP - ok

13:10:22.0959 2140 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

13:10:23.0003 2140 tdx - ok

13:10:23.0015 2140 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys

13:10:23.0036 2140 TermDD - ok

13:10:23.0073 2140 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys

13:10:23.0115 2140 terminpt - ok

13:10:23.0151 2140 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll

13:10:23.0195 2140 TermService - ok

13:10:23.0211 2140 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

13:10:23.0253 2140 Themes - ok

13:10:23.0281 2140 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

13:10:23.0320 2140 THREADORDER - ok

13:10:23.0353 2140 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

13:10:23.0410 2140 TrkWks - ok

13:10:23.0459 2140 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe

13:10:23.0502 2140 TrustedInstaller - ok

13:10:23.0525 2140 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:10:23.0573 2140 tssecsrv - ok

13:10:23.0609 2140 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

13:10:23.0650 2140 TsUsbFlt - ok

13:10:23.0668 2140 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys

13:10:23.0704 2140 TsUsbGD - ok

13:10:23.0726 2140 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys

13:10:23.0751 2140 tsusbhub - ok

13:10:23.0782 2140 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

13:10:23.0818 2140 tunnel - ok

13:10:23.0917 2140 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys

13:10:23.0940 2140 uagp35 - ok

13:10:23.0995 2140 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

13:10:24.0053 2140 udfs - ok

13:10:24.0109 2140 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

13:10:24.0167 2140 UI0Detect - ok

13:10:24.0210 2140 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

13:10:24.0232 2140 uliagpkx - ok

13:10:24.0260 2140 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

13:10:24.0284 2140 umbus - ok

13:10:24.0313 2140 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys

13:10:24.0344 2140 UmPass - ok

13:10:24.0372 2140 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll

13:10:24.0407 2140 UmRdpService - ok

13:10:24.0435 2140 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

13:10:24.0485 2140 upnphost - ok

13:10:24.0505 2140 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys

13:10:24.0535 2140 usbccgp - ok

13:10:24.0561 2140 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

13:10:24.0589 2140 usbcir - ok

13:10:24.0614 2140 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\DRIVERS\usbehci.sys

13:10:24.0653 2140 usbehci - ok

13:10:24.0691 2140 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\DRIVERS\usbhub.sys

13:10:24.0722 2140 usbhub - ok

13:10:24.0746 2140 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

13:10:24.0784 2140 usbohci - ok

13:10:24.0819 2140 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys

13:10:24.0847 2140 usbprint - ok

13:10:24.0876 2140 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:10:24.0903 2140 USBSTOR - ok

13:10:24.0925 2140 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys

13:10:24.0962 2140 usbuhci - ok

13:10:24.0984 2140 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

13:10:25.0022 2140 UxSms - ok

13:10:25.0041 2140 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

13:10:25.0064 2140 VaultSvc - ok

13:10:25.0093 2140 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

13:10:25.0113 2140 vdrvroot - ok

13:10:25.0142 2140 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe

13:10:25.0192 2140 vds - ok

13:10:25.0210 2140 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

13:10:25.0247 2140 vga - ok

13:10:25.0261 2140 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

13:10:25.0300 2140 VgaSave - ok

13:10:25.0306 2140 VGPU - ok

13:10:25.0340 2140 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

13:10:25.0362 2140 vhdmp - ok

13:10:25.0396 2140 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

13:10:25.0417 2140 viaagp - ok

13:10:25.0437 2140 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys

13:10:25.0477 2140 ViaC7 - ok

13:10:25.0491 2140 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

13:10:25.0512 2140 viaide - ok

13:10:25.0543 2140 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

13:10:25.0566 2140 vmbus - ok

13:10:25.0584 2140 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

13:10:25.0614 2140 VMBusHID - ok

13:10:25.0633 2140 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

13:10:25.0654 2140 volmgr - ok

13:10:25.0683 2140 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

13:10:25.0707 2140 volmgrx - ok

13:10:25.0741 2140 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

13:10:25.0765 2140 volsnap - ok

13:10:25.0792 2140 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys

13:10:25.0814 2140 vsmraid - ok

13:10:25.0877 2140 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe

13:10:25.0936 2140 VSS - ok

13:10:25.0960 2140 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

13:10:25.0996 2140 vwifibus - ok

13:10:26.0013 2140 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

13:10:26.0051 2140 vwififlt - ok

13:10:26.0088 2140 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

13:10:26.0131 2140 W32Time - ok

13:10:26.0155 2140 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys

13:10:26.0192 2140 WacomPen - ok

13:10:26.0210 2140 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

13:10:26.0254 2140 WANARP - ok

13:10:26.0258 2140 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

13:10:26.0294 2140 Wanarpv6 - ok

13:10:26.0358 2140 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe

13:10:26.0405 2140 wbengine - ok

13:10:26.0427 2140 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

13:10:26.0464 2140 WbioSrvc - ok

13:10:26.0495 2140 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll

13:10:26.0528 2140 wcncsvc - ok

13:10:26.0543 2140 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

13:10:26.0578 2140 WcsPlugInService - ok

13:10:26.0628 2140 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys

13:10:26.0650 2140 Wd - ok

13:10:26.0702 2140 WDCS_WNDA3200 (49b50be4c6e61dc378057a09130e0629) C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe

13:10:26.0722 2140 WDCS_WNDA3200 ( UnsignedFile.Multi.Generic ) - warning

13:10:26.0722 2140 WDCS_WNDA3200 - detected UnsignedFile.Multi.Generic (1)

