Jump to content

System32\Services.exe Trojan


KristianK
 Share

Recommended Posts

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35

Run by kristian at 0:06:20 on 2012-09-11

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.9207.7200 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\IProsetMonitor.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

uURLSearchHooks: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll

mURLSearchHooks: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll

mWinlogon: Userinit=userinit.exe,

BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.6.2\PriceGongIE.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

TB: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

StartupFolder: C:\Users\kristian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{340648C2-F80E-44DA-864B-B523132B83E1} : DhcpNameServer = 192.168.1.1

BHO-X64: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.2\PriceGongIE.dll

BHO-X64: PriceGong - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO-X64: StartNow Toolbar Helper - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll

BHO-X64: WhiteSmoke US - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

TB-X64: WhiteSmoke US Toolbar: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll

FF - plugin: C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll

FF - plugin: C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-7 13336]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-10 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-10 676936]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2012-6-22 265952]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]

R3 gwfilt64;gwfilt64;C:\Windows\system32\drivers\gwfilt64.sys --> C:\Windows\system32\drivers\gwfilt64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-16 1262400]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250568]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys --> C:\Windows\system32\DRIVERS\SWDUMon.sys [?]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-09-11 04:14:27 -------- d-----w- C:\ProgramData\SecTaskMan

2012-09-11 04:13:45 -------- d-----w- C:\Users\kristian\AppData\Local\{ADDA627F-A036-43D7-B8D2-512F42A27806}

2012-09-10 16:13:21 -------- d-----w- C:\Users\kristian\AppData\Local\{380FD162-45E5-40E2-9E7F-DF8A1776FF4D}

2012-09-10 04:13:10 -------- d-----w- C:\Users\kristian\AppData\Local\{D0889A30-F941-45CE-968F-4643453685DB}

2012-09-09 16:12:58 -------- d-----w- C:\Users\kristian\AppData\Local\{7AF7F121-E15D-4DBA-B37D-30898A9DA59A}

2012-09-09 04:12:47 -------- d-----w- C:\Users\kristian\AppData\Local\{C19C1A42-00F1-4E1B-90E8-EBA2887E13F4}

2012-09-08 16:12:35 -------- d-----w- C:\Users\kristian\AppData\Local\{0066C8D0-8B42-4781-9ACB-51CA781BD4BB}

2012-09-08 04:12:24 -------- d-----w- C:\Users\kristian\AppData\Local\{76589D94-CB1D-4269-BE98-206EC1D6228D}

2012-09-07 16:12:12 -------- d-----w- C:\Users\kristian\AppData\Local\{E833B61A-7D0A-46AD-8EB5-6453EEDCB931}

2012-09-07 04:12:01 -------- d-----w- C:\Users\kristian\AppData\Local\{D0D7DA70-AA82-40D0-B005-61BADA10D860}

2012-09-06 16:11:49 -------- d-----w- C:\Users\kristian\AppData\Local\{0532DB70-4E39-43D9-B7B7-7D4A19E6DF0B}

2012-09-06 04:11:38 -------- d-----w- C:\Users\kristian\AppData\Local\{86C25ADD-F9B0-4DB7-B01B-BAC76A5B9BBD}

2012-09-05 16:11:26 -------- d-----w- C:\Users\kristian\AppData\Local\{B6ABF8DA-DC32-44CD-9D73-303B4ED3E2B2}

2012-09-05 03:25:56 -------- d-----w- C:\Users\kristian\AppData\Local\{DDDEDBF3-61B0-451A-8751-C7F26B864F5D}

2012-09-04 15:25:44 -------- d-----w- C:\Users\kristian\AppData\Local\{515A7C01-48C1-4D45-AB4D-7412DB32E9B1}

2012-09-04 03:17:46 -------- d-----w- C:\Users\kristian\AppData\Local\{52E40F3D-E64E-4278-922C-53C78721096B}

2012-09-03 15:17:35 -------- d-----w- C:\Users\kristian\AppData\Local\{872F6C20-7380-4702-AB76-D1A62BA6BF92}

2012-09-03 03:17:23 -------- d-----w- C:\Users\kristian\AppData\Local\{BB34BFE2-A294-4E9C-AD58-C24E8355F82F}

2012-09-02 15:17:12 -------- d-----w- C:\Users\kristian\AppData\Local\{FE20391E-63C2-4DF3-B377-4B3F251F166C}

2012-09-02 03:17:01 -------- d-----w- C:\Users\kristian\AppData\Local\{7B95CFB9-8D3F-42D3-976E-EBB0BB7E46E7}

2012-09-01 15:16:49 -------- d-----w- C:\Users\kristian\AppData\Local\{0FAB122B-F345-4005-B7DF-122A120CFC38}

2012-09-01 03:16:38 -------- d-----w- C:\Users\kristian\AppData\Local\{EF34F63A-10CA-48F0-BF3A-5F18D2DCECB6}

2012-08-31 15:16:19 -------- d-----w- C:\Users\kristian\AppData\Local\{6FFE5DBD-FAE2-463F-B592-77FF6B9681AF}

2012-08-31 03:16:07 -------- d-----w- C:\Users\kristian\AppData\Local\{E4379F55-7F11-47F1-AFC1-B0AC0244D12B}

2012-08-30 15:10:28 -------- d-----w- C:\Users\kristian\AppData\Local\{89F7C252-C3BE-42EB-A65A-BCD6BE310DAB}

2012-08-30 03:10:17 -------- d-----w- C:\Users\kristian\AppData\Local\{91376EE2-F58F-40D3-9921-7C14FA27A07C}

2012-08-29 12:21:47 -------- d-----w- C:\Users\kristian\AppData\Local\{353F7BA9-27CE-4CC7-A892-656829AFA05C}

2012-08-28 18:26:56 -------- d-----w- C:\Program Files (x86)\Guild Wars 2

2012-08-28 17:48:23 -------- d-----w- C:\Users\kristian\AppData\Local\{73CCE3BA-FAFF-4FC3-959C-D7AC062574DA}

2012-08-28 03:13:06 -------- d-----w- C:\Users\kristian\AppData\Local\{AB7DFA75-0AEC-44F7-9083-E01305ABEDC7}

2012-08-27 14:59:30 -------- d-----w- C:\Users\kristian\AppData\Local\{79FD70C2-FD01-4C0F-84DC-DE1C7EDB60D4}

2012-08-26 21:20:35 -------- d-----w- C:\Users\kristian\AppData\Local\{EDFB2A65-9D72-4479-9732-6302F2EAEEB2}

2012-08-26 04:31:26 -------- d-----w- C:\Users\kristian\AppData\Local\{788458D4-3FEA-4CD9-8569-76BA142E1BC6}

2012-08-25 15:22:06 -------- d-----w- C:\Users\kristian\AppData\Local\{37A2B3BB-54B8-4984-A720-5DEA2063C235}

2012-08-25 02:07:34 -------- d-----w- C:\Users\kristian\AppData\Local\{8A932766-160A-463A-AFE6-155EA76D4CC5}

2012-08-24 14:01:58 -------- d-----w- C:\Users\kristian\AppData\Local\{B61BF37A-68BC-446C-9A30-BEF269A59AAC}

2012-08-23 17:19:58 -------- d-----w- C:\Users\kristian\AppData\Local\{C9538CA9-2ED0-4957-9F0C-D98E0547BB3C}

2012-08-23 05:19:47 -------- d-----w- C:\Users\kristian\AppData\Local\{9C124C90-9CF2-49AB-A8C7-781BEEE6F488}

2012-08-22 17:19:35 -------- d-----w- C:\Users\kristian\AppData\Local\{C0980BBF-8A37-46E7-A312-E009F51A7BBD}

2012-08-22 05:19:24 -------- d-----w- C:\Users\kristian\AppData\Local\{858856F8-E874-445B-8049-4045A096E09C}

2012-08-21 17:20:27 -------- d-----w- C:\Windows\System32\appmgmt

2012-08-21 17:18:57 -------- d-----w- C:\Users\kristian\AppData\Local\{A0153AD7-F331-42FB-8097-A02CDE5A4250}

2012-08-21 16:37:34 9882112 ----a-w- C:\Windows\SysWow64\RtsUStoricon.dll

2012-08-21 16:37:34 244224 ----a-w- C:\Windows\System32\drivers\RtsUStor.sys

2012-08-21 16:26:55 34840 ----a-w- C:\Windows\System32\drivers\gwfilt64.sys

2012-08-21 16:26:54 2533952 ----a-w- C:\Windows\System32\FMAPO64.dll

2012-08-21 16:26:04 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-08-21 16:19:55 53248 ----a-r- C:\Users\kristian\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-08-21 16:19:03 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2012-08-21 16:17:39 -------- d-----w- C:\Users\kristian\AppData\Roaming\Logishrd

2012-08-21 16:15:08 15712 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys

2012-08-21 16:15:07 -------- d-----w- C:\Users\kristian\AppData\Local\SlimWare Utilities Inc

2012-08-21 16:15:04 -------- d-----w- C:\Program Files (x86)\DriverUpdate

2012-08-19 18:21:43 -------- d-----w- C:\Users\kristian\AppData\Local\{661B5887-96FA-4642-8A23-E70EFAE7D722}

2012-08-19 17:04:33 -------- d-----w- C:\Users\kristian\AppData\Local\{01824968-B922-463D-A0F4-8392711C13A1}

2012-08-19 16:35:00 -------- d-----w- C:\Users\kristian\AppData\Local\{F46F7206-1ABC-4089-A913-B566422D9AFF}

2012-08-19 16:05:54 -------- d-----w- C:\Users\kristian\AppData\Local\{4D8A8EB0-1A21-4816-B193-3A58643E94F8}

2012-08-19 10:02:30 -------- d-----w- C:\Users\kristian\AppData\Local\{F7E76940-8282-4FB8-AA29-5C07CB857CD2}

2012-08-18 13:59:00 -------- d-----w- C:\Users\kristian\AppData\Local\{305F60A5-9B86-40C0-8463-2519678A61E2}

2012-08-18 13:58:49 -------- d-----w- C:\Users\kristian\AppData\Local\{3C5BF993-72C8-47FE-93BD-2CBD61AFEBA9}

2012-08-17 12:54:03 -------- d-----w- C:\Users\kristian\AppData\Local\{4B1E8034-BED1-4C4E-9F1B-A2045BD3975C}

2012-08-17 12:53:52 -------- d-----w- C:\Users\kristian\AppData\Local\{EB88B13C-8E72-43A1-B33B-F5FD7E5781DD}

2012-08-16 21:46:40 -------- d-----w- C:\Users\kristian\AppData\Local\{B3133FE0-7730-4D2B-9C7F-A1C669C205AA}

2012-08-16 21:46:29 -------- d-----w- C:\Users\kristian\AppData\Local\{23FA1B58-5A95-4819-98F8-03FE35E98676}

2012-08-16 02:39:28 -------- d-----w- C:\Users\kristian\AppData\Local\{8E309B04-7804-4AB4-8E56-8757B7310FD7}

2012-08-16 02:39:16 -------- d-----w- C:\Users\kristian\AppData\Local\{697D9CC5-B011-48A7-A579-CD78027771D1}

2012-08-15 12:09:47 -------- d-----w- C:\Users\kristian\AppData\Local\{4D72C0ED-F827-498E-9713-F1949298E5D9}

2012-08-15 12:09:36 -------- d-----w- C:\Users\kristian\AppData\Local\{29661A2A-FBCA-4793-93FA-333F77BFED40}

2012-08-15 00:55:09 -------- d-----w- C:\Users\kristian\AppData\Local\SWMonitor

2012-08-15 00:55:04 -------- d-----w- C:\Program Files (x86)\SWMoniTOR

2012-08-15 00:09:24 -------- d-----w- C:\Users\kristian\AppData\Local\{2DB83FEC-40A7-4159-8D6C-ACF430E28A08}

2012-08-15 00:09:13 -------- d-----w- C:\Users\kristian\AppData\Local\{6DD1ED45-5A46-4FC6-9A36-7ECA2BB8B1EF}

2012-08-14 11:36:20 -------- d-----w- C:\Users\kristian\AppData\Local\{12A0500E-426F-43FC-A675-85FE5CBA67E8}

2012-08-14 11:36:09 -------- d-----w- C:\Users\kristian\AppData\Local\{B8369675-AF17-482A-AEA1-44A321B5432A}

2012-08-13 21:30:42 -------- d-----w- C:\Users\kristian\AppData\Local\{957821AF-6D45-4D8B-90F5-D27D86036AA4}

2012-08-13 21:30:29 -------- d-----w- C:\Users\kristian\AppData\Local\{0AC319DD-4C83-46CF-ACB9-E380CE667459}

2012-08-13 04:24:27 -------- d-----w- C:\Users\kristian\AppData\Local\{F73BB7F3-AA60-4324-B3CF-C997556E1DAC}

2012-08-13 04:24:16 -------- d-----w- C:\Users\kristian\AppData\Local\{2D1F9202-7CA1-4AFC-A343-DBDEDD43EB6D}

2012-08-12 15:33:53 -------- d-----w- C:\Users\kristian\AppData\Local\{D57EE4DE-C166-4FC9-AC4A-4C50069A6618}

2012-08-12 15:33:42 -------- d-----w- C:\Users\kristian\AppData\Local\{FEDDCC0B-D8F6-42CA-AAD2-D545A8843FFA}

.

==================== Find3M ====================

.

2012-09-07 22:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-29 01:24:56 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-08-29 01:24:53 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-08-28 18:26:21 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-28 18:26:21 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-21 16:35:04 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

.

============= FINISH: 0:06:42.63 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 11/28/2011 5:17:52 PM

System Uptime: 9/10/2012 11:55:58 PM (1 hours ago)

.

Motherboard: Gateway | | TBGM01

Processor: Intel® Core i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 157.391 GiB free.

D: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&6730480&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&6730480&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP84: 8/29/2012 12:33:56 AM - Scheduled Checkpoint

RP85: 8/31/2012 10:15:27 AM - Installed Java 6 Update 35

RP86: 9/8/2012 3:24:58 AM - Scheduled Checkpoint

RP87: 9/10/2012 11:28:23 PM - Uniblue SpeedUpMyPC installation

RP88: 9/10/2012 11:51:16 PM - Removed AVG 2012

RP89: 9/10/2012 11:51:54 PM - Removed AVG 2012

.

