Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help with computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need help with computer

Unread postby TerriReb » October 7th, 2012, 5:55 pm

I think my PC has a virus of some kind on it. I have Semantic software and ran a scan, but I am still having trouble. The computer runs slowly, has intermittent internet connection issues (other computers in my house on the same wireless router do not have this problem), and I sometimes get a search engine (AVG Secure Search) pop up that I did not request.

My dds logs are below:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Kevin at 16:46:52 on 2012-10-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8166.4380 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\taskhost.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/28/2012 8:58:53 PM
System Uptime: 10/6/2012 2:02:11 PM (26 hours ago)
.
Motherboard: MSI | | P67A-C43 (MS-7673)
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz | SOCKET 0 | 2584/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 891 GiB total, 646.7 GiB free.
D: is FIXED (NTFS) - 40 GiB total, 34.744 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP73: 9/26/2012 3:00:11 AM - Windows Update
RP74: 10/4/2012 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Action Replay DSi Code Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Amnesia: The Dark Descent Demo
Apple Application Support
Apple Software Update
AVG Security Toolbar
BitTorrent
CyberLink Power2Go
CyberLink PowerDVD 10
DAEMON Tools Lite
Deus Ex: Human Revolution
Dynex Enhanced G Wireless Desktop Card Setup
Fallout: New Vegas
Google Chrome
Google Earth Plug-in
Google Update Helper
ImgBurn
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 35
Just Cause 2
LIMBO
LiveUpdate 3.3 (Symantec Corporation)
Magicka
Microsoft Corporation
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Mirror's Edge
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PCSX2 - Playstation 2 Emulator
Plants vs. Zombies: Game of the Year
Populous: The Beginning
Portal
Portal 2
RCT3 Soaked
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Roller Coaster Tycoon 3 Platinum - CarlesNeo !
RollerCoaster Tycoon® 3
Runespell: Overture
Saints Row: The Third
Sanctum
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.10
Steam
Team Fortress 2
Terraria
The Elder Scrolls V: Skyrim
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
YTD Toolbar v6.3
YTD YouTube Downloader & Converter 3.6
.
==== Event Viewer Messages From Past Week ========
.
10/6/2012 2:05:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
10/6/2012 2:05:08 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/6/2012 2:01:32 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/6/2012 2:01:32 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/6/2012 2:01:32 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
10/6/2012 2:01:32 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
10/6/2012 2:01:32 PM, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The pipe has been ended.
10/6/2012 2:01:32 PM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress.
10/6/2012 2:01:32 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
10/6/2012 2:01:32 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: A system shutdown is in progress.
10/6/2012 2:01:25 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
10/6/2012 1:57:14 PM, Error: Service Control Manager [7038] - The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/6/2012 1:57:14 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/6/2012 1:57:14 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.
10/6/2012 1:57:14 PM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not start due to a logon failure.
10/6/2012 1:57:14 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
10/6/2012 1:57:14 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress.
10/6/2012 1:57:14 PM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: A system shutdown is in progress.
10/6/2012 1:57:14 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x8007045B.
10/6/2012 1:55:20 PM, Error: Service Control Manager [7038] - The Dhcp service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/6/2012 1:55:20 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not start due to a logon failure.
10/6/2012 1:55:20 PM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not start due to a logon failure.
10/6/2012 1:53:16 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
10/6/2012 1:47:55 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
10/6/2012 1:47:54 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
10/6/2012 1:47:51 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/6/2012 1:47:51 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
.
==== End Of File ===========================

Any help you could provide would be greatly appreciated.

Thanks,
Kevin R
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm
Advertisement
Register to Remove

Re: Need help with computer

Unread postby deltalima » October 8th, 2012, 3:50 pm

checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Need help with computer

Unread postby deltalima » October 8th, 2012, 4:04 pm

Hi TerriReb,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    BitTorrent


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Right click on CKScanner.exe and select: Run as Administrator then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select: Run as Administrator.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

codecheck

  • Please download codecheck from here to your Desktop.
  • Make sure that codecheck.exe is on the your Desktop before running the application!
  • Double-click on codecheck.exe.
  • After a very short time a codecheck.txt icon will appear on your Desktop
  • Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Please let me know if the computer is connected to an educational network or used for business in any way.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Need help with computer

Unread postby TerriReb » October 10th, 2012, 10:02 am

I deleted the BitTorrent program as requested. This computer is my personal computer that I use for gaming and for school work. It's not connected to an education network or used for a job/business in any way. My logs from the scans are below.

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent demo\static_objects\cellarbase\special\cracked_ceiling.dae
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent demo\static_objects\cellarbase\special\cracked_ceiling.msh
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\nature\ground\dirt01_cracked_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\nature\ground\dirt01_cracked_nrm_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\pillar_cracked00_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\pillar_cracked00_nrm02_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\wall_cracked00_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\wall_cracked01_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\wall_cracked_nrm_0.xnb
scanner sequence 3.CF.11.ORAPDT
----- EOF -----

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-49TT7-W7YRQ-V8JQV
Windows Product Key Hash: kYpxGRP5N9cfhN2bEbW2samiZEk=
Windows Product ID: 00371-OEM-8992671-00251
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {807DB5FD-73A8-4CEB-9FD1-88E67EAA2C13}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{807DB5FD-73A8-4CEB-9FD1-88E67EAA2C13}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-V8JQV</PKey><PID>00371-OEM-8992671-00251</PID><PIDType>2</PIDType><SID>S-1-5-21-1781651202-724914874-3057680690</SID><SYSTEM><Manufacturer>Si</Manufacturer><Model>P67A-C43</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V1.28B6</Version><SMBIOSVersion major="2" minor="7"/><Date>20110831000000.000000+000</Date></BIOS><HWID>45F93807018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>SYSMAX</OEMID><OEMTableID>SYXSUKIT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700251-02-1033-7601.0000-0672011
Installation ID: 015616588286292242095473775432993874592201110426542771
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: V8JQV
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 10/10/2012 8:54:41 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 8:31:2012 10:52
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MgAAAAIAAAABAAEAAQADAAAAAgABAAEAln1O/XcWfutQnmZUsBOke8w0ue2gIBQTLnM=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC SYSMAX SYXSUKIT
FACP SYSMAX SYXSUKIT
HPET SYSMAX SYXSUKIT
MCFG SYSMAX SYXSUKIT
SSDT SYSMAX SYXSUKIT
SLIC SYSMAX SYXSUKIT
ASF! SYSMAX SYXSUKIT

Codecheck Version 1.0

10010

Thanks,
Kevin R
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm

Re: Need help with computer

Unread postby deltalima » October 10th, 2012, 1:23 pm

Hi TerriReb,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Need help with computer

Unread postby TerriReb » October 11th, 2012, 1:54 pm

OTL logfile created on: 10/11/2012 12:46:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kevin\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 4.59 Gb Available Physical Memory | 57.51% Memory free
15.95 Gb Paging File | 12.61 Gb Available in Paging File | 79.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 891.02 Gb Total Space | 645.77 Gb Free Space | 72.48% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 34.74 Gb Free Space | 86.86% Space Free | Partition Type: NTFS
Drive F: | 477.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FLEGH | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kevin\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)