13:10:26.0755 2140 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

13:10:26.0786 2140 Wdf01000 - ok

13:10:26.0817 2140 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

13:10:26.0888 2140 WdiServiceHost - ok

13:10:26.0893 2140 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

13:10:26.0922 2140 WdiSystemHost - ok

13:10:26.0942 2140 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll

13:10:26.0983 2140 WebClient - ok

13:10:27.0006 2140 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

13:10:27.0048 2140 Wecsvc - ok

13:10:27.0061 2140 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

13:10:27.0101 2140 wercplsupport - ok

13:10:27.0135 2140 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

13:10:27.0176 2140 WerSvc - ok

13:10:27.0214 2140 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

13:10:27.0253 2140 WfpLwf - ok

13:10:27.0270 2140 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

13:10:27.0289 2140 WIMMount - ok

13:10:27.0379 2140 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

13:10:27.0428 2140 WinDefend - ok

13:10:27.0439 2140 WinHttpAutoProxySvc - ok

13:10:27.0491 2140 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

13:10:27.0530 2140 Winmgmt - ok

13:10:27.0598 2140 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll

13:10:27.0666 2140 WinRM - ok

13:10:27.0738 2140 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

13:10:27.0787 2140 Wlansvc - ok

13:10:27.0972 2140 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:10:28.0023 2140 wlidsvc - ok

13:10:28.0114 2140 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

13:10:28.0140 2140 WmiAcpi - ok

13:10:28.0191 2140 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

13:10:28.0227 2140 wmiApSrv - ok

13:10:28.0322 2140 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

13:10:28.0372 2140 WMPNetworkSvc - ok

13:10:28.0401 2140 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

13:10:28.0445 2140 WPCSvc - ok

13:10:28.0465 2140 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll

13:10:28.0496 2140 WPDBusEnum - ok

13:10:28.0546 2140 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

13:10:28.0597 2140 ws2ifsl - ok

13:10:28.0618 2140 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll

13:10:28.0664 2140 wscsvc - ok

13:10:28.0670 2140 WSearch - ok

13:10:28.0800 2140 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll

13:10:28.0866 2140 wuauserv - ok

13:10:28.0970 2140 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

13:10:29.0022 2140 WudfPf - ok

13:10:29.0053 2140 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:10:29.0105 2140 WUDFRd - ok

13:10:29.0135 2140 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll

13:10:29.0173 2140 wudfsvc - ok

13:10:29.0195 2140 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

13:10:29.0225 2140 WwanSvc - ok

13:10:29.0268 2140 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys

13:10:29.0294 2140 yukonw7 - ok

13:10:29.0316 2140 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

13:10:29.0861 2140 \Device\Harddisk0\DR0 - ok

13:10:29.0866 2140 Boot (0x1200) (e63e14d9535434be73c4c97547aeb621) \Device\Harddisk0\DR0\Partition0

13:10:29.0867 2140 \Device\Harddisk0\DR0\Partition0 - ok

13:10:29.0895 2140 Boot (0x1200) (17b9c6ee5e8b84a37a7a24733481bb4f) \Device\Harddisk0\DR0\Partition1

13:10:29.0896 2140 \Device\Harddisk0\DR0\Partition1 - ok

13:10:29.0897 2140 ============================================================

13:10:29.0897 2140 Scan finished

13:10:29.0897 2140 ============================================================

13:10:29.0917 3268 Detected object count: 2

13:10:29.0917 3268 Actual detected object count: 2

13:10:50.0951 3268 jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user

13:10:50.0951 3268 jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:10:50.0952 3268 WDCS_WNDA3200 ( UnsignedFile.Multi.Generic ) - skipped by user

13:10:50.0952 3268 WDCS_WNDA3200 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

And now the OTL logs:

OTL logfile created on: 05/07/2012 13:13:40 - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Rich\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.31% Memory free

4.00 Gb Paging File | 3.05 Gb Available in Paging File | 76.32% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 153.29 Gb Total Space | 25.89 Gb Free Space | 16.89% Space Free | Partition Type: NTFS

Computer Name: RICH-PC | User Name: Rich | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/05 13:12:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe

PRC - [2012/06/13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe

PRC - [2012/05/15 10:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

PRC - [2012/05/15 10:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe

PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe

PRC - [2011/11/02 21:45:16 | 002,248,704 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe

PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010/10/13 18:36:20 | 000,565,248 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe

PRC - [2010/06/23 19:41:28 | 000,167,936 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/02 21:45:16 | 002,248,704 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe

MOD - [2010/08/17 10:14:08 | 000,249,856 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3200\WPSLib.dll

MOD - [1998/10/31 12:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\Vtune\TBMANAGE.DLL

========== Win32 Services (SafeList) ==========

SRV - [2012/06/23 19:58:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/20 21:00:28 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/06/17 18:27:43 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/05/15 11:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/04/26 15:03:36 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2010/06/23 19:41:28 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe -- (WDCS_WNDA3200)

SRV - [2009/11/06 00:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNDA3200\jswpsapi.exe -- (jswpsapi)

SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Rich\AppData\Local\Temp\mbr.sys -- (mbr)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)

DRV - [2012/05/15 11:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)

DRV - [2012/04/18 18:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2010/11/20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - [2010/11/20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)

DRV - [2010/11/20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)

DRV - [2010/11/20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV - [2010/11/20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)

DRV - [2010/11/20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010/10/12 01:09:10 | 001,564,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur)

DRV - [2009/07/13 23:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2009/07/13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2008/05/15 11:28:44 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)

DRV - [2007/03/16 18:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3350772935-3395239629-2234222438-1000\..\SearchScopes,DefaultScope = {2B0A8ADA-4505-41F5-ABF5-980346914E83}

IE - HKU\S-1-5-21-3350772935-3395239629-2234222438-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3350772935-3395239629-2234222438-1000\..\SearchScopes\{2B0A8ADA-4505-41F5-ABF5-980346914E83}: "URL" = http://uk.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=937811&p={searchTerms}

IE - HKU\S-1-5-21-3350772935-3395239629-2234222438-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.param.yahoo-fr: "&hsimp=yhs-affiliate_a_ff&hspart=greentree&type=937811"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rich\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rich\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 10:17:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 18:27:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 18:27:45 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/05/08 05:21:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rich\AppData\Roaming\mozilla\Extensions

[2012/07/04 14:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rich\AppData\Roaming\mozilla\Firefox\Profiles\orx39u25.default\extensions