==== Installed Programs ======================

.

Action Replay Code Manager

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Apple Application Support

Apple Software Update

D3DX10

Diablo II

Diablo III

Driver Detective

eReg

Guild Wars

Guild Wars 2

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 35

JMicron JMB36X Driver

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

PriceGong 2.6.2

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Star Wars: The Old Republic

StarCraft II

StartNow Toolbar

SWMoniTOR 1.0

TeamSpeak 3 Client

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Ventrilo Client

Ventrilo Server

Visual Studio 2008 x64 Redistributables

WhiteSmoke US Toolbar

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

World of Warcraft

.

==== Event Viewer Messages From Past Week ========

.

9/10/2012 11:58:39 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

9/10/2012 11:58:39 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

9/10/2012 11:57:03 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

9/10/2012 11:57:03 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

9/10/2012 11:56:33 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

9/10/2012 11:56:29 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

9/10/2012 11:56:26 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

9/10/2012 11:07:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

9/10/2012 11:07:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

9/10/2012 11:07:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

9/10/2012 11:07:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

9/10/2012 11:07:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

9/10/2012 11:07:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

9/10/2012 11:07:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800bf12b30, 0xfffffa800bf12e10, 0xfffff800037d3510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091012-16380-01.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello and welcome. Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2012 01

Ran by kristian at 11-09-2012 23:23:30

Running from E:\

Service Pack 1 (X64) OS Language: English(US)

Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==================== One Month Created Files and Folders ======================

2012-09-11 23:20 - 2012-09-11 23:20 - 00000000 ____D C:\Users\kristian\AppData\Local\{38E5D888-E5B6-4ABE-BE11-6B4C42F5BC44}

2012-09-11 23:04 - 2012-09-11 23:23 - 00000000 ____D C:\FRST

2012-09-11 22:56 - 2012-09-11 22:56 - 01453499 ____A (Farbar) C:\Users\kristian\Downloads\FRST64.exe

2012-09-11 11:14 - 2012-09-11 11:14 - 00000000 ____D C:\Users\kristian\AppData\Local\{79810B59-036F-40B2-83DC-88D59160C5A6}

2012-09-11 00:08 - 2012-09-11 00:08 - 00006936 ____A C:\Users\kristian\Desktop\Attach.txt

2012-09-11 00:07 - 2012-09-11 00:07 - 00023549 ____A C:\Users\kristian\Desktop\DDS.txt

2012-09-11 00:06 - 2012-09-11 00:06 - 00607260 ____R (Swearware) C:\Users\kristian\Downloads\dds.scr

2012-09-10 23:28 - 2012-09-10 23:28 - 06161240 ____A (Uniblue Systems Ltd ) C:\Users\kristian\Downloads\speedupmypc.exe

2012-09-10 23:14 - 2012-09-10 23:58 - 00000000 ____D C:\Users\All Users\SecTaskMan

2012-09-10 23:14 - 2012-09-10 23:14 - 02095024 ____A C:\Users\kristian\Downloads\SecurityTaskManager_Setup.exe

2012-09-10 23:13 - 2012-09-10 23:13 - 00000000 ____D C:\Users\kristian\AppData\Local\{ADDA627F-A036-43D7-B8D2-512F42A27806}

2012-09-10 23:07 - 2012-09-10 23:07 - 00282760 ____A C:\Windows\Minidump\091012-16380-01.dmp

2012-09-10 23:07 - 2012-09-10 23:07 - 00000000 ____D C:\Windows\Minidump

2012-09-10 23:04 - 2012-09-10 23:07 - 357071364 ____A C:\Windows\MEMORY.DMP

2012-09-10 11:13 - 2012-09-10 11:13 - 00000000 ____D C:\Users\kristian\AppData\Local\{380FD162-45E5-40E2-9E7F-DF8A1776FF4D}

2012-09-09 23:13 - 2012-09-09 23:13 - 00000000 ____D C:\Users\kristian\AppData\Local\{D0889A30-F941-45CE-968F-4643453685DB}

2012-09-09 11:12 - 2012-09-09 11:13 - 00000000 ____D C:\Users\kristian\AppData\Local\{7AF7F121-E15D-4DBA-B37D-30898A9DA59A}

2012-09-08 23:12 - 2012-09-08 23:12 - 00000000 ____D C:\Users\kristian\AppData\Local\{C19C1A42-00F1-4E1B-90E8-EBA2887E13F4}

2012-09-08 11:12 - 2012-09-08 11:12 - 00000000 ____D C:\Users\kristian\AppData\Local\{0066C8D0-8B42-4781-9ACB-51CA781BD4BB}

2012-09-07 23:12 - 2012-09-07 23:12 - 00000000 ____D C:\Users\kristian\AppData\Local\{76589D94-CB1D-4269-BE98-206EC1D6228D}

2012-09-07 11:12 - 2012-09-07 11:12 - 00000000 ____D C:\Users\kristian\AppData\Local\{E833B61A-7D0A-46AD-8EB5-6453EEDCB931}

2012-09-06 23:12 - 2012-09-06 23:12 - 00000000 ____D C:\Users\kristian\AppData\Local\{D0D7DA70-AA82-40D0-B005-61BADA10D860}

2012-09-06 11:11 - 2012-09-06 11:12 - 00000000 ____D C:\Users\kristian\AppData\Local\{0532DB70-4E39-43D9-B7B7-7D4A19E6DF0B}

2012-09-05 23:11 - 2012-09-05 23:11 - 00000000 ____D C:\Users\kristian\AppData\Local\{86C25ADD-F9B0-4DB7-B01B-BAC76A5B9BBD}

2012-09-05 11:11 - 2012-09-05 11:11 - 00000000 ____D C:\Users\kristian\AppData\Local\{B6ABF8DA-DC32-44CD-9D73-303B4ED3E2B2}

2012-09-04 22:25 - 2012-09-04 22:26 - 00000000 ____D C:\Users\kristian\AppData\Local\{DDDEDBF3-61B0-451A-8751-C7F26B864F5D}

2012-09-04 10:25 - 2012-09-04 10:25 - 00000000 ____D C:\Users\kristian\AppData\Local\{515A7C01-48C1-4D45-AB4D-7412DB32E9B1}

2012-09-03 22:17 - 2012-09-03 22:17 - 00000000 ____D C:\Users\kristian\AppData\Local\{52E40F3D-E64E-4278-922C-53C78721096B}

2012-09-03 10:17 - 2012-09-03 10:17 - 00000000 ____D C:\Users\kristian\AppData\Local\{872F6C20-7380-4702-AB76-D1A62BA6BF92}

2012-09-02 22:17 - 2012-09-02 22:17 - 00000000 ____D C:\Users\kristian\AppData\Local\{BB34BFE2-A294-4E9C-AD58-C24E8355F82F}

2012-09-02 10:17 - 2012-09-02 10:17 - 00000000 ____D C:\Users\kristian\AppData\Local\{FE20391E-63C2-4DF3-B377-4B3F251F166C}

2012-09-01 22:17 - 2012-09-01 22:17 - 00000000 ____D C:\Users\kristian\AppData\Local\{7B95CFB9-8D3F-42D3-976E-EBB0BB7E46E7}

2012-09-01 10:16 - 2012-09-01 10:17 - 00000000 ____D C:\Users\kristian\AppData\Local\{0FAB122B-F345-4005-B7DF-122A120CFC38}

2012-08-31 22:16 - 2012-08-31 22:16 - 00000000 ____D C:\Users\kristian\AppData\Local\{EF34F63A-10CA-48F0-BF3A-5F18D2DCECB6}

2012-08-31 10:16 - 2012-08-31 10:16 - 00000000 ____D C:\Users\kristian\AppData\Local\{6FFE5DBD-FAE2-463F-B592-77FF6B9681AF}

2012-08-31 10:16 - 2012-08-28 20:10 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe

2012-08-31 10:16 - 2012-08-28 20:10 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe

2012-08-31 10:16 - 2012-08-28 20:09 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

2012-08-31 10:15 - 2012-08-31 10:16 - 00002948 ____A C:\Windows\SysWOW64\jupdate-1.6.0_35-b10.log

2012-08-30 22:16 - 2012-08-30 22:16 - 00000000 ____D C:\Users\kristian\AppData\Local\{E4379F55-7F11-47F1-AFC1-B0AC0244D12B}

2012-08-30 10:10 - 2012-08-30 10:10 - 00000000 ____D C:\Users\kristian\AppData\Local\{89F7C252-C3BE-42EB-A65A-BCD6BE310DAB}

2012-08-29 22:10 - 2012-08-29 22:10 - 00000000 ____D C:\Users\kristian\AppData\Local\{91376EE2-F58F-40D3-9921-7C14FA27A07C}

2012-08-29 07:21 - 2012-08-29 07:21 - 00000000 ____D C:\Users\kristian\AppData\Local\{353F7BA9-27CE-4CC7-A892-656829AFA05C}

2012-08-28 13:26 - 2012-08-29 07:24 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2

2012-08-28 13:26 - 2012-08-28 22:30 - 00000000 ____D C:\Users\kristian\Documents\Guild Wars 2

2012-08-28 13:26 - 2012-08-28 13:26 - 00000932 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk

2012-08-28 12:48 - 2012-08-28 12:48 - 00000000 ____D C:\Users\kristian\AppData\Local\{73CCE3BA-FAFF-4FC3-959C-D7AC062574DA}

2012-08-27 22:13 - 2012-08-27 22:13 - 00000000 ____D C:\Users\kristian\AppData\Local\{AB7DFA75-0AEC-44F7-9083-E01305ABEDC7}

2012-08-27 09:59 - 2012-08-27 09:59 - 00000000 ____D C:\Users\kristian\AppData\Local\{79FD70C2-FD01-4C0F-84DC-DE1C7EDB60D4}

2012-08-26 16:20 - 2012-08-26 16:20 - 00000000 ____D C:\Users\kristian\AppData\Local\{EDFB2A65-9D72-4479-9732-6302F2EAEEB2}

2012-08-25 23:31 - 2012-08-25 23:31 - 00000000 ____D C:\Users\kristian\AppData\Local\{788458D4-3FEA-4CD9-8569-76BA142E1BC6}

2012-08-25 10:22 - 2012-08-25 10:22 - 00000000 ____D C:\Users\kristian\AppData\Local\{37A2B3BB-54B8-4984-A720-5DEA2063C235}

2012-08-24 21:07 - 2012-08-24 21:07 - 00000000 ____D C:\Users\kristian\AppData\Local\{8A932766-160A-463A-AFE6-155EA76D4CC5}

2012-08-24 09:01 - 2012-08-24 09:02 - 00000000 ____D C:\Users\kristian\AppData\Local\{B61BF37A-68BC-446C-9A30-BEF269A59AAC}

2012-08-23 12:19 - 2012-08-23 12:20 - 00000000 ____D C:\Users\kristian\AppData\Local\{C9538CA9-2ED0-4957-9F0C-D98E0547BB3C}

2012-08-23 00:19 - 2012-08-23 00:19 - 00000000 ____D C:\Users\kristian\AppData\Local\{9C124C90-9CF2-49AB-A8C7-781BEEE6F488}

2012-08-22 12:19 - 2012-08-22 12:19 - 00000000 ____D C:\Users\kristian\AppData\Local\{C0980BBF-8A37-46E7-A312-E009F51A7BBD}

2012-08-22 00:19 - 2012-08-22 00:19 - 00000000 ____D C:\Users\kristian\AppData\Local\{858856F8-E874-445B-8049-4045A096E09C}

2012-08-21 12:20 - 2012-08-21 12:21 - 00000000 ____D C:\Windows\System32\appmgmt

2012-08-21 12:18 - 2012-08-21 12:19 - 00000000 ____D C:\Users\kristian\AppData\Local\{A0153AD7-F331-42FB-8097-A02CDE5A4250}

2012-08-21 11:37 - 2012-08-21 11:37 - 09882112 ____A (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUStoricon.dll

2012-08-21 11:37 - 2012-08-21 11:37 - 00244224 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtsUStor.sys

2012-08-21 11:27 - 2012-08-21 11:27 - 00000000 ____D C:\Windows\SysWOW64\RTCOM

2012-08-21 11:27 - 2012-08-21 11:22 - 04065296 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys

2012-08-21 11:27 - 2012-08-21 11:22 - 03615888 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll

2012-08-21 11:27 - 2012-08-21 11:22 - 02674320 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll

2012-08-21 11:27 - 2012-08-21 11:22 - 01560168 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl

2012-08-21 11:27 - 2012-08-21 11:22 - 01262696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll

2012-08-21 11:27 - 2012-08-21 11:22 - 00897152 ____A (Creative Technology Ltd.) C:\Windows\System32\MBAPO64.dll

2012-08-21 11:27 - 2012-08-21 11:22 - 00869520 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll

2012-08-21 11:27 - 2012-08-21 11:22 - 00753280 ____A (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll

2012-08-21 11:27 - 2012-08-21 11:22 - 00518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll

2012-08-21 11:27 - 2012-08-21 11:22 - 00375128 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll

2012-08-21 11:27 - 2012-08-21 11:22 - 00331880 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll

2012-08-21 11:27 - 2012-08-21 11:22 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll

2012-08-21 11:27 - 2012-08-21 11:22 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll

2012-08-21 11:27 - 2012-08-21 11:22 - 00293889 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT

2012-08-21 11:27 - 2012-08-21 11:22 - 00204120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll

2012-08-21 11:27 - 2012-08-21 11:22 - 00155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll

2012-08-21 11:27 - 2012-08-21 11:22 - 00149608 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll

2012-08-21 11:27 - 2012-08-21 11:22 - 00105616 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll

2012-08-21 11:27 - 2012-08-21 11:22 - 00101208 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll

2012-08-21 11:27 - 2012-08-21 11:22 - 00083072 ____A (Creative Technology Ltd.) C:\Windows\System32\MBWrp64.dll

2012-08-21 11:27 - 2012-08-21 11:22 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll

2012-08-21 11:27 - 2012-08-21 11:22 - 00065112 ____A (Creative Technology Ltd.) C:\Windows\System32\MBppld64.dll