========== Modules (No Company Name) ==========

MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (vToolbarUpdater12.2.6) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (CLKMSVC10_38F51D56) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe (CyberLink)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (WpsHelper) -- C:\Windows\SysNative\drivers\wpshelper.sys (Symantec Corporation)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (WPS) -- C:\Windows\SysNative\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (Teefer2) -- C:\Windows\SysNative\drivers\Teefer2.sys (Symantec Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (usbio) -- C:\Windows\SysNative\drivers\dsiarhwprog_x64.sys (Thesycon GmbH, Germany)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121011.002\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121011.002\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-1781651202-724914874-3057680690-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={9F228B8A-DB89-4CB6-9204-686354A063E8}&mid=3f6fa53e508b4355ae293b9f95000b30-69d48ff9b2b36e8171c4e626d3c7cb700db0a2cd&lang=en&ds=hk014&pr=sa&d=2012-07-30 00:53:57&v=12.1.0.21&sap=hp
IE - HKU\S-1-5-21-1781651202-724914874-3057680690-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1781651202-724914874-3057680690-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1781651202-724914874-3057680690-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 2E 19 D2 76 59 CD 01 [binary data]
IE - HKU\S-1-5-21-1781651202-724914874-3057680690-1001\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.3\ytdToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1781651202-724914874-3057680690-1001\..\SearchScopes,DefaultScope = {EE259B15-D7FD-48E7-9484-380B4A910DFC}
IE - HKU\S-1-5-21-1781651202-724914874-3057680690-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={9F228B8A-DB89-4CB6-9204-686354A063E8}&mid=3f6fa53e508b4355ae293b9f95000b30-69d48ff9b2b36e8171c4e626d3c7cb700db0a2cd&lang=en&ds=hk014&pr=sa&d=2012-07-30 00:53:57&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1781651202-724914874-3057680690-1001\..\SearchScopes\{EE259B15-D7FD-48E7-9484-380B4A910DFC}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =937811&p={searchTerms}
IE - HKU\S-1-5-21-1781651202-724914874-3057680690-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://isearch.avg.com?cid=%7B179453e3-b096-4f9e-8d69-2f6e87ee62d2%7D&mid=3f6fa53e508b4355ae293b9f95000b30-69d48ff9b2b36e8171c4e626d3c7cb700db0a2cd&ds=hk014&v=12.1.0.21&lang=en&pr=sa&d=2012-07-30%2000%3A53%3A57&sap=hp"
FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.2
FF - prefs.js..extensions.enabledAddons: ytd@mybrowserbar.com:6.2
FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.1.0.21
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012/09/04 07:13:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/28 22:08:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/28 22:08:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/03 19:05:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions
[2012/09/25 20:31:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\khrmdy7c.default\extensions
[2012/09/12 20:45:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/12 20:45:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/25 20:31:20 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012/09/25 20:31:20 | 000,000,000 | ---D | M] (YTD Toolbar) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF
[2012/07/30 00:54:06 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.1.0.21
[2012/07/28 22:08:14 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/04 07:13:36 | 000,003,771 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/14 17:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 17:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Gmail = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.3\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.3\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-1781651202-724914874-3057680690-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1781651202-724914874-3057680690-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1781651202-724914874-3057680690-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1781651202-724914874-3057680690-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1781651202-724914874-3057680690-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0B8D625-6726-4013-A974-6E1F8EE1183C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/08 15:30:18 | 000,000,048 | -H-- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2004/08/24 16:38:10 | 000,000,000 | ---D | M] - F:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2004/10/05 18:11:42 | 000,180,224 | R--- | M] () - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/08/24 16:57:32 | 000,000,042 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{32ba7c73-628b-11e1-b9a0-8c89a5bf3ed4}\Shell - "" = AutoRun
O33 - MountPoints2\{32ba7c73-628b-11e1-b9a0-8c89a5bf3ed4}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a7d88574-bd4a-11e1-b726-8c89a5bf3ed4}\Shell - "" = AutoRun
O33 - MountPoints2\{a7d88574-bd4a-11e1-b726-8c89a5bf3ed4}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2004/10/05 18:11:42 | 000,180,224 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/11 12:45:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL (1).exe
[2012/10/10 08:54:45 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2012/10/10 08:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2012/10/10 08:54:09 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Kevin\Desktop\MGADiag.exe
[2012/10/09 17:34:03 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/09 17:34:03 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/09 17:34:03 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/09 17:33:15 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/09 17:33:15 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/09 17:33:14 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/09 17:33:14 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/09 17:33:13 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/09 17:33:13 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/09 17:33:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/09 17:33:13 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/09 17:33:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/09 17:33:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/09 17:33:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/09 17:33:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/09 17:33:13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/09 17:33:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/09 17:33:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/09 17:33:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/09 17:33:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/09 17:33:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/09 17:33:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/09 17:33:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/09 17:33:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/09 17:33:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/09 17:33:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/09 17:33:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/09 17:33:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/09 17:33:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/09 17:33:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/09 17:33:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/09 17:33:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/09 17:33:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/09 17:33:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/09 17:33:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/09 17:33:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/09 17:33:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/09 17:33:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/09 17:33:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/09 17:33:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/09 17:33:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/09 17:33:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/09 17:33:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/09 17:33:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/09 17:33:12 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/09 17:33:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/09 17:33:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/09 17:33:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/09 17:33:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/09 17:33:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/09 17:33:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/09 17:33:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/09 17:33:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/09 17:33:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/09 17:33:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/09 17:33:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/09 17:33:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/09 17:33:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/09 17:33:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/09 17:33:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/09 17:33:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/09 17:33:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/09 17:33:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/09 17:33:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/09 17:33:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/09 17:33:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/09 17:33:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/09 17:33:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/09 17:33:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/09 17:33:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/09 17:33:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/09 17:33:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/09 17:32:54 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/09 17:31:01 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/09 17:31:01 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/06 18:12:14 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Nightmare
[2012/10/06 18:04:28 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\GBA Nightmare Modules
[2012/09/29 20:23:19 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\BigHugeEngine
[2012/09/25 20:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012/09/25 20:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YTD Toolbar
[2012/09/25 20:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012/09/25 20:31:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/25 13:07:39 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/22 03:00:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/22 03:00:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/22 03:00:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/22 03:00:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/22 03:00:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/22 03:00:34 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/22 03:00:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/22 03:00:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/22 03:00:32 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/22 03:00:32 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/22 03:00:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/22 03:00:32 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/22 03:00:30 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/22 03:00:30 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/22 03:00:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/21 22:46:42 | 000,780,288 | ---- | C] (Chapley) -- C:\Users\Kevin\Desktop\TerrariForm.exe
[2012/09/14 15:42:27 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Dolphin
[2012/09/12 20:45:44 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/09/12 20:45:44 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/09/12 20:45:44 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/09/12 20:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/09/12 03:16:01 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\ImgBurn
[2012/09/11 23:35:04 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/11 23:35:03 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/11 23:34:58 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/11 23:34:58 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/11 16:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/09/11 16:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/11 12:48:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/11 12:47:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1781651202-724914874-3057680690-1001UA.job
[2012/10/11 12:45:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL (1).exe
[2012/10/11 12:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/11 07:47:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1781651202-724914874-3057680690-1001Core.job
[2012/10/10 22:48:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/10 20:00:51 | 000,002,488 | ---- | M] () -- C:\Users\Kevin\Desktop\Google Chrome.lnk
[2012/10/10 09:17:45 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/10 09:17:45 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/10 09:04:47 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/10 09:04:47 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/10 08:56:08 | 000,013,824 | ---- | M] () -- C:\Users\Kevin\Desktop\codecheck.exe
[2012/10/10 08:54:11 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Kevin\Desktop\MGADiag.exe
[2012/10/10 08:52:28 | 000,458,240 | ---- | M] () -- C:\Users\Kevin\Desktop\CKScanner.exe
[2012/10/10 03:21:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/10 03:20:37 | 2127,392,767 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/09 17:50:19 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/09 17:50:19 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/09 17:50:19 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/04 16:21:04 | 000,233,120 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\wpshelper.sys
[2012/09/29 18:56:35 | 000,524,288 | ---- | M] () -- C:\Users\Kevin\Documents\Normal type mono-run.sav
[2012/09/29 18:56:31 | 000,001,644 | ---- | M] () -- C:\Users\Kevin\Documents\6.xml
[2012/09/29 18:56:27 | 000,001,644 | ---- | M] () -- C:\Users\Kevin\Documents\5.xml
[2012/09/29 18:56:22 | 000,001,644 | ---- | M] () -- C:\Users\Kevin\Documents\4.xml
[2012/09/29 18:56:18 | 000,001,644 | ---- | M] () -- C:\Users\Kevin\Documents\3.xml
[2012/09/29 18:56:13 | 000,001,644 | ---- | M] () -- C:\Users\Kevin\Documents\1.xml
[2012/09/29 18:56:08 | 000,001,644 | ---- | M] () -- C:\Users\Kevin\Documents\2.xml
[2012/09/29 18:56:01 | 000,001,644 | ---- | M] () -- C:\Users\Kevin\Documents\Blah.xml
[2012/09/29 18:43:26 | 000,000,236 | ---- | M] () -- C:\Users\Kevin\Documents\Normal type mono-run 3.pkm
[2012/09/29 18:40:36 | 000,000,236 | ---- | M] () -- C:\Users\Kevin\Documents\Normal type mono-run 2.pkm
[2012/09/29 18:36:55 | 000,000,236 | ---- | M] () -- C:\Users\Kevin\Documents\Normal type mono-run 1.pkm
[2012/09/21 22:46:44 | 000,780,288 | ---- | M] (Chapley) -- C:\Users\Kevin\Desktop\TerrariForm.exe
[2012/09/18 03:02:53 | 000,772,646 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/10 08:56:08 | 000,013,824 | ---- | C] () -- C:\Users\Kevin\Desktop\codecheck.exe
[2012/10/10 08:52:28 | 000,458,240 | ---- | C] () -- C:\Users\Kevin\Desktop\CKScanner.exe
[2012/09/29 18:56:31 | 000,001,644 | ---- | C] () -- C:\Users\Kevin\Documents\6.xml
[2012/09/29 18:56:27 | 000,001,644 | ---- | C] () -- C:\Users\Kevin\Documents\5.xml
[2012/09/29 18:56:22 | 000,001,644 | ---- | C] () -- C:\Users\Kevin\Documents\4.xml
[2012/09/29 18:56:18 | 000,001,644 | ---- | C] () -- C:\Users\Kevin\Documents\3.xml
[2012/09/29 18:56:13 | 000,001,644 | ---- | C] () -- C:\Users\Kevin\Documents\1.xml
[2012/09/29 18:56:08 | 000,001,644 | ---- | C] () -- C:\Users\Kevin\Documents\2.xml
[2012/09/29 18:43:26 | 000,000,236 | ---- | C] () -- C:\Users\Kevin\Documents\Normal type mono-run 3.pkm
[2012/09/29 18:40:36 | 000,000,236 | ---- | C] () -- C:\Users\Kevin\Documents\Normal type mono-run 2.pkm
[2012/09/29 18:37:53 | 000,524,288 | ---- | C] () -- C:\Users\Kevin\Documents\Normal type mono-run.sav
[2012/09/29 18:36:55 | 000,000,236 | ---- | C] () -- C:\Users\Kevin\Documents\Normal type mono-run 1.pkm
[2012/09/16 20:57:53 | 000,772,646 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/11 16:23:37 | 000,001,884 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/06/25 13:28:02 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2012/06/23 17:03:05 | 000,000,292 | ---- | C] () -- C:\Windows\EReg072.dat
[2012/06/23 17:02:07 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ealtest.exe
[2012/02/22 15:08:17 | 000,000,011 | ---- | C] () -- C:\Windows\SysWow64\syx45326.dat
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