[2012/06/17 18:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/06/17 18:27:44 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/06/17 18:27:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/06/17 18:27:39 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Rich\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rich\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rich\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Java Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\system32\npdeployJava1.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Rich\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: AVG Do Not Track = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

CHR - Extension: Gmail = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-21-3350772935-3395239629-2234222438-1000..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FE3267E-2232-4DF2-A164-961D7C673B75}: DhcpNameServer = 194.168.4.100 194.168.8.100

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\I\Shell - "" = AutoRun

O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoInst.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/05 13:12:17 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe

[2012/07/05 13:08:23 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rich\Desktop\tdsskiller.exe

[2012/07/05 10:12:42 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{BAD0BD85-933D-45B0-A102-AD419E8B001C}

[2012/07/05 10:12:28 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{7F09E8C7-76AA-40C1-AF89-F0683018B781}

[2012/07/04 23:50:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rich\Desktop\dds.com

[2012/07/04 15:27:53 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{27F48031-9F59-45E6-90F5-0E95DBED12F7}

[2012/07/04 15:27:41 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{AA1E687D-51B4-46EA-B9DE-1AE86A5F79C3}

[2012/07/04 14:22:32 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{5061FE4C-0284-4C50-B5E8-86E9A6C6BAF6}

[2012/07/04 14:22:20 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{1C4D7ABE-E964-4BC7-B5EC-8F687BB7142D}

[2012/07/03 13:36:49 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{E336E4AD-974D-490A-846D-0B0B39D04AF0}

[2012/07/03 13:36:36 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{5895672B-47DE-482A-8C91-A7FC126BAB85}

[2012/07/03 10:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2012/07/03 10:14:46 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{10D73ED5-BA41-43B7-A5FB-A9908E44A94E}

[2012/07/02 16:26:49 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{E7459CDC-B4BD-408A-80EE-237EF3363972}

[2012/07/02 16:26:38 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{53F1891B-085C-46C4-8005-5F4EB01FE222}

[2012/07/01 14:24:48 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{2F9D7173-8F17-43E1-85C1-149328481A3A}

[2012/07/01 14:24:36 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{F0C8F6BD-3E1F-4088-B74B-CFE834C5B8DC}

[2012/06/30 14:34:04 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{06BE3E4F-82F1-41B4-8DBB-5BCFDE38A2AC}

[2012/06/30 14:33:52 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{6A072764-C383-4A67-AE5C-4530AA66499F}

[2012/06/29 22:02:17 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{12553D91-58E0-4A60-8ED6-F1E5D5A08553}

[2012/06/29 22:01:53 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{A262BA4E-ED30-49B8-9BDA-66C99EFC5597}

[2012/06/29 10:01:25 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{11AAC49D-26C9-4A39-88A0-7AFEE8264CAD}

[2012/06/29 10:01:09 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{9878334A-C5B4-44E0-B019-43E54D5E3324}

[2012/06/28 12:22:47 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{A856636F-C02C-4DA4-85AE-BEE224B8554B}

[2012/06/28 12:22:35 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{283F0A5E-A164-47AE-9E2E-64B08F2439C8}

[2012/06/27 21:51:28 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\HotheadGames

[2012/06/27 15:01:39 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{06B3447D-0192-4CAE-AE6D-308BB76870BA}

[2012/06/27 15:01:26 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{779318F6-1605-4528-BCCB-F79802734DE9}

[2012/06/27 11:54:53 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{49888081-D5F9-4B84-B158-5905D901ACAF}

[2012/06/26 16:25:07 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{C87A99ED-459E-47C9-8BD2-DD1473A68FA2}

[2012/06/26 16:24:50 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{5CF3AD09-DBC2-4A02-BAD3-4F477BFC25C2}

[2012/06/26 14:59:09 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{AC7A7112-5637-4534-99D3-8B1BB9158213}

[2012/06/25 20:44:18 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{DA4383E5-0F92-49F6-91F0-C40248B766A5}

[2012/06/25 20:44:04 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{B57E270C-287D-4117-AB35-49FB82E86F15}

[2012/06/24 18:53:02 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{87C4865F-CC99-4947-A904-20DF9E133030}

[2012/06/23 22:03:16 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Macromedia

[2012/06/23 10:30:51 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{D1EE2B11-600B-4BD0-A72A-76B5627FB354}

[2012/06/23 10:30:35 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{9A1226E6-1039-472E-AA45-177C981AAA21}

[2012/06/21 09:01:50 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{5B9EE0DC-F464-4F34-A4C1-50B6B3AE008E}

[2012/06/21 09:01:36 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{89737B9E-6ABB-4C01-846B-F367C4E55DF8}

[2012/06/20 17:42:09 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{729E8BF3-F179-49D3-9ED0-8FC474E88C19}

[2012/06/20 17:41:57 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{3C7E8E58-2CDB-481B-85B3-1B490C7602C4}

[2012/06/20 12:38:30 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{7DBD4674-AAA3-45A1-9B66-D7712E656244}

[2012/06/20 12:38:17 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{E5A29916-0027-49CF-A1DD-595B4C0B6C7C}

[2012/06/19 14:06:49 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{705DF180-E7E2-4C67-B381-2D0944C593B2}

[2012/06/19 14:06:37 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{F9AB64EA-F592-4E6A-B0D3-7E5987285901}

[2012/06/18 21:34:35 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{624FD0ED-723E-43AE-9A92-8D159630C2C4}

[2012/06/18 20:31:14 | 000,000,000 | ---D | C] -- C:\Users\Rich\Desktop\Stuff

[2012/06/18 09:34:11 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{803410B4-54D1-4BEC-A001-5CC4AF40F025}

[2012/06/17 13:51:38 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{A41C0294-F354-4B53-94EC-E3CBB20C3BD4}

[2012/06/16 11:04:12 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{1A31915C-1C81-4605-98B4-09F04D1EAB25}

[2012/06/15 12:34:27 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{2CC2762C-2924-489B-A25A-65202BED30BC}