2012-08-21 11:27 - 2012-08-21 11:22 - 00060504 ____A (Creative Technology Ltd.) C:\Windows\System32\MBPPCn64.dll

2012-08-21 11:27 - 2012-08-21 11:22 - 00014952 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll

2012-08-21 11:26 - 2012-08-21 11:22 - 02533952 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll

2012-08-21 11:26 - 2012-08-21 11:22 - 00034840 ____A (Creative Technology Ltd.) C:\Windows\System32\Drivers\gwfilt64.sys

2012-08-21 11:19 - 2012-08-21 11:19 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys

2012-08-21 11:19 - 2012-08-21 11:19 - 00000339 ____A C:\Windows\LkmdfCoInst.log

2012-08-21 11:19 - 2012-08-21 11:19 - 00000000 ____D C:\Users\kristian\AppData\Roaming\Leadertech

2012-08-21 11:18 - 2012-08-21 11:19 - 00007314 ____A C:\Windows\LDPINST.LOG

2012-08-21 11:18 - 2012-08-21 11:19 - 00000000 ____D C:\Users\Public\Documents\LogiShrd

2012-08-21 11:18 - 2012-08-21 11:19 - 00000000 ____D C:\Users\All Users\Logishrd

2012-08-21 11:18 - 2012-08-21 11:19 - 00000000 ____D C:\Program Files\Common Files\Logishrd

2012-08-21 11:18 - 2012-08-21 11:18 - 00000000 ____D C:\Program Files\Logitech

2012-08-21 11:17 - 2012-08-21 11:19 - 00000000 ____D C:\Users\kristian\AppData\Roaming\Logitech

2012-08-21 11:17 - 2012-08-21 11:17 - 00000000 ____D C:\Users\kristian\AppData\Roaming\Logishrd

2012-08-21 11:15 - 2012-08-21 12:21 - 00000000 ____D C:\Program Files (x86)\DriverUpdate

2012-08-21 11:15 - 2012-08-21 12:08 - 00015712 ____A C:\Windows\System32\Drivers\SWDUMon.sys

2012-08-21 11:15 - 2012-08-21 11:15 - 00000000 ____D C:\Users\kristian\AppData\Local\SlimWare Utilities Inc

2012-08-21 11:14 - 2012-08-21 11:14 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers

2012-08-19 13:21 - 2012-08-21 00:18 - 00000000 ____D C:\Users\kristian\AppData\Local\{661B5887-96FA-4642-8A23-E70EFAE7D722}

2012-08-19 12:04 - 2012-08-19 12:04 - 00000000 ____D C:\Users\kristian\AppData\Local\{01824968-B922-463D-A0F4-8392711C13A1}

2012-08-19 11:35 - 2012-08-19 11:35 - 00000000 ____D C:\Users\kristian\AppData\Local\{F46F7206-1ABC-4089-A913-B566422D9AFF}

2012-08-19 11:05 - 2012-08-19 11:05 - 00000000 ____D C:\Users\kristian\AppData\Local\{4D8A8EB0-1A21-4816-B193-3A58643E94F8}

2012-08-19 05:02 - 2012-08-19 05:02 - 00000000 ____D C:\Users\kristian\AppData\Local\{F7E76940-8282-4FB8-AA29-5C07CB857CD2}

2012-08-18 08:59 - 2012-08-18 08:59 - 00000000 ____D C:\Users\kristian\AppData\Local\{305F60A5-9B86-40C0-8463-2519678A61E2}

2012-08-18 08:58 - 2012-08-18 08:59 - 00000000 ____D C:\Users\kristian\AppData\Local\{3C5BF993-72C8-47FE-93BD-2CBD61AFEBA9}

2012-08-17 07:54 - 2012-08-17 07:54 - 00000000 ____D C:\Users\kristian\AppData\Local\{4B1E8034-BED1-4C4E-9F1B-A2045BD3975C}

2012-08-17 07:53 - 2012-08-17 07:54 - 00000000 ____D C:\Users\kristian\AppData\Local\{EB88B13C-8E72-43A1-B33B-F5FD7E5781DD}

2012-08-16 16:46 - 2012-08-16 16:46 - 00000000 ____D C:\Users\kristian\AppData\Local\{B3133FE0-7730-4D2B-9C7F-A1C669C205AA}

2012-08-16 16:46 - 2012-08-16 16:46 - 00000000 ____D C:\Users\kristian\AppData\Local\{23FA1B58-5A95-4819-98F8-03FE35E98676}

2012-08-15 21:39 - 2012-08-15 21:39 - 00000000 ____D C:\Users\kristian\AppData\Local\{8E309B04-7804-4AB4-8E56-8757B7310FD7}

2012-08-15 21:39 - 2012-08-15 21:39 - 00000000 ____D C:\Users\kristian\AppData\Local\{697D9CC5-B011-48A7-A579-CD78027771D1}

2012-08-15 07:09 - 2012-08-15 07:09 - 00000000 ____D C:\Users\kristian\AppData\Local\{4D72C0ED-F827-498E-9713-F1949298E5D9}

2012-08-15 07:09 - 2012-08-15 07:09 - 00000000 ____D C:\Users\kristian\AppData\Local\{29661A2A-FBCA-4793-93FA-333F77BFED40}

2012-08-14 19:55 - 2012-08-14 22:44 - 00000000 ____D C:\Users\kristian\AppData\Local\SWMonitor

2012-08-14 19:55 - 2012-08-14 19:55 - 00000953 ____A C:\Users\Public\Desktop\SWMoniTOR.lnk

2012-08-14 19:55 - 2012-08-14 19:55 - 00000000 ____D C:\Users\kristian\Documents\SWMonitor

2012-08-14 19:55 - 2012-08-14 19:55 - 00000000 ____D C:\Program Files (x86)\SWMoniTOR

2012-08-14 19:54 - 2012-08-14 19:54 - 00565680 ____A (Crisp Logic, Inc ) C:\Users\kristian\Downloads\swmonitor_1.0.1.exe

2012-08-14 19:09 - 2012-08-14 19:09 - 00000000 ____D C:\Users\kristian\AppData\Local\{6DD1ED45-5A46-4FC6-9A36-7ECA2BB8B1EF}

2012-08-14 19:09 - 2012-08-14 19:09 - 00000000 ____D C:\Users\kristian\AppData\Local\{2DB83FEC-40A7-4159-8D6C-ACF430E28A08}

2012-08-14 06:36 - 2012-08-14 06:36 - 00000000 ____D C:\Users\kristian\AppData\Local\{B8369675-AF17-482A-AEA1-44A321B5432A}

2012-08-14 06:36 - 2012-08-14 06:36 - 00000000 ____D C:\Users\kristian\AppData\Local\{12A0500E-426F-43FC-A675-85FE5CBA67E8}

2012-08-13 16:30 - 2012-08-13 16:30 - 00000000 ____D C:\Users\kristian\AppData\Local\{957821AF-6D45-4D8B-90F5-D27D86036AA4}

2012-08-13 16:30 - 2012-08-13 16:30 - 00000000 ____D C:\Users\kristian\AppData\Local\{0AC319DD-4C83-46CF-ACB9-E380CE667459}

2012-08-12 23:24 - 2012-08-12 23:24 - 00000000 ____D C:\Users\kristian\AppData\Local\{F73BB7F3-AA60-4324-B3CF-C997556E1DAC}

2012-08-12 23:24 - 2012-08-12 23:24 - 00000000 ____D C:\Users\kristian\AppData\Local\{2D1F9202-7CA1-4AFC-A343-DBDEDD43EB6D}

2012-08-12 10:33 - 2012-08-12 10:34 - 00000000 ____D C:\Users\kristian\AppData\Local\{D57EE4DE-C166-4FC9-AC4A-4C50069A6618}

2012-08-12 10:33 - 2012-08-12 10:33 - 00000000 ____D C:\Users\kristian\AppData\Local\{FEDDCC0B-D8F6-42CA-AAD2-D545A8843FFA}

==================== 3 Months Modified Files ================================

2012-09-11 23:20 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-09-11 23:20 - 2009-07-13 23:51 - 00059292 ____A C:\Windows\setupact.log

2012-09-11 22:56 - 2012-09-11 22:56 - 01453499 ____A (Farbar) C:\Users\kristian\Downloads\FRST64.exe

2012-09-11 22:56 - 2009-07-14 00:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI

2012-09-11 16:15 - 2012-04-05 13:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-09-11 00:08 - 2012-09-11 00:08 - 00006936 ____A C:\Users\kristian\Desktop\Attach.txt

2012-09-11 00:07 - 2012-09-11 00:07 - 00023549 ____A C:\Users\kristian\Desktop\DDS.txt

2012-09-11 00:06 - 2012-09-11 00:06 - 00607260 ____R (Swearware) C:\Users\kristian\Downloads\dds.scr

2012-09-11 00:03 - 2009-07-13 23:45 - 00021472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-09-11 00:03 - 2009-07-13 23:45 - 00021472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-09-10 23:56 - 2010-11-20 22:47 - 00058452 ____A C:\Windows\PFRO.log

2012-09-10 23:28 - 2012-09-10 23:28 - 06161240 ____A (Uniblue Systems Ltd ) C:\Users\kristian\Downloads\speedupmypc.exe

2012-09-10 23:14 - 2012-09-10 23:14 - 02095024 ____A C:\Users\kristian\Downloads\SecurityTaskManager_Setup.exe

2012-09-10 23:07 - 2012-09-10 23:07 - 00282760 ____A C:\Windows\Minidump\091012-16380-01.dmp

2012-09-10 23:07 - 2012-09-10 23:04 - 357071364 ____A C:\Windows\MEMORY.DMP

2012-09-10 22:17 - 2012-07-12 19:55 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-09-07 17:04 - 2012-07-12 19:55 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-09-04 01:35 - 2011-11-28 18:17 - 01657582 ____A C:\Windows\WindowsUpdate.log

2012-08-31 10:16 - 2012-08-31 10:15 - 00002948 ____A C:\Windows\SysWOW64\jupdate-1.6.0_35-b10.log

2012-08-28 20:24 - 2012-07-12 06:39 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll

2012-08-28 20:24 - 2012-04-11 22:07 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll

2012-08-28 20:10 - 2012-08-31 10:16 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe

2012-08-28 20:10 - 2012-08-31 10:16 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe

2012-08-28 20:09 - 2012-08-31 10:16 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

2012-08-28 13:26 - 2012-08-28 13:26 - 00000932 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk

2012-08-28 13:26 - 2012-04-05 13:10 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-28 13:26 - 2011-11-28 18:37 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-08-24 10:14 - 2012-07-13 22:00 - 00001064 ____A C:\Users\Public\Desktop\World of Warcraft.lnk

2012-08-21 12:08 - 2012-08-21 11:15 - 00015712 ____A C:\Windows\System32\Drivers\SWDUMon.sys

2012-08-21 11:37 - 2012-08-21 11:37 - 09882112 ____A (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUStoricon.dll

2012-08-21 11:37 - 2012-08-21 11:37 - 00244224 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtsUStor.sys

2012-08-21 11:35 - 2011-11-28 19:44 - 00053248 ____A (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 04065296 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys

2012-08-21 11:22 - 2012-08-21 11:27 - 03615888 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 02674320 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 01560168 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl

2012-08-21 11:22 - 2012-08-21 11:27 - 01262696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 00897152 ____A (Creative Technology Ltd.) C:\Windows\System32\MBAPO64.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 00869520 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 00753280 ____A (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 00518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 00375128 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 00331880 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 00293889 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT

2012-08-21 11:22 - 2012-08-21 11:27 - 00204120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 00155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 00149608 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 00105616 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 00101208 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 00083072 ____A (Creative Technology Ltd.) C:\Windows\System32\MBWrp64.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 00065112 ____A (Creative Technology Ltd.) C:\Windows\System32\MBppld64.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 00060504 ____A (Creative Technology Ltd.) C:\Windows\System32\MBPPCn64.dll

2012-08-21 11:22 - 2012-08-21 11:27 - 00014952 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll

2012-08-21 11:22 - 2012-08-21 11:26 - 02533952 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll

2012-08-21 11:22 - 2012-08-21 11:26 - 00034840 ____A (Creative Technology Ltd.) C:\Windows\System32\Drivers\gwfilt64.sys

2012-08-21 11:22 - 2011-11-28 19:37 - 01706640 ____A (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll

2012-08-21 11:19 - 2012-08-21 11:19 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys

2012-08-21 11:19 - 2012-08-21 11:19 - 00000339 ____A C:\Windows\LkmdfCoInst.log

2012-08-21 11:19 - 2012-08-21 11:18 - 00007314 ____A C:\Windows\LDPINST.LOG

2012-08-14 19:55 - 2012-08-14 19:55 - 00000953 ____A C:\Users\Public\Desktop\SWMoniTOR.lnk

2012-08-14 19:54 - 2012-08-14 19:54 - 00565680 ____A (Crisp Logic, Inc ) C:\Users\kristian\Downloads\swmonitor_1.0.1.exe

2012-07-29 13:24 - 2012-07-29 13:24 - 00027520 ____A C:\Users\kristian\AppData\Local\dt.dat

2012-07-29 07:30 - 2012-07-29 07:30 - 00000009 ____A C:\END

2012-07-29 07:29 - 2012-07-29 07:29 - 00370168 ____A C:\Users\kristian\Downloads\AVG-Anti-Virus-Free-Edition-2012Setup.exe

2012-07-15 11:47 - 2012-07-15 11:41 - 168454136 ____A (NVIDIA Corporation) C:\Users\kristian\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe

2012-07-13 22:00 - 2012-07-13 21:58 - 32160136 ____A C:\Users\kristian\Downloads\WoW-4.0.0-WOW-enUS-Installer.exe

2012-07-12 20:36 - 2012-07-12 20:36 - 00739856 ____A (Google Inc.) C:\Users\kristian\Downloads\ChromeSetup(1).exe

2012-07-12 20:34 - 2012-07-12 20:34 - 00739856 ____A (Google Inc.) C:\Users\kristian\Downloads\ChromeSetup.exe

2012-07-12 06:56 - 2012-07-12 06:56 - 08351056 ____A (AVG ) C:\Users\kristian\Downloads\avg_pct_stf_all_10_27_c5.exe