And number 2

OTL Extras logfile created on: 10/11/2012 12:46:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kevin\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 4.59 Gb Available Physical Memory | 57.51% Memory free
15.95 Gb Paging File | 12.61 Gb Available in Paging File | 79.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 891.02 Gb Total Space | 645.77 Gb Free Space | 72.48% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 34.74 Gb Free Space | 86.86% Space Free | Partition Type: NTFS
Drive F: | 477.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FLEGH | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A098E8-BFA4-405D-A52A-F91D039E4FC8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28A034BE-381A-4139-A545-B0532A6A42A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2F71267F-62F2-4ED4-BB68-E29E76603C2B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3832CD23-867B-4D51-BEEC-FC8FF2FBD759}" = lport=445 | protocol=6 | dir=in | app=system |
"{489C2BBC-AEE6-4BA0-922B-D700D84303F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{496AB864-C312-4E1A-9869-144B41E35619}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4DA361C6-B4ED-4D6E-9C83-3CF8DD9D7575}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{525F8487-C089-45D2-8CA9-8500764C4EF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63B7479F-36F4-4C3C-8C30-AC745367E133}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{994C9E51-F85D-4D9B-B928-443FFDBFB364}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CE26099-AB10-4218-BB19-B91EC8780E4A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADB4FCB5-FDC1-4956-9D17-C9C52CE12CBB}" = lport=139 | protocol=6 | dir=in | app=system |
"{C5CCF20C-B3D0-4421-9191-8F2396FBF8C3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C6BC76C9-6D9E-4F12-AF85-187CEA79EA4E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CEFBA585-67AF-45C8-93A5-87A7BEC3D3AF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D22FB938-F0CF-4A0C-AF51-5EEFDDA2A185}" = rport=445 | protocol=6 | dir=out | app=system |
"{D7C60235-A184-4534-817E-91C58B3B2793}" = rport=138 | protocol=17 | dir=out | app=system |
"{DAF1F1FB-C770-46E7-A16C-8ED03B417623}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DFD26132-F377-424D-AB07-2750CB842901}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5D9A85C-4D71-4351-AB02-54BF52F4E143}" = lport=137 | protocol=17 | dir=in | app=system |
"{F0A2C501-645A-4618-AE7C-596183978ED6}" = rport=137 | protocol=17 | dir=out | app=system |
"{FD903D35-C723-4F72-9C90-9BD3BBBA3F45}" = rport=139 | protocol=6 | dir=out | app=system |
"{FF1FA48C-910F-4CCC-ABD7-F8C9106D793C}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EDA66C-FF6D-4B3D-8B1D-D881BA6B9AB1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{0C226F50-E12C-49DA-80D6-23EFE5108A7F}" = protocol=6 | dir=out | app=system |
"{0CB49A50-5735-4808-AE44-8940E4165D84}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F4AE13A-3675-4E2A-A305-9F11FE0DCC33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{1350A0E7-8C9B-4113-B03B-8F54F436E810}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{16B38492-1745-4CFF-A598-779AB39CEEF1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{16DBD8F8-2DAD-47A1-A17D-CCD056DBA642}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{18537EC1-F5A5-4EAF-8C10-D55FBD3745AC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{192FB916-03F9-46A8-9F02-7E1A48F8C0FB}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{2167D4DC-D359-4F78-88C2-C4D2C80CAE7B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{23ED24F0-7C76-4054-9D01-89E6AE775C7B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{2A360B3D-0E5D-4F08-B780-DD73E254C7DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent demo\launcher.exe |
"{2D9A55B2-EC25-40CF-8B2E-130410A1F3EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{37D1B42E-B5BC-4304-B078-E08BF8A93A2E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{388AD621-F2B7-4837-A641-4CB7EE34CBD4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{4553E9EA-3598-4445-AA5D-8D1E15EDEE3D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{4BE3F231-5320-4A5C-9C3A-4A89C25D1972}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4C2736B0-3ABB-42D2-AEF1-DA26C0C391F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{4E0294C5-72C1-4301-906A-2DEE72D1AD8C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{4E119652-D821-4D90-8A30-C1A8FBA301A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{57C655CE-B7EF-49B1-B882-AC02B4763593}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{5BA8A40B-1F5B-4276-B5C2-1825E9420916}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5CCE35BB-3988-427F-B289-E4AD43025B86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{5CD76052-4C93-4029-AA07-CE98BB3B364B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{5DA701BE-2926-4977-961D-8818AA0FA960}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{634F6968-BE36-4FD2-9AAE-FEC1B35BED29}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63BB749C-A7FA-4D6C-8E30-516811DDB54C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{64588689-6A36-4273-95E7-B245DA4D7337}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{64996FE7-77A7-43DF-AC79-1B0914DD09D2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{685D7DB8-BC75-464E-AB77-24BE7F0B0349}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69E7C6D9-2833-4D3E-9983-65171FAAA305}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{74683E9A-94A7-4654-9DE1-863F8F411131}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{76C63C55-6055-44E2-9044-86BC0C72C9EC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{7BDECD9A-413B-4E1C-A330-4E0AA3364A98}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{7ECE1D27-685A-455D-B5FB-DEE3F9BB3E00}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{7F5C34FC-06A5-4628-AFB5-BF9FCE1823C8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82B4DF4E-F2B0-48DE-B4FE-AFE315BCDA73}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{8327C158-62E1-4BB3-BC28-DC9F2585A8BC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{83887208-8FCD-46A5-8093-D43177A32216}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{8749DBC8-3982-450F-B3E9-8651E251833B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{878AC051-D610-4CD9-B210-6A46789B892B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{8CA526A7-522D-44C8-A2EA-E7F44A75E785}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{8CFC020F-6A7D-49D8-A4A3-3E615647CC99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91B5F1AD-0C22-4FF5-8DF8-23E44DAC3F49}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{929E9A34-F52C-42EC-A86C-D0651E4926FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runespelloverture\runespell.exe |
"{92FCAA35-514B-4A8F-9848-672D97E5DF02}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{994575FF-332A-4584-ACF4-D2FDAF00CF98}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent demo\launcher.exe |
"{99C6299F-D9E0-47FA-908A-4511FCAA55EC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{9A0AADD2-557B-4AD0-91E7-F1CB07955D25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9DE482DD-31C4-4660-B223-3D16CE1447FC}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{A1EC5183-FA0F-4E4C-ACA1-854A2F6B315D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{A7A200A8-FE61-4D0A-B7AC-47C23F7D3CF6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{ACC5D9E2-70F0-496E-9438-8FED559754E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runespelloverture\runespell.exe |
"{ACF449CD-BB4E-4DFF-8633-F557503D1A98}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B2AFF319-739D-4727-944E-C2095B3F3586}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{B4B87A58-4132-473C-B0CD-F6985DEE8D76}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{B8BFF76E-DEF7-44F7-BE24-945DD4ABDA13}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{B9042E46-BA41-44AD-BA3A-6CC98AB39F4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{BC6C8EC3-CF16-4E54-9871-512343EF3137}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C234078F-5AA9-479B-B63D-4975E0036038}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{C3C9B1C3-617A-46F5-B272-9541FCDC0EE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{C51BFCFA-2982-4B3A-86F1-1F9A199A3B40}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C94BC367-D37C-4520-80B3-8D7BCA3467A0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CBC500CC-EE35-4FBC-9DC1-1116268D9FB7}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{CCD2B943-3036-4C9E-B533-F34B677A5D21}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{D01142C3-6ABE-4226-B84C-348CE171F1E6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D61A4767-D140-4039-AF2F-41BF1EF56458}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D68D364C-CA11-41FE-A492-63029999FBEE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D6A47493-B0B9-4C60-BFAC-A640BDBC0005}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{DB2BAC2D-29B6-4272-91B7-1A6E6EDCC33B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{DC3B4782-661D-419C-95DF-618862D39BE0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{E07B140A-AF00-4BCD-B99F-50F623FF7E2B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{E47CC795-CFDF-4B52-BBA5-83E1865361CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{E61A650B-5D50-494A-8111-CBC12D6643FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F2A4FF30-903F-49BE-B2BA-682512E656B0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F2BA1346-D4D5-4A03-850B-17046999F69D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{F5F52EEB-439D-499D-A6DF-B455F4A55CE2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FE5B3C5D-E898-406F-9F68-FC1CB7C94BA5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"TCP Query User{278062B7-4A32-4E86-8664-74C24B542EA4}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{7FF101B3-E769-4EB7-9E60-A0B13B8D4894}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{49B3597C-40DA-4BA7-BD9F-9AB5EBBFCDF1}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A991E50D-0104-4B4D-A4E5-59F3982F733F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26624215-248C-4F88-A415-35301812FB75}" = Symantec Endpoint Protection
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D5}" = WinZip 16.5
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1544E39F-0A3A-4920-A530-1264DFB7113D}" = Dynex Enhanced G Wireless Desktop Card Setup
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.6
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{38E5DF74-C1D8-46E9-A887-9494FA3D67EB}" = YTD Toolbar v6.3
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{D34598D1-07B8-4EB6-AD9A-DBDF58FFC19F}" = Adobe Shockwave Player 11.6
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"DAEMON Tools Lite" = DAEMON Tools Lite
"ImgBurn" = ImgBurn
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"Populous: The Beginning" = Populous: The Beginning
"Roller Coaster Tycoon 3 Platinum - CarlesNeo !" = Roller Coaster Tycoon 3 Platinum - CarlesNeo !
"Steam App 102200" = Runespell: Overture
"Steam App 105600" = Terraria
"Steam App 17410" = Mirror's Edge
"Steam App 22380" = Fallout: New Vegas
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 400" = Portal
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 48000" = LIMBO
"Steam App 55230" = Saints Row: The Third
"Steam App 57310" = Amnesia: The Dark Descent Demo
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8190" = Just Cause 2
"Steam App 91600" = Sanctum