[2012/06/14 15:16:32 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{96C48549-B283-4705-9DC8-C9F1C0B2378E}

[2012/06/14 15:16:20 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{113F7F19-D85F-49AA-BBC6-39091FB24E9B}

[2012/06/13 13:42:35 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{A408B575-9F51-4ABA-ABF3-23E696E9E52A}

[2012/06/13 13:42:22 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{D3C96546-BE51-4792-8E92-4D71FA195EE5}

[2012/06/12 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{BFE587A2-728E-4EBC-935F-540EE76EBE25}

[2012/06/12 15:16:02 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{EACF61EB-48B3-4B44-8385-0010F25527A3}

[2012/06/11 23:39:52 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{F9D0AD91-FAF8-431D-8EFE-9FCBF9579484}

[2012/06/11 23:39:37 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{0FAED150-B161-4C9F-BC7C-3CA2860F5ECB}

[2012/06/11 11:25:54 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{9539CB8B-0F1F-4C3E-B92A-FA2A4D503BA7}

[2012/06/11 11:25:40 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{230A57C0-57A2-418C-903E-8A11FC983ECA}

[2012/06/10 12:05:05 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{C8ACDEB4-C905-4E3F-828D-C39F820C6FE3}

[2012/06/10 12:04:47 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{16F59312-4FA5-42DE-9637-6F58E8461B6F}

[2012/06/08 23:48:58 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{D45697FE-ACE4-47C2-972F-BD6B52C6AC08}

[2012/06/08 23:48:46 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{15DA8384-E1CF-42C0-BD8A-3112AF087EAA}

[2012/06/08 11:37:22 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{7607624D-F8D2-457D-B7F4-AA42E503DCC6}

[2012/06/08 11:37:10 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{5D108F12-ECED-489F-92CA-D9FAB1672F0D}

[2012/06/07 11:28:08 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{E9B37710-C387-46A0-8D29-5D7B08FA2B65}

[2012/06/07 11:27:55 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{A8FC8F80-67B4-43E8-AFF8-D5DA2300454B}

[2012/06/07 11:26:08 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{26BFC2A9-902E-4270-998C-2AF5F35B9AE5}

[2012/06/06 11:31:03 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{DE79B012-679E-4BB4-B61F-5A526A658A7C}

[2012/06/06 11:30:49 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{3EE3FF80-15A0-4542-8609-58C024598EBB}

[2012/06/05 16:04:06 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{35E4404D-4DEC-4446-8FB9-BA0DF5DB8198}

[2012/06/05 16:03:49 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\{7FA64710-B97B-42D4-A330-333AC972F1A1}

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/05 13:13:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3350772935-3395239629-2234222438-1000UA.job

[2012/07/05 13:12:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe

[2012/07/05 13:08:24 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rich\Desktop\tdsskiller.exe

[2012/07/05 12:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/05 10:19:08 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/05 10:19:08 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/05 10:17:32 | 101,140,075 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[2012/07/05 10:11:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/05 10:11:57 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/05 02:13:13 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3350772935-3395239629-2234222438-1000Core.job

[2012/07/04 23:50:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rich\Desktop\dds.com

[2012/06/27 19:56:25 | 000,000,215 | ---- | M] () -- C:\Users\Rich\Desktop\On the Rain-Slick Precipice of Darkness, Episode Two.url

[2012/06/27 19:36:30 | 000,000,227 | ---- | M] () -- C:\Users\Rich\Desktop\On the Rain-Slick Precipice of Darkness, Episode One.url

[2012/06/27 18:20:18 | 000,164,810 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm

[2012/06/19 15:44:03 | 010,166,582 | ---- | M] () -- C:\Users\Rich\Documents\Knife Party - Tourniquet (Original Mix).mp3

[2012/06/19 15:44:03 | 008,929,291 | ---- | M] () -- C:\Users\Rich\Documents\Flux Pavilion - Daydreamer (Ft. Example) (Dillon Francis Remix).mp3

[2012/06/18 23:00:24 | 010,111,243 | ---- | M] () -- C:\Users\Rich\Documents\Labrinth - Last Time (Knife Party Remix).mp3

[2012/06/18 22:58:11 | 008,421,697 | ---- | M] () -- C:\Users\Rich\Documents\Fatboy Slim - Right Here Right Now (Trumpdisco Remix).mp3

[2012/06/18 22:48:14 | 008,632,878 | ---- | M] () -- C:\Users\Rich\Documents\Gemini - Feel Me.mp3

[2012/06/18 22:47:30 | 010,334,766 | ---- | M] () -- C:\Users\Rich\Documents\Gemini - Destiny [HQ].mp3

[2012/06/18 22:46:45 | 005,231,412 | ---- | M] () -- C:\Users\Rich\Documents\Benny Benassi Ft. Gary Go _Cinema_.mp3

[2012/06/18 22:46:19 | 005,133,882 | ---- | M] () -- C:\Users\Rich\Documents\Mason Feat Princess Superstar - Perfect Exceeder HD 720p!!!.mp3

[2012/06/18 22:20:51 | 006,690,821 | ---- | M] () -- C:\Users\Rich\Documents\Benny Benassi - who's your daddy.mp3

[2012/06/18 22:12:02 | 011,301,689 | ---- | M] () -- C:\Users\Rich\Documents\Flux Pavilion - Bass Cannon (Rap Remix by None Like Joshua) [Zomboy], Cracks, I Cant Stop + New Song.mp3

[2012/06/16 14:13:06 | 008,746,529 | ---- | M] () -- C:\Users\Rich\Documents\Knife Party ft. Mistajam - Sleaze (Original Mix).mp3

[2012/06/15 00:08:22 | 009,585,953 | ---- | M] () -- C:\Users\Rich\Documents\Knife Party - Rage Valley (Original Mix).mp3

[2012/06/15 00:06:15 | 007,904,033 | ---- | M] () -- C:\Users\Rich\Documents\Knife Party - Centipede (Original Mix).mp3