2012-07-12 03:20 - 2011-11-28 18:18 - 00000485 ____A C:\Users\kristian\Downloads\Desktop.lnk

2012-07-12 03:19 - 2009-07-13 23:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-12 03:01 - 2011-12-02 07:37 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-09 03:00 - 2012-07-09 03:00 - 00290616 ____A C:\Windows\msxml4-KB954430-enu.LOG

2012-07-09 03:00 - 2012-07-09 03:00 - 00288568 ____A C:\Windows\msxml4-KB973688-enu.LOG

2012-07-07 13:16 - 2012-07-07 13:16 - 00000531 ____A C:\Windows\KB893803v2.log

2012-06-24 21:10 - 2012-06-24 21:10 - 00001162 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

2012-06-24 21:09 - 2012-06-24 21:09 - 29828512 ____A (TeamSpeak Systems GmbH) C:\Users\kristian\Downloads\TeamSpeak3-Client-win32-3.0.7.exe

ZeroAccess:

C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}

C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\@

C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\L

C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U

C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\L\00000004.@

C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\L\1afb2d56

C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\L\201d3dde

C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\00000004.@

C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\00000008.@

C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\000000cb.@

C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\80000000.@

C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\80000032.@

C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\80000064.@

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:

C:\Users\kristian\AppData\Local\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}

C:\Users\kristian\AppData\Local\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\@

C:\Users\kristian\AppData\Local\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\L

C:\Users\kristian\AppData\Local\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 14%

Total physical RAM: 9207.17 MB

Available physical RAM: 7912.07 MB

Total Pagefile: 18412.54 MB

Available Pagefile: 17127.84 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:155.45 GB) NTFS

2 Drive d: (GW2_DVD2) (CDROM) (Total:5.73 GB) (Free:0 GB) UDF

3 Drive e: () (Removable) (Total:3.73 GB) (Free:3.68 GB) FAT32

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Disk 1 Online 3819 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 297 GB 101 MB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 297 GB Healthy Boot

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3818 MB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E FAT32 Removable 3818 MB Healthy

==================================================================================

Last Boot: 2012-09-06 02:55

==================== End Of Log =============================

Link to post
Share on other sites

Please do this next:

icon11.gif Please download SystemLook from HERE and save it to your Desktop.

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    services.exe


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Please include the following in your next post:

  • SystemLook log

Link to post
Share on other sites

SystemLook Log

SystemLook 27.08.10 by jpshortstuff

Log created at 22:18 on 12/09/2012 by kristian

Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"

C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

-= EOF =-

Link to post
Share on other sites

Please do this next:

icon11.gif Carefully follow these instructions:

1. Please download The Avenger2 by Swandog46 to your Desktop.

  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}
C:\Users\kristian\AppData\Local\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}
Files to delete:
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Files to move:
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe | C:\Windows\System32\services.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

Please include the following in your next post:

  • Avenger log

Link to post
Share on other sites

OK, please do this next:

icon11.gif Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the OTL.txt log and paste it into your next post. I don't need to see the Extras.txt log

Please include the following in your next post:

  • OTL log

Link to post
Share on other sites

OTL log:

OTL logfile created on: 9/13/2012 9:28:54 PM - Run 1

OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\kristian\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.99 Gb Total Physical Memory | 7.50 Gb Available Physical Memory | 83.41% Memory free

17.98 Gb Paging File | 15.87 Gb Available in Paging File | 88.28% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 297.99 Gb Total Space | 153.74 Gb Free Space | 51.59% Space Free | Partition Type: NTFS

Drive D: | 5.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 3.73 Gb Total Space | 3.68 Gb Free Space | 98.63% Space Free | Partition Type: FAT32

Computer Name: KRISTIAN-PC | User Name: kristian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/13 21:28:04 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\kristian\Desktop\OTL.exe

PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/08/28 13:26:21 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe

PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/06/22 08:55:48 | 000,265,952 | ---- | M] () -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe

PRC - [2012/06/16 22:38:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011/01/12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011/01/12 19:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/28 13:26:21 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

MOD - [2012/06/16 22:38:41 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012/06/14 03:31:25 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll

MOD - [2012/06/14 03:24:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/14 03:24:34 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

MOD - [2012/05/10 03:34:26 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll

MOD - [2012/05/10 03:25:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012/05/10 03:25:12 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012/05/10 03:25:07 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c764ad83cd3287fc59a3dc02e08ad1ea\System.Xml.ni.dll

MOD - [2012/05/10 03:25:04 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/10 03:25:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/10 03:24:57 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/11/20 22:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll

========== Services (SafeList) ==========

SRV:64bit: - [2011/09/27 14:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2011/04/11 15:44:46 | 000,171,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®

SRV:64bit: - [2009/12/03 21:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/08/28 13:26:21 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/06/22 08:55:48 | 000,265,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)

SRV - [2012/06/16 22:38:42 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/05/15 05:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011/01/12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/08/21 12:08:02 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)

DRV:64bit: - [2012/08/21 11:37:05 | 000,244,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2012/08/21 11:22:27 | 000,034,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gwfilt64.sys -- (gwfilt64)

DRV:64bit: - [2012/04/18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/11/28 19:23:21 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2011/09/02 01:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV:64bit: - [2011/09/02 01:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2011/09/02 01:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/11/20 22:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)

DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)

DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010/11/20 22:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/04/07 17:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)

DRV:64bit: - [2010/01/26 18:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AGERESoftModem)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2012/09/13 02:33:56 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\ymmm.sys -- (dzyi)

DRV - [2012/09/13 02:27:22 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\pgmoeso.sys -- (vgumue)

DRV - [2012/09/13 02:21:54 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\grif.sys -- (jxgcu)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3198785

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF 6E 52 5C 25 AE CC 01 [binary data]

IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found

IE - HKCU\..\URLSearchHook: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=YYYYYYYYUS&apn_uid=5B5467E0-5BA3-4009-843D-FFCF42FCCFA6&apn_sauid=DA271942-16BB-4A69-A158-24525C00A860

IE - HKCU\..\SearchScopes\{32CAE83D-7984-411D-AE62-E0E517DC82B3}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=YYYYYYYYUS&apn_uid=5B5467E0-5BA3-4009-843D-FFCF42FCCFA6&apn_sauid=DA271942-16BB-4A69-A158-24525C00A860

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={C5640841-B097-48CA-A16D-7564EBB4D51F}&mid=d23c68610c2847d18ab9d16b2e823c6a-0388553eb65d88b5a7cde0d41c349c3d3db94a56〈=en&ds=AVG&pr=fr&d=2012-07-29 07:34:50&v=12.2.5.32&sap=dsp&q={searchTerms}

IE - HKCU\..\SearchScopes\{E7413127-AC14-45C8-A30C-FCEC10E5C7AB}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3198785.browser.search.defaultthis.engineName: true

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3198785&SearchSource=13"

FF - prefs.js..extensions.enabledAddons: m3ffxtbr@mywebsearch.com:1.3

FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.1.0

FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.13.0.6

FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33

FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35

FF - prefs.js..extensions.enabledAddons: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.5.0

FF - prefs.js..extensions.enabledAddons: {cce665dd-f6dd-4808-968e-eaec971f70ef}:10.10.20.14

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q="

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 22:38:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/11/28 18:29:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kristian\AppData\Roaming\Mozilla\Extensions

[2012/07/29 07:30:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\extensions

[2012/05/15 21:40:04 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2012/09/04 01:30:52 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}

[2012/07/13 09:47:55 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

[2012/07/29 07:30:49 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}

[2012/07/29 07:30:57 | 000,000,000 | ---D | M] (WhiteSmoke US) -- C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}

[2012/02/08 16:45:52 | 000,000,000 | ---D | M] (My Web Search) -- C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\extensions\m3ffxtbr@mywebsearch.com

[2012/04/20 14:02:59 | 000,002,580 | ---- | M] () -- C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\searchplugins\askcom.xml

[2011/11/28 19:34:13 | 000,001,945 | ---- | M] () -- C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\searchplugins\bing-zugo.xml

[2012/07/29 07:51:25 | 000,000,919 | ---- | M] () -- C:\Users\kristian\AppData\Roaming\Mozilla\Firefox\Profiles\sr8i9qin.default\searchplugins\conduit.xml

[2012/08/31 10:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/07/13 09:47:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012/08/31 10:16:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2012/06/16 22:38:42 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/08/30 14:29:19 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

[2012/02/11 19:52:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old

[2012/02/11 19:52:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.2\PriceGongIE.dll (PriceGong)

O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (WhiteSmoke US Toolbar) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()

O3 - HKLM\..\Toolbar: (WhiteSmoke US Toolbar) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (WhiteSmoke US Toolbar) - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found

O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found

O4 - HKCU..\Run: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe (PC Drivers Headquarters)

O4 - Startup: C:\Users\kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{340648C2-F80E-44DA-864B-B523132B83E1}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/05/13 22:18:59 | 000,000,022 | R--- | M] () - D:\autorun.inf -- [ UDF ]

O32 - AutoRun File - [2011/08/04 18:13:52 | 000,000,110 | -H-- | M] () - E:\autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/13 21:28:04 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\kristian\Desktop\OTL.exe

[2012/09/13 11:26:37 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{1CF530CC-DA11-4BFB-80B6-FE4860B57CE7}

[2012/09/13 02:33:27 | 000,000,000 | ---D | C] -- C:\Users\kristian\Desktop\avenger

[2012/09/12 23:26:13 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{6C66DE01-B04C-462C-8401-D9ACAB8FF273}

[2012/09/12 11:26:02 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{2D9CB7AE-B9DC-409E-BBDD-8560E996E171}

[2012/09/11 23:25:50 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{29B0B888-9598-4CE1-9E72-87DA13331C5C}

[2012/09/11 23:20:40 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{38E5D888-E5B6-4ABE-BE11-6B4C42F5BC44}

[2012/09/11 23:04:59 | 000,000,000 | ---D | C] -- C:\FRST

[2012/09/11 11:14:09 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{79810B59-036F-40B2-83DC-88D59160C5A6}

[2012/09/10 23:51:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/09/10 23:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan

[2012/09/10 23:13:45 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{ADDA627F-A036-43D7-B8D2-512F42A27806}

[2012/09/10 23:07:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012/09/10 11:13:21 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{380FD162-45E5-40E2-9E7F-DF8A1776FF4D}

[2012/09/09 23:13:10 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{D0889A30-F941-45CE-968F-4643453685DB}

[2012/09/09 11:12:58 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{7AF7F121-E15D-4DBA-B37D-30898A9DA59A}

[2012/09/08 23:12:47 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{C19C1A42-00F1-4E1B-90E8-EBA2887E13F4}

[2012/09/08 11:12:35 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{0066C8D0-8B42-4781-9ACB-51CA781BD4BB}

[2012/09/07 23:12:24 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{76589D94-CB1D-4269-BE98-206EC1D6228D}

[2012/09/07 11:12:12 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{E833B61A-7D0A-46AD-8EB5-6453EEDCB931}

[2012/09/06 23:12:01 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{D0D7DA70-AA82-40D0-B005-61BADA10D860}

[2012/09/06 11:11:49 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{0532DB70-4E39-43D9-B7B7-7D4A19E6DF0B}

[2012/09/05 23:11:38 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{86C25ADD-F9B0-4DB7-B01B-BAC76A5B9BBD}

[2012/09/05 11:11:26 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{B6ABF8DA-DC32-44CD-9D73-303B4ED3E2B2}

[2012/09/04 22:25:56 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{DDDEDBF3-61B0-451A-8751-C7F26B864F5D}

[2012/09/04 10:25:44 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{515A7C01-48C1-4D45-AB4D-7412DB32E9B1}

[2012/09/03 22:17:46 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{52E40F3D-E64E-4278-922C-53C78721096B}

[2012/09/03 10:17:35 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{872F6C20-7380-4702-AB76-D1A62BA6BF92}

[2012/09/02 22:17:23 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{BB34BFE2-A294-4E9C-AD58-C24E8355F82F}

[2012/09/02 10:17:12 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{FE20391E-63C2-4DF3-B377-4B3F251F166C}

[2012/09/01 22:17:01 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{7B95CFB9-8D3F-42D3-976E-EBB0BB7E46E7}

[2012/09/01 10:16:49 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{0FAB122B-F345-4005-B7DF-122A120CFC38}

[2012/08/31 22:16:38 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{EF34F63A-10CA-48F0-BF3A-5F18D2DCECB6}

[2012/08/31 10:16:28 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012/08/31 10:16:28 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012/08/31 10:16:28 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012/08/31 10:16:19 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{6FFE5DBD-FAE2-463F-B592-77FF6B9681AF}

[2012/08/30 22:16:07 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{E4379F55-7F11-47F1-AFC1-B0AC0244D12B}

[2012/08/30 10:10:28 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{89F7C252-C3BE-42EB-A65A-BCD6BE310DAB}

[2012/08/29 22:10:17 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{91376EE2-F58F-40D3-9921-7C14FA27A07C}

[2012/08/29 07:21:47 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{353F7BA9-27CE-4CC7-A892-656829AFA05C}

[2012/08/28 13:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2

[2012/08/28 13:26:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2

[2012/08/28 13:26:42 | 000,000,000 | ---D | C] -- C:\Users\kristian\Documents\Guild Wars 2

[2012/08/28 12:48:23 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{73CCE3BA-FAFF-4FC3-959C-D7AC062574DA}

[2012/08/27 22:13:06 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{AB7DFA75-0AEC-44F7-9083-E01305ABEDC7}

[2012/08/27 09:59:30 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{79FD70C2-FD01-4C0F-84DC-DE1C7EDB60D4}

[2012/08/26 16:20:35 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{EDFB2A65-9D72-4479-9732-6302F2EAEEB2}

[2012/08/25 23:31:26 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{788458D4-3FEA-4CD9-8569-76BA142E1BC6}

[2012/08/25 10:22:06 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{37A2B3BB-54B8-4984-A720-5DEA2063C235}

[2012/08/24 21:07:34 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{8A932766-160A-463A-AFE6-155EA76D4CC5}

[2012/08/24 09:01:58 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{B61BF37A-68BC-446C-9A30-BEF269A59AAC}

[2012/08/23 12:19:58 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{C9538CA9-2ED0-4957-9F0C-D98E0547BB3C}