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1781651202-724914874-3057680690-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/9/2012 11:14:26 PM | Computer Name = Flegh | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 10/10/2012 3:15:10 AM | Computer Name = Flegh | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 10/10/2012 4:22:13 AM | Computer Name = Flegh | Source = WinMgmt | ID = 10
Description =

Error - 10/10/2012 12:18:20 PM | Computer Name = Flegh | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 10/10/2012 4:17:16 PM | Computer Name = Flegh | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 10/10/2012 5:18:23 PM | Computer Name = Flegh | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 10/10/2012 6:16:54 PM | Computer Name = Flegh | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 10/10/2012 7:17:53 PM | Computer Name = Flegh | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 10/10/2012 8:17:34 PM | Computer Name = Flegh | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 10/10/2012 9:20:06 PM | Computer Name = Flegh | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

[ System Events ]
Error - 10/6/2012 2:55:20 PM | Computer Name = Flegh | Source = Service Control Manager | ID = 7038
Description = The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 10/6/2012 2:55:20 PM | Computer Name = Flegh | Source = Service Control Manager | ID = 7000
Description = The SSDP Discovery service failed to start due to the following error:
%%1069

Error - 10/6/2012 2:55:20 PM | Computer Name = Flegh | Source = Service Control Manager | ID = 7000
Description = The Computer Browser service failed to start due to the following
error: %%1115

Error - 10/6/2012 2:55:20 PM | Computer Name = Flegh | Source = Service Control Manager | ID = 7038
Description = The PolicyAgent service was unable to log on as NT Authority\NetworkService
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 10/6/2012 2:55:20 PM | Computer Name = Flegh | Source = Service Control Manager | ID = 7000
Description = The IPsec Policy Agent service failed to start due to the following
error: %%1069

Error - 10/6/2012 2:55:20 PM | Computer Name = Flegh | Source = Service Control Manager | ID = 7038
Description = The Dhcp service was unable to log on as NT Authority\LocalService
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 10/6/2012 2:55:20 PM | Computer Name = Flegh | Source = Service Control Manager | ID = 7000
Description = The DHCP Client service failed to start due to the following error:
%%1069

Error - 10/6/2012 2:55:20 PM | Computer Name = Flegh | Source = Service Control Manager | ID = 7001
Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the
DHCP Client service which failed to start because of the following error: %%1069

Error - 10/6/2012 2:55:20 PM | Computer Name = Flegh | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = The BITS service failed to start. Error 2147943515.

Error - 10/6/2012 2:55:20 PM | Computer Name = Flegh | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error %%-2147023781.


< End of report >
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm

Re: Need help with computer

Unread postby deltalima » October 11th, 2012, 2:46 pm

Hi TerriReb,

Please uninstall AVG Security Toolbar

Next

Run OTL Script

  • Double-click OTL.exe (Right click and choose "Run as administrator" in Vista/Win7).
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :processes
    killallprocesses
    :otl
    IE - HKU\S-1-5-21-1781651202-724914874-3057680690-1001\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.3\ytdToolbarIE.dll (Spigot, Inc.)
    SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
    O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.3\ytdToolbarIE.dll (Spigot, Inc.)
    O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.3\ytdToolbarIE.dll (Spigot, Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [RESETHOSTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you wish)
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Press the Blue Run ESET Online Scanner button on the left side of the page.
  • A popup box will open.
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Need help with computer

Unread postby TerriReb » October 13th, 2012, 6:13 pm

Log 1
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
http://www.malwarebytes.org

Database version: v2012.10.13.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kevin :: FLEGH [administrator]

Protection: Enabled

10/13/2012 2:53:40 PM
mbam-log-2012-10-13 (14-53-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219425
Time elapsed: 1 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Log 2

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1781651202-724914874-3057680690-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
File C:\Program Files (x86)\YTD Toolbar\IE\6.3\ytdToolbarIE.dll not found.
Error: No service named Application Updater was found to stop!
Service\Driver key Application Updater not found.
File C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
File C:\Program Files (x86)\YTD Toolbar\IE\6.3\ytdToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
File C:\Program Files (x86)\YTD Toolbar\IE\6.3\ytdToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
File C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kevin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 311296 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 8409763 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 28693348670 bytes

Total Files Cleaned = 27,372.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Kevin
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Kevin
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 10132012_141657

Files\Folders moved on Reboot...
File\Folder C:\Users\Kevin\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

And finally, log 3
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.16 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.17 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Toolbar.Widgi application
C:\Users\Kevin\Downloads\SoftonicDownloader_for_dolphin.exe a variant of Win32/SoftonicDownloader.E application
C:\Users\Kevin\Downloads\WinZip165 (1).exe a variant of Win32/OpenInstall application
C:\Users\Kevin\Downloads\WinZip165 (2).exe a variant of Win32/OpenInstall application
C:\Users\Kevin\Downloads\WinZip165.exe a variant of Win32/OpenInstall application
C:\Windows\Installer\13243119.msi a variant of Win32/Toolbar.Widgi application
C:\_OTL\MovedFiles\10132012_140908\C_Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application
C:\_OTL\MovedFiles\10132012_140908\C_Program Files (x86)\YTD Toolbar\IE\6.3\ytdToolbarIE.dll a variant of Win32/Toolbar.Widgi application


I had to actually uninstall my antivirus software, ast eh given instructions weren't working. Reinstalling that now..
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm

Re: Need help with computer

Unread postby deltalima » October 13th, 2012, 6:28 pm

Hi TerriReb,

Run OTL Script

  • Double-click OTL.exe (Right click and choose "Run as administrator" in Vista/Win7).
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :processes
    killallprocesses
    
    :files
    C:\Program Files (x86)\Common Files\Spigot\
    C:\Users\Kevin\Downloads\SoftonicDownloader_for_dolphin.exe
    C:\Users\Kevin\Downloads\WinZip165 (1).exe
    C:\Users\Kevin\Downloads\WinZip165 (2).exe
    C:\Users\Kevin\Downloads\WinZip165
    C:\Windows\Installer\13243119.msi
    
    :commands
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Need help with computer

Unread postby TerriReb » October 14th, 2012, 3:52 pm

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
All processes killed
========== FILES ==========
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\chrome\content folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\chrome folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\GC folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
C:\Users\Kevin\Downloads\SoftonicDownloader_for_dolphin.exe moved successfully.
C:\Users\Kevin\Downloads\WinZip165 (1).exe moved successfully.
C:\Users\Kevin\Downloads\WinZip165 (2).exe moved successfully.
File\Folder C:\Users\Kevin\Downloads\WinZip165 not found.
C:\Windows\Installer\13243119.msi moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 10142012_144611

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

It appears to be running the same as before
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm

Re: Need help with computer

Unread postby deltalima » October 14th, 2012, 4:05 pm

Hi TerriReb,

Run OTL Script

  • Double-click OTL.exe (Right click and choose "Run as administrator" in Vista/Win7).
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :files
    C:\Users\Kevin\Downloads\WinZip165.exe
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Need help with computer

Unread postby TerriReb » October 17th, 2012, 4:09 pm

Here is the oldtimer log:

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\Kevin\Downloads\WinZip165.exe moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 10172012_150241

Here is the TDSSKiller log/report:

15:05:59.0697 5340 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
15:06:01.0697 5340 ============================================================
15:06:01.0697 5340 Current date / time: 2012/10/17 15:06:01.0697
15:06:01.0697 5340 SystemInfo:
15:06:01.0697 5340
15:06:01.0698 5340 OS Version: 6.1.7601 ServicePack: 1.0
15:06:01.0698 5340 Product type: Workstation
15:06:01.0698 5340 ComputerName: FLEGH
15:06:01.0698 5340 UserName: Kevin
15:06:01.0698 5340 Windows directory: C:\Windows
15:06:01.0698 5340 System windows directory: C:\Windows
15:06:01.0698 5340 Running under WOW64
15:06:01.0698 5340 Processor architecture: Intel x64
15:06:01.0698 5340 Number of processors: 8
15:06:01.0698 5340 Page size: 0x1000
15:06:01.0698 5340 Boot type: Normal boot
15:06:01.0698 5340 ============================================================
15:06:02.0275 5340 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:06:02.0280 5340 ============================================================
15:06:02.0280 5340 \Device\Harddisk0\DR0:
15:06:02.0281 5340 MBR partitions:
15:06:02.0281 5340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x804, BlocksNum 0xF9FCC
15:06:02.0308 5340 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFAFD4, BlocksNum 0x4FFFEC0
15:06:02.0308 5340 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x50FAE94, BlocksNum 0x6F60B490
15:06:02.0309 5340 ============================================================
15:06:02.0359 5340 C: <-> \Device\Harddisk0\DR0\Partition3
15:06:02.0388 5340 D: <-> \Device\Harddisk0\DR0\Partition2
15:06:02.0388 5340 ============================================================
15:06:02.0388 5340 Initialize success
15:06:02.0388 5340 ============================================================
15:07:02.0925 4724 ============================================================
15:07:02.0925 4724 Scan started
15:07:02.0925 4724 Mode: Manual;
15:07:02.0925 4724 ============================================================
15:07:03.0246 4724 ================ Scan system memory ========================
15:07:03.0246 4724 System memory - ok
15:07:03.0247 4724 ================ Scan services =============================
15:07:03.0431 4724 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:07:03.0432 4724 1394ohci - ok
15:07:03.0441 4724 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:07:03.0442 4724 ACPI - ok
15:07:03.0474 4724 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:07:03.0474 4724 AcpiPmi - ok
15:07:03.0627 4724 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:07:03.0628 4724 AdobeARMservice - ok
15:07:03.0726 4724 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:07:03.0728 4724 AdobeFlashPlayerUpdateSvc - ok
15:07:03.0762 4724 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:07:03.0766 4724 adp94xx - ok
15:07:03.0790 4724 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:07:03.0793 4724 adpahci - ok
15:07:03.0802 4724 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:07:03.0803 4724 adpu320 - ok
15:07:03.0824 4724 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:07:03.0825 4724 AeLookupSvc - ok
15:07:03.0858 4724 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:07:03.0862 4724 AFD - ok
15:07:03.0876 4724 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:07:03.0877 4724 agp440 - ok
15:07:03.0885 4724 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:07:03.0886 4724 ALG - ok
15:07:03.0892 4724 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:07:03.0892 4724 aliide - ok
15:07:03.0913 4724 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:07:03.0913 4724 amdide - ok
15:07:03.0921 4724 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:07:03.0921 4724 AmdK8 - ok
15:07:03.0925 4724 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:07:03.0926 4724 AmdPPM - ok
15:07:03.0958 4724 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:07:03.0959 4724 amdsata - ok
15:07:03.0984 4724 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:07:03.0985 4724 amdsbs - ok
15:07:04.0005 4724 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:07:04.0006 4724 amdxata - ok
15:07:04.0039 4724 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:07:04.0040 4724 AppID - ok
15:07:04.0082 4724 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:07:04.0083 4724 AppIDSvc - ok
15:07:04.0144 4724 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:07:04.0145 4724 Appinfo - ok
15:07:04.0196 4724 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:07:04.0197 4724 Apple Mobile Device - ok
15:07:04.0228 4724 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:07:04.0230 4724 AppMgmt - ok
15:07:04.0246 4724 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:07:04.0247 4724 arc - ok
15:07:04.0262 4724 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:07:04.0263 4724 arcsas - ok
15:07:04.0356 4724 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:07:04.0356 4724 aspnet_state - ok
15:07:04.0374 4724 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:07:04.0375 4724 AsyncMac - ok
15:07:04.0428 4724 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:07:04.0429 4724 atapi - ok
15:07:04.0463 4724 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:07:04.0468 4724 AudioEndpointBuilder - ok
15:07:04.0478 4724 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:07:04.0483 4724 AudioSrv - ok
15:07:04.0532 4724 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:07:04.0533 4724 AxInstSV - ok
15:07:04.0566 4724 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:07:04.0570 4724 b06bdrv - ok
15:07:04.0586 4724 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:07:04.0589 4724 b57nd60a - ok
15:07:04.0631 4724 [ EA0D994980F9915D38E5BBBE75E07DEA ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
15:07:04.0635 4724 BCM43XX - ok
15:07:04.0658 4724 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:07:04.0659 4724 BDESVC - ok
15:07:04.0666 4724 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:07:04.0666 4724 Beep - ok
15:07:04.0694 4724 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:07:04.0700 4724 BFE - ok
15:07:04.0739 4724 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:07:04.0746 4724 BITS - ok
15:07:04.0768 4724 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:07:04.0768 4724 blbdrive - ok
15:07:04.0882 4724 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:07:04.0886 4724 Bonjour Service - ok
15:07:04.0910 4724 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:07:04.0911 4724 bowser - ok
15:07:04.0966 4724 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:07:04.0967 4724 BrFiltLo - ok
15:07:05.0016 4724 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:07:05.0017 4724 BrFiltUp - ok
15:07:05.0051 4724 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:07:05.0053 4724 Browser - ok
15:07:05.0069 4724 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:07:05.0071 4724 Brserid - ok
15:07:05.0079 4724 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:07:05.0080 4724 BrSerWdm - ok
15:07:05.0097 4724 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:07:05.0098 4724 BrUsbMdm - ok
15:07:05.0101 4724 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:07:05.0102 4724 BrUsbSer - ok
15:07:05.0147 4724 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:07:05.0148 4724 BTHMODEM - ok
15:07:05.0217 4724 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:07:05.0218 4724 bthserv - ok
15:07:05.0229 4724 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:07:05.0230 4724 cdfs - ok
15:07:05.0254 4724 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:07:05.0256 4724 cdrom - ok
15:07:05.0313 4724 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:07:05.0314 4724 CertPropSvc - ok
15:07:05.0324 4724 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:07:05.0325 4724 circlass - ok
15:07:05.0340 4724 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:07:05.0344 4724 CLFS - ok
15:07:05.0413 4724 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
15:07:05.0415 4724 CLKMSVC10_38F51D56 - ok
15:07:05.0463 4724 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:07:05.0464 4724 clr_optimization_v2.0.50727_32 - ok
15:07:05.0485 4724 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:07:05.0486 4724 clr_optimization_v2.0.50727_64 - ok
15:07:05.0554 4724 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:07:05.0555 4724 clr_optimization_v4.0.30319_32 - ok
15:07:05.0570 4724 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:07:05.0572 4724 clr_optimization_v4.0.30319_64 - ok
15:07:05.0600 4724 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:07:05.0600 4724 CmBatt - ok
15:07:05.0604 4724 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:07:05.0604 4724 cmdide - ok
15:07:05.0647 4724 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:07:05.0651 4724 CNG - ok
15:07:05.0666 4724 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:07:05.0667 4724 Compbatt - ok
15:07:05.0684 4724 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:07:05.0685 4724 CompositeBus - ok
15:07:05.0693 4724 COMSysApp - ok
15:07:05.0699 4724 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:07:05.0699 4724 crcdisk - ok
15:07:05.0729 4724 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:07:05.0731 4724 CryptSvc - ok
15:07:05.0744 4724 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:07:05.0749 4724 CSC - ok
15:07:05.0781 4724 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:07:05.0786 4724 CscService - ok
15:07:05.0808 4724 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:07:05.0813 4724 DcomLaunch - ok
15:07:05.0834 4724 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:07:05.0837 4724 defragsvc - ok
15:07:05.0849 4724 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:07:05.0850 4724 DfsC - ok
15:07:05.0874 4724 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:07:05.0877 4724 Dhcp - ok
15:07:05.0907 4724 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:07:05.0907 4724 discache - ok
15:07:05.0932 4724 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:07:05.0933 4724 Disk - ok
15:07:05.0945 4724 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
15:07:05.0946 4724 dmvsc - ok
15:07:05.0969 4724 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:07:05.0971 4724 Dnscache - ok
15:07:05.0987 4724 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:07:05.0989 4724 dot3svc - ok
15:07:05.0999 4724 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:07:06.0001 4724 DPS - ok
15:07:06.0023 4724 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:07:06.0023 4724 drmkaud - ok
15:07:06.0078 4724 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:07:06.0080 4724 dtsoftbus01 - ok
15:07:06.0104 4724 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:07:06.0111 4724 DXGKrnl - ok
15:07:06.0131 4724 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:07:06.0133 4724 EapHost - ok
15:07:06.0183 4724 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:07:06.0203 4724 ebdrv - ok
15:07:06.0251 4724 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:07:06.0252 4724 EFS - ok
15:07:06.0295 4724 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:07:06.0300 4724 ehRecvr - ok
15:07:06.0311 4724 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:07:06.0312 4724 ehSched - ok
15:07:06.0345 4724 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:07:06.0348 4724 elxstor - ok
15:07:06.0356 4724 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:07:06.0357 4724 ErrDev - ok
15:07:06.0384 4724 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:07:06.0387 4724 EventSystem - ok
15:07:06.0401 4724 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:07:06.0402 4724 exfat - ok
15:07:06.0415 4724 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:07:06.0416 4724 fastfat - ok
15:07:06.0436 4724 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:07:06.0440 4724 Fax - ok
15:07:06.0451 4724 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:07:06.0451 4724 fdc - ok
15:07:06.0469 4724 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:07:06.0469 4724 fdPHost - ok
15:07:06.0479 4724 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:07:06.0480 4724 FDResPub - ok