[2012/06/10 22:10:03 | 000,000,215 | ---- | M] () -- C:\Users\Rich\Desktop\Sonic and SEGA All Stars Racing.url

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/04 23:03:52 | 000,013,312 | ---- | C] () -- C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\U\80000000.@

[2012/07/04 23:03:50 | 000,001,696 | ---- | C] () -- C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\U\00000001.@

[2012/06/27 19:56:25 | 000,000,215 | ---- | C] () -- C:\Users\Rich\Desktop\On the Rain-Slick Precipice of Darkness, Episode Two.url

[2012/06/27 19:36:30 | 000,000,227 | ---- | C] () -- C:\Users\Rich\Desktop\On the Rain-Slick Precipice of Darkness, Episode One.url

[2012/06/18 23:05:55 | 010,166,582 | ---- | C] () -- C:\Users\Rich\Documents\Knife Party - Tourniquet (Original Mix).mp3

[2012/06/18 22:59:46 | 008,929,291 | ---- | C] () -- C:\Users\Rich\Documents\Flux Pavilion - Daydreamer (Ft. Example) (Dillon Francis Remix).mp3

[2012/06/18 22:57:22 | 010,111,243 | ---- | C] () -- C:\Users\Rich\Documents\Labrinth - Last Time (Knife Party Remix).mp3

[2012/06/18 22:45:49 | 008,421,697 | ---- | C] () -- C:\Users\Rich\Documents\Fatboy Slim - Right Here Right Now (Trumpdisco Remix).mp3

[2012/06/18 22:41:47 | 008,632,878 | ---- | C] () -- C:\Users\Rich\Documents\Gemini - Feel Me.mp3

[2012/06/18 22:35:21 | 010,334,766 | ---- | C] () -- C:\Users\Rich\Documents\Gemini - Destiny [HQ].mp3

[2012/06/18 22:32:43 | 005,231,412 | ---- | C] () -- C:\Users\Rich\Documents\Benny Benassi Ft. Gary Go _Cinema_.mp3

[2012/06/18 22:27:39 | 005,133,882 | ---- | C] () -- C:\Users\Rich\Documents\Mason Feat Princess Superstar - Perfect Exceeder HD 720p!!!.mp3

[2012/06/18 22:13:50 | 006,690,821 | ---- | C] () -- C:\Users\Rich\Documents\Benny Benassi - who's your daddy.mp3

[2012/06/18 21:55:57 | 011,301,689 | ---- | C] () -- C:\Users\Rich\Documents\Flux Pavilion - Bass Cannon (Rap Remix by None Like Joshua) [Zomboy], Cracks, I Cant Stop + New Song.mp3

[2012/06/15 00:10:14 | 008,746,529 | ---- | C] () -- C:\Users\Rich\Documents\Knife Party ft. Mistajam - Sleaze (Original Mix).mp3

[2012/06/15 00:06:31 | 009,585,953 | ---- | C] () -- C:\Users\Rich\Documents\Knife Party - Rage Valley (Original Mix).mp3

[2012/06/15 00:04:16 | 007,904,033 | ---- | C] () -- C:\Users\Rich\Documents\Knife Party - Centipede (Original Mix).mp3

[2012/06/10 22:10:03 | 000,000,215 | ---- | C] () -- C:\Users\Rich\Desktop\Sonic and SEGA All Stars Racing.url

[2012/05/23 15:11:11 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin

[2012/05/18 16:14:02 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2012/05/18 16:14:02 | 000,022,328 | ---- | C] () -- C:\Users\Rich\AppData\Roaming\PnkBstrK.sys

[2012/05/18 16:13:31 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2012/05/18 16:13:15 | 002,337,865 | ---- | C] () -- C:\Windows\System32\pbsvc.exe

[2012/05/18 16:13:15 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe

[2012/05/12 23:20:46 | 000,002,048 | -HS- | C] () -- C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\@

[2012/05/07 21:05:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/05/07 21:05:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2010/11/20 22:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2010/11/20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2012/05/13 04:31:31 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\AVG2012

[2012/05/31 01:53:24 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\Beat Hazard

[2012/06/01 01:15:39 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\fltk.org

[2012/05/15 14:14:57 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\runic games

[2012/05/08 05:59:44 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\SystemRequirementsLab

[2012/07/05 00:42:13 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 05/07/2012 13:13:40 - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Rich\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.31% Memory free

4.00 Gb Paging File | 3.05 Gb Available in Paging File | 76.32% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 153.29 Gb Total Space | 25.89 Gb Free Space | 16.89% Space Free | Partition Type: NTFS

Computer Name: RICH-PC | User Name: Rich | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3350772935-3395239629-2234222438-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{13E4E789-A618-4631-A3AE-138B503B4E5F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{1795B0A7-9807-47C7-8CC6-D81FEA59CAE6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{BC9636D5-35A1-49C3-AA0A-8E19769A0058}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{DF15F5A4-8F39-4F38-8109-7F3C5E287BEF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0326E137-FE66-456C-98AA-BEF28E39A417}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\beat hazard\beathazard.exe |

"{1121D391-E1FE-48B0-A732-8C498E494929}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\multiwinia\multiwinia.exe |

"{1199DE02-A305-4446-A305-B8D464B077DB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\uplink\uplink.exe |

"{120A5B22-9F02-4E51-BA9D-8751862E2406}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |

"{12C15DB8-1C6E-4F97-9FD9-E899EA2A79CC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sonic and sega all stars racing\config.exe |

"{16832B73-C285-475B-8C98-11D9735BC14A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\darwinia\darwinia.exe |

"{1DDDA925-5C0E-494C-A7B6-C04E8EC3E185}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe |

"{21DFFA4E-7C6E-4665-A96B-4CEE6BE2ED26}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe |

"{22EA4790-EF58-47E3-9129-68E86B740357}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\on the rain-slick precipice of darkness - episode one\rainslickep1.exe |

"{2305D42B-7744-4492-A1E5-6E1510916775}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |

"{28839412-D091-4D72-8983-9DE0409FCD81}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |

"{3D2FB373-37CA-414E-92EB-AB7219DAB981}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |

"{3DF34B55-41DB-494E-8409-FCBB365E9D12}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |

"{3E51738F-F4F3-4E4F-87D1-70063043ACA7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |

"{3F50DA4E-21F1-4B1F-8DFC-634E63ED9095}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{426578D5-8531-4923-9CA7-CDBCC3677162}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\hitman blood money\configure.exe |

"{43604A5A-E7C8-486A-A7AB-D6F06A7A8757}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |

"{474213DD-B8A1-4D68-9F56-607B8BDD5934}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |

"{4CAFAA87-1414-4EC5-A6B3-C0B923DFDFAA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bastion\bastion.exe |

"{4F52F939-86F5-4466-9865-35C6E27E3DAE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{5107D116-F19C-4E86-91ED-5B194B4B8372}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe |

"{5382FFBD-415A-4B9C-979E-3B85035487F9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\beat hazard\beathazard.exe |

"{53D94902-31A8-49DB-8717-AD7A74FD1CAA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\oblivion\oblivionlauncher.exe |

"{59247086-23D6-41C1-99AF-5B137D86ABC0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |

"{5C959A09-4AD2-4606-8FD4-BFF8C3CA9207}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{5CE7A710-660B-4697-BA65-0BA8FF562311}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\beat hazard\runme.exe |

"{5D513CEF-61B8-43CF-A431-304F17735C3A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{5E1F8F86-35BC-4D23-9A80-B25ACFBFE54D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |

"{5ECEDF75-4AFE-4EF5-9DAA-9DA30465434A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |

"{61394929-DCBA-4604-9D0D-EFD29BE5AE79}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |

"{634CCC11-2449-4D78-A156-DAC0AA1781B4}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |

"{6E103170-AD5F-44BF-81F9-76DA1ADA9DDA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{71604B45-F730-47F3-AA25-EB1AA981931E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\uplink\uplink.exe |

"{719FBE39-2CCC-46F3-B2EC-05797CDE3A20}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe |

"{71DFAF0F-ED98-4740-BF10-0DDF9CB85204}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\beat hazard\runme.exe |

"{74D6DEE5-6E05-4AE6-8720-3040A952D3F8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{7531C86E-2B13-4B94-B6C5-2D5826C78E8C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\penny arcade adventures on the rain-slick precipice of darkness episode 2\rainslickep2.exe |

"{82D844D3-EF6D-4726-A10F-971265D0383E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\psychonauts\psychonauts.exe |

"{83B0EF6D-4C33-405E-B300-AF46210A8518}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe |

"{84373196-D57F-4935-A60C-157554EE135E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\oblivion\oblivionlauncher.exe |

"{87F6A6CA-AE9D-44AD-A845-D532C1836EFA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |

"{890D1905-640C-42A7-A454-1F9E51C04594}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bastion\bastion.exe |

"{8A36F279-8583-40BD-B71C-E43F78DAC4CE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |

"{95ECA88A-B433-47C3-9E56-CC7BAEEAB7DD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe |

"{9A1395F6-6C44-40F5-A9BF-90E11656B4D0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |

"{9C9939FD-30B0-4D94-9FA5-451AE1FE0F67}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\psychonauts\psychonauts.exe |

"{9F5BDE1F-4C0B-473F-8D2E-76AA56109507}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\hitman blood money\configure.exe |

"{A6512F3A-C864-4DFC-B4C8-78F3019E8BF1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe |

"{A70DC96B-A599-4F7B-B616-D03896174858}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{A8F28FBF-4732-4A11-8212-286DCE54AF6C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\penny arcade adventures on the rain-slick precipice of darkness episode 2\rainslickep2.exe |

"{A9E5A223-AFE9-4D5F-B451-3ACCE3A62063}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |

"{AB4761E6-27A6-4140-9CE3-BE202D7E00FD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |

"{B53A00BA-9005-410D-85B0-8306CE8B3544}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\multiwinia\multiwinia.exe |

"{B857CEBB-B0B5-4681-A609-9BF55862DF26}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sonic and sega all stars racing\config.exe |

"{CF4869EB-D120-4315-BC1C-8D6A954E8E3B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\darwinia\darwinia.exe |

"{D0806215-C992-4EAB-AA84-AC7FA7FEEC1A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sonic and sega all stars racing\sonic & sega all-stars racing.exe |

"{D278280A-6614-4079-BD8F-859E7FCD6C15}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |

"{D31BCEF9-70C7-42A0-8065-ECD20C5378C4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sonic and sega all stars racing\sonic & sega all-stars racing.exe |

"{D88DBE3A-4FF4-4B95-945B-E9A0F4E941CA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{DA901B39-E68A-4D87-912F-3BE9A1519F82}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe |

"{E6BBE381-ABE1-460F-8B18-111167E6173D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |

"{F06AAE16-4E5B-45DF-A622-A0877C3444F5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\on the rain-slick precipice of darkness - episode one\rainslickep1.exe |

"{FBF5ABDA-6F78-442D-8700-14DFB25DDE13}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |

"{FCA59642-D835-4787-9269-0DAF8E9A80C6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.7

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3FE93ACC-83FB-4FE5-9147-8BAD2D33E2EF}" = AVG 2012

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B02F55E-7E6B-4226-8E67-76514D33FD41}_is1" = NETGEAR WNDA3200 wireless adapter Setup