[2012/08/23 00:19:47 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{9C124C90-9CF2-49AB-A8C7-781BEEE6F488}

[2012/08/22 12:19:35 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{C0980BBF-8A37-46E7-A312-E009F51A7BBD}

[2012/08/22 00:19:24 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{858856F8-E874-445B-8049-4045A096E09C}

[2012/08/21 12:20:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

[2012/08/21 12:18:57 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{A0153AD7-F331-42FB-8097-A02CDE5A4250}

[2012/08/21 11:37:34 | 009,882,112 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsUStoricon.dll

[2012/08/21 11:37:34 | 000,244,224 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys

[2012/08/21 11:27:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2012/08/21 11:27:32 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2012/08/21 11:27:32 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2012/08/21 11:27:31 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll

[2012/08/21 11:27:31 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl

[2012/08/21 11:27:31 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll

[2012/08/21 11:27:30 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll

[2012/08/21 11:27:30 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll

[2012/08/21 11:27:30 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2012/08/21 11:27:30 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2012/08/21 11:27:30 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll

[2012/08/21 11:27:30 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2012/08/21 11:27:30 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2012/08/21 11:27:30 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll

[2012/08/21 11:27:29 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll

[2012/08/21 11:27:29 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2012/08/21 11:27:29 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2012/08/21 11:27:29 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll

[2012/08/21 11:27:21 | 000,083,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll

[2012/08/21 11:27:20 | 000,897,152 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll

[2012/08/21 11:27:20 | 000,753,280 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll

[2012/08/21 11:27:20 | 000,065,112 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll

[2012/08/21 11:27:20 | 000,060,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBPPCn64.dll

[2012/08/21 11:26:55 | 000,034,840 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\gwfilt64.sys

[2012/08/21 11:26:54 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2012/08/21 11:19:15 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Roaming\Leadertech

[2012/08/21 11:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd

[2012/08/21 11:19:03 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys

[2012/08/21 11:18:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd

[2012/08/21 11:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

[2012/08/21 11:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd

[2012/08/21 11:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech

[2012/08/21 11:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd

[2012/08/21 11:17:39 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Roaming\Logitech

[2012/08/21 11:17:39 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Roaming\Logishrd

[2012/08/21 11:15:07 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\SlimWare Utilities Inc

[2012/08/21 11:15:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate

[2012/08/21 11:14:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers

[2012/08/19 13:21:43 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{661B5887-96FA-4642-8A23-E70EFAE7D722}

[2012/08/19 12:04:33 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{01824968-B922-463D-A0F4-8392711C13A1}

[2012/08/19 11:35:00 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{F46F7206-1ABC-4089-A913-B566422D9AFF}

[2012/08/19 11:05:54 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{4D8A8EB0-1A21-4816-B193-3A58643E94F8}

[2012/08/19 05:02:30 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{F7E76940-8282-4FB8-AA29-5C07CB857CD2}

[2012/08/18 08:59:00 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{305F60A5-9B86-40C0-8463-2519678A61E2}

[2012/08/18 08:58:49 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{3C5BF993-72C8-47FE-93BD-2CBD61AFEBA9}

[2012/08/17 07:54:03 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{4B1E8034-BED1-4C4E-9F1B-A2045BD3975C}

[2012/08/17 07:53:52 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{EB88B13C-8E72-43A1-B33B-F5FD7E5781DD}

[2012/08/16 16:46:40 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{B3133FE0-7730-4D2B-9C7F-A1C669C205AA}

[2012/08/16 16:46:29 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{23FA1B58-5A95-4819-98F8-03FE35E98676}

[2012/08/15 21:39:28 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{8E309B04-7804-4AB4-8E56-8757B7310FD7}

[2012/08/15 21:39:16 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{697D9CC5-B011-48A7-A579-CD78027771D1}

[2012/08/15 07:09:47 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{4D72C0ED-F827-498E-9713-F1949298E5D9}

[2012/08/15 07:09:36 | 000,000,000 | ---D | C] -- C:\Users\kristian\AppData\Local\{29661A2A-FBCA-4793-93FA-333F77BFED40}

========== Files - Modified Within 30 Days ==========

[2012/09/13 21:28:04 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\kristian\Desktop\OTL.exe

[2012/09/13 21:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/09/13 11:09:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/09/13 03:14:26 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/09/13 03:14:26 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/09/13 02:39:10 | 000,726,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/09/13 02:39:10 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/09/13 02:39:10 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/09/13 02:34:41 | 2945,847,295 | -HS- | M] () -- C:\hiberfil.sys

[2012/09/13 02:33:56 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\ymmm.sys

[2012/09/13 02:32:51 | 000,724,952 | ---- | M] () -- C:\Users\kristian\Desktop\avenger.zip

[2012/09/13 02:27:22 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\pgmoeso.sys

[2012/09/13 02:21:54 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\grif.sys

[2012/09/11 22:22:24 | 000,002,860 | ---- | M] () -- C:\Users\kristian\Desktop\Flash info.rtf

[2012/09/10 23:07:08 | 357,071,364 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/09/10 22:17:08 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/09/04 01:31:58 | 000,001,354 | ---- | M] () -- C:\Users\kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

[2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll

[2012/08/28 20:24:53 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012/08/28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012/08/28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012/08/28 13:26:56 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk

[2012/08/28 13:26:21 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/08/28 13:26:21 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/08/24 10:14:28 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2012/08/21 12:08:02 | 000,015,712 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys

[2012/08/21 11:37:06 | 009,882,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsUStoricon.dll

[2012/08/21 11:37:05 | 000,244,224 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys

[2012/08/21 11:35:04 | 000,053,248 | ---- | M] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll

[2012/08/21 11:22:40 | 000,518,896 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2012/08/21 11:22:40 | 000,155,888 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2012/08/21 11:22:39 | 001,560,168 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl

[2012/08/21 11:22:38 | 002,674,320 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll

[2012/08/21 11:22:38 | 000,331,880 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll

[2012/08/21 11:22:36 | 003,615,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll

[2012/08/21 11:22:36 | 000,869,520 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll

[2012/08/21 11:22:36 | 000,375,128 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2012/08/21 11:22:36 | 000,204,120 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2012/08/21 11:22:36 | 000,149,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll

[2012/08/21 11:22:36 | 000,101,208 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2012/08/21 11:22:36 | 000,078,680 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2012/08/21 11:22:36 | 000,014,952 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll

[2012/08/21 11:22:35 | 001,262,696 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll

[2012/08/21 11:22:35 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2012/08/21 11:22:35 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2012/08/21 11:22:35 | 000,293,889 | ---- | M] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT

[2012/08/21 11:22:34 | 000,105,616 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll

[2012/08/21 11:22:31 | 000,897,152 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll

[2012/08/21 11:22:31 | 000,753,280 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll

[2012/08/21 11:22:31 | 000,083,072 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll

[2012/08/21 11:22:31 | 000,065,112 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll

[2012/08/21 11:22:31 | 000,060,504 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBPPCn64.dll

[2012/08/21 11:22:27 | 000,034,840 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\gwfilt64.sys

[2012/08/21 11:22:26 | 002,533,952 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2012/08/21 11:22:07 | 001,706,640 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll

[2012/08/21 11:19:03 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys

========== Files Created - No Company Name ==========

[2012/09/13 02:33:56 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\ymmm.sys

[2012/09/13 02:32:51 | 000,724,952 | ---- | C] () -- C:\Users\kristian\Desktop\avenger.zip

[2012/09/13 02:27:22 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\pgmoeso.sys

[2012/09/13 02:21:54 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\grif.sys

[2012/09/11 22:22:24 | 000,002,860 | ---- | C] () -- C:\Users\kristian\Desktop\Flash info.rtf

[2012/09/10 23:04:45 | 357,071,364 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/09/10 22:53:16 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\00000008.@

[2012/09/10 22:53:14 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\80000000.@

[2012/09/10 22:53:13 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\000000cb.@

[2012/09/04 01:31:58 | 000,001,354 | ---- | C] () -- C:\Users\kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

[2012/08/28 13:26:56 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk

[2012/08/21 12:08:34 | 000,090,624 | ---- | C] () -- C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\80000032.@

[2012/08/21 11:27:29 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT

[2012/08/21 11:15:08 | 000,015,712 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys

[2012/07/29 13:24:29 | 000,027,520 | ---- | C] () -- C:\Users\kristian\AppData\Local\dt.dat

[2012/07/10 17:35:00 | 000,077,824 | ---- | C] () -- C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\80000064.@

[2012/07/10 17:35:00 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\L\00000004.@

[2012/07/10 17:34:59 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\00000004.@

[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2012/01/11 15:14:42 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\@

[2012/01/11 15:14:42 | 000,002,048 | -HS- | C] () -- C:\Users\kristian\AppData\Local\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\@

[2011/12/15 13:40:17 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll

[2011/12/15 13:40:17 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll

[2011/12/15 13:40:17 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll

[2011/12/15 13:31:10 | 000,039,915 | ---- | C] () -- C:\Windows\DIIUnin.dat

[2011/11/29 18:47:23 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Link to post
Share on other sites

Please do this next:

icon11.gif Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    DRV - [2012/09/13 02:33:56 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\ymmm.sys -- (dzyi)
    DRV - [2012/09/13 02:27:22 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\pgmoeso.sys -- (vgumue)
    DRV - [2012/09/13 02:21:54 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\grif.sys -- (jxgcu)
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
    :Files
    C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}
    C:\Users\kristian\AppData\Local\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}
    C:\Windows\assembly\GAC_32\Desktop.ini
    C:\Windows\assembly\GAC_64\Desktop.ini
    :Commands
    [EmptyTemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

icon11.gif Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.

Please include the following in your next post:

  • OTL Fix log
  • TDSSKiller log

Link to post
Share on other sites

OTL Fix Log:

All processes killed

========== OTL ==========

Service dzyi stopped successfully!

Service dzyi deleted successfully!

C:\Windows\SysWOW64\drivers\ymmm.sys moved successfully.

Service vgumue stopped successfully!

Service vgumue deleted successfully!

C:\Windows\SysWOW64\drivers\pgmoeso.sys moved successfully.

Service jxgcu stopped successfully!

Service jxgcu deleted successfully!

C:\Windows\SysWOW64\drivers\grif.sys moved successfully.

ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.

========== FILES ==========

C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U folder moved successfully.

C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\L folder moved successfully.

C:\Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c} folder moved successfully.

C:\Users\kristian\AppData\Local\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U folder moved successfully.

C:\Users\kristian\AppData\Local\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\L folder moved successfully.

C:\Users\kristian\AppData\Local\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c} folder moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56475 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: kristian

->Temp folder emptied: 547180164 bytes

->Temporary Internet Files folder emptied: 252163109 bytes

->Java cache emptied: 1146 bytes

->FireFox cache emptied: 310155459 bytes

->Flash cache emptied: 18976 bytes

User: Public

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 401992569 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,442.00 mb

OTL by OldTimer - Version 3.2.61.3 log created on 09132012_223937

Files\Folders moved on Reboot...

C:\Users\kristian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Windows\temp\flaC44F.tmp not found!

File\Folder C:\Windows\temp\flaD761.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

TDSSKiller Log:

22:45:12.0313 4896 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

22:45:12.0828 4896 ============================================================

22:45:12.0828 4896 Current date / time: 2012/09/13 22:45:12.0828

22:45:12.0828 4896 SystemInfo:

22:45:12.0828 4896

22:45:12.0828 4896 OS Version: 6.1.7601 ServicePack: 1.0

22:45:12.0828 4896 Product type: Workstation

22:45:12.0828 4896 ComputerName: KRISTIAN-PC

22:45:12.0828 4896 UserName: kristian

22:45:12.0828 4896 Windows directory: C:\Windows

22:45:12.0828 4896 System windows directory: C:\Windows

22:45:12.0828 4896 Running under WOW64

22:45:12.0828 4896 Processor architecture: Intel x64

22:45:12.0828 4896 Number of processors: 8

22:45:12.0828 4896 Page size: 0x1000

22:45:12.0828 4896 Boot type: Normal boot

22:45:12.0828 4896 ============================================================

22:45:14.0388 4896 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:45:14.0388 4896 ============================================================

22:45:14.0388 4896 \Device\Harddisk0\DR0:

22:45:14.0388 4896 MBR partitions:

22:45:14.0388 4896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

22:45:14.0388 4896 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800

22:45:14.0388 4896 ============================================================

22:45:14.0419 4896 C: <-> \Device\Harddisk0\DR0\Partition2

22:45:14.0419 4896 ============================================================

22:45:14.0419 4896 Initialize success

22:45:14.0419 4896 ============================================================

22:45:33.0826 3528 ============================================================

22:45:33.0826 3528 Scan started

22:45:33.0826 3528 Mode: Manual; TDLFS;

22:45:33.0826 3528 ============================================================

22:45:33.0966 3528 ================ Scan system memory ========================

22:45:33.0966 3528 System memory - ok

22:45:33.0966 3528 ================ Scan services =============================

22:45:34.0091 3528 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

22:45:34.0091 3528 1394ohci - ok

22:45:34.0122 3528 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

22:45:34.0122 3528 ACPI - ok

22:45:34.0138 3528 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

22:45:34.0153 3528 AcpiPmi - ok

22:45:34.0247 3528 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

22:45:34.0247 3528 AdobeARMservice - ok

22:45:34.0372 3528 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

22:45:34.0372 3528 AdobeFlashPlayerUpdateSvc - ok

22:45:34.0403 3528 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

22:45:34.0403 3528 adp94xx - ok

22:45:34.0450 3528 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

22:45:34.0450 3528 adpahci - ok

22:45:34.0481 3528 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

22:45:34.0481 3528 adpu320 - ok

22:45:34.0497 3528 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

22:45:34.0497 3528 AeLookupSvc - ok

22:45:34.0559 3528 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

22:45:34.0575 3528 AFD - ok

22:45:34.0637 3528 [ 48008D4EA73C1058F36D323A644410D4 ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe

22:45:34.0637 3528 AgereModemAudio - ok

22:45:34.0668 3528 [ DDF52C4C92D831A4CDB7788B37585E36 ] AGERESoftModem C:\Windows\system32\DRIVERS\agrsm64.sys