15:07:06.0492 4724 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:07:06.0493 4724 FileInfo - ok
15:07:06.0505 4724 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:07:06.0505 4724 Filetrace - ok
15:07:06.0512 4724 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:07:06.0512 4724 flpydisk - ok
15:07:06.0526 4724 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:07:06.0528 4724 FltMgr - ok
15:07:06.0568 4724 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:07:06.0577 4724 FontCache - ok
15:07:06.0628 4724 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:07:06.0628 4724 FontCache3.0.0.0 - ok
15:07:06.0643 4724 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:07:06.0643 4724 FsDepends - ok
15:07:06.0667 4724 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:07:06.0668 4724 Fs_Rec - ok
15:07:06.0683 4724 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:07:06.0685 4724 fvevol - ok
15:07:06.0709 4724 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:07:06.0710 4724 gagp30kx - ok
15:07:06.0741 4724 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:07:06.0742 4724 GEARAspiWDM - ok
15:07:06.0761 4724 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:07:06.0764 4724 gpsvc - ok
15:07:06.0824 4724 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:07:06.0825 4724 gupdate - ok
15:07:06.0832 4724 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:07:06.0833 4724 gupdatem - ok
15:07:06.0847 4724 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:07:06.0847 4724 hcw85cir - ok
15:07:06.0881 4724 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:07:06.0884 4724 HdAudAddService - ok
15:07:06.0905 4724 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:07:06.0907 4724 HDAudBus - ok
15:07:06.0910 4724 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:07:06.0910 4724 HidBatt - ok
15:07:06.0918 4724 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:07:06.0919 4724 HidBth - ok
15:07:06.0944 4724 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:07:06.0945 4724 HidIr - ok
15:07:06.0954 4724 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:07:06.0955 4724 hidserv - ok
15:07:06.0986 4724 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:07:06.0986 4724 HidUsb - ok
15:07:07.0008 4724 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:07:07.0010 4724 hkmsvc - ok
15:07:07.0032 4724 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:07:07.0034 4724 HomeGroupListener - ok
15:07:07.0059 4724 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:07:07.0061 4724 HomeGroupProvider - ok
15:07:07.0065 4724 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:07:07.0066 4724 HpSAMD - ok
15:07:07.0081 4724 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:07:07.0086 4724 HTTP - ok
15:07:07.0097 4724 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:07:07.0098 4724 hwpolicy - ok
15:07:07.0120 4724 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:07:07.0121 4724 i8042prt - ok
15:07:07.0142 4724 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:07:07.0146 4724 iaStor - ok
15:07:07.0191 4724 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:07:07.0192 4724 IAStorDataMgrSvc - ok
15:07:07.0223 4724 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:07:07.0226 4724 iaStorV - ok
15:07:07.0265 4724 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:07:07.0271 4724 idsvc - ok
15:07:07.0374 4724 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:07:07.0395 4724 igfx - ok
15:07:07.0423 4724 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:07:07.0424 4724 iirsp - ok
15:07:07.0449 4724 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:07:07.0452 4724 IKEEXT - ok
15:07:07.0514 4724 [ 028E40182A6F0374978C755F85B9F07C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:07:07.0524 4724 IntcAzAudAddService - ok
15:07:07.0536 4724 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:07:07.0536 4724 intelide - ok
15:07:07.0552 4724 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:07:07.0553 4724 intelppm - ok
15:07:07.0568 4724 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:07:07.0569 4724 IPBusEnum - ok
15:07:07.0576 4724 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:07:07.0576 4724 IpFilterDriver - ok
15:07:07.0604 4724 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:07:07.0609 4724 iphlpsvc - ok
15:07:07.0622 4724 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:07:07.0623 4724 IPMIDRV - ok
15:07:07.0639 4724 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:07:07.0640 4724 IPNAT - ok
15:07:07.0672 4724 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:07:07.0679 4724 iPod Service - ok
15:07:07.0694 4724 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:07:07.0695 4724 IRENUM - ok
15:07:07.0719 4724 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:07:07.0719 4724 isapnp - ok
15:07:07.0728 4724 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:07:07.0730 4724 iScsiPrt - ok
15:07:07.0745 4724 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:07:07.0745 4724 kbdclass - ok
15:07:07.0758 4724 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:07:07.0758 4724 kbdhid - ok
15:07:07.0777 4724 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:07:07.0778 4724 KeyIso - ok
15:07:07.0806 4724 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:07:07.0807 4724 KSecDD - ok
15:07:07.0830 4724 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:07:07.0832 4724 KSecPkg - ok
15:07:07.0854 4724 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:07:07.0855 4724 ksthunk - ok
15:07:07.0892 4724 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:07:07.0896 4724 KtmRm - ok
15:07:07.0933 4724 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:07:07.0936 4724 LanmanServer - ok
15:07:07.0973 4724 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:07:07.0976 4724 LanmanWorkstation - ok
15:07:08.0029 4724 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:07:08.0030 4724 lltdio - ok
15:07:08.0102 4724 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:07:08.0105 4724 lltdsvc - ok
15:07:08.0135 4724 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:07:08.0136 4724 lmhosts - ok
15:07:08.0168 4724 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:07:08.0169 4724 LSI_FC - ok
15:07:08.0196 4724 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:07:08.0207 4724 LSI_SAS - ok
15:07:08.0261 4724 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:07:08.0262 4724 LSI_SAS2 - ok
15:07:08.0287 4724 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:07:08.0288 4724 LSI_SCSI - ok
15:07:08.0312 4724 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:07:08.0313 4724 luafv - ok
15:07:08.0382 4724 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:07:08.0383 4724 MBAMProtector - ok
15:07:08.0433 4724 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:07:08.0436 4724 MBAMScheduler - ok
15:07:08.0488 4724 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:07:08.0493 4724 MBAMService - ok
15:07:08.0551 4724 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
15:07:08.0552 4724 MBfilt - ok
15:07:08.0573 4724 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:07:08.0575 4724 Mcx2Svc - ok
15:07:08.0586 4724 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:07:08.0587 4724 megasas - ok
15:07:08.0604 4724 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:07:08.0607 4724 MegaSR - ok
15:07:08.0633 4724 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:07:08.0633 4724 MEIx64 - ok
15:07:08.0642 4724 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:07:08.0643 4724 MMCSS - ok
15:07:08.0663 4724 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:07:08.0663 4724 Modem - ok
15:07:08.0673 4724 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:07:08.0673 4724 monitor - ok
15:07:08.0689 4724 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:07:08.0690 4724 mouclass - ok
15:07:08.0706 4724 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:07:08.0707 4724 mouhid - ok
15:07:08.0725 4724 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:07:08.0727 4724 mountmgr - ok
15:07:08.0807 4724 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:07:08.0808 4724 MozillaMaintenance - ok
15:07:08.0823 4724 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:07:08.0825 4724 mpio - ok
15:07:08.0829 4724 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:07:08.0830 4724 mpsdrv - ok
15:07:08.0861 4724 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:07:08.0864 4724 MpsSvc - ok
15:07:08.0877 4724 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:07:08.0878 4724 MRxDAV - ok
15:07:08.0902 4724 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:07:08.0903 4724 mrxsmb - ok
15:07:08.0927 4724 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:07:08.0929 4724 mrxsmb10 - ok
15:07:08.0938 4724 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:07:08.0939 4724 mrxsmb20 - ok
15:07:08.0959 4724 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:07:08.0959 4724 msahci - ok
15:07:09.0009 4724 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
15:07:09.0010 4724 MSCamSvc - ok
15:07:09.0020 4724 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:07:09.0021 4724 msdsm - ok
15:07:09.0032 4724 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:07:09.0034 4724 MSDTC - ok
15:07:09.0054 4724 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:07:09.0054 4724 Msfs - ok
15:07:09.0070 4724 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:07:09.0071 4724 mshidkmdf - ok
15:07:09.0098 4724 [ 55218F924E55FD2786ED40EDF4ED79C3 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
15:07:09.0098 4724 MSHUSBVideo - ok
15:07:09.0109 4724 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:07:09.0110 4724 msisadrv - ok
15:07:09.0125 4724 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:07:09.0126 4724 MSiSCSI - ok
15:07:09.0129 4724 msiserver - ok
15:07:09.0138 4724 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:07:09.0139 4724 MSKSSRV - ok
15:07:09.0158 4724 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:07:09.0158 4724 MSPCLOCK - ok
15:07:09.0161 4724 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:07:09.0161 4724 MSPQM - ok
15:07:09.0180 4724 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:07:09.0183 4724 MsRPC - ok
15:07:09.0195 4724 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:07:09.0195 4724 mssmbios - ok
15:07:09.0206 4724 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:07:09.0207 4724 MSTEE - ok
15:07:09.0221 4724 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:07:09.0221 4724 MTConfig - ok
15:07:09.0227 4724 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:07:09.0228 4724 Mup - ok
15:07:09.0251 4724 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:07:09.0255 4724 napagent - ok
15:07:09.0281 4724 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:07:09.0283 4724 NativeWifiP - ok
15:07:09.0324 4724 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:07:09.0331 4724 NDIS - ok
15:07:09.0338 4724 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:07:09.0338 4724 NdisCap - ok
15:07:09.0362 4724 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:07:09.0363 4724 NdisTapi - ok
15:07:09.0372 4724 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:07:09.0373 4724 Ndisuio - ok
15:07:09.0389 4724 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:07:09.0390 4724 NdisWan - ok
15:07:09.0397 4724 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:07:09.0398 4724 NDProxy - ok
15:07:09.0417 4724 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:07:09.0418 4724 NetBIOS - ok
15:07:09.0430 4724 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:07:09.0433 4724 NetBT - ok
15:07:09.0443 4724 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:07:09.0444 4724 Netlogon - ok
15:07:09.0461 4724 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:07:09.0465 4724 Netman - ok
15:07:09.0512 4724 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:07:09.0513 4724 NetMsmqActivator - ok
15:07:09.0517 4724 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:07:09.0518 4724 NetPipeActivator - ok