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"7-Zip" = 7-Zip 9.20

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"AVG" = AVG 2012

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MySSID_is1" = Vtune 7.22

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12

"PunkBusterSvc" = PunkBuster Services

"Steam App 104700" = Super Monday Night Combat

"Steam App 107100" = Bastion

"Steam App 12900" = Audiosurf

"Steam App 1500" = Darwinia

"Steam App 1510" = Uplink

"Steam App 15120" = Tom Clancy's Rainbow Six: Vegas 2

"Steam App 1520" = DEFCON

"Steam App 1530" = Multiwinia

"Steam App 18000" = On the Rain-Slick Precipice of Darkness, Episode One

"Steam App 18020" = On the Rain-Slick Precipice of Darkness, Episode Two

"Steam App 204060" = Superbrothers: Sword & Sworcery EP

"Steam App 22330" = The Elder Scrolls IV: Oblivion

"Steam App 34190" = Sonic and SEGA All Stars Racing

"Steam App 3590" = Plants vs. Zombies: Game of the Year

"Steam App 3830" = Psychonauts

"Steam App 41500" = Torchlight

"Steam App 440" = Team Fortress 2

"Steam App 48000" = LIMBO

"Steam App 49600" = Beat Hazard

"Steam App 500" = Left 4 Dead

"Steam App 550" = Left 4 Dead 2

"Steam App 57300" = Amnesia: The Dark Descent

"Steam App 630" = Alien Swarm

"Steam App 65800" = Dungeon Defenders

"Steam App 6860" = Hitman: Blood Money

"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3350772935-3395239629-2234222438-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 02/07/2012 12:12:22 | Computer Name = Rich-PC | Source = WinMgmt | ID = 10

Description =

Error - 02/07/2012 12:29:54 | Computer Name = Rich-PC | Source = WinMgmt | ID = 10

Description =

Error - 03/07/2012 05:11:50 | Computer Name = Rich-PC | Source = WinMgmt | ID = 10

Description =

Error - 03/07/2012 08:37:22 | Computer Name = Rich-PC | Source = WinMgmt | ID = 10

Description =

Error - 03/07/2012 17:25:22 | Computer Name = Rich-PC | Source = WinMgmt | ID = 10

Description =

Error - 04/07/2012 09:22:59 | Computer Name = Rich-PC | Source = WinMgmt | ID = 10

Description =

Error - 04/07/2012 10:28:48 | Computer Name = Rich-PC | Source = WinMgmt | ID = 10

Description =

Error - 04/07/2012 18:04:07 | Computer Name = Rich-PC | Source = WinMgmt | ID = 10

Description =

Error - 04/07/2012 19:43:42 | Computer Name = Rich-PC | Source = WinMgmt | ID = 10

Description =

Error - 05/07/2012 05:13:31 | Computer Name = Rich-PC | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 04/07/2012 10:29:18 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7000

Description = The NVIDIA Update Service Daemon service failed to start due to the

following error: %%1069

Error - 04/07/2012 18:04:40 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7038

Description = The nvUpdatusService service was unable to log on as .\UpdatusUser

with the currently configured password due to the following error: %%1330 To ensure

that the service is configured properly, use the Services snap-in in Microsoft

Management Console (MMC).

Error - 04/07/2012 18:04:40 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7000

Description = The NVIDIA Update Service Daemon service failed to start due to the

following error: %%1069

Error - 04/07/2012 19:39:58 | Computer Name = Rich-PC | Source = DCOM | ID = 10005

Description =

Error - 04/07/2012 19:39:58 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7038

Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService

with the currently configured password due to the following error: %%50 To ensure

that the service is configured properly, use the Services snap-in in Microsoft

Management Console (MMC).

Error - 04/07/2012 19:39:58 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7000

Description = The UPnP Device Host service failed to start due to the following

error: %%1069

Error - 04/07/2012 19:44:17 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7038

Description = The nvUpdatusService service was unable to log on as .\UpdatusUser

with the currently configured password due to the following error: %%1330 To ensure

that the service is configured properly, use the Services snap-in in Microsoft

Management Console (MMC).

Error - 04/07/2012 19:44:17 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7000

Description = The NVIDIA Update Service Daemon service failed to start due to the

following error: %%1069

Error - 05/07/2012 05:14:05 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7038

Description = The nvUpdatusService service was unable to log on as .\UpdatusUser

with the currently configured password due to the following error: %%1330 To ensure

that the service is configured properly, use the Services snap-in in Microsoft

Management Console (MMC).

Error - 05/07/2012 05:14:05 | Computer Name = Rich-PC | Source = Service Control Manager | ID = 7000

Description = The NVIDIA Update Service Daemon service failed to start due to the

following error: %%1069

< End of report >

Link to post
Share on other sites

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2012/07/04 23:03:52 | 000,013,312 | ---- | C] () -- C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\U\80000000.@
    [2012/07/04 23:03:50 | 000,001,696 | ---- | C] () -- C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\U\00000001.@
    [2012/05/12 23:20:46 | 000,002,048 | -HS- | C] () -- C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\@

    :files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • OTL Fix log
  • Malwarebytes' Anti-Malware log

Link to post
Share on other sites

I'm back now. I've done the run fix with OTL & scanned with Malwarebytes again. Here's the results:

All processes killed

========== OTL ==========

C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\U\80000000.@ moved successfully.

C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\U\00000001.@ moved successfully.

C:\Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\@ moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Rich\Desktop\cmd.bat deleted successfully.

C:\Users\Rich\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Rich

->Temp folder emptied: 824847382 bytes

->Temporary Internet Files folder emptied: 55124452 bytes

->Java cache emptied: 5037926 bytes

->FireFox cache emptied: 486961970 bytes

->Google Chrome cache emptied: 819568 bytes

->Flash cache emptied: 1219 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 6647974 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,316.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07052012_192340

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.05.06

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

Rich :: RICH-PC [administrator]

Protection: Enabled

05/07/2012 19:32:49

mbam-log-2012-07-05 (19-32-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205930

Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Good morning.

I let ComboFix do it's thing. Here's the report:

ComboFix 12-07-06.01 - Rich 06/07/2012 12:44:32.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2046.1405 [GMT 1:00]

Running from: c:\users\Rich\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))

.

.