22:45:34.0684 3528 AGERESoftModem - ok

22:45:34.0715 3528 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

22:45:34.0715 3528 agp440 - ok

22:45:34.0731 3528 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

22:45:34.0731 3528 ALG - ok

22:45:34.0746 3528 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

22:45:34.0746 3528 aliide - ok

22:45:34.0746 3528 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

22:45:34.0746 3528 amdide - ok

22:45:34.0746 3528 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

22:45:34.0762 3528 AmdK8 - ok

22:45:34.0762 3528 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

22:45:34.0762 3528 AmdPPM - ok

22:45:34.0793 3528 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

22:45:34.0793 3528 amdsata - ok

22:45:34.0809 3528 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

22:45:34.0809 3528 amdsbs - ok

22:45:34.0840 3528 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

22:45:34.0840 3528 amdxata - ok

22:45:34.0840 3528 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

22:45:34.0855 3528 AppID - ok

22:45:34.0871 3528 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

22:45:34.0871 3528 AppIDSvc - ok

22:45:34.0871 3528 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

22:45:34.0871 3528 Appinfo - ok

22:45:34.0949 3528 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

22:45:34.0949 3528 Apple Mobile Device - ok

22:45:34.0980 3528 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

22:45:34.0980 3528 AppMgmt - ok

22:45:34.0996 3528 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

22:45:34.0996 3528 arc - ok

22:45:35.0011 3528 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

22:45:35.0011 3528 arcsas - ok

22:45:35.0027 3528 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

22:45:35.0027 3528 AsyncMac - ok

22:45:35.0058 3528 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

22:45:35.0058 3528 atapi - ok

22:45:35.0074 3528 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

22:45:35.0089 3528 AudioEndpointBuilder - ok

22:45:35.0105 3528 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

22:45:35.0105 3528 AudioSrv - ok

22:45:35.0121 3528 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

22:45:35.0121 3528 AxInstSV - ok

22:45:35.0136 3528 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

22:45:35.0152 3528 b06bdrv - ok

22:45:35.0167 3528 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

22:45:35.0183 3528 b57nd60a - ok

22:45:35.0199 3528 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

22:45:35.0199 3528 BDESVC - ok

22:45:35.0214 3528 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

22:45:35.0214 3528 Beep - ok

22:45:35.0245 3528 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

22:45:35.0245 3528 blbdrive - ok

22:45:35.0323 3528 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

22:45:35.0323 3528 Bonjour Service - ok

22:45:35.0355 3528 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

22:45:35.0355 3528 bowser - ok

22:45:35.0370 3528 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

22:45:35.0370 3528 BrFiltLo - ok

22:45:35.0386 3528 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

22:45:35.0386 3528 BrFiltUp - ok

22:45:35.0401 3528 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll

22:45:35.0401 3528 Browser - ok

22:45:35.0417 3528 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

22:45:35.0433 3528 Brserid - ok

22:45:35.0448 3528 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

22:45:35.0448 3528 BrSerWdm - ok

22:45:35.0448 3528 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

22:45:35.0448 3528 BrUsbMdm - ok

22:45:35.0448 3528 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

22:45:35.0448 3528 BrUsbSer - ok

22:45:35.0464 3528 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

22:45:35.0464 3528 BTHMODEM - ok

22:45:35.0479 3528 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

22:45:35.0479 3528 bthserv - ok

22:45:35.0495 3528 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

22:45:35.0495 3528 cdfs - ok

22:45:35.0511 3528 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

22:45:35.0511 3528 cdrom - ok

22:45:35.0526 3528 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

22:45:35.0526 3528 CertPropSvc - ok

22:45:35.0542 3528 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

22:45:35.0542 3528 circlass - ok

22:45:35.0557 3528 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

22:45:35.0557 3528 CLFS - ok

22:45:35.0620 3528 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:45:35.0620 3528 clr_optimization_v2.0.50727_32 - ok

22:45:35.0682 3528 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:45:35.0682 3528 clr_optimization_v2.0.50727_64 - ok

22:45:35.0745 3528 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:45:35.0791 3528 clr_optimization_v4.0.30319_32 - ok

22:45:35.0838 3528 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:45:35.0838 3528 clr_optimization_v4.0.30319_64 - ok

22:45:35.0854 3528 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

22:45:35.0854 3528 CmBatt - ok

22:45:35.0869 3528 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

22:45:35.0869 3528 cmdide - ok

22:45:35.0901 3528 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

22:45:35.0916 3528 CNG - ok

22:45:35.0932 3528 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

22:45:35.0932 3528 Compbatt - ok

22:45:35.0947 3528 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

22:45:35.0947 3528 CompositeBus - ok

22:45:35.0963 3528 COMSysApp - ok

22:45:35.0979 3528 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

22:45:35.0979 3528 crcdisk - ok

22:45:36.0010 3528 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

22:45:36.0010 3528 CryptSvc - ok

22:45:36.0041 3528 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

22:45:36.0041 3528 CSC - ok

22:45:36.0072 3528 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

22:45:36.0088 3528 CscService - ok

22:45:36.0119 3528 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

22:45:36.0119 3528 DcomLaunch - ok

22:45:36.0150 3528 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

22:45:36.0166 3528 defragsvc - ok

22:45:36.0166 3528 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

22:45:36.0181 3528 DfsC - ok

22:45:36.0213 3528 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

22:45:36.0213 3528 Dhcp - ok

22:45:36.0228 3528 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

22:45:36.0228 3528 discache - ok

22:45:36.0228 3528 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

22:45:36.0228 3528 Disk - ok

22:45:36.0259 3528 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys

22:45:36.0259 3528 dmvsc - ok

22:45:36.0291 3528 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

22:45:36.0291 3528 Dnscache - ok

22:45:36.0337 3528 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

22:45:36.0337 3528 dot3svc - ok

22:45:36.0353 3528 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

22:45:36.0353 3528 DPS - ok

22:45:36.0384 3528 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

22:45:36.0384 3528 drmkaud - ok

22:45:36.0400 3528 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

22:45:36.0415 3528 DXGKrnl - ok

22:45:36.0447 3528 [ 1F20AEAAD1BE0121647257235B788224 ] e1yexpress C:\Windows\system32\DRIVERS\e1y62x64.sys

22:45:36.0447 3528 e1yexpress - ok

22:45:36.0447 3528 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

22:45:36.0462 3528 EapHost - ok

22:45:36.0525 3528 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

22:45:36.0587 3528 ebdrv - ok

22:45:36.0618 3528 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

22:45:36.0618 3528 EFS - ok

22:45:36.0665 3528 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

22:45:36.0681 3528 ehRecvr - ok

22:45:36.0696 3528 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

22:45:36.0696 3528 ehSched - ok

22:45:36.0712 3528 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

22:45:36.0727 3528 elxstor - ok

22:45:36.0743 3528 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

22:45:36.0743 3528 ErrDev - ok

22:45:36.0774 3528 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

22:45:36.0774 3528 EventSystem - ok

22:45:36.0790 3528 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

22:45:36.0805 3528 exfat - ok

22:45:36.0821 3528 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

22:45:36.0821 3528 fastfat - ok

22:45:36.0837 3528 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

22:45:36.0852 3528 Fax - ok

22:45:36.0868 3528 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

22:45:36.0868 3528 fdc - ok

22:45:36.0883 3528 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

22:45:36.0883 3528 fdPHost - ok

22:45:36.0899 3528 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

22:45:36.0899 3528 FDResPub - ok

22:45:36.0915 3528 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

22:45:36.0915 3528 FileInfo - ok

22:45:36.0930 3528 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

22:45:36.0930 3528 Filetrace - ok

22:45:36.0946 3528 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

22:45:36.0946 3528 flpydisk - ok

22:45:36.0961 3528 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

22:45:36.0961 3528 FltMgr - ok

22:45:37.0024 3528 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

22:45:37.0039 3528 FontCache - ok

22:45:37.0071 3528 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:45:37.0071 3528 FontCache3.0.0.0 - ok

22:45:37.0086 3528 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

22:45:37.0086 3528 FsDepends - ok

22:45:37.0117 3528 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

22:45:37.0117 3528 Fs_Rec - ok

22:45:37.0133 3528 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

22:45:37.0149 3528 fvevol - ok

22:45:37.0149 3528 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

22:45:37.0149 3528 gagp30kx - ok

22:45:37.0180 3528 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

22:45:37.0180 3528 GEARAspiWDM - ok

22:45:37.0195 3528 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

22:45:37.0211 3528 gpsvc - ok

22:45:37.0242 3528 [ B9893A68032A6D9ADDB5B98287C630F7 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys

22:45:37.0242 3528 grmnusb - ok

22:45:37.0273 3528 [ 215DCB833B0747FBAD8AE28C85B5381C ] gwfilt64 C:\Windows\system32\drivers\gwfilt64.sys

22:45:37.0273 3528 gwfilt64 - ok

22:45:37.0289 3528 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

22:45:37.0289 3528 hcw85cir - ok

22:45:37.0320 3528 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

22:45:37.0320 3528 HdAudAddService - ok

22:45:37.0336 3528 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

22:45:37.0336 3528 HDAudBus - ok

22:45:37.0351 3528 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

22:45:37.0351 3528 HidBatt - ok

22:45:37.0367 3528 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

22:45:37.0367 3528 HidBth - ok

22:45:37.0383 3528 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

22:45:37.0383 3528 HidIr - ok

22:45:37.0398 3528 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

22:45:37.0398 3528 hidserv - ok

22:45:37.0414 3528 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

22:45:37.0414 3528 HidUsb - ok

22:45:37.0429 3528 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

22:45:37.0429 3528 hkmsvc - ok

22:45:37.0445 3528 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

22:45:37.0461 3528 HomeGroupListener - ok

22:45:37.0492 3528 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

22:45:37.0492 3528 HomeGroupProvider - ok

22:45:37.0507 3528 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

22:45:37.0507 3528 HpSAMD - ok

22:45:37.0539 3528 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

22:45:37.0539 3528 HTTP - ok

22:45:37.0554 3528 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

22:45:37.0554 3528 hwpolicy - ok

22:45:37.0554 3528 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

22:45:37.0570 3528 i8042prt - ok

22:45:37.0601 3528 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

22:45:37.0601 3528 iaStor - ok

22:45:37.0679 3528 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

22:45:37.0679 3528 IAStorDataMgrSvc - ok

22:45:37.0695 3528 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

22:45:37.0710 3528 iaStorV - ok

22:45:37.0757 3528 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:45:37.0757 3528 idsvc - ok

22:45:37.0788 3528 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

22:45:37.0788 3528 iirsp - ok

22:45:37.0804 3528 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

22:45:37.0819 3528 IKEEXT - ok

22:45:37.0929 3528 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

22:45:37.0944 3528 IntcAzAudAddService - ok

22:45:37.0975 3528 [ CE30E176D5F67728DE368242108B9C34 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe

22:45:37.0975 3528 Intel® PROSet Monitoring Service - ok

22:45:37.0991 3528 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

22:45:37.0991 3528 intelide - ok

22:45:38.0007 3528 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

22:45:38.0007 3528 intelppm - ok

22:45:38.0022 3528 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

22:45:38.0022 3528 IPBusEnum - ok

22:45:38.0038 3528 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:45:38.0053 3528 IpFilterDriver - ok

22:45:38.0069 3528 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

22:45:38.0069 3528 IPMIDRV - ok

22:45:38.0085 3528 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

22:45:38.0085 3528 IPNAT - ok

22:45:38.0131 3528 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

22:45:38.0147 3528 iPod Service - ok

22:45:38.0163 3528 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

22:45:38.0163 3528 IRENUM - ok

22:45:38.0178 3528 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

22:45:38.0178 3528 isapnp - ok

22:45:38.0209 3528 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

22:45:38.0209 3528 iScsiPrt - ok

22:45:38.0225 3528 [ C0D9BA660A41EE8A269EF804E6CD0D7B ] JRAID C:\Windows\system32\DRIVERS\jraid.sys

22:45:38.0225 3528 JRAID - ok

22:45:38.0256 3528 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

22:45:38.0256 3528 kbdclass - ok

22:45:38.0287 3528 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

22:45:38.0287 3528 kbdhid - ok

22:45:38.0287 3528 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

22:45:38.0287 3528 KeyIso - ok

22:45:38.0319 3528 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

22:45:38.0319 3528 KSecDD - ok

22:45:38.0334 3528 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

22:45:38.0334 3528 KSecPkg - ok

22:45:38.0350 3528 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

22:45:38.0350 3528 ksthunk - ok

22:45:38.0381 3528 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

22:45:38.0381 3528 KtmRm - ok

22:45:38.0428 3528 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

22:45:38.0428 3528 LanmanServer - ok

22:45:38.0443 3528 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

22:45:38.0443 3528 LanmanWorkstation - ok

22:45:38.0553 3528 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

22:45:38.0553 3528 LBTServ - ok

22:45:38.0615 3528 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys

22:45:38.0615 3528 LHidFilt - ok

22:45:38.0646 3528 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

22:45:38.0646 3528 lltdio - ok

22:45:38.0662 3528 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

22:45:38.0662 3528 lltdsvc - ok

22:45:38.0677 3528 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

22:45:38.0693 3528 lmhosts - ok

22:45:38.0709 3528 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys

22:45:38.0709 3528 LMouFilt - ok

22:45:38.0724 3528 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

22:45:38.0740 3528 LSI_FC - ok

22:45:38.0740 3528 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

22:45:38.0740 3528 LSI_SAS - ok

22:45:38.0755 3528 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

22:45:38.0755 3528 LSI_SAS2 - ok

22:45:38.0771 3528 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

22:45:38.0771 3528 LSI_SCSI - ok

22:45:38.0802 3528 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

22:45:38.0802 3528 luafv - ok

22:45:38.0818 3528 [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys

22:45:38.0818 3528 LUsbFilt - ok

22:45:38.0865 3528 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

22:45:38.0865 3528 MBAMProtector - ok

22:45:38.0896 3528 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

22:45:38.0911 3528 MBAMScheduler - ok

22:45:38.0927 3528 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

22:45:38.0943 3528 MBAMService - ok

22:45:38.0958 3528 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

22:45:38.0958 3528 Mcx2Svc - ok

22:45:38.0989 3528 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

22:45:38.0989 3528 megasas - ok

22:45:39.0005 3528 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

22:45:39.0005 3528 MegaSR - ok

22:45:39.0052 3528 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

22:45:39.0052 3528 MMCSS - ok

22:45:39.0067 3528 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

22:45:39.0067 3528 Modem - ok

22:45:39.0083 3528 [ E38AEF079CD3BCFA19F2072A214F829D ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys

22:45:39.0083 3528 MODEMCSA - ok

22:45:39.0083 3528 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

22:45:39.0083 3528 monitor - ok

22:45:39.0130 3528 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

22:45:39.0130 3528 mouclass - ok

22:45:39.0130 3528 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

22:45:39.0130 3528 mouhid - ok

22:45:39.0145 3528 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

22:45:39.0145 3528 mountmgr - ok

22:45:39.0192 3528 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

22:45:39.0192 3528 MozillaMaintenance - ok

22:45:39.0208 3528 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

22:45:39.0208 3528 mpio - ok

22:45:39.0208 3528 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

22:45:39.0223 3528 mpsdrv - ok

22:45:39.0223 3528 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

22:45:39.0239 3528 MRxDAV - ok

22:45:39.0270 3528 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

22:45:39.0270 3528 mrxsmb - ok

22:45:39.0286 3528 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:45:39.0286 3528 mrxsmb10 - ok

22:45:39.0317 3528 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:45:39.0317 3528 mrxsmb20 - ok

22:45:39.0317 3528 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

22:45:39.0317 3528 msahci - ok

22:45:39.0348 3528 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

22:45:39.0348 3528 msdsm - ok

22:45:39.0364 3528 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

22:45:39.0364 3528 MSDTC - ok

22:45:39.0395 3528 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

22:45:39.0395 3528 Msfs - ok

22:45:39.0411 3528 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

22:45:39.0411 3528 mshidkmdf - ok

22:45:39.0411 3528 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

22:45:39.0411 3528 msisadrv - ok

22:45:39.0426 3528 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

22:45:39.0426 3528 MSiSCSI - ok

22:45:39.0442 3528 msiserver - ok

22:45:39.0457 3528 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

22:45:39.0457 3528 MSKSSRV - ok

22:45:39.0473 3528 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

22:45:39.0473 3528 MSPCLOCK - ok

22:45:39.0473 3528 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

22:45:39.0489 3528 MSPQM - ok

22:45:39.0504 3528 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

22:45:39.0504 3528 MsRPC - ok

22:45:39.0535 3528 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

22:45:39.0535 3528 mssmbios - ok

22:45:39.0551 3528 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

22:45:39.0551 3528 MSTEE - ok

22:45:39.0567 3528 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

22:45:39.0567 3528 MTConfig - ok

22:45:39.0582 3528 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

22:45:39.0582 3528 Mup - ok

22:45:39.0598 3528 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

22:45:39.0613 3528 napagent - ok

22:45:39.0645 3528 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

22:45:39.0645 3528 NativeWifiP - ok

22:45:39.0691 3528 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

22:45:39.0691 3528 NDIS - ok

22:45:39.0723 3528 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

22:45:39.0723 3528 NdisCap - ok

22:45:39.0738 3528 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

22:45:39.0738 3528 NdisTapi - ok

22:45:39.0738 3528 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

22:45:39.0738 3528 Ndisuio - ok

22:45:39.0754 3528 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

22:45:39.0754 3528 NdisWan - ok

22:45:39.0769 3528 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

22:45:39.0769 3528 NDProxy - ok

22:45:39.0785 3528 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

22:45:39.0785 3528 NetBIOS - ok

22:45:39.0801 3528 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

22:45:39.0801 3528 NetBT - ok

22:45:39.0816 3528 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

22:45:39.0816 3528 Netlogon - ok

22:45:39.0847 3528 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

22:45:39.0847 3528 Netman - ok

22:45:39.0879 3528 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

22:45:39.0879 3528 netprofm - ok

22:45:39.0925 3528 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:45:39.0925 3528 NetTcpPortSharing - ok

22:45:39.0941 3528 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

22:45:39.0941 3528 nfrd960 - ok

22:45:39.0957 3528 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

22:45:39.0972 3528 NlaSvc - ok

22:45:40.0003 3528 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

22:45:40.0003 3528 Npfs - ok

22:45:40.0003 3528 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

22:45:40.0003 3528 nsi - ok

22:45:40.0019 3528 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

22:45:40.0019 3528 nsiproxy - ok

22:45:40.0081 3528 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

22:45:40.0097 3528 Ntfs - ok

22:45:40.0128 3528 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

22:45:40.0128 3528 Null - ok

22:45:40.0362 3528 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

22:45:40.0425 3528 nvlddmkm - ok

22:45:40.0440 3528 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

22:45:40.0440 3528 nvraid - ok

22:45:40.0471 3528 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

22:45:40.0471 3528 nvstor - ok

22:45:40.0518 3528 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe

22:45:40.0534 3528 nvsvc - ok

22:45:40.0581 3528 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

22:45:40.0596 3528 nvUpdatusService - ok

22:45:40.0596 3528 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

22:45:40.0596 3528 nv_agp - ok

22:45:40.0612 3528 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

22:45:40.0627 3528 ohci1394 - ok

22:45:40.0643 3528 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

22:45:40.0643 3528 p2pimsvc - ok

22:45:40.0659 3528 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

22:45:40.0674 3528 p2psvc - ok

22:45:40.0690 3528 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

22:45:40.0690 3528 Parport - ok

22:45:40.0721 3528 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

22:45:40.0721 3528 partmgr - ok

22:45:40.0737 3528 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

22:45:40.0737 3528 PcaSvc - ok

22:45:40.0752 3528 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

22:45:40.0752 3528 pci - ok

22:45:40.0768 3528 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

22:45:40.0768 3528 pciide - ok

22:45:40.0783 3528 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

22:45:40.0783 3528 pcmcia - ok

22:45:40.0799 3528 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

22:45:40.0799 3528 pcw - ok

22:45:40.0815 3528 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

22:45:40.0830 3528 PEAUTH - ok

22:45:40.0893 3528 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

22:45:40.0908 3528 PeerDistSvc - ok

22:45:40.0971 3528 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

22:45:40.0971 3528 PerfHost - ok

22:45:41.0017 3528 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

22:45:41.0033 3528 pla - ok

22:45:41.0064 3528 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

22:45:41.0080 3528 PlugPlay - ok

22:45:41.0080 3528 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

22:45:41.0080 3528 PNRPAutoReg - ok

22:45:41.0095 3528 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

22:45:41.0095 3528 PNRPsvc - ok

22:45:41.0127 3528 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

22:45:41.0127 3528 PolicyAgent - ok

22:45:41.0158 3528 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

22:45:41.0158 3528 Power - ok

22:45:41.0173 3528 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

22:45:41.0173 3528 PptpMiniport - ok

22:45:41.0189 3528 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

22:45:41.0189 3528 Processor - ok

22:45:41.0220 3528 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

22:45:41.0220 3528 ProfSvc - ok

22:45:41.0220 3528 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

22:45:41.0220 3528 ProtectedStorage - ok

22:45:41.0236 3528 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

22:45:41.0236 3528 Psched - ok

22:45:41.0267 3528 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

22:45:41.0283 3528 ql2300 - ok

22:45:41.0298 3528 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

22:45:41.0298 3528 ql40xx - ok

22:45:41.0314 3528 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

22:45:41.0314 3528 QWAVE - ok

22:45:41.0329 3528 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

22:45:41.0329 3528 QWAVEdrv - ok

22:45:41.0345 3528 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

22:45:41.0345 3528 RasAcd - ok

22:45:41.0361 3528 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

22:45:41.0361 3528 RasAgileVpn - ok

22:45:41.0376 3528 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

22:45:41.0376 3528 RasAuto - ok

22:45:41.0392 3528 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

22:45:41.0392 3528 Rasl2tp - ok

22:45:41.0407 3528 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

22:45:41.0407 3528 RasMan - ok

22:45:41.0423 3528 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

22:45:41.0423 3528 RasPppoe - ok

22:45:41.0439 3528 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

22:45:41.0439 3528 RasSstp - ok

22:45:41.0454 3528 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

22:45:41.0470 3528 rdbss - ok

22:45:41.0470 3528 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

22:45:41.0470 3528 rdpbus - ok

22:45:41.0501 3528 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

22:45:41.0501 3528 RDPCDD - ok

22:45:41.0517 3528 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

22:45:41.0532 3528 RDPDR - ok

22:45:41.0532 3528 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

22:45:41.0532 3528 RDPENCDD - ok

22:45:41.0548 3528 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

22:45:41.0548 3528 RDPREFMP - ok

22:45:41.0579 3528 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

22:45:41.0579 3528 RdpVideoMiniport - ok

22:45:41.0610 3528 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

22:45:41.0610 3528 RDPWD - ok

22:45:41.0626 3528 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

22:45:41.0626 3528 rdyboost - ok

22:45:41.0641 3528 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

22:45:41.0641 3528 RemoteAccess - ok

22:45:41.0657 3528 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

22:45:41.0673 3528 RemoteRegistry - ok

22:45:41.0688 3528 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

22:45:41.0688 3528 RpcEptMapper - ok

22:45:41.0704 3528 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

22:45:41.0704 3528 RpcLocator - ok

22:45:41.0719 3528 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

22:45:41.0735 3528 RpcSs - ok

22:45:41.0751 3528 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

22:45:41.0751 3528 rspndr - ok

22:45:41.0782 3528 [ 2B12B0B32BA058F1DF2706E8FD7DBEBB ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

22:45:41.0782 3528 RSUSBSTOR - ok

22:45:41.0813 3528 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

22:45:41.0813 3528 s3cap - ok

22:45:41.0829 3528 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

22:45:41.0829 3528 SamSs - ok

22:45:41.0844 3528 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

22:45:41.0844 3528 sbp2port - ok

22:45:41.0860 3528 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

22:45:41.0860 3528 SCardSvr - ok

22:45:41.0875 3528 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

22:45:41.0875 3528 scfilter - ok

22:45:41.0907 3528 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

22:45:41.0922 3528 Schedule - ok

22:45:41.0938 3528 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

22:45:41.0938 3528 SCPolicySvc - ok

22:45:41.0953 3528 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

22:45:41.0969 3528 SDRSVC - ok

22:45:41.0969 3528 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

22:45:41.0969 3528 secdrv - ok

22:45:41.0985 3528 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

22:45:41.0985 3528 seclogon - ok

22:45:41.0985 3528 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

22:45:41.0985 3528 SENS - ok

22:45:42.0000 3528 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

22:45:42.0000 3528 SensrSvc - ok

22:45:42.0016 3528 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

22:45:42.0016 3528 Serenum - ok

22:45:42.0063 3528 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

22:45:42.0063 3528 Serial - ok

22:45:42.0063 3528 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

22:45:42.0063 3528 sermouse - ok

22:45:42.0094 3528 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

22:45:42.0094 3528 SessionEnv - ok

22:45:42.0109 3528 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

22:45:42.0125 3528 sffdisk - ok

22:45:42.0125 3528 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

22:45:42.0125 3528 sffp_mmc - ok

22:45:42.0141 3528 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

22:45:42.0141 3528 sffp_sd - ok

22:45:42.0156 3528 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

22:45:42.0156 3528 sfloppy - ok

22:45:42.0172 3528 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

22:45:42.0187 3528 ShellHWDetection - ok

22:45:42.0203 3528 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

22:45:42.0203 3528 SiSRaid2 - ok

22:45:42.0219 3528 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

22:45:42.0219 3528 SiSRaid4 - ok

22:45:42.0219 3528 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

22:45:42.0219 3528 Smb - ok

22:45:42.0250 3528 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

22:45:42.0265 3528 SNMPTRAP - ok

22:45:42.0265 3528 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

22:45:42.0265 3528 spldr - ok

22:45:42.0281 3528 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe

22:45:42.0297 3528 Spooler - ok

22:45:42.0359 3528 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

22:45:42.0421 3528 sppsvc - ok

22:45:42.0437 3528 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

22:45:42.0437 3528 sppuinotify - ok

22:45:42.0484 3528 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

22:45:42.0484 3528 srv - ok

22:45:42.0499 3528 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

22:45:42.0515 3528 srv2 - ok

22:45:42.0546 3528 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

22:45:42.0546 3528 srvnet - ok

22:45:42.0562 3528 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

22:45:42.0577 3528 SSDPSRV - ok

22:45:42.0577 3528 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

22:45:42.0577 3528 SstpSvc - ok

22:45:42.0640 3528 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

22:45:42.0640 3528 Stereo Service - ok

22:45:42.0655 3528 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

22:45:42.0655 3528 stexstor - ok

22:45:42.0687 3528 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

22:45:42.0702 3528 stisvc - ok

22:45:42.0733 3528 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

22:45:42.0733 3528 storflt - ok

22:45:42.0733 3528 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

22:45:42.0733 3528 storvsc - ok

22:45:42.0796 3528 [ 85BF0B7CE3D9B6D1611E05872E1C3E56 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys

22:45:42.0796 3528 SWDUMon - ok

22:45:42.0811 3528 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

22:45:42.0811 3528 swenum - ok

22:45:42.0843 3528 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

22:45:42.0843 3528 swprv - ok

22:45:42.0858 3528 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys

22:45:42.0858 3528 Synth3dVsc - ok

22:45:42.0905 3528 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

22:45:42.0936 3528 SysMain - ok

22:45:42.0952 3528 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

22:45:42.0952 3528 TabletInputService - ok

22:45:42.0983 3528 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

22:45:42.0983 3528 TapiSrv - ok

22:45:42.0999 3528 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

22:45:42.0999 3528 TBS - ok

22:45:43.0045 3528 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

22:45:43.0077 3528 Tcpip - ok

22:45:43.0108 3528 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

22:45:43.0123 3528 TCPIP6 - ok

22:45:43.0123 3528 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

22:45:43.0123 3528 tcpipreg - ok

22:45:43.0139 3528 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

22:45:43.0139 3528 TDPIPE - ok

22:45:43.0170 3528 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

22:45:43.0170 3528 TDTCP - ok

22:45:43.0201 3528 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

22:45:43.0201 3528 tdx - ok

22:45:43.0201 3528 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

22:45:43.0217 3528 TermDD - ok

22:45:43.0217 3528 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys

22:45:43.0217 3528 terminpt - ok

22:45:43.0248 3528 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

22:45:43.0248 3528 TermService - ok

22:45:43.0264 3528 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

22:45:43.0264 3528 Themes - ok

22:45:43.0279 3528 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

22:45:43.0279 3528 THREADORDER - ok

22:45:43.0311 3528 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

22:45:43.0311 3528 TrkWks - ok

22:45:43.0342 3528 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

22:45:43.0357 3528 TrustedInstaller - ok

22:45:43.0373 3528 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

22:45:43.0373 3528 tssecsrv - ok

22:45:43.0389 3528 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

22:45:43.0389 3528 TsUsbFlt - ok

22:45:43.0404 3528 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

22:45:43.0404 3528 TsUsbGD - ok

22:45:43.0420 3528 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys

22:45:43.0420 3528 tsusbhub - ok

22:45:43.0435 3528 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

22:45:43.0435 3528 tunnel - ok

22:45:43.0435 3528 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

22:45:43.0451 3528 uagp35 - ok

22:45:43.0467 3528 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

22:45:43.0467 3528 udfs - ok

22:45:43.0482 3528 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

22:45:43.0482 3528 UI0Detect - ok

22:45:43.0482 3528 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

22:45:43.0498 3528 uliagpkx - ok

22:45:43.0513 3528 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

22:45:43.0513 3528 umbus - ok

22:45:43.0513 3528 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

22:45:43.0513 3528 UmPass - ok

22:45:43.0545 3528 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

22:45:43.0545 3528 UmRdpService - ok

22:45:43.0623 3528 [ 1E9993AC255B3220BCE71FE9E056BBC9 ] Updater Service for StartNow Toolbar C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe

22:45:43.0638 3528 Updater Service for StartNow Toolbar - ok

22:45:43.0654 3528 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

22:45:43.0654 3528 upnphost - ok

22:45:43.0701 3528 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

22:45:43.0701 3528 USBAAPL64 - ok

22:45:43.0732 3528 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

22:45:43.0732 3528 usbccgp - ok

22:45:43.0747 3528 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

22:45:43.0747 3528 usbcir - ok

22:45:43.0763 3528 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

22:45:43.0763 3528 usbehci - ok

22:45:43.0779 3528 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

22:45:43.0779 3528 usbhub - ok

22:45:43.0794 3528 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

22:45:43.0794 3528 usbohci - ok

22:45:43.0810 3528 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

22:45:43.0810 3528 usbprint - ok

22:45:43.0841 3528 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

22:45:43.0841 3528 usbscan - ok

22:45:43.0841 3528 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:45:43.0857 3528 USBSTOR - ok

22:45:43.0857 3528 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

22:45:43.0857 3528 usbuhci - ok

22:45:43.0872 3528 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

22:45:43.0872 3528 UxSms - ok

22:45:43.0872 3528 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

22:45:43.0872 3528 VaultSvc - ok

22:45:43.0888 3528 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

22:45:43.0888 3528 vdrvroot - ok

22:45:43.0919 3528 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

22:45:43.0919 3528 vds - ok

22:45:43.0935 3528 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

22:45:43.0935 3528 vga - ok

22:45:43.0950 3528 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

22:45:43.0950 3528 VgaSave - ok

22:45:43.0950 3528 VGPU - ok

22:45:43.0966 3528 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

22:45:43.0966 3528 vhdmp - ok

22:45:43.0981 3528 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

22:45:43.0981 3528 viaide - ok

22:45:44.0013 3528 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

22:45:44.0013 3528 vmbus - ok

22:45:44.0028 3528 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

22:45:44.0028 3528 VMBusHID - ok

22:45:44.0044 3528 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

22:45:44.0044 3528 volmgr - ok

22:45:44.0059 3528 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

22:45:44.0075 3528 volmgrx - ok

22:45:44.0091 3528 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

22:45:44.0091 3528 volsnap - ok

22:45:44.0106 3528 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

22:45:44.0106 3528 vsmraid - ok

22:45:44.0137 3528 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

22:45:44.0169 3528 VSS - ok

22:45:44.0184 3528 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

22:45:44.0200 3528 vwifibus - ok

22:45:44.0215 3528 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

22:45:44.0215 3528 W32Time - ok

22:45:44.0247 3528 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

22:45:44.0247 3528 WacomPen - ok

22:45:44.0262 3528 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

22:45:44.0262 3528 WANARP - ok

22:45:44.0262 3528 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

22:45:44.0262 3528 Wanarpv6 - ok

22:45:44.0325 3528 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

22:45:44.0340 3528 WatAdminSvc - ok

22:45:44.0387 3528 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

22:45:44.0403 3528 wbengine - ok

22:45:44.0418 3528 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

22:45:44.0418 3528 WbioSrvc - ok

22:45:44.0449 3528 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

22:45:44.0449 3528 wcncsvc - ok

22:45:44.0465 3528 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

22:45:44.0465 3528 WcsPlugInService - ok

22:45:44.0481 3528 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

22:45:44.0481 3528 Wd - ok

22:45:44.0496 3528 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

22:45:44.0512 3528 Wdf01000 - ok

22:45:44.0512 3528 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

22:45:44.0512 3528 WdiServiceHost - ok

22:45:44.0512 3528 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

22:45:44.0527 3528 WdiSystemHost - ok

22:45:44.0527 3528 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

22:45:44.0543 3528 WebClient - ok

22:45:44.0543 3528 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

22:45:44.0559 3528 Wecsvc - ok

22:45:44.0559 3528 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

22:45:44.0559 3528 wercplsupport - ok

22:45:44.0574 3528 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

22:45:44.0574 3528 WerSvc - ok

22:45:44.0590 3528 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

22:45:44.0590 3528 WfpLwf - ok

22:45:44.0605 3528 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

22:45:44.0605 3528 WIMMount - ok

22:45:44.0605 3528 WinHttpAutoProxySvc - ok

22:45:44.0652 3528 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

22:45:44.0652 3528 Winmgmt - ok

22:45:44.0699 3528 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

22:45:44.0730 3528 WinRM - ok

22:45:44.0777 3528 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

22:45:44.0777 3528 Wlansvc - ok

22:45:44.0855 3528 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

22:45:44.0902 3528 wlidsvc - ok

22:45:44.0917 3528 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

22:45:44.0917 3528 WmiAcpi - ok

22:45:44.0933 3528 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

22:45:44.0933 3528 wmiApSrv - ok

22:45:44.0949 3528 WMPNetworkSvc - ok

22:45:44.0964 3528 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

22:45:44.0964 3528 WPCSvc - ok

22:45:44.0980 3528 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

22:45:44.0980 3528 WPDBusEnum - ok

22:45:44.0980 3528 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

22:45:44.0980 3528 ws2ifsl - ok

22:45:44.0980 3528 WSearch - ok

22:45:45.0011 3528 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

22:45:45.0027 3528 WudfPf - ok

22:45:45.0042 3528 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

22:45:45.0042 3528 WUDFRd - ok

22:45:45.0058 3528 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

22:45:45.0058 3528 wudfsvc - ok

22:45:45.0073 3528 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

22:45:45.0073 3528 WwanSvc - ok

22:45:45.0089 3528 ================ Scan global ===============================

22:45:45.0120 3528 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

22:45:45.0151 3528 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

22:45:45.0151 3528 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

22:45:45.0183 3528 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

22:45:45.0214 3528 [ 014A9CB92514E27C0107614DF764BC06 ] C:\Windows\system32\services.exe

22:45:45.0214 3528 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected

22:45:45.0214 3528 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)

22:45:45.0214 3528 ================ Scan MBR ==================================

22:45:45.0229 3528 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

22:45:45.0713 3528 \Device\Harddisk0\DR0 - ok

22:45:45.0713 3528 ================ Scan VBR ==================================

22:45:45.0729 3528 [ 80ACB7B8E3A9982CC8220C2558091E0C ] \Device\Harddisk0\DR0\Partition1

22:45:45.0729 3528 \Device\Harddisk0\DR0\Partition1 - ok

22:45:45.0760 3528 [ F8FC8EE91D2554DE967CBB4B5B7FCD31 ] \Device\Harddisk0\DR0\Partition2

22:45:45.0760 3528 \Device\Harddisk0\DR0\Partition2 - ok

22:45:45.0760 3528 ============================================================

22:45:45.0760 3528 Scan finished

22:45:45.0760 3528 ============================================================

22:45:45.0760 4108 Detected object count: 1

22:45:45.0760 4108 Actual detected object count: 1

22:45:57.0444 4108 C:\Windows\system32\services.exe - copied to quarantine

22:45:57.0787 4108 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine

22:45:57.0787 4108 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine

22:46:12.0467 4108 Backup copy found, using it..

22:46:12.0514 4108 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot

22:46:12.0514 4108 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot

22:46:12.0561 4108 C:\Windows\system32\services.exe - will be cured on reboot

22:46:12.0561 4108 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure

22:46:26.0959 1272 Deinitialize success

Link to post
Share on other sites

That looks a little better! Please do this next:

icon11.gif You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

icon11.gif Go to thisLINK to run an online scannner from ESET.

  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.

Please include the following in your next post:

  • MBAM log
  • ESET log

Link to post
Share on other sites

MBAM log:

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.14.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

kristian :: KRISTIAN-PC [administrator]

Protection: Enabled

9/14/2012 12:36:08 PM

mbam-log-2012-09-14 (12-36-08).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 398106

Time elapsed: 20 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

ESET log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=b8a5cf7b614df344b3b5893c4eea9747

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-09-14 06:54:16

# local_time=2012-09-14 01:54:16 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 66 94 56405195 99189856 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=189487

# found=19

# cleaned=0

# scan_time=2450

C:\Program Files (x86)\StartNow Toolbar\Reactivate.exe a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\StartNow Toolbar\ToolbarBroker.exe a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\13.09.2012_22.45.12\zasubsys0000\file0000\tsk0000.dta Win64/Patched.B.Gen trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\13.09.2012_22.45.12\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.AD trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\kristian\Downloads\speedupmypc.exe Win32/SpeedUpMyPC application (unable to clean) 00000000000000000000000000000000 I

C:\Users\kristian\Downloads\Windows+Live+Messenger.exe multiple threats (unable to clean) 00000000000000000000000000000000 I

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7F8S0IR9\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7F8S0IR9\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

C:\_OTL\MovedFiles\09132012_223937\C_Windows\assembly\GAC_32\Desktop.ini Win32/Sirefef.EZ trojan (unable to clean) 00000000000000000000000000000000 I

C:\_OTL\MovedFiles\09132012_223937\C_Windows\assembly\GAC_64\Desktop.ini Win64/Sirefef.AD trojan (unable to clean) 00000000000000000000000000000000 I

C:\_OTL\MovedFiles\09132012_223937\C_Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\00000004.@ Win64/Conedex.C trojan (unable to clean) 00000000000000000000000000000000 I

C:\_OTL\MovedFiles\09132012_223937\C_Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\00000008.@ Win64/Agent.BA trojan (unable to clean) 00000000000000000000000000000000 I

C:\_OTL\MovedFiles\09132012_223937\C_Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\000000cb.@ Win64/Conedex.B trojan (unable to clean) 00000000000000000000000000000000 I

C:\_OTL\MovedFiles\09132012_223937\C_Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\80000000.@ Win64/Sirefef.AP trojan (unable to clean) 00000000000000000000000000000000 I

C:\_OTL\MovedFiles\09132012_223937\C_Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\80000032.@ Win32/Sirefef.FD trojan (unable to clean) 00000000000000000000000000000000 I

C:\_OTL\MovedFiles\09132012_223937\C_Windows\Installer\{5b8144d6-8ccb-c80d-826a-f77aaf5fab4c}\U\80000064.@ Win64/Sirefef.AN trojan (unable to clean) 00000000000000000000000000000000 I

${Memory} a variant of Win32/Toolbar.Zugo application 00000000000000000000000000000000 I

Link to post
Share on other sites

How is your computer running now? Please do this next:

icon11.gif Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :Files
    C:\Users\kristian\Downloads\speedupmypc.exe
    C:\Users\kristian\Downloads\Windows+Live+Messenger.exe
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7F8S0IR9\cat-and-dolphin-playing-together .htm
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7F8S0IR9\cat-and-dolphin-playing-together .htm
    :Commands
    [EmptyTemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

Please include the following in your next post:

  • How is the computer running now?
  • OTL Fix log

Link to post
Share on other sites

How is the computer running now?:

It is running pretty smooth now. No more redirects at the moment. Hopefully this was the fix. Thanks a ton.

OTL Fix log:

All processes killed

========== FILES ==========

C:\Users\kristian\Downloads\speedupmypc.exe moved successfully.

C:\Users\kristian\Downloads\Windows+Live+Messenger.exe moved successfully.

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7F8S0IR9\cat-and-dolphin-playing-together .htm not found.

File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7F8S0IR9\cat-and-dolphin-playing-together .htm not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: kristian

->Temp folder emptied: 45027782 bytes

->Temporary Internet Files folder emptied: 11858974 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 82113272 bytes

->Flash cache emptied: 681 bytes

User: Public

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 22283381 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 154.00 mb

OTL by OldTimer - Version 3.2.61.3 log created on 09142012_154230

Files\Folders moved on Reboot...

C:\Users\kristian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZL4D1ALH\7407185e[1].htm moved successfully.

C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZL4D1ALH\server-dissd.source[1].htm moved successfully.

C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SCGF64LC\embedded[1].htm moved successfully.

C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3IIUSOO\127[1].htm moved successfully.

C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3IIUSOO\htm[2].htm moved successfully.

C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3IIUSOO\stat_target[2].htm moved successfully.

C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E31L3SZU\stat[1].htm moved successfully.

C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E31L3SZU\stat[3].htm moved successfully.

C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E31L3SZU\stat_target[1].htm moved successfully.

C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\kristian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Your logs look good! All I have left for you is some very important cleanup:

icon11.gif Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
  • Manually delete any remaining logs and/or tools.

icon11.gif Finally, I'd like to make a couple of suggestions to help you stay clean in the future:

  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.