15:07:09.0540 4724 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:07:09.0545 4724 netprofm - ok
15:07:09.0549 4724 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:07:09.0550 4724 NetTcpActivator - ok
15:07:09.0554 4724 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:07:09.0556 4724 NetTcpPortSharing - ok
15:07:09.0570 4724 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:07:09.0570 4724 nfrd960 - ok
15:07:09.0593 4724 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:07:09.0597 4724 NlaSvc - ok
15:07:09.0605 4724 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:07:09.0606 4724 Npfs - ok
15:07:09.0612 4724 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:07:09.0613 4724 nsi - ok
15:07:09.0622 4724 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:07:09.0622 4724 nsiproxy - ok
15:07:09.0672 4724 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:07:09.0685 4724 Ntfs - ok
15:07:09.0708 4724 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:07:09.0708 4724 Null - ok
15:07:09.0735 4724 [ 9A33100AC62A0463C49E47EE8E77083A ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
15:07:09.0736 4724 nusb3hub - ok
15:07:09.0753 4724 [ 87C321F7BEE646B7EC6EEDD6EB725741 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:07:09.0755 4724 nusb3xhc - ok
15:07:09.0786 4724 [ 10204955027011E08A9DC27737A48A54 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
15:07:09.0788 4724 NVHDA - ok
15:07:09.0938 4724 [ B15258B1F45F9571758AC6BB2F043B01 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:07:09.0980 4724 nvlddmkm - ok
15:07:10.0006 4724 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:07:10.0007 4724 nvraid - ok
15:07:10.0019 4724 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:07:10.0020 4724 nvstor - ok
15:07:10.0061 4724 [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:07:10.0072 4724 nvsvc - ok
15:07:10.0114 4724 [ 7E22DE30E222BFDFCEC7E77032BAF3CD ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:07:10.0127 4724 nvUpdatusService - ok
15:07:10.0143 4724 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:07:10.0144 4724 nv_agp - ok
15:07:10.0168 4724 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:07:10.0168 4724 ohci1394 - ok
15:07:10.0186 4724 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:07:10.0189 4724 p2pimsvc - ok
15:07:10.0199 4724 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:07:10.0202 4724 p2psvc - ok
15:07:10.0220 4724 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:07:10.0221 4724 Parport - ok
15:07:10.0249 4724 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:07:10.0250 4724 partmgr - ok
15:07:10.0265 4724 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:07:10.0268 4724 PcaSvc - ok
15:07:10.0280 4724 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:07:10.0282 4724 pci - ok
15:07:10.0301 4724 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:07:10.0302 4724 pciide - ok
15:07:10.0314 4724 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:07:10.0316 4724 pcmcia - ok
15:07:10.0326 4724 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:07:10.0327 4724 pcw - ok
15:07:10.0343 4724 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:07:10.0348 4724 PEAUTH - ok
15:07:10.0388 4724 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:07:10.0400 4724 PeerDistSvc - ok
15:07:10.0459 4724 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:07:10.0460 4724 PerfHost - ok
15:07:10.0490 4724 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:07:10.0500 4724 pla - ok
15:07:10.0550 4724 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:07:10.0555 4724 PlugPlay - ok
15:07:10.0567 4724 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:07:10.0569 4724 PNRPAutoReg - ok
15:07:10.0578 4724 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:07:10.0582 4724 PNRPsvc - ok
15:07:10.0605 4724 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:07:10.0610 4724 PolicyAgent - ok
15:07:10.0631 4724 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:07:10.0634 4724 Power - ok
15:07:10.0657 4724 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:07:10.0658 4724 PptpMiniport - ok
15:07:10.0665 4724 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:07:10.0666 4724 Processor - ok
15:07:10.0694 4724 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:07:10.0697 4724 ProfSvc - ok
15:07:10.0709 4724 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:07:10.0711 4724 ProtectedStorage - ok
15:07:10.0725 4724 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:07:10.0727 4724 Psched - ok
15:07:10.0756 4724 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:07:10.0766 4724 ql2300 - ok
15:07:10.0782 4724 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:07:10.0783 4724 ql40xx - ok
15:07:10.0806 4724 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:07:10.0809 4724 QWAVE - ok
15:07:10.0820 4724 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:07:10.0821 4724 QWAVEdrv - ok
15:07:10.0835 4724 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:07:10.0835 4724 RasAcd - ok
15:07:10.0859 4724 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:07:10.0860 4724 RasAgileVpn - ok
15:07:10.0874 4724 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:07:10.0876 4724 RasAuto - ok
15:07:10.0886 4724 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:07:10.0887 4724 Rasl2tp - ok
15:07:10.0917 4724 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:07:10.0921 4724 RasMan - ok
15:07:10.0929 4724 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:07:10.0930 4724 RasPppoe - ok
15:07:10.0941 4724 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:07:10.0942 4724 RasSstp - ok
15:07:10.0951 4724 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:07:10.0954 4724 rdbss - ok
15:07:10.0966 4724 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:07:10.0967 4724 rdpbus - ok
15:07:10.0982 4724 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:07:10.0983 4724 RDPCDD - ok
15:07:11.0007 4724 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:07:11.0008 4724 RDPDR - ok
15:07:11.0019 4724 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:07:11.0019 4724 RDPENCDD - ok
15:07:11.0027 4724 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:07:11.0027 4724 RDPREFMP - ok
15:07:11.0064 4724 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:07:11.0066 4724 RDPWD - ok
15:07:11.0095 4724 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:07:11.0097 4724 rdyboost - ok
15:07:11.0123 4724 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:07:11.0125 4724 RemoteAccess - ok
15:07:11.0166 4724 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:07:11.0168 4724 RemoteRegistry - ok
15:07:11.0177 4724 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:07:11.0179 4724 RpcEptMapper - ok
15:07:11.0192 4724 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:07:11.0193 4724 RpcLocator - ok
15:07:11.0208 4724 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:07:11.0213 4724 RpcSs - ok
15:07:11.0223 4724 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:07:11.0224 4724 rspndr - ok
15:07:11.0249 4724 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:07:11.0253 4724 RTL8167 - ok
15:07:11.0264 4724 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:07:11.0264 4724 s3cap - ok
15:07:11.0276 4724 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:07:11.0277 4724 SamSs - ok
15:07:11.0290 4724 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:07:11.0291 4724 sbp2port - ok
15:07:11.0304 4724 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:07:11.0306 4724 SCardSvr - ok
15:07:11.0323 4724 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:07:11.0324 4724 scfilter - ok
15:07:11.0360 4724 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:07:11.0370 4724 Schedule - ok
15:07:11.0388 4724 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:07:11.0389 4724 SCPolicySvc - ok
15:07:11.0402 4724 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:07:11.0405 4724 SDRSVC - ok
15:07:11.0424 4724 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:07:11.0425 4724 secdrv - ok
15:07:11.0430 4724 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:07:11.0432 4724 seclogon - ok
15:07:11.0444 4724 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:07:11.0446 4724 SENS - ok
15:07:11.0449 4724 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:07:11.0451 4724 SensrSvc - ok
15:07:11.0459 4724 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:07:11.0460 4724 Serenum - ok
15:07:11.0482 4724 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:07:11.0483 4724 Serial - ok
15:07:11.0498 4724 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:07:11.0498 4724 sermouse - ok
15:07:11.0507 4724 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:07:11.0510 4724 SessionEnv - ok
15:07:11.0527 4724 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:07:11.0528 4724 sffdisk - ok
15:07:11.0531 4724 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:07:11.0531 4724 sffp_mmc - ok
15:07:11.0534 4724 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:07:11.0534 4724 sffp_sd - ok
15:07:11.0537 4724 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:07:11.0538 4724 sfloppy - ok
15:07:11.0550 4724 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:07:11.0553 4724 SharedAccess - ok
15:07:11.0578 4724 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:07:11.0582 4724 ShellHWDetection - ok
15:07:11.0595 4724 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:07:11.0596 4724 SiSRaid2 - ok
15:07:11.0604 4724 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:07:11.0605 4724 SiSRaid4 - ok
15:07:11.0696 4724 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:07:11.0715 4724 Skype C2C Service - ok
15:07:11.0749 4724 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:07:11.0750 4724 SkypeUpdate - ok
15:07:11.0784 4724 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:07:11.0785 4724 Smb - ok
15:07:11.0826 4724 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:07:11.0828 4724 SNMPTRAP - ok
15:07:11.0840 4724 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:07:11.0840 4724 spldr - ok
15:07:11.0876 4724 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:07:11.0882 4724 Spooler - ok
15:07:11.0935 4724 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:07:11.0959 4724 sppsvc - ok
15:07:11.0965 4724 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:07:11.0966 4724 sppuinotify - ok
15:07:11.0975 4724 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:07:11.0977 4724 srv - ok
15:07:11.0987 4724 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:07:11.0988 4724 srv2 - ok
15:07:12.0001 4724 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:07:12.0002 4724 srvnet - ok
15:07:12.0021 4724 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:07:12.0024 4724 SSDPSRV - ok
15:07:12.0034 4724 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:07:12.0036 4724 SstpSvc - ok
15:07:12.0067 4724 Steam Client Service - ok
15:07:12.0102 4724 [ 9E1222C417291BC836210743624A8E5E ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:07:12.0105 4724 Stereo Service - ok
15:07:12.0123 4724 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:07:12.0124 4724 stexstor - ok
15:07:12.0144 4724 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:07:12.0150 4724 stisvc - ok
15:07:12.0158 4724 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:07:12.0158 4724 storflt - ok
15:07:12.0182 4724 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
15:07:12.0183 4724 StorSvc - ok
15:07:12.0197 4724 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:07:12.0198 4724 storvsc - ok
15:07:12.0208 4724 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:07:12.0209 4724 swenum - ok
15:07:12.0244 4724 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:07:12.0250 4724 swprv - ok
15:07:12.0278 4724 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:07:12.0290 4724 SysMain - ok
15:07:12.0296 4724 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:07:12.0298 4724 TabletInputService - ok
15:07:12.0307 4724 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:07:12.0309 4724 TapiSrv - ok