2012-07-05 18:23 . 2012-07-05 18:23 -------- d-----w- C:\_OTL

2012-06-27 20:51 . 2012-06-27 20:51 -------- d-----w- c:\users\Rich\AppData\Local\HotheadGames

2012-06-23 21:03 . 2012-06-23 21:03 -------- d-----w- c:\users\Rich\AppData\Local\Macromedia

2012-06-21 08:05 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 08:05 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 08:05 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 08:05 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 08:05 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-21 08:05 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 08:05 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 08:04 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 08:04 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-17 17:27 . 2012-06-17 17:27 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-06-17 17:27 . 2012-06-17 17:27 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 18:58 . 2012-05-08 04:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-23 18:58 . 2012-05-08 04:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-18 15:14 . 2012-05-18 15:14 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2012-05-18 15:14 . 2012-05-18 15:14 22328 ----a-w- c:\users\Rich\AppData\Roaming\PnkBstrK.sys

2012-05-18 15:13 . 2012-05-18 15:13 107832 ----a-w- c:\windows\system32\PnkBstrB.exe

2012-05-18 15:13 . 2012-05-18 15:13 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2012-05-18 15:13 . 2012-05-18 15:13 2337865 ----a-w- c:\windows\system32\pbsvc.exe

2012-05-15 10:26 . 2012-05-23 14:09 301376 ----a-w- c:\windows\system32\nvdecodemft.dll

2012-05-15 10:26 . 2012-05-23 14:09 202048 ----a-w- c:\windows\system32\nvinit.dll

2012-05-15 10:26 . 2012-05-23 14:09 19607872 ----a-w- c:\windows\system32\nvoglv32.dll

2012-05-15 10:26 . 2012-05-23 14:09 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-05-15 10:26 . 2012-05-23 14:09 5982528 ----a-w- c:\windows\system32\nvcuda.dll

2012-05-15 10:26 . 2012-05-23 14:09 2524992 ----a-w- c:\windows\system32\nvcuvid.dll

2012-05-15 10:26 . 2012-05-23 14:09 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-05-15 10:26 . 2012-05-23 14:09 17551680 ----a-w- c:\windows\system32\nvcompiler.dll

2012-05-15 10:26 . 2012-05-12 21:50 883008 ----a-w- c:\windows\system32\nvgenco32.dll

2012-05-15 10:26 . 2012-05-12 21:50 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-05-15 10:26 . 2012-05-12 21:50 2368832 ----a-w- c:\windows\system32\nvapi.dll

2012-05-15 10:26 . 2012-05-12 21:50 1000768 ----a-w- c:\windows\system32\nvdispco32.dll

2012-05-15 10:26 . 2012-02-09 21:43 818496 ----a-w- c:\windows\system32\nvumdshim.dll

2012-05-15 10:26 . 2012-02-09 21:43 61248 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:26 . 2012-02-09 21:43 15322432 ----a-w- c:\windows\system32\nvd3dum.dll

2012-05-15 09:28 . 2012-05-12 21:50 645440 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:28 . 2012-05-12 21:50 62272 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:28 . 2012-05-12 21:50 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:28 . 2012-05-12 21:50 3931456 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 09:27 . 2012-05-12 21:50 2759488 ----a-w- c:\windows\system32\nvsvc.dll

2012-05-15 01:21 . 2012-05-15 01:21 423744 ----a-w- c:\windows\system32\nvStreaming.exe

2012-05-13 20:26 . 2011-03-28 17:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-05-08 04:31 . 2012-05-08 04:31 476960 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-05-08 04:31 . 2012-05-08 04:31 472864 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-19 03:50 . 2012-04-19 03:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-04-18 17:08 . 2012-05-23 14:09 27968 ----a-w- c:\windows\system32\nvhdap32.dll

2012-04-18 17:08 . 2012-05-23 14:09 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys

2012-04-18 17:08 . 2012-05-23 14:09 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll

2012-04-18 10:06 . 2012-05-12 22:19 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30BA81A2-411A-47D9-9649-650FF314A0D1}\mpengine.dll

2012-06-17 17:27 . 2012-05-08 04:21 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2011-11-02 2248704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WNDA3200 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe [2012-5-8 565248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]

R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNDA3200\jswpsapi.exe [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [x]

S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 18:58]

.

2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3350772935-3395239629-2234222438-1000Core.job

- c:\users\Rich\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-13 01:08]

.

2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3350772935-3395239629-2234222438-1000UA.job

- c:\users\Rich\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-13 01:08]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

FF - ProfilePath - c:\users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\orx39u25.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3350772935-3395239629-2234222438-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3350772935-3395239629-2234222438-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(748)

c:\windows\System32\wshtcpip.dll

.

Completion time: 2012-07-06 12:57:42

ComboFix-quarantined-files.txt 2012-07-06 11:57

.

Pre-Run: 30,707,978,240 bytes free

Post-Run: 30,620,782,592 bytes free

.

- - End Of File - - 5502B75E9A300A08565FA5BFF5198668

Link to post
Share on other sites

Good! :)

One last check:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Hey, Maniac.

I ran ESET, left it for a couple of hours to do it's thing. When I came back it had finished & found & removed 4 possible threats.

I've looked absolutely everywhere for a log (including where you told me), tried to open through Notepad, done specific searches for it, & the only thing I could find was this log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

I don't know if that means anything to you or not, but it's the only log I could find that had any connection to ESET whatsoever.

Link to post
Share on other sites

Sometimes there are a problems with it.

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

Okay.

I let the virus removal tool do it's thing. Here's the report.

Status: Quarantined (events: 1)

06/07/2012 20:35:59 Quarantined unknown threat UDS:DangerousObject.Multi.Generic C:\_OTL\MovedFiles\07052012_192340\C_Users\Rich\AppData\Local\{9af2c992-b0de-35a9-5de9-0a6c48bd82a6}\U\00000001.@ High

Link to post
Share on other sites

Well, I had a bit of a problem.

It seems as if either the virus or the act of removing the virus has completely broken my USB drivers. It also seems to have messed up my wireless dongle. According to my father (IT Technician) the USB drivers aren't functioning properly & Windows is assuming my wireless dongle is working fine, even though it isn't & when it isn't even plugged in.

I'm having to completely wipe & reinstall Windows 7 :(

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.