15:07:12.0321 4724 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:07:12.0323 4724 TBS - ok
15:07:12.0376 4724 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:07:12.0387 4724 Tcpip - ok
15:07:12.0410 4724 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:07:12.0422 4724 TCPIP6 - ok
15:07:12.0441 4724 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:07:12.0442 4724 tcpipreg - ok
15:07:12.0456 4724 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:07:12.0456 4724 TDPIPE - ok
15:07:12.0477 4724 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:07:12.0478 4724 TDTCP - ok
15:07:12.0486 4724 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:07:12.0487 4724 tdx - ok
15:07:12.0507 4724 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:07:12.0508 4724 TermDD - ok
15:07:12.0527 4724 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:07:12.0533 4724 TermService - ok
15:07:12.0547 4724 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:07:12.0549 4724 Themes - ok
15:07:12.0558 4724 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:07:12.0559 4724 THREADORDER - ok
15:07:12.0568 4724 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:07:12.0570 4724 TrkWks - ok
15:07:12.0651 4724 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:07:12.0653 4724 TrustedInstaller - ok
15:07:12.0661 4724 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:07:12.0662 4724 tssecsrv - ok
15:07:12.0682 4724 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:07:12.0683 4724 TsUsbFlt - ok
15:07:12.0692 4724 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:07:12.0693 4724 TsUsbGD - ok
15:07:12.0723 4724 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:07:12.0724 4724 tunnel - ok
15:07:12.0742 4724 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
15:07:12.0742 4724 TurboB - ok
15:07:12.0773 4724 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:07:12.0774 4724 TurboBoost - ok
15:07:12.0787 4724 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:07:12.0788 4724 uagp35 - ok
15:07:12.0804 4724 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:07:12.0807 4724 udfs - ok
15:07:12.0836 4724 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:07:12.0838 4724 UI0Detect - ok
15:07:12.0858 4724 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:07:12.0859 4724 uliagpkx - ok
15:07:12.0870 4724 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:07:12.0871 4724 umbus - ok
15:07:12.0892 4724 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:07:12.0893 4724 UmPass - ok
15:07:12.0907 4724 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:07:12.0910 4724 UmRdpService - ok
15:07:12.0925 4724 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:07:12.0930 4724 upnphost - ok
15:07:12.0974 4724 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:07:12.0974 4724 USBAAPL64 - ok
15:07:13.0011 4724 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:07:13.0012 4724 usbaudio - ok
15:07:13.0037 4724 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:07:13.0038 4724 usbccgp - ok
15:07:13.0052 4724 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:07:13.0053 4724 usbcir - ok
15:07:13.0066 4724 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:07:13.0066 4724 usbehci - ok
15:07:13.0087 4724 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:07:13.0089 4724 usbhub - ok
15:07:13.0130 4724 [ 5C4219C10B5887DFF85E1D2779AED55B ] usbio C:\Windows\system32\Drivers\dsiarhwprog_x64.sys
15:07:13.0131 4724 usbio - ok
15:07:13.0140 4724 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:07:13.0141 4724 usbohci - ok
15:07:13.0159 4724 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:07:13.0159 4724 usbprint - ok
15:07:13.0178 4724 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:07:13.0179 4724 usbscan - ok
15:07:13.0186 4724 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:07:13.0187 4724 USBSTOR - ok
15:07:13.0194 4724 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:07:13.0194 4724 usbuhci - ok
15:07:13.0210 4724 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:07:13.0212 4724 usbvideo - ok
15:07:13.0237 4724 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:07:13.0239 4724 UxSms - ok
15:07:13.0251 4724 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:07:13.0252 4724 VaultSvc - ok
15:07:13.0259 4724 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:07:13.0259 4724 vdrvroot - ok
15:07:13.0272 4724 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:07:13.0278 4724 vds - ok
15:07:13.0297 4724 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:07:13.0297 4724 vga - ok
15:07:13.0310 4724 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:07:13.0311 4724 VgaSave - ok
15:07:13.0322 4724 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:07:13.0324 4724 vhdmp - ok
15:07:13.0348 4724 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:07:13.0349 4724 viaide - ok
15:07:13.0358 4724 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:07:13.0360 4724 vmbus - ok
15:07:13.0366 4724 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:07:13.0366 4724 VMBusHID - ok
15:07:13.0381 4724 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:07:13.0382 4724 volmgr - ok
15:07:13.0399 4724 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:07:13.0402 4724 volmgrx - ok
15:07:13.0408 4724 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:07:13.0410 4724 volsnap - ok
15:07:13.0417 4724 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:07:13.0418 4724 vsmraid - ok
15:07:13.0442 4724 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:07:13.0454 4724 VSS - ok
15:07:13.0460 4724 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:07:13.0461 4724 vwifibus - ok
15:07:13.0481 4724 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:07:13.0483 4724 W32Time - ok
15:07:13.0497 4724 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:07:13.0497 4724 WacomPen - ok
15:07:13.0506 4724 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:07:13.0507 4724 WANARP - ok
15:07:13.0508 4724 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:07:13.0509 4724 Wanarpv6 - ok
15:07:13.0549 4724 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:07:13.0555 4724 WatAdminSvc - ok
15:07:13.0588 4724 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:07:13.0596 4724 wbengine - ok
15:07:13.0605 4724 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:07:13.0607 4724 WbioSrvc - ok
15:07:13.0616 4724 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:07:13.0618 4724 wcncsvc - ok
15:07:13.0630 4724 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:07:13.0631 4724 WcsPlugInService - ok
15:07:13.0644 4724 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:07:13.0644 4724 Wd - ok
15:07:13.0665 4724 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
15:07:13.0665 4724 WDC_SAM - ok
15:07:13.0682 4724 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:07:13.0688 4724 Wdf01000 - ok
15:07:13.0702 4724 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:07:13.0705 4724 WdiServiceHost - ok
15:07:13.0708 4724 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:07:13.0710 4724 WdiSystemHost - ok
15:07:13.0727 4724 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:07:13.0731 4724 WebClient - ok
15:07:13.0746 4724 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:07:13.0750 4724 Wecsvc - ok
15:07:13.0759 4724 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:07:13.0761 4724 wercplsupport - ok
15:07:13.0780 4724 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:07:13.0783 4724 WerSvc - ok
15:07:13.0790 4724 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:07:13.0790 4724 WfpLwf - ok
15:07:13.0802 4724 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:07:13.0803 4724 WIMMount - ok
15:07:13.0811 4724 WinDefend - ok
15:07:13.0827 4724 WinHttpAutoProxySvc - ok
15:07:13.0874 4724 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:07:13.0876 4724 Winmgmt - ok
15:07:13.0918 4724 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:07:13.0934 4724 WinRM - ok
15:07:13.0954 4724 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:07:13.0958 4724 Wlansvc - ok
15:07:13.0968 4724 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:07:13.0969 4724 WmiAcpi - ok
15:07:13.0982 4724 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:07:13.0983 4724 wmiApSrv - ok
15:07:14.0013 4724 WMPNetworkSvc - ok
15:07:14.0030 4724 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:07:14.0032 4724 WPCSvc - ok
15:07:14.0039 4724 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:07:14.0042 4724 WPDBusEnum - ok
15:07:14.0060 4724 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:07:14.0060 4724 ws2ifsl - ok
15:07:14.0067 4724 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:07:14.0069 4724 wscsvc - ok
15:07:14.0072 4724 WSearch - ok
15:07:14.0138 4724 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:07:14.0152 4724 wuauserv - ok
15:07:14.0162 4724 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:07:14.0163 4724 WudfPf - ok
15:07:14.0179 4724 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:07:14.0180 4724 WUDFRd - ok
15:07:14.0203 4724 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:07:14.0204 4724 wudfsvc - ok
15:07:14.0215 4724 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:07:14.0216 4724 WwanSvc - ok
15:07:14.0233 4724 ================ Scan global ===============================
15:07:14.0255 4724 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:07:14.0289 4724 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:07:14.0297 4724 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:07:14.0333 4724 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:07:14.0346 4724 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:07:14.0350 4724 [Global] - ok
15:07:14.0351 4724 ================ Scan MBR ==================================
15:07:14.0361 4724 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:07:14.0613 4724 \Device\Harddisk0\DR0 - ok
15:07:14.0614 4724 ================ Scan VBR ==================================
15:07:14.0615 4724 [ 69D4B57A86C043D0ED04D33EAA27B776 ] \Device\Harddisk0\DR0\Partition1
15:07:14.0616 4724 \Device\Harddisk0\DR0\Partition1 - ok
15:07:14.0625 4724 [ BC780E3FEE7CF11112A876E3A5BF3FD2 ] \Device\Harddisk0\DR0\Partition2
15:07:14.0625 4724 \Device\Harddisk0\DR0\Partition2 - ok
15:07:14.0635 4724 [ C1D3D3168B1BD71A35F1D689EAFB5A38 ] \Device\Harddisk0\DR0\Partition3
15:07:14.0636 4724 \Device\Harddisk0\DR0\Partition3 - ok
15:07:14.0636 4724 ============================================================
15:07:14.0636 4724 Scan finished
15:07:14.0636 4724 ============================================================
15:07:14.0640 5928 Detected object count: 0
15:07:14.0640 5928 Actual detected object count: 0

Thanks,
Kevin R
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm

Re: Need help with computer

Unread postby deltalima » October 17th, 2012, 4:36 pm

Hi TerriReb,

After a thorough check, there are no remaining signs of active malware on the computer.

There are however problems with the computer, there are many event log errors e.g.

10/6/2012 1:57:14 PM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not start due to a logon failure.


This would indicate a corruption of the Registry. You could attempt to obtain help at a general computer forum but I would recommend that the quickest way to resolve the issue would be to reinstall Windows.

As your problems do not appear to be malware related, this topic is now closed.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site,
please read Donations For Malware Removal
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Need help with computer

Unread postby TerriReb » October 17th, 2012, 9:51 pm

Thank you thank you thank you for helping me get the virus(es) off my computer. I will reinstall Windows to fix that problem you identified.

I really appreciate all of your help!

Thanks again,
Kevin R :cheers:
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm

Re: Need help with computer

Unread postby deltalima » October 18th, 2012, 3:40 am

You're welcome!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware