Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Erratic CPU usage spikes during mouse movement and pretty much anything


  • This topic is locked This topic is locked
61 replies to this topic

#1 Phep

Phep

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 19 May 2013 - 07:02 PM

Hi,

 

I recently made a thread in the "Am I infected? What do I do now?" forum and Broni told me to come here. Here is the link http://www.bleepingcomputer.com/forums/t/495027/erratic-cpu-usage-spikes-during-mouse-movement-and-every-application/page-3

 

I was looking at process explorer while I was watching videos on youtube and the CPU usage will bounce around between 60-100. If i click on a different tab without any streaming videos or anyting, CPU will bounc around 30-60%. When I'm idle, CPU will erratically bounce around between 2-14% and will periodically be punctuated by instances where CPU usage shoots up to 50+%. Moving my mouse with just Chrome and Process Explorer open will make the CPU jump to ~30%. Despite all this, the things Broni helped me with have really improved my computer. Booting up the computer is acceptable now and i can actually type in gchat without waiting for my computer to catch up with my fingers. However, it still feels like something is off as my computer can't watch videos without frequent stuttering and these jumps in cpu usage just seem outrageous. 

 

 

Here is what I've tried on my own prior to coming here:

 

 

1) Updated all recommended drivers from dell support website

2) Windows Error-check on my C hard drive

3) Windows Disk-Cleanup

4) ran AVG, Malwarebytes, Spybot Search and Destroy to look for bugs. AVG came up negative with the viruses, Malwarebytes found no threats, Spybot found like 200 things and I told it to remove them.

5) ran CCleaner to clear registry and temp files.

6) defrag

7) used external mouse and problem still persists

8) cleaned out the dust from inside the computer

 
 

Broni sent me here after guiding me through a battery of tests.

 

9) used Security Check

10) FSS

11) MiniToolBox

12) MBAM

13) MBAR

14) RKill

15) TFC

16) AdwCleaner

17) JRT

18) ESET scan (removed some quarantined worms)

19) replaced Adobe Reader with Foxit

20) updated Java and removed older versions

21) used Process Explorer

22) checked device manager to make sure something was in DMA mode

23) ran hard drive diagnostic for WD drive using Data Lifeguard Diagnostics for Windows

24) used System Information Viewer

25) Did some troubleshooting with some stuff in msconfig

 

The computer in question is a Dell inspiron 1420 with Vista. I've had it for maybe 6 or 7 years (maybe even more I don't remember).

 

Help would be greatly appreciated.

 

Edit:  forgot the DDS log.

 

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16483
Run by David at 16:34:56 on 2013-05-19
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2037.896 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Users\David\Desktop\Diagnostics and Maintenance\Process Explorer.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Internet Explorer provided by Dell
mStart Page = hxxp://www.google.com
uProxyOverride = <local>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - c:\users\david\appdata\local\toparcadehits\Toparcadehits.dll
BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - c:\program files\updater by sweetpacks\Extension32.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [WallpaperSS] c:\program files\wallpaperss\WallpaperSS.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Google Update] "c:\users\david\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "c:\users\david\appdata\local\akamai\netsession_win.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bluetooth.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digital line detect.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - <orphaned>
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{5385815C-D51F-4077-811F-8EB9285CCDDF} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{DB0ABED3-98FA-463A-9D71-4AD55B10B1EC} : DHCPNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-5-17 37664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-4-25 4936752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-2-7 21504]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-17 179712]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-3-17 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-18 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-8 701512]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2013-5-17 1153368]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\ToolbarUpdater.exe [2013-5-17 1015984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-8 22856]
S3 SIVDriver;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [2013-5-19 108536]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-05-19 22:57:52 -------- d-----w- c:\windows\pss
2013-05-19 22:14:39 108536 ----a-w- c:\windows\system32\drivers\SIVX32.sys
2013-05-19 21:18:13 -------- d-----w- c:\program files\Belarc
2013-05-19 19:55:47 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-19 19:55:47 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-19 19:55:34 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-19 19:49:33 -------- d-----w- c:\users\david\appdata\roaming\Foxit Software
2013-05-19 19:49:33 -------- d-----w- c:\program files\Foxit Software
2013-05-18 21:39:28 -------- d-----w- c:\program files\ESET
2013-05-18 21:23:41 115 ----a-w- c:\windows\DeleteOnReboot.bat
2013-05-18 19:13:10 -------- d-sh--w- C:\$RECYCLE.BIN
2013-05-18 17:39:17 -------- d-s---w- C:\ComboFix
2013-05-18 15:55:47 -------- d-----w- c:\users\david\appdata\local\TopArcadeHits
2013-05-18 05:45:00 3922767 ----a-w- c:\users\david\R165804.exe
2013-05-18 05:44:50 4841464 ----a-w- c:\users\david\R147130.EXE
2013-05-18 05:44:41 4147758 ----a-w- c:\users\david\R148605.exe
2013-05-18 05:44:25 8979784 ----a-w- c:\users\david\R169813.EXE
2013-05-18 05:44:19 1874280 ----a-w- c:\users\david\R167368.exe
2013-05-18 05:43:33 24610976 ----a-w- c:\users\david\DELL_MULTI-DEVICE_A06_R212089.EXE
2013-05-18 05:43:29 595672 ----a-w- c:\users\david\R141246.EXE
2013-05-18 05:43:24 1112008 ----a-w- c:\users\david\1420_A10.EXE
2013-05-18 05:43:13 3892272 ----a-w- c:\users\david\CW1337A0.exe
2013-05-18 05:08:39 -------- d-----w- c:\users\david\appdata\local\Akamai
2013-05-18 02:27:01 -------- d-----w- c:\users\david\appdata\roaming\Dell
2013-05-18 02:26:26 -------- d-----w- c:\programdata\PC-Doctor for Windows
2013-05-18 02:26:24 -------- d-----w- c:\programdata\PCDr
2013-05-18 02:22:58 -------- d-----w- c:\program files\Dell Support Center
2013-05-18 02:01:13 -------- d-----w- c:\users\david\appdata\roaming\PCDr
2013-05-18 02:01:08 -------- d-----w- C:\temp
2013-05-18 01:22:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-18 01:22:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-05-17 20:52:41 -------- d-----w- c:\users\david\appdata\roaming\Registry Mechanic
2013-05-17 15:43:10 -------- d-----w- c:\programdata\PC Optimizer Pro
2013-05-17 15:40:16 -------- d-----w- c:\program files\Free Window Registry Repair
2013-05-17 15:38:32 -------- d-----w- c:\program files\Updater By SweetPacks
2013-05-17 15:09:28 -------- d-----w- c:\users\david\appdata\roaming\AVG2013
2013-05-17 15:07:11 -------- d-----w- c:\users\david\appdata\local\AVG SafeGuard toolbar
2013-05-17 15:06:50 -------- d-----w- c:\users\david\appdata\roaming\TuneUp Software
2013-05-17 15:06:38 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-05-17 15:06:31 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-05-17 15:06:27 -------- d-----w- c:\program files\common files\AVG Secure Search
2013-05-17 15:06:26 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-05-17 15:04:44 -------- d--h--w- C:\$AVG
2013-05-17 15:04:43 -------- d-----w- c:\programdata\AVG2013
2013-05-17 15:02:42 -------- d-----w- c:\program files\AVG
2013-05-17 14:57:39 -------- d-----w- c:\users\david\appdata\local\MFAData
2013-05-17 14:57:39 -------- d-----w- c:\users\david\appdata\local\Avg2013
2013-05-17 09:24:37 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a91eb479-9552-4c2e-9b5a-984957b7c067}\mpengine.dll
2013-05-15 10:21:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 10:01:00 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-05-15 10:01:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-15 10:01:00 149632 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-05-15 01:41:37 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 01:41:37 37376 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 01:41:30 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-05-14 02:22:56 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-14 02:22:55 64000 ----a-w- c:\windows\system32\smss.exe
2013-05-14 02:22:55 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-05-14 02:22:55 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-14 02:22:53 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-05-14 02:22:51 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-05-14 02:22:50 376320 ----a-w- c:\windows\system32\winsrv.dll
.
==================== Find3M  ====================
.
2013-05-15 03:46:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 03:46:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 09:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-04 22:11:34 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-04 21:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-29 09:53:48 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-03-21 10:08:24 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-03-01 17:32:20 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
============= FINISH: 16:36:33.45 ===============

Edited by Phep, 19 May 2013 - 08:36 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 PM

Posted 24 May 2013 - 07:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/495150 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Phep

Phep
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 24 May 2013 - 07:57 PM

DDS #2

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16483
Run by David at 17:53:13 on 2013-05-24
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2037.838 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\WallpaperSS\WallpaperSS.exe
C:\Users\David\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Users\David\AppData\Local\Akamai\netsession_win.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2013\avgcfgex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Internet Explorer provided by Dell
mStart Page = hxxp://www.google.com
uProxyOverride = <local>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - c:\users\david\appdata\local\toparcadehits\Toparcadehits.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [WallpaperSS] c:\program files\wallpaperss\WallpaperSS.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Google Update] "c:\users\david\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "c:\users\david\appdata\local\akamai\netsession_win.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bluetooth.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digital line detect.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - <orphaned>
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{5385815C-D51F-4077-811F-8EB9285CCDDF} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{DB0ABED3-98FA-463A-9D71-4AD55B10B1EC} : DHCPNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.94\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-5-17 37664]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-3-17 73728]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-2-7 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-18 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-8 701512]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2013-5-17 1153368]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\ToolbarUpdater.exe [2013-5-17 1015984]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-17 179712]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-8 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 SIVDriver;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [2013-5-19 108536]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-05-24 09:19:44 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{38e721fa-f50b-4d9c-b112-97ae3dd3ec29}\mpengine.dll
2013-05-20 00:35:48 -------- d-----w- c:\windows\ERUNT
2013-05-20 00:35:08 -------- d-----w- C:\JRT
2013-05-19 22:57:52 -------- d-----w- c:\windows\pss
2013-05-19 22:14:39 108536 ----a-w- c:\windows\system32\drivers\SIVX32.sys
2013-05-19 21:18:13 -------- d-----w- c:\program files\Belarc
2013-05-19 19:55:47 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-19 19:55:47 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-19 19:55:34 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-19 19:49:33 -------- d-----w- c:\users\david\appdata\roaming\Foxit Software
2013-05-19 19:49:33 -------- d-----w- c:\program files\Foxit Software
2013-05-18 21:39:28 -------- d-----w- c:\program files\ESET
2013-05-18 21:23:41 115 ----a-w- c:\windows\DeleteOnReboot.bat
2013-05-18 19:13:10 -------- d-sh--w- C:\$RECYCLE.BIN
2013-05-18 17:39:17 -------- d-s---w- C:\ComboFix
2013-05-18 15:55:47 -------- d-----w- c:\users\david\appdata\local\TopArcadeHits
2013-05-18 05:45:00 3922767 ----a-w- c:\users\david\R165804.exe
2013-05-18 05:44:50 4841464 ----a-w- c:\users\david\R147130.EXE
2013-05-18 05:44:41 4147758 ----a-w- c:\users\david\R148605.exe
2013-05-18 05:44:25 8979784 ----a-w- c:\users\david\R169813.EXE
2013-05-18 05:44:19 1874280 ----a-w- c:\users\david\R167368.exe
2013-05-18 05:43:33 24610976 ----a-w- c:\users\david\DELL_MULTI-DEVICE_A06_R212089.EXE
2013-05-18 05:43:29 595672 ----a-w- c:\users\david\R141246.EXE
2013-05-18 05:43:24 1112008 ----a-w- c:\users\david\1420_A10.EXE
2013-05-18 05:43:13 3892272 ----a-w- c:\users\david\CW1337A0.exe
2013-05-18 05:08:39 -------- d-----w- c:\users\david\appdata\local\Akamai
2013-05-18 02:27:01 -------- d-----w- c:\users\david\appdata\roaming\Dell
2013-05-18 02:26:26 -------- d-----w- c:\programdata\PC-Doctor for Windows
2013-05-18 02:26:24 -------- d-----w- c:\programdata\PCDr
2013-05-18 02:22:58 -------- d-----w- c:\program files\Dell Support Center
2013-05-18 02:01:13 -------- d-----w- c:\users\david\appdata\roaming\PCDr
2013-05-18 02:01:08 -------- d-----w- C:\temp
2013-05-18 01:22:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-18 01:22:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-05-17 15:40:16 -------- d-----w- c:\program files\Free Window Registry Repair
2013-05-17 15:09:28 -------- d-----w- c:\users\david\appdata\roaming\AVG2013
2013-05-17 15:07:11 -------- d-----w- c:\users\david\appdata\local\AVG SafeGuard toolbar
2013-05-17 15:06:50 -------- d-----w- c:\users\david\appdata\roaming\TuneUp Software
2013-05-17 15:06:38 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-05-17 15:06:31 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-05-17 15:06:27 -------- d-----w- c:\program files\common files\AVG Secure Search
2013-05-17 15:06:26 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-05-17 15:04:44 -------- d--h--w- C:\$AVG
2013-05-17 15:04:43 -------- d-----w- c:\programdata\AVG2013
2013-05-17 15:02:42 -------- d-----w- c:\program files\AVG
2013-05-17 14:57:39 -------- d-----w- c:\users\david\appdata\local\MFAData
2013-05-17 14:57:39 -------- d-----w- c:\users\david\appdata\local\Avg2013
2013-05-15 10:21:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 10:01:00 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-05-15 10:01:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-15 10:01:00 149632 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-05-15 01:41:37 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 01:41:37 37376 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 01:41:30 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-05-14 02:22:56 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-14 02:22:55 64000 ----a-w- c:\windows\system32\smss.exe
2013-05-14 02:22:55 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-05-14 02:22:55 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-14 02:22:53 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-05-14 02:22:51 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-05-14 02:22:50 376320 ----a-w- c:\windows\system32\winsrv.dll
.
==================== Find3M  ====================
.
2013-05-15 03:46:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 03:46:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 09:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-04 22:11:34 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-04 21:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-29 09:53:48 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-03-21 10:08:24 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-03-01 17:32:20 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
============= FINISH: 17:54:55.08 ===============


#4 Phep

Phep
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 24 May 2013 - 10:22 PM

I don't have a Windows CD by the way



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:39 PM

Posted 29 May 2013 - 08:21 AM

Greetings David and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review the information you posted here, along with the information in your previous post I would like to ask you to please do this for me.

===================================================

Farbar Recovery Scan Tool (FRST) in Normal or Safe Mode

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Attach.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST log
  • Please redescribe your current symptoms

Edited by Oh My, 29 May 2013 - 08:24 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Phep

Phep
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 29 May 2013 - 09:31 AM

hi Gary,
 
My laptop is just painfully slow at everything. So I open task manager and I see that the CPU usage is very erratic. It will idle at maybe 12% but will suddenly shoot up randomly to 50+%. Just moving around te touchpad/external mouse will make the CPU usage shoot up to 50-100% depending on how vigorously I move it. 
 
Anyways, I've done the scan you requested. There was a popup from a site called consumerintelligenceusa.com trying to warn me to back up my pc. At the bottom of that box it wanted me to do a free online backup and had another site listed mypcbackup.com. I thought it was weird since I didn't have any problems with popups before.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-05-2013
Ran by David (administrator) on 29-05-2013 07:12:11
Running from C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU9J93XT
Windows Vista ™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Windows\system32\aestsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
(Creative Technology Ltd) C:\Windows\system32\CTsvcCDA.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Gianpaolo Bottin) C:\Program Files\WallpaperSS\WallpaperSS.exe
(Akamai Technologies, Inc.) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Akamai Technologies, Inc.) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google) C:\Users\David\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU9J93XT\FRST.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [159744 2007-09-24] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r [180224 2006-11-27] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2008-01-01] (IDT, Inc.)
HKLM\...\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" [189736 2007-11-01] (CyberLink Corp.)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [1838592 2008-03-17] (Google)
HKLM\...\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe [17920 2007-05-24] ( )
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3444736 2007-12-11] (Dell Inc.)
HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKCU\...\Run: [WallpaperSS] C:\Program Files\WallpaperSS\WallpaperSS.exe [454344 2010-11-16] (Gianpaolo Bottin)
HKCU\...\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent [1635752 2013-05-03] (Valve Corporation)
HKCU\...\Run: [Google Update] "C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-20] (Google Inc.)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\David\AppData\Local\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TopArcadeHits Games - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\David\AppData\Local\TopArcadeHits\Toparcadehits.dll ()
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\David\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (Google Talk Plugin) - C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\David\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\David\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (AVG SafeGuard toolbar) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0
 
========================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
R2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2008-03-17] (Creative Labs)
R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 2007-04-08] (Creative Technology Ltd)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2008-03-17] (Google)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-17] (AVG Secure Search)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2007-12-11] (Dell Inc.)
S3 msiserver; %systemroot%\system32\msiexec /V [x]
 
==================== Drivers (Whitelisted) ====================
 
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-05-17] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX32.sys [108536 2013-05-13] (Ray Hinchliffe)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [x]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 EraserUtilDrv11220; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-05-29 07:11 - 2013-05-29 07:11 - 00000000 ____D C:\FRST
2013-05-29 07:08 - 2013-05-29 07:08 - 01915774 ____A (Farbar) C:\Users\David\Desktop\FRST64.exe
2013-05-29 07:06 - 2013-05-29 07:06 - 01355491 ____A (Farbar) C:\Users\David\Desktop\FRST (1).exe
2013-05-29 07:00 - 2013-05-29 07:01 - 01355491 ____A (Farbar) C:\Users\David\Downloads\FRST.exe
2013-05-24 17:55 - 2013-05-24 17:56 - 00005554 ____A C:\Users\David\Desktop\attach.txt
2013-05-24 17:55 - 2013-05-24 17:54 - 00016318 ____A C:\Users\David\Desktop\dds.txt
2013-05-23 18:11 - 2013-05-23 18:11 - 00024064 ____A C:\Users\David\Downloads\WLTRYSVC.EXE
2013-05-23 17:48 - 2013-05-23 17:49 - 00000456 ____A C:\AdwCleaner[R1].txt
2013-05-22 08:39 - 2013-05-22 08:40 - 00026505 ____A C:\Users\David\Downloads\TDSSKiller.2.8.16.0_21.05.2013_22.54.11_log.zip
2013-05-20 09:13 - 2013-05-20 09:13 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-05-20 09:13 - 2013-05-20 09:13 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-05-19 17:49 - 2013-05-19 17:49 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\David\Downloads\JRT (1).exe
2013-05-19 17:41 - 2013-05-19 17:41 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\David\Downloads\JRT.exe
2013-05-19 17:35 - 2013-05-23 17:48 - 00000000 ____D C:\JRT
2013-05-19 17:35 - 2013-05-19 17:35 - 00000000 ____D C:\Windows\ERUNT
2013-05-19 16:32 - 2013-05-19 16:33 - 00688992 ____A (Swearware) C:\Users\David\Downloads\dds (1).com
2013-05-19 15:57 - 2013-05-19 16:30 - 00000000 ____D C:\Windows\pss
2013-05-19 15:14 - 2013-05-13 23:47 - 00108536 ____A (Ray Hinchliffe) C:\Windows\System32\Drivers\SIVX32.sys
2013-05-19 15:12 - 2013-05-19 15:13 - 04700670 ____A C:\Users\David\Downloads\siv.zip
2013-05-19 14:40 - 2013-05-19 14:40 - 00923401 ____A C:\Users\David\Downloads\WinDlg_124.zip
2013-05-19 14:18 - 2013-05-19 14:18 - 00000000 ____D C:\Program Files\Belarc
2013-05-19 14:17 - 2013-05-19 14:17 - 03425336 ____A C:\Users\David\Downloads\advisorinstaller.exe
2013-05-19 13:35 - 2013-05-28 10:10 - 00000000 ____D C:\Users\David\Desktop\Diagnostics and Maintenance
2013-05-19 13:33 - 2013-05-19 13:35 - 00027563 ____A C:\JavaRa.log
2013-05-19 13:11 - 2013-05-19 13:11 - 00160639 ____A C:\Users\David\Downloads\JavaRa-1.16-16-12-11.zip
2013-05-19 12:56 - 2013-05-19 12:56 - 00000000 ____D C:\ProgramData\Sun
2013-05-19 12:55 - 2013-05-19 12:55 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-05-19 12:55 - 2013-05-19 12:54 - 00866720 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-05-19 12:55 - 2013-05-19 12:54 - 00788896 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-05-19 12:55 - 2013-05-19 12:54 - 00263584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-19 12:55 - 2013-05-19 12:54 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-19 12:55 - 2013-05-19 12:54 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-19 12:51 - 2013-05-19 12:51 - 00903072 ____A (Oracle Corporation) C:\Users\David\Downloads\chromeinstall-7u21.exe
2013-05-19 12:49 - 2013-05-19 12:49 - 00000000 ____D C:\Users\David\AppData\Roaming\Foxit Software
2013-05-19 12:49 - 2013-05-19 12:49 - 00000000 ____D C:\Program Files\Foxit Software
2013-05-19 12:43 - 2013-05-19 12:44 - 29679000 ____A (Foxit Corporation                                           ) C:\Users\David\Downloads\FoxitReader602.0413_enu_Setup.exe
2013-05-19 12:42 - 2013-05-19 12:42 - 00774080 ____A C:\Users\David\Downloads\CodecPack.exe
2013-05-19 12:39 - 2013-05-19 12:39 - 02140424 ____A (Solid State Networks) C:\Users\David\Downloads\install_reader10_en_mssa_aih.exe
2013-05-18 14:39 - 2013-05-18 14:39 - 00000000 ____D C:\Program Files\ESET
2013-05-18 14:37 - 2013-05-18 14:38 - 02347384 ____A (ESET) C:\Users\David\Downloads\esetsmartinstaller_enu.exe
2013-05-18 14:23 - 2013-05-18 14:24 - 00006651 ____A C:\AdwCleaner[S1].txt
2013-05-18 14:23 - 2013-05-18 14:24 - 00000115 ____A C:\Windows\DeleteOnReboot.bat
2013-05-18 14:22 - 2013-05-18 14:22 - 00448512 ____A (OldTimer Tools) C:\Users\David\Downloads\TFC (1).exe
2013-05-18 14:20 - 2013-05-18 14:20 - 00632031 ____A C:\Users\David\Downloads\adwcleaner.exe
2013-05-18 14:13 - 2013-05-18 14:13 - 00448512 ____A (OldTimer Tools) C:\Users\David\Downloads\TFC.exe
2013-05-18 13:41 - 2013-05-18 13:41 - 01761408 ____A (Bleeping Computer, LLC) C:\Users\David\Downloads\rkill.exe
2013-05-18 13:34 - 2013-05-18 13:34 - 12917756 ____A C:\Users\David\Downloads\mbar-1.05.0.1001.zip
2013-05-18 13:04 - 2013-05-18 13:17 - 00025085 ____A C:\Users\David\Downloads\Result.txt
2013-05-18 13:02 - 2013-05-23 17:50 - 00001190 ____A C:\Users\David\Downloads\FSS.txt
2013-05-18 13:02 - 2013-05-18 13:02 - 00760723 ____A (Farbar) C:\Users\David\Downloads\MiniToolBox.exe
2013-05-18 13:00 - 2013-05-18 13:00 - 00354299 ____A (Farbar) C:\Users\David\Downloads\FSS.exe
2013-05-18 12:50 - 2013-05-18 12:50 - 00890825 ____A C:\Users\David\Downloads\SecurityCheck.exe
2013-05-18 10:39 - 2013-05-18 10:39 - 00000000 ___SD C:\ComboFix
2013-05-18 10:38 - 2013-05-18 10:39 - 00000000 ____D C:\Qoobox
2013-05-18 10:38 - 2013-05-18 10:38 - 00000000 ____D C:\Windows\erdnt
2013-05-18 09:09 - 2013-05-18 10:37 - 05067228 ___RA (Swearware) C:\Users\David\Downloads\ComboFix.exe
2013-05-18 08:57 - 2013-05-18 08:57 - 00377856 ____A C:\Users\David\Downloads\shck0ju3.exe
2013-05-18 08:55 - 2013-05-29 04:57 - 00000264 ____A C:\Windows\Tasks\TopArcadeHits.job
2013-05-18 08:55 - 2013-05-18 08:55 - 00000000 ____D C:\Users\David\AppData\Local\TopArcadeHits
2013-05-18 08:47 - 2013-05-18 08:48 - 00584600 ____A C:\Users\David\Downloads\cbsidlm-tr1_13-GMER-SEO-10720107.exe
2013-05-18 08:38 - 2013-05-18 08:43 - 00000294 ____A C:\Users\David\Downloads\mbr.log
2013-05-18 08:37 - 2013-05-18 08:37 - 00089088 ____A C:\Users\David\Downloads\mbr.exe
2013-05-18 08:02 - 2012-10-15 13:23 - 00072154 ____A C:\Users\David\Documents\procexp.chm
2013-05-18 08:02 - 2006-07-28 08:32 - 00007005 ____A C:\Users\David\Documents\Eula.txt
2013-05-18 08:01 - 2013-05-18 08:01 - 01160893 ____A C:\Users\David\Downloads\ProcessExplorer.zip
2013-05-18 01:06 - 2013-05-18 01:06 - 00000000 _RASH C:\MSDOS.SYS
2013-05-18 01:06 - 2013-05-18 01:06 - 00000000 _RASH C:\IO.SYS
2013-05-18 00:53 - 2013-05-19 13:02 - 00019850 ____A C:\Windows\PFRO.log
2013-05-17 23:42 - 2006-09-18 14:41 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.20130517-234248.backup
2013-05-17 23:27 - 2013-05-17 23:27 - 00004088 ____A C:\Windows\wininit.ini
2013-05-17 22:45 - 2013-05-17 22:45 - 03922767 ____A C:\Users\David\R165804.exe
2013-05-17 22:44 - 2013-05-17 22:44 - 08979784 ____A C:\Users\David\R169813.EXE
2013-05-17 22:44 - 2013-05-17 22:44 - 04841464 ____A C:\Users\David\R147130.EXE
2013-05-17 22:44 - 2013-05-17 22:44 - 04147758 ____A C:\Users\David\R148605.exe
2013-05-17 22:44 - 2013-05-17 22:44 - 01874280 ____A C:\Users\David\R167368.exe
2013-05-17 22:43 - 2013-05-17 22:44 - 24610976 ____A C:\Users\David\DELL_MULTI-DEVICE_A06_R212089.EXE
2013-05-17 22:43 - 2013-05-17 22:43 - 03892272 ____A C:\Users\David\CW1337A0.exe
2013-05-17 22:43 - 2013-05-17 22:43 - 01112008 ____A C:\Users\David\1420_A10.EXE
2013-05-17 22:43 - 2013-05-17 22:43 - 00595672 ____A C:\Users\David\R141246.EXE
2013-05-17 22:08 - 2013-05-17 22:09 - 00000000 ____D C:\Users\David\AppData\Local\Akamai
2013-05-17 22:00 - 2013-05-17 22:01 - 10026712 ____A (Akamai Technologies, Inc.) C:\Users\David\Downloads\Dell_Download_Manager_Setup.exe
2013-05-17 19:28 - 2013-05-18 12:28 - 00000034 ____A C:\Windows\setupact.log
2013-05-17 19:28 - 2013-05-17 19:28 - 00000000 ____A C:\Windows\setuperr.log
2013-05-17 19:27 - 2013-05-17 19:27 - 00000000 ____D C:\Users\David\AppData\Roaming\Dell
2013-05-17 19:26 - 2013-05-17 19:26 - 00000000 ____D C:\ProgramData\PCDr
2013-05-17 19:22 - 2013-05-17 20:00 - 00000000 ____D C:\Program Files\Dell Support Center
2013-05-17 19:01 - 2013-05-17 19:01 - 00000000 ____D C:\Users\David\AppData\Roaming\PCDr
2013-05-17 18:55 - 2013-05-17 18:55 - 00038984 ____A (Dell Computer Corporation) C:\Users\David\Downloads\DellPCDiagnostics.exe
2013-05-17 18:22 - 2013-05-17 21:42 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-05-17 18:22 - 2013-05-17 18:22 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-05-17 14:55 - 2013-05-17 14:56 - 16409960 ____A (Safer Networking Limited                                    ) C:\Users\David\Downloads\spybotsd162.exe
2013-05-17 13:20 - 2013-05-17 13:20 - 00050366 ____A C:\Users\David\Documents\cc_20130517_131957.reg
2013-05-17 13:07 - 2013-05-17 13:08 - 04346816 ____A (Piriform Ltd) C:\Users\David\Downloads\ccsetup401.exe
2013-05-17 08:40 - 2013-05-17 14:47 - 00000000 ____D C:\Program Files\Free Window Registry Repair
2013-05-17 08:38 - 2013-05-17 08:39 - 00799416 ____A C:\Users\David\Downloads\RegpairSetup.exe
2013-05-17 08:26 - 2013-05-17 08:26 - 00584600 ____A C:\Users\David\Downloads\cbsidlm-tr1_13-Free_Window_Registry_Repair-SEO-10606555.exe
2013-05-17 08:09 - 2013-05-17 08:09 - 00000000 ____D C:\Users\David\AppData\Roaming\AVG2013
2013-05-17 08:07 - 2013-05-17 08:07 - 00000000 ____D C:\Users\David\AppData\Local\AVG SafeGuard toolbar
2013-05-17 08:06 - 2013-05-18 14:23 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-05-17 08:06 - 2013-05-17 08:06 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-05-17 08:06 - 2013-05-17 08:06 - 00000000 ____D C:\Users\David\AppData\Roaming\TuneUp Software
2013-05-17 08:06 - 2013-05-17 08:06 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-05-17 08:06 - 2013-05-17 08:06 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-05-17 08:04 - 2013-05-17 08:08 - 00000000 ____D C:\ProgramData\AVG2013
2013-05-17 08:04 - 2013-05-17 08:04 - 00000000 ___HD C:\$AVG
2013-05-17 08:02 - 2013-05-17 08:02 - 00000000 ____D C:\Program Files\AVG
2013-05-17 07:57 - 2013-05-17 08:19 - 00000000 ____D C:\Users\David\AppData\Local\Avg2013
2013-05-17 07:57 - 2013-05-17 07:57 - 00000000 ____D C:\Users\David\AppData\Local\MFAData
2013-05-17 07:55 - 2013-05-17 07:56 - 04459360 ____A (AVG Technologies) C:\Users\David\Downloads\avg_free_stb_all_2013_3336_cnet.exe
2013-05-15 22:57 - 2013-05-15 22:57 - 00427520 ____A C:\Users\David\Downloads\org_17b.ppt
2013-05-15 03:21 - 2013-05-05 12:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 03:21 - 2013-05-05 12:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 03:01 - 2013-04-04 14:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-15 03:01 - 2013-04-04 14:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-15 03:00 - 2013-04-04 15:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 03:00 - 2013-04-04 15:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 03:00 - 2013-04-04 15:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-15 03:00 - 2013-04-04 15:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 03:00 - 2013-04-04 15:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 03:00 - 2013-04-04 15:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-15 03:00 - 2013-04-04 14:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 03:00 - 2013-04-04 14:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 03:00 - 2013-04-04 14:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-15 03:00 - 2013-04-04 14:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 03:00 - 2013-04-04 14:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 03:00 - 2013-04-04 14:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-14 18:41 - 2013-04-15 07:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-14 18:41 - 2013-04-13 03:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 18:41 - 2013-04-08 18:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-13 19:22 - 2013-03-11 06:25 - 03603816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-05-13 19:22 - 2013-03-11 06:25 - 03551080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-13 19:22 - 2013-03-08 20:45 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-05-13 19:22 - 2013-03-08 18:28 - 00064000 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-05-13 19:22 - 2013-03-07 20:53 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-05-13 19:22 - 2013-03-07 20:52 - 02067968 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-05-13 19:22 - 2013-03-03 12:07 - 01082232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
 
==================== One Month Modified Files and Folders ========
 
2013-05-29 07:11 - 2013-05-29 07:11 - 00000000 ____D C:\FRST
2013-05-29 07:08 - 2013-05-29 07:08 - 01915774 ____A (Farbar) C:\Users\David\Desktop\FRST64.exe
2013-05-29 07:06 - 2013-05-29 07:06 - 01355491 ____A (Farbar) C:\Users\David\Desktop\FRST (1).exe
2013-05-29 07:01 - 2013-05-29 07:00 - 01355491 ____A (Farbar) C:\Users\David\Downloads\FRST.exe
2013-05-29 07:00 - 2012-04-10 18:51 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-930294435-509476459-220745738-1000UA.job
2013-05-29 06:59 - 2012-02-07 14:17 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-29 06:45 - 2012-08-18 21:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-29 05:44 - 2006-11-02 05:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-29 05:44 - 2006-11-02 05:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-29 04:57 - 2013-05-18 08:55 - 00000264 ____A C:\Windows\Tasks\TopArcadeHits.job
2013-05-29 02:07 - 2008-03-17 05:04 - 01630720 ____A C:\Windows\WindowsUpdate.log
2013-05-29 02:00 - 2012-04-10 18:51 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-930294435-509476459-220745738-1000Core.job
2013-05-29 01:59 - 2012-02-07 14:17 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-28 23:09 - 2012-08-25 09:04 - 00000000 ____D C:\Program Files\Steam
2013-05-28 18:01 - 2012-02-08 02:39 - 00000000 ____D C:\ProgramData\MFAData
2013-05-28 10:10 - 2013-05-19 13:35 - 00000000 ____D C:\Users\David\Desktop\Diagnostics and Maintenance
2013-05-28 03:51 - 2006-11-02 03:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-28 03:44 - 2006-11-02 06:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-24 17:56 - 2013-05-24 17:55 - 00005554 ____A C:\Users\David\Desktop\attach.txt
2013-05-24 17:54 - 2013-05-24 17:55 - 00016318 ____A C:\Users\David\Desktop\dds.txt
2013-05-23 18:11 - 2013-05-23 18:11 - 00024064 ____A C:\Users\David\Downloads\WLTRYSVC.EXE
2013-05-23 17:50 - 2013-05-18 13:02 - 00001190 ____A C:\Users\David\Downloads\FSS.txt
2013-05-23 17:49 - 2013-05-23 17:48 - 00000456 ____A C:\AdwCleaner[R1].txt
2013-05-23 17:48 - 2013-05-19 17:35 - 00000000 ____D C:\JRT
2013-05-22 08:40 - 2013-05-22 08:39 - 00026505 ____A C:\Users\David\Downloads\TDSSKiller.2.8.16.0_21.05.2013_22.54.11_log.zip
2013-05-20 09:13 - 2013-05-20 09:13 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-05-20 09:13 - 2013-05-20 09:13 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-05-19 17:49 - 2013-05-19 17:49 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\David\Downloads\JRT (1).exe
2013-05-19 17:41 - 2013-05-19 17:41 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\David\Downloads\JRT.exe
2013-05-19 17:35 - 2013-05-19 17:35 - 00000000 ____D C:\Windows\ERUNT
2013-05-19 16:33 - 2013-05-19 16:32 - 00688992 ____A (Swearware) C:\Users\David\Downloads\dds (1).com
2013-05-19 16:30 - 2013-05-19 15:57 - 00000000 ____D C:\Windows\pss
2013-05-19 15:59 - 2006-11-02 06:01 - 00032606 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-19 15:58 - 2008-03-17 05:04 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-05-19 15:13 - 2013-05-19 15:12 - 04700670 ____A C:\Users\David\Downloads\siv.zip
2013-05-19 14:40 - 2013-05-19 14:40 - 00923401 ____A C:\Users\David\Downloads\WinDlg_124.zip
2013-05-19 14:18 - 2013-05-19 14:18 - 00000000 ____D C:\Program Files\Belarc
2013-05-19 14:17 - 2013-05-19 14:17 - 03425336 ____A C:\Users\David\Downloads\advisorinstaller.exe
2013-05-19 13:35 - 2013-05-19 13:33 - 00027563 ____A C:\JavaRa.log
2013-05-19 13:33 - 2008-03-17 05:12 - 00000000 ____D C:\Program Files\Java
2013-05-19 13:11 - 2013-05-19 13:11 - 00160639 ____A C:\Users\David\Downloads\JavaRa-1.16-16-12-11.zip
2013-05-19 13:02 - 2013-05-18 00:53 - 00019850 ____A C:\Windows\PFRO.log
2013-05-19 12:56 - 2013-05-19 12:56 - 00000000 ____D C:\ProgramData\Sun
2013-05-19 12:56 - 2008-03-17 05:12 - 00000000 ____D C:\Program Files\Common Files\Java
2013-05-19 12:55 - 2013-05-19 12:55 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-05-19 12:54 - 2013-05-19 12:55 - 00866720 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-05-19 12:54 - 2013-05-19 12:55 - 00788896 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-05-19 12:54 - 2013-05-19 12:55 - 00263584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-19 12:54 - 2013-05-19 12:55 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-19 12:54 - 2013-05-19 12:55 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-19 12:51 - 2013-05-19 12:51 - 00903072 ____A (Oracle Corporation) C:\Users\David\Downloads\chromeinstall-7u21.exe
2013-05-19 12:49 - 2013-05-19 12:49 - 00000000 ____D C:\Users\David\AppData\Roaming\Foxit Software
2013-05-19 12:49 - 2013-05-19 12:49 - 00000000 ____D C:\Program Files\Foxit Software
2013-05-19 12:44 - 2013-05-19 12:43 - 29679000 ____A (Foxit Corporation                                           ) C:\Users\David\Downloads\FoxitReader602.0413_enu_Setup.exe
2013-05-19 12:42 - 2013-05-19 12:42 - 00774080 ____A C:\Users\David\Downloads\CodecPack.exe
2013-05-19 12:42 - 2008-03-17 05:22 - 00000000 ____D C:\ProgramData\Adobe
2013-05-19 12:39 - 2013-05-19 12:39 - 02140424 ____A (Solid State Networks) C:\Users\David\Downloads\install_reader10_en_mssa_aih.exe
2013-05-18 14:39 - 2013-05-18 14:39 - 00000000 ____D C:\Program Files\ESET
2013-05-18 14:38 - 2013-05-18 14:37 - 02347384 ____A (ESET) C:\Users\David\Downloads\esetsmartinstaller_enu.exe
2013-05-18 14:24 - 2013-05-18 14:23 - 00006651 ____A C:\AdwCleaner[S1].txt
2013-05-18 14:24 - 2013-05-18 14:23 - 00000115 ____A C:\Windows\DeleteOnReboot.bat
2013-05-18 14:23 - 2013-05-17 08:06 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-05-18 14:22 - 2013-05-18 14:22 - 00448512 ____A (OldTimer Tools) C:\Users\David\Downloads\TFC (1).exe
2013-05-18 14:20 - 2013-05-18 14:20 - 00632031 ____A C:\Users\David\Downloads\adwcleaner.exe
2013-05-18 14:13 - 2013-05-18 14:13 - 00448512 ____A (OldTimer Tools) C:\Users\David\Downloads\TFC.exe
2013-05-18 13:41 - 2013-05-18 13:41 - 01761408 ____A (Bleeping Computer, LLC) C:\Users\David\Downloads\rkill.exe
2013-05-18 13:34 - 2013-05-18 13:34 - 12917756 ____A C:\Users\David\Downloads\mbar-1.05.0.1001.zip
2013-05-18 13:17 - 2013-05-18 13:04 - 00025085 ____A C:\Users\David\Downloads\Result.txt
2013-05-18 13:02 - 2013-05-18 13:02 - 00760723 ____A (Farbar) C:\Users\David\Downloads\MiniToolBox.exe
2013-05-18 13:00 - 2013-05-18 13:00 - 00354299 ____A (Farbar) C:\Users\David\Downloads\FSS.exe
2013-05-18 12:50 - 2013-05-18 12:50 - 00890825 ____A C:\Users\David\Downloads\SecurityCheck.exe
2013-05-18 12:28 - 2013-05-17 19:28 - 00000034 ____A C:\Windows\setupact.log
2013-05-18 10:39 - 2013-05-18 10:39 - 00000000 ___SD C:\ComboFix
2013-05-18 10:39 - 2013-05-18 10:38 - 00000000 ____D C:\Qoobox
2013-05-18 10:38 - 2013-05-18 10:38 - 00000000 ____D C:\Windows\erdnt
2013-05-18 10:37 - 2013-05-18 09:09 - 05067228 ___RA (Swearware) C:\Users\David\Downloads\ComboFix.exe
2013-05-18 08:57 - 2013-05-18 08:57 - 00377856 ____A C:\Users\David\Downloads\shck0ju3.exe
2013-05-18 08:55 - 2013-05-18 08:55 - 00000000 ____D C:\Users\David\AppData\Local\TopArcadeHits
2013-05-18 08:48 - 2013-05-18 08:47 - 00584600 ____A C:\Users\David\Downloads\cbsidlm-tr1_13-GMER-SEO-10720107.exe
2013-05-18 08:43 - 2013-05-18 08:38 - 00000294 ____A C:\Users\David\Downloads\mbr.log
2013-05-18 08:37 - 2013-05-18 08:37 - 00089088 ____A C:\Users\David\Downloads\mbr.exe
2013-05-18 08:09 - 2012-02-08 02:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-18 08:01 - 2013-05-18 08:01 - 01160893 ____A C:\Users\David\Downloads\ProcessExplorer.zip
2013-05-18 01:06 - 2013-05-18 01:06 - 00000000 _RASH C:\MSDOS.SYS
2013-05-18 01:06 - 2013-05-18 01:06 - 00000000 _RASH C:\IO.SYS
2013-05-17 23:27 - 2013-05-17 23:27 - 00004088 ____A C:\Windows\wininit.ini
2013-05-17 22:45 - 2013-05-17 22:45 - 03922767 ____A C:\Users\David\R165804.exe
2013-05-17 22:45 - 2012-02-07 07:24 - 00000000 ____D C:\users\David
2013-05-17 22:44 - 2013-05-17 22:44 - 08979784 ____A C:\Users\David\R169813.EXE
2013-05-17 22:44 - 2013-05-17 22:44 - 04841464 ____A C:\Users\David\R147130.EXE
2013-05-17 22:44 - 2013-05-17 22:44 - 04147758 ____A C:\Users\David\R148605.exe
2013-05-17 22:44 - 2013-05-17 22:44 - 01874280 ____A C:\Users\David\R167368.exe
2013-05-17 22:44 - 2013-05-17 22:43 - 24610976 ____A C:\Users\David\DELL_MULTI-DEVICE_A06_R212089.EXE
2013-05-17 22:43 - 2013-05-17 22:43 - 03892272 ____A C:\Users\David\CW1337A0.exe
2013-05-17 22:43 - 2013-05-17 22:43 - 01112008 ____A C:\Users\David\1420_A10.EXE
2013-05-17 22:43 - 2013-05-17 22:43 - 00595672 ____A C:\Users\David\R141246.EXE
2013-05-17 22:09 - 2013-05-17 22:08 - 00000000 ____D C:\Users\David\AppData\Local\Akamai
2013-05-17 22:01 - 2013-05-17 22:00 - 10026712 ____A (Akamai Technologies, Inc.) C:\Users\David\Downloads\Dell_Download_Manager_Setup.exe
2013-05-17 21:42 - 2013-05-17 18:22 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-05-17 20:03 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\System32\LogFiles
2013-05-17 20:00 - 2013-05-17 19:22 - 00000000 ____D C:\Program Files\Dell Support Center
2013-05-17 19:28 - 2013-05-17 19:28 - 00000000 ____A C:\Windows\setuperr.log
2013-05-17 19:27 - 2013-05-17 19:27 - 00000000 ____D C:\Users\David\AppData\Roaming\Dell
2013-05-17 19:26 - 2013-05-17 19:26 - 00000000 ____D C:\ProgramData\PCDr
2013-05-17 19:26 - 2012-02-07 07:27 - 00029696 ____A C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-17 19:01 - 2013-05-17 19:01 - 00000000 ____D C:\Users\David\AppData\Roaming\PCDr
2013-05-17 18:55 - 2013-05-17 18:55 - 00038984 ____A (Dell Computer Corporation) C:\Users\David\Downloads\DellPCDiagnostics.exe
2013-05-17 18:22 - 2013-05-17 18:22 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-05-17 14:56 - 2013-05-17 14:55 - 16409960 ____A (Safer Networking Limited                                    ) C:\Users\David\Downloads\spybotsd162.exe
2013-05-17 14:49 - 2012-12-15 17:38 - 00000000 ____D C:\Program Files\Common Files\PC Tools
2013-05-17 14:47 - 2013-05-17 08:40 - 00000000 ____D C:\Program Files\Free Window Registry Repair
2013-05-17 13:20 - 2013-05-17 13:20 - 00050366 ____A C:\Users\David\Documents\cc_20130517_131957.reg
2013-05-17 13:18 - 2006-11-10 06:22 - 00000000 ____D C:\Windows\Panther
2013-05-17 13:17 - 2012-02-20 12:27 - 00000462 ____A C:\Users\David\AppData\Roaming\wklnhst.dat
2013-05-17 13:08 - 2013-05-17 13:07 - 04346816 ____A (Piriform Ltd) C:\Users\David\Downloads\ccsetup401.exe
2013-05-17 08:39 - 2013-05-17 08:38 - 00799416 ____A C:\Users\David\Downloads\RegpairSetup.exe
2013-05-17 08:31 - 2012-03-01 11:14 - 00000000 ____D C:\Users\David\AppData\Roaming\Mozilla
2013-05-17 08:26 - 2013-05-17 08:26 - 00584600 ____A C:\Users\David\Downloads\cbsidlm-tr1_13-Free_Window_Registry_Repair-SEO-10606555.exe
2013-05-17 08:26 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Resources
2013-05-17 08:19 - 2013-05-17 07:57 - 00000000 ____D C:\Users\David\AppData\Local\Avg2013
2013-05-17 08:09 - 2013-05-17 08:09 - 00000000 ____D C:\Users\David\AppData\Roaming\AVG2013
2013-05-17 08:08 - 2013-05-17 08:04 - 00000000 ____D C:\ProgramData\AVG2013
2013-05-17 08:07 - 2013-05-17 08:07 - 00000000 ____D C:\Users\David\AppData\Local\AVG SafeGuard toolbar
2013-05-17 08:06 - 2013-05-17 08:06 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-05-17 08:06 - 2013-05-17 08:06 - 00000000 ____D C:\Users\David\AppData\Roaming\TuneUp Software
2013-05-17 08:06 - 2013-05-17 08:06 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-05-17 08:06 - 2013-05-17 08:06 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-05-17 08:04 - 2013-05-17 08:04 - 00000000 ___HD C:\$AVG
2013-05-17 08:04 - 2006-11-02 05:37 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-05-17 08:02 - 2013-05-17 08:02 - 00000000 ____D C:\Program Files\AVG
2013-05-17 07:57 - 2013-05-17 07:57 - 00000000 ____D C:\Users\David\AppData\Local\MFAData
2013-05-17 07:56 - 2013-05-17 07:55 - 04459360 ____A (AVG Technologies) C:\Users\David\Downloads\avg_free_stb_all_2013_3336_cnet.exe
2013-05-16 23:12 - 2012-12-16 22:25 - 00000408 ____A C:\Windows\System32\AppLog.log
2013-05-15 22:57 - 2013-05-15 22:57 - 00427520 ____A C:\Users\David\Downloads\org_17b.ppt
2013-05-15 03:53 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-15 03:41 - 2006-11-02 05:47 - 00280720 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 03:03 - 2006-11-02 03:24 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-05-14 20:46 - 2012-08-18 21:40 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-14 20:46 - 2012-08-18 21:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-14 03:39 - 2012-08-25 09:04 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-05-13 23:47 - 2013-05-19 15:14 - 00108536 ____A (Ray Hinchliffe) C:\Windows\System32\Drivers\SIVX32.sys
2013-05-05 12:25 - 2013-05-15 03:21 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 12:12 - 2013-05-15 03:21 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-02 02:06 - 2012-02-07 15:02 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
 
Other Malware:
===========
C:\Users\David\1420_A10.EXE
C:\Users\David\CW1337A0.exe
C:\Users\David\DELL_MULTI-DEVICE_A06_R212089.EXE
C:\Users\David\R141246.EXE
C:\Users\David\R147130.EXE
C:\Users\David\R148605.exe
C:\Users\David\R165804.exe
C:\Users\David\R167368.exe
C:\Users\David\R169813.EXE
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
Last Boot: 2013-05-29 03:55
 
==================== End Of Log ============================






Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-05-2013
Ran by David at 2013-05-29 07:14:55 Run:
Running from C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU9J93XT
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Akamai NetSession Interface
AVG 2013 (Version: 13.0.3184)
AVG 2013 (Version: 13.0.3343)
AVG 2013 (Version: 2013.0.3343)
Belarc Advisor 8.3 (Version: 8.3.2.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Broadcom Management Programs (Version: 10.15.01)
Browser Address Error Redirector (Version: 1.00.0000)
Cisco EAP-FAST Module (Version: 2.0.26)
Cisco LEAP Module (Version: 1.0.11)
Cisco PEAP Module (Version: 1.0.12)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HDA D330 MDC V.92 Modem
Coupon Printer for Windows (Version: 5.0.0.0)
Creative MediaSource 5 (Version: 5.00)
Dell DataSafe Online (Version: 1.0.21)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Version: 3.2.6032.125)
Dell Touchpad (Version: 7.1.102.7)
Dell Wireless WLAN Card (Version: 4.170.25.12)
Digital Line Detect (Version: 1.21)
EarthLink Setup Files (Version: 2005.2.178.0.2.2)
ESET Online Scanner v3
Foxit Reader (Version: 6.0.2.413)
Google Chrome (Version: 27.0.1453.94)
Google Desktop (Version: -)
Google Talk Plugin (Version: 3.19.1.13088)
Google Update Helper (Version: 1.3.21.145)
HP Deskjet 1050 J410 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1050 J410 series Help (Version: 140.0.66.66)
HP Deskjet 1050 J410 series Product Improvement Study (Version: 22.50.231.0)
HP Photo Creations (Version: 1.0.0.3781)
HP Update (Version: 5.002.006.003)
Java 7 Update 21 (Version: 7.0.210)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MediaDirect (Version: 3.5)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Modem Diagnostic Tool (Version: 1.0.20.0)
Music, Photos & Videos Launcher (Version: 1.00.0000)
NetWaiting (Version: 2.5.44)
OutlookAddinSetup (Version: 1.0.0)
Product Documentation Launcher (Version: 1.00.0000)
QuickSet (Version: 8.2.14)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Sound Blaster Audigy ADVANCED MB (Version: 1.0)
Spybot - Search & Destroy (Version: 1.6.2)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
TopArcadeHits
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Updater By SweetPacks 2.0.0.566 (Version: 2.0.0.566)
User's Guides
VLC media player 2.0.2 (Version: 2.0.2)
Wallpaper SlideShow LT 1.4.5
WIDCOMM Bluetooth Software 6.0.1.3100 (Version: 6.0.1.3100)
WinRAR 4.10 (32-bit) (Version: 4.10.0)

==================== Restore Points =========================

21-05-2013 15:57:23 Scheduled Checkpoint
22-05-2013 22:27:26 Scheduled Checkpoint
23-05-2013 07:19:44 Windows Update
24-05-2013 07:00:05 Scheduled Checkpoint
25-05-2013 08:56:43 Scheduled Checkpoint
25-05-2013 22:00:00 Scheduled Checkpoint
26-05-2013 20:50:10 Scheduled Checkpoint
28-05-2013 07:08:31 Windows Update
28-05-2013 21:35:58 Scheduled Checkpoint

==================== Hosts content: ==========================

::1 localhost

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 1000 more lines starting with "127.0.0.1"


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2013 10:01:43 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (05/28/2013 00:28:20 AM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (05/28/2013 00:28:19 AM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (05/28/2013 00:12:12 AM) (Source: Application Hang) (User: )
Description: The program Steam.exe version 1.74.87.19 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: dac
Start Time: 01ce5b71b42f2359
Termination Time: 733

Error: (05/26/2013 01:52:58 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (05/26/2013 01:52:56 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (05/26/2013 01:52:56 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (05/25/2013 10:20:16 AM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (05/25/2013 10:20:14 AM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (05/25/2013 10:20:14 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4


System errors:
=============
Error: (05/28/2013 03:46:04 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (05/28/2013 03:45:59 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (05/28/2013 03:45:28 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (05/28/2013 03:45:25 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (05/28/2013 03:45:18 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (05/28/2013 03:45:17 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (05/28/2013 03:45:13 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (05/28/2013 03:45:06 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (05/28/2013 03:44:51 AM) (Source: Service Control Manager) (User: )
Description: SigmaTel Audio Service%%1053

Error: (05/28/2013 03:44:51 AM) (Source: Service Control Manager) (User: )
Description: 30000SigmaTel Audio Service


Microsoft Office Sessions:
=========================
Error: (05/28/2013 10:01:43 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (05/28/2013 00:28:20 AM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (05/28/2013 00:28:19 AM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (05/28/2013 00:12:12 AM) (Source: Application Hang)(User: )
Description: Steam.exe1.74.87.19dac01ce5b71b42f2359733

Error: (05/26/2013 01:52:58 PM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (05/26/2013 01:52:56 PM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (05/26/2013 01:52:56 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (05/25/2013 10:20:16 AM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (05/25/2013 10:20:14 AM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (05/25/2013 10:20:14 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\system32\bitsperf.dll4


CodeIntegrity Errors:
===================================
Date: 2013-05-29 07:13:10.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-29 07:13:10.315
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-29 07:13:09.748
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-29 07:13:09.120
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-29 07:13:08.413
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-29 07:13:07.850
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-29 07:13:07.237
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-29 07:13:06.635
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-20 09:12:56.992
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-20 09:12:56.387
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 67%
Total physical RAM: 2037.31 MB
Available physical RAM: 657.59 MB
Total Pagefile: 4317.9 MB
Available Pagefile: 2081.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.27 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:220.31 GB) (Free:163 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows Vista) (Size: 233 GB) (Disk ID: 18000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=220 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=OF Extended)

==================== End Of Log ============================

Edited by Phep, 29 May 2013 - 09:32 AM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:39 PM

Posted 29 May 2013 - 10:38 AM

Hi David,

It seems like Broni has spent a bit of time looking at the state of your computer and believes you are not infected. We will take a peek at it some more but you may have non-malware related issues better dealt with in another BleepingComputer forum. Time will tell.

Can you tell me if you previously installed ReadyBoost? I also see where you ran TDSSKiller. Please provide the log as instructed below.

Please do the following for me.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

TopArcadeHits


===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Vista/7 users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • When the Status box shows Scan Finished click Delete
  • Click Report
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Posting Previous TDSSKiller log

--------------------
  • Using Windows Explorer navigate to the root directory (normally c:\)
  • Locate the TDSSKiller log which will be named similar to:

TDSSKiller_version_date_time_log.txt

  • Copy and paste the contents of that document in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ReadyBoost
  • Did TopArcadeHits uninstall correctly?
  • RogueKiller log
  • TDSSKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Phep

Phep
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 29 May 2013 - 12:19 PM

ReadyBoost doesn't ring a bell.

 

i was able to uninstall toparcadehits.

 

I couldn't find the TDSSkiller log I could only find te zip file. Should I run it again?

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : David [Admin rights]
Mode : Remove -- Date : 05/29/2013 10:10:18
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\RunOnce : TopArcadeHits138 (cmd.exe /c rmdir "C:\Users\David\AppData\Local\TopArcadeHits" /s /q) [x] -> DELETED
[RUN][SUSP PATH] HKCU\[...]\RunOnce : TopArcadeHits120 (cmd.exe /c rmdir "C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\" /s /q) [x] -> DELETED
[RUN][SUSP PATH] HKCU\[...]\RunOnce : TopArcadeHits449 (cmd.exe /c rmdir "C:\Users\David\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}" /s /q) [x] -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1       localhost
::1             localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: WDC WD2500BEVS-75UST0 +++++
--- User ---
[MBR] 728eac2101eeec5a6696d507fb5bd551
[BSP] 162060bb474056eae6dde76395768ebf : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 161792 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21133312 | Size: 225595 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 483151872 | Size: 2560 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[2]_D_05292013_02d1010.txt >>
RKreport[1]_S_05292013_02d1006.txt ; RKreport[2]_D_05292013_02d1010.txt


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:39 PM

Posted 29 May 2013 - 12:33 PM

HI David,

OK, there is reference to an error that seems to be associated with ReadyBoost but we will put that on the back burner for now. That program can eat up system resources.

Let's look at some numbers. Please do this.

===================================================

Identifying Task Manager Running Processes

--------------------
  • Right click on the Taskbar and select Start Task Manager
  • Select the Processes tab
  • Identify and list in your reply the top 5 processes using the most amount of Memory under the Memory column
  • Identify and list in your reply the top 5 processes using the most amount of CPU under the CPU column
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Memory and CPU usage

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Phep

Phep
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 29 May 2013 - 12:36 PM

Nevermind I found it.

 

22:54:11.0668 0652  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:54:12.0093 0652  ============================================================
22:54:12.0093 0652  Current date / time: 2013/05/21 22:54:12.0093
22:54:12.0093 0652  SystemInfo:
22:54:12.0094 0652  
22:54:12.0094 0652  OS Version: 6.1.7601 ServicePack: 1.0
22:54:12.0094 0652  Product type: Workstation
22:54:12.0094 0652  ComputerName: BELEW-PC
22:54:12.0094 0652  UserName: Belew
22:54:12.0094 0652  Windows directory: C:\Windows
22:54:12.0094 0652  System windows directory: C:\Windows
22:54:12.0094 0652  Running under WOW64
22:54:12.0094 0652  Processor architecture: Intel x64
22:54:12.0094 0652  Number of processors: 4
22:54:12.0094 0652  Page size: 0x1000
22:54:12.0094 0652  Boot type: Normal boot
22:54:12.0094 0652  ============================================================
22:54:12.0462 0652  BG loaded
22:54:12.0749 0652  Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:54:12.0758 0652  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:54:12.0814 0652  Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:54:12.0816 0652  Drive \Device\Harddisk3\DR3 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:54:13.0897 0652  Drive \Device\Harddisk8\DR8 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:54:13.0900 0652  ============================================================
22:54:13.0900 0652  \Device\Harddisk0\DR0:
22:54:13.0913 0652  MBR partitions:
22:54:13.0913 0652  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
22:54:13.0913 0652  \Device\Harddisk1\DR1:
22:54:13.0913 0652  MBR partitions:
22:54:13.0917 0652  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0xE8E035C1
22:54:13.0917 0652  \Device\Harddisk2\DR2:
22:54:13.0918 0652  MBR partitions:
22:54:13.0918 0652  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
22:54:13.0918 0652  \Device\Harddisk3\DR3:
22:54:13.0918 0652  MBR partitions:
22:54:13.0918 0652  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E06CC1
22:54:13.0918 0652  \Device\Harddisk8\DR8:
22:54:13.0925 0652  MBR partitions:
22:54:13.0925 0652  \Device\Harddisk8\DR8\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23C9C800
22:54:13.0925 0652  ============================================================
22:54:13.0926 0652  C: <-> \Device\Harddisk0\DR0\Partition1
22:54:13.0930 0652  E: <-> \Device\Harddisk1\DR1\Partition1
22:54:13.0942 0652  F: <-> \Device\Harddisk8\DR8\Partition1
22:54:13.0943 0652  H: <-> \Device\Harddisk2\DR2\Partition1
22:54:13.0964 0652  I: <-> \Device\Harddisk3\DR3\Partition1
22:54:13.0964 0652  ============================================================
22:54:13.0964 0652  Initialize success
22:54:13.0964 0652  ============================================================
22:54:19.0069 5668  ============================================================
22:54:19.0069 5668  Scan started
22:54:19.0069 5668  Mode: Manual; SigCheck; TDLFS; 
22:54:19.0069 5668  ============================================================
22:54:35.0273 5668  ================ Scan system memory ========================
22:54:35.0273 5668  System memory - ok
22:54:35.0274 5668  ================ Scan services =============================
22:54:35.0461 5668  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:54:35.0525 5668  1394ohci - ok
22:54:35.0594 5668  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:54:35.0608 5668  ACPI - ok
22:54:35.0654 5668  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:54:35.0673 5668  AcpiPmi - ok
22:54:35.0778 5668  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:54:35.0794 5668  AdobeARMservice - ok
22:54:35.0861 5668  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:54:35.0884 5668  adp94xx - ok
22:54:35.0946 5668  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:54:35.0961 5668  adpahci - ok
22:54:36.0021 5668  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:54:36.0032 5668  adpu320 - ok
22:54:36.0110 5668  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:54:36.0149 5668  AeLookupSvc - ok
22:54:36.0223 5668  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
22:54:36.0280 5668  AFD - ok
22:54:36.0329 5668  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:54:36.0342 5668  agp440 - ok
22:54:36.0380 5668  [ 8B6625D53C18774F0102F690E285B5E8 ] AiChargerPlus   C:\Windows\system32\DRIVERS\AiChargerPlus.sys
22:54:36.0409 5668  AiChargerPlus - ok
22:54:36.0541 5668  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:54:36.0601 5668  ALG - ok
22:54:36.0634 5668  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:54:36.0646 5668  aliide - ok
22:54:36.0671 5668  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:54:36.0683 5668  amdide - ok
22:54:36.0732 5668  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:54:36.0762 5668  AmdK8 - ok
22:54:36.0791 5668  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:54:36.0825 5668  AmdPPM - ok
22:54:36.0882 5668  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:54:36.0896 5668  amdsata - ok
22:54:36.0938 5668  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:54:36.0955 5668  amdsbs - ok
22:54:36.0975 5668  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:54:36.0988 5668  amdxata - ok
22:54:37.0013 5668  [ 2FBB00A7616106B95104574C6CD640C2 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
22:54:37.0024 5668  amd_sata - ok
22:54:37.0036 5668  [ 87D0D7645CB0D53220649BD5FE15D93E ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
22:54:37.0047 5668  amd_xata - ok
22:54:37.0103 5668  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:54:37.0150 5668  AppID - ok
22:54:37.0187 5668  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:54:37.0226 5668  AppIDSvc - ok
22:54:37.0259 5668  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
22:54:37.0282 5668  Appinfo - ok
22:54:37.0409 5668  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:54:37.0422 5668  Apple Mobile Device - ok
22:54:37.0464 5668  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:54:37.0490 5668  arc - ok
22:54:37.0504 5668  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:54:37.0515 5668  arcsas - ok
22:54:37.0573 5668  [ FB03A917C1294D3E6D671F24722E1BA3 ] asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
22:54:37.0592 5668  asComSvc - ok
22:54:37.0614 5668  [ A63173897EA1A73A75D0E65036DE5B15 ] asHmComSvc      C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
22:54:37.0632 5668  asHmComSvc - ok
22:54:37.0719 5668  [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
22:54:37.0734 5668  AsIO - ok
22:54:37.0798 5668  [ 954950D11ADA98AC1B7EE3C770E4622C ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
22:54:37.0828 5668  asmthub3 - ok
22:54:37.0857 5668  [ 01DBB05DB1DB95803E3C9F2B49AFE79C ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
22:54:37.0895 5668  asmtxhci - ok
22:54:37.0929 5668  [ 5C31DFB196CB3A488A041881634D86D2 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
22:54:37.0943 5668  AsSysCtrlService - ok
22:54:37.0966 5668  [ 1392B92179B07B672720763D9B1028A5 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
22:54:37.0974 5668  AsUpIO - ok
22:54:37.0996 5668  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:54:38.0043 5668  AsyncMac - ok
22:54:38.0081 5668  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:54:38.0090 5668  atapi - ok
22:54:38.0160 5668  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:54:38.0223 5668  AudioEndpointBuilder - ok
22:54:38.0250 5668  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:54:38.0283 5668  AudioSrv - ok
22:54:38.0339 5668  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:54:38.0594 5668  AxInstSV - ok
22:54:38.0679 5668  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
22:54:38.0751 5668  b06bdrv - ok
22:54:38.0858 5668  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:54:38.0885 5668  b57nd60a - ok
22:54:38.0938 5668  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:54:38.0988 5668  BDESVC - ok
22:54:39.0042 5668  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:54:39.0098 5668  Beep - ok
22:54:39.0204 5668  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
22:54:39.0260 5668  BFE - ok
22:54:39.0313 5668  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
22:54:39.0391 5668  BITS - ok
22:54:39.0442 5668  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:54:39.0467 5668  blbdrive - ok
22:54:39.0545 5668  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:54:39.0570 5668  Bonjour Service - ok
22:54:39.0616 5668  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:54:39.0642 5668  bowser - ok
22:54:39.0665 5668  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:54:39.0690 5668  BrFiltLo - ok
22:54:39.0716 5668  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:54:39.0728 5668  BrFiltUp - ok
22:54:39.0765 5668  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
22:54:39.0804 5668  BridgeMP - ok
22:54:39.0855 5668  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
22:54:39.0904 5668  Browser - ok
22:54:39.0913 5668  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:54:39.0947 5668  Brserid - ok
22:54:39.0963 5668  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:54:39.0987 5668  BrSerWdm - ok
22:54:40.0004 5668  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:54:40.0031 5668  BrUsbMdm - ok
22:54:40.0047 5668  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:54:40.0064 5668  BrUsbSer - ok
22:54:40.0082 5668  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:54:40.0094 5668  BTHMODEM - ok
22:54:40.0142 5668  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:54:40.0178 5668  bthserv - ok
22:54:40.0210 5668  catchme - ok
22:54:40.0283 5668  [ A9ACC4B9730B6D5B0BB2BFFDC53F0812 ] CCALib8         C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
22:54:40.0311 5668  CCALib8 ( UnsignedFile.Multi.Generic ) - warning
22:54:40.0311 5668  CCALib8 - detected UnsignedFile.Multi.Generic (1)
22:54:40.0338 5668  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:54:40.0386 5668  cdfs - ok
22:54:40.0531 5668  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
22:54:40.0610 5668  cdrom - ok
22:54:40.0670 5668  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:54:40.0706 5668  CertPropSvc - ok
22:54:40.0754 5668  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:54:40.0775 5668  circlass - ok
22:54:40.0821 5668  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:54:40.0835 5668  CLFS - ok
22:54:40.0959 5668  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:54:40.0980 5668  clr_optimization_v2.0.50727_32 - ok
22:54:41.0062 5668  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:54:41.0076 5668  clr_optimization_v2.0.50727_64 - ok
22:54:41.0247 5668  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:54:41.0270 5668  clr_optimization_v4.0.30319_32 - ok
22:54:41.0369 5668  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:54:41.0394 5668  clr_optimization_v4.0.30319_64 - ok
22:54:41.0464 5668  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:54:41.0486 5668  CmBatt - ok
22:54:41.0524 5668  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:54:41.0537 5668  cmdide - ok
22:54:41.0585 5668  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
22:54:41.0606 5668  CNG - ok
22:54:41.0689 5668  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:54:41.0699 5668  Compbatt - ok
22:54:41.0780 5668  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:54:41.0874 5668  CompositeBus - ok
22:54:41.0896 5668  COMSysApp - ok
22:54:41.0946 5668  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:54:41.0966 5668  crcdisk - ok
22:54:42.0119 5668  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:54:42.0246 5668  CryptSvc - ok
22:54:42.0454 5668  [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
22:54:42.0544 5668  dc3d - ok
22:54:42.0642 5668  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:54:42.0824 5668  DcomLaunch - ok
22:54:42.0905 5668  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:54:42.0964 5668  defragsvc - ok
22:54:43.0072 5668  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:54:43.0141 5668  DfsC - ok
22:54:43.0236 5668  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:54:43.0305 5668  Dhcp - ok
22:54:43.0401 5668  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:54:43.0447 5668  discache - ok
22:54:43.0513 5668  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:54:43.0536 5668  Disk - ok
22:54:43.0576 5668  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:54:43.0639 5668  Dnscache - ok
22:54:43.0795 5668  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:54:43.0869 5668  dot3svc - ok
22:54:43.0904 5668  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:54:43.0973 5668  DPS - ok
22:54:44.0095 5668  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:54:44.0134 5668  drmkaud - ok
22:54:44.0241 5668  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:54:44.0271 5668  DXGKrnl - ok
22:54:44.0319 5668  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:54:44.0372 5668  EapHost - ok
22:54:44.0658 5668  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
22:54:44.0759 5668  ebdrv - ok
22:54:44.0797 5668  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:54:44.0848 5668  EFS - ok
22:54:44.0958 5668  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:54:45.0057 5668  ehRecvr - ok
22:54:45.0107 5668  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:54:45.0162 5668  ehSched - ok
22:54:45.0256 5668  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:54:45.0288 5668  elxstor - ok
22:54:45.0361 5668  [ 6106653B08F4F72EEAA7F099E7C408A4 ] epmntdrv        C:\Windows\system32\epmntdrv.sys
22:54:45.0393 5668  epmntdrv - ok
22:54:45.0459 5668  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:54:45.0496 5668  ErrDev - ok
22:54:45.0623 5668  [ 991C04A31777ED77CB92A4F96F14C2E2 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
22:54:45.0655 5668  EuGdiDrv - ok
22:54:45.0701 5668  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:54:45.0750 5668  EventSystem - ok
22:54:45.0766 5668  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:54:45.0795 5668  exfat - ok
22:54:45.0831 5668  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:54:45.0869 5668  fastfat - ok
22:54:45.0932 5668  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
22:54:45.0973 5668  Fax - ok
22:54:46.0001 5668  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:54:46.0021 5668  fdc - ok
22:54:46.0039 5668  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:54:46.0068 5668  fdPHost - ok
22:54:46.0088 5668  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:54:46.0128 5668  FDResPub - ok
22:54:46.0145 5668  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:54:46.0155 5668  FileInfo - ok
22:54:46.0172 5668  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:54:46.0199 5668  Filetrace - ok
22:54:46.0225 5668  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:54:46.0234 5668  flpydisk - ok
22:54:46.0285 5668  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:54:46.0310 5668  FltMgr - ok
22:54:46.0381 5668  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
22:54:46.0512 5668  FontCache - ok
22:54:46.0593 5668  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:54:46.0601 5668  FontCache3.0.0.0 - ok
22:54:46.0730 5668  [ 8A8F0564BA7BF273D2119FEB36A14536 ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
22:54:46.0748 5668  Freemake Improver ( UnsignedFile.Multi.Generic ) - warning
22:54:46.0749 5668  Freemake Improver - detected UnsignedFile.Multi.Generic (1)
22:54:46.0792 5668  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:54:46.0802 5668  FsDepends - ok
22:54:46.0846 5668  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:54:46.0855 5668  Fs_Rec - ok
22:54:46.0919 5668  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:54:46.0950 5668  fvevol - ok
22:54:47.0014 5668  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:54:47.0024 5668  gagp30kx - ok
22:54:47.0096 5668  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:54:47.0103 5668  GEARAspiWDM - ok
22:54:47.0136 5668  GMSIPCI - ok
22:54:47.0196 5668  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:54:47.0241 5668  gpsvc - ok
22:54:47.0309 5668  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:54:47.0320 5668  gupdate - ok
22:54:47.0325 5668  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:54:47.0335 5668  gupdatem - ok
22:54:47.0380 5668  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:54:47.0390 5668  gusvc - ok
22:54:47.0426 5668  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:54:47.0470 5668  hcw85cir - ok
22:54:47.0522 5668  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:54:47.0552 5668  HdAudAddService - ok
22:54:47.0567 5668  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:54:47.0591 5668  HDAudBus - ok
22:54:47.0610 5668  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:54:47.0632 5668  HidBatt - ok
22:54:47.0648 5668  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:54:47.0674 5668  HidBth - ok
22:54:47.0689 5668  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:54:47.0701 5668  HidIr - ok
22:54:47.0733 5668  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
22:54:47.0774 5668  hidserv - ok
22:54:47.0806 5668  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
22:54:47.0815 5668  HidUsb - ok
22:54:47.0856 5668  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:54:47.0894 5668  hkmsvc - ok
22:54:47.0935 5668  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:54:47.0963 5668  HomeGroupListener - ok
22:54:48.0004 5668  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:54:48.0034 5668  HomeGroupProvider - ok
22:54:48.0061 5668  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:54:48.0072 5668  HpSAMD - ok
22:54:48.0144 5668  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:54:48.0188 5668  HTTP - ok
22:54:48.0223 5668  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:54:48.0232 5668  hwpolicy - ok
22:54:48.0277 5668  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:54:48.0300 5668  i8042prt - ok
22:54:48.0356 5668  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:54:48.0379 5668  iaStorV - ok
22:54:48.0529 5668  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:54:48.0612 5668  idsvc - ok
22:54:48.0652 5668  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:54:48.0661 5668  iirsp - ok
22:54:48.0688 5668  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:54:48.0749 5668  IKEEXT - ok
22:54:48.0847 5668  [ 589B94A9B73A0E819FF873743A480834 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:54:48.0891 5668  IntcAzAudAddService - ok
22:54:48.0910 5668  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:54:48.0918 5668  intelide - ok
22:54:48.0950 5668  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:54:48.0971 5668  intelppm - ok
22:54:49.0006 5668  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:54:49.0057 5668  IPBusEnum - ok
22:54:49.0094 5668  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:54:49.0127 5668  IpFilterDriver - ok
22:54:49.0172 5668  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:54:49.0195 5668  iphlpsvc - ok
22:54:49.0229 5668  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:54:49.0258 5668  IPMIDRV - ok
22:54:49.0276 5668  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:54:49.0312 5668  IPNAT - ok
22:54:49.0368 5668  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:54:49.0382 5668  iPod Service - ok
22:54:49.0410 5668  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:54:49.0460 5668  IRENUM - ok
22:54:49.0511 5668  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:54:49.0528 5668  isapnp - ok
22:54:49.0567 5668  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:54:49.0586 5668  iScsiPrt - ok
22:54:49.0608 5668  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
22:54:49.0616 5668  kbdclass - ok
22:54:49.0640 5668  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:54:49.0666 5668  kbdhid - ok
22:54:49.0685 5668  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:54:49.0694 5668  KeyIso - ok
22:54:49.0744 5668  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:54:49.0768 5668  KSecDD - ok
22:54:49.0795 5668  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:54:49.0807 5668  KSecPkg - ok
22:54:49.0851 5668  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:54:49.0903 5668  ksthunk - ok
22:54:49.0941 5668  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:54:49.0973 5668  KtmRm - ok
22:54:50.0022 5668  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
22:54:50.0082 5668  LanmanServer - ok
22:54:50.0118 5668  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:54:50.0164 5668  LanmanWorkstation - ok
22:54:50.0195 5668  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:54:50.0238 5668  lltdio - ok
22:54:50.0281 5668  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:54:50.0332 5668  lltdsvc - ok
22:54:50.0346 5668  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:54:50.0373 5668  lmhosts - ok
22:54:50.0492 5668  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:54:50.0525 5668  LSI_FC - ok
22:54:50.0567 5668  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:54:50.0581 5668  LSI_SAS - ok
22:54:50.0609 5668  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:54:50.0622 5668  LSI_SAS2 - ok
22:54:50.0628 5668  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:54:50.0641 5668  LSI_SCSI - ok
22:54:50.0681 5668  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:54:50.0723 5668  luafv - ok
22:54:50.0757 5668  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:54:50.0784 5668  Mcx2Svc - ok
22:54:50.0797 5668  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:54:50.0806 5668  megasas - ok
22:54:50.0818 5668  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:54:50.0831 5668  MegaSR - ok
22:54:50.0887 5668  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:54:50.0944 5668  MMCSS - ok
22:54:50.0963 5668  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:54:51.0002 5668  Modem - ok
22:54:51.0030 5668  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:54:51.0051 5668  monitor - ok
22:54:51.0104 5668  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
22:54:51.0112 5668  mouclass - ok
22:54:51.0123 5668  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:54:51.0141 5668  mouhid - ok
22:54:51.0180 5668  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:54:51.0190 5668  mountmgr - ok
22:54:51.0244 5668  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:54:51.0267 5668  MozillaMaintenance - ok
22:54:51.0308 5668  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
22:54:51.0322 5668  MpFilter - ok
22:54:51.0337 5668  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:54:51.0348 5668  mpio - ok
22:54:51.0378 5668  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:54:51.0406 5668  mpsdrv - ok
22:54:51.0462 5668  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:54:51.0506 5668  MpsSvc - ok
22:54:51.0547 5668  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:54:51.0577 5668  MRxDAV - ok
22:54:51.0619 5668  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:54:51.0641 5668  mrxsmb - ok
22:54:51.0682 5668  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:54:51.0703 5668  mrxsmb10 - ok
22:54:51.0745 5668  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:54:51.0766 5668  mrxsmb20 - ok
22:54:51.0807 5668  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:54:51.0827 5668  msahci - ok
22:54:51.0878 5668  [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS64.exe
22:54:51.0898 5668  MSCamSvc - ok
22:54:51.0942 5668  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:54:51.0954 5668  msdsm - ok
22:54:51.0993 5668  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:54:52.0045 5668  MSDTC - ok
22:54:52.0084 5668  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:54:52.0122 5668  Msfs - ok
22:54:52.0147 5668  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:54:52.0174 5668  mshidkmdf - ok
22:54:52.0236 5668  [ 55218F924E55FD2786ED40EDF4ED79C3 ] MSHUSBVideo     C:\Windows\system32\Drivers\nx6000.sys
22:54:52.0254 5668  MSHUSBVideo - ok
22:54:52.0292 5668  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:54:52.0311 5668  msisadrv - ok
22:54:52.0356 5668  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:54:52.0447 5668  MSiSCSI - ok
22:54:52.0450 5668  msiserver - ok
22:54:52.0546 5668  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:54:52.0621 5668  MSKSSRV - ok
22:54:52.0729 5668  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
22:54:52.0748 5668  MsMpSvc - ok
22:54:52.0771 5668  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:54:52.0809 5668  MSPCLOCK - ok
22:54:52.0827 5668  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:54:52.0863 5668  MSPQM - ok
22:54:52.0912 5668  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:54:52.0928 5668  MsRPC - ok
22:54:52.0970 5668  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:54:52.0978 5668  mssmbios - ok
22:54:52.0996 5668  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:54:53.0032 5668  MSTEE - ok
22:54:53.0059 5668  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:54:53.0084 5668  MTConfig - ok
22:54:53.0125 5668  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:54:53.0143 5668  Mup - ok
22:54:53.0196 5668  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:54:53.0255 5668  napagent - ok
22:54:53.0295 5668  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:54:53.0325 5668  NativeWifiP - ok
22:54:53.0396 5668  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:54:53.0436 5668  NDIS - ok
22:54:53.0454 5668  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:54:53.0483 5668  NdisCap - ok
22:54:53.0524 5668  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:54:53.0575 5668  NdisTapi - ok
22:54:53.0657 5668  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:54:53.0709 5668  Ndisuio - ok
22:54:53.0777 5668  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:54:53.0831 5668  NdisWan - ok
22:54:53.0876 5668  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:54:53.0919 5668  NDProxy - ok
22:54:53.0940 5668  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:54:53.0975 5668  NetBIOS - ok
22:54:54.0015 5668  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:54:54.0068 5668  NetBT - ok
22:54:54.0082 5668  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:54:54.0092 5668  Netlogon - ok
22:54:54.0139 5668  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:54:54.0178 5668  Netman - ok
22:54:54.0198 5668  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:54:54.0243 5668  netprofm - ok
22:54:54.0281 5668  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:54:54.0290 5668  NetTcpPortSharing - ok
22:54:54.0338 5668  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:54:54.0358 5668  nfrd960 - ok
22:54:54.0376 5668  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:54:54.0392 5668  NisDrv - ok
22:54:54.0434 5668  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
22:54:54.0456 5668  NisSrv - ok
22:54:54.0503 5668  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:54:54.0543 5668  NlaSvc - ok
22:54:54.0560 5668  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:54:54.0591 5668  Npfs - ok
22:54:54.0625 5668  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:54:54.0693 5668  nsi - ok
22:54:54.0742 5668  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:54:54.0793 5668  nsiproxy - ok
22:54:54.0896 5668  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:54:55.0012 5668  Ntfs - ok
22:54:55.0022 5668  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:54:55.0057 5668  Null - ok
22:54:55.0112 5668  [ B4F53BCA4C688FF47F04FA90098F896E ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
22:54:55.0136 5668  NVHDA - ok
22:54:55.0378 5668  [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:54:55.0518 5668  nvlddmkm - ok
22:54:55.0551 5668  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:54:55.0562 5668  nvraid - ok
22:54:55.0602 5668  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:54:55.0613 5668  nvstor - ok
22:54:55.0676 5668  [ 7335C3D78A7746D76D37F6722CC4A466 ] NVSvc           C:\Windows\system32\nvvsvc.exe
22:54:55.0712 5668  NVSvc - ok
22:54:55.0791 5668  [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:54:55.0834 5668  nvUpdatusService - ok
22:54:55.0854 5668  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:54:55.0864 5668  nv_agp - ok
22:54:55.0989 5668  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:54:56.0015 5668  odserv - ok
22:54:56.0054 5668  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:54:56.0067 5668  ohci1394 - ok
22:54:56.0116 5668  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:54:56.0129 5668  ose - ok
22:54:56.0181 5668  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:54:56.0225 5668  p2pimsvc - ok
22:54:56.0265 5668  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:54:56.0280 5668  p2psvc - ok
22:54:56.0316 5668  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:54:56.0327 5668  Parport - ok
22:54:56.0372 5668  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:54:56.0382 5668  partmgr - ok
22:54:56.0425 5668  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:54:56.0452 5668  PcaSvc - ok
22:54:56.0491 5668  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:54:56.0501 5668  pci - ok
22:54:56.0523 5668  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:54:56.0531 5668  pciide - ok
22:54:56.0547 5668  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:54:56.0558 5668  pcmcia - ok
22:54:56.0573 5668  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:54:56.0587 5668  pcw - ok
22:54:56.0611 5668  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:54:56.0652 5668  PEAUTH - ok
22:54:56.0761 5668  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:54:56.0789 5668  PerfHost - ok
22:54:56.0863 5668  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:54:56.0961 5668  pla - ok
22:54:57.0003 5668  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:54:57.0050 5668  PlugPlay - ok
22:54:57.0091 5668  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:54:57.0125 5668  PNRPAutoReg - ok
22:54:57.0164 5668  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:54:57.0177 5668  PNRPsvc - ok
22:54:57.0204 5668  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:54:57.0251 5668  PolicyAgent - ok
22:54:57.0294 5668  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:54:57.0362 5668  Power - ok
22:54:57.0444 5668  [ 859D1D0EEF2E0DD293FB3E1BBA3DCAEC ] ppped           C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
22:54:57.0472 5668  ppped - ok
22:54:57.0522 5668  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:54:57.0579 5668  PptpMiniport - ok
22:54:57.0615 5668  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:54:57.0639 5668  Processor - ok
22:54:57.0699 5668  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:54:57.0736 5668  ProfSvc - ok
22:54:57.0748 5668  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:54:57.0757 5668  ProtectedStorage - ok
22:54:57.0814 5668  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:54:57.0874 5668  Psched - ok
22:54:57.0910 5668  [ DD3FD48D69F5FBBB21D46D1514C1C2DB ] PSI             C:\Windows\system32\DRIVERS\psi_mf_amd64.sys
22:54:57.0929 5668  PSI - ok
22:54:57.0968 5668  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:54:58.0025 5668  ql2300 - ok
22:54:58.0066 5668  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:54:58.0077 5668  ql40xx - ok
22:54:58.0117 5668  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:54:58.0134 5668  QWAVE - ok
22:54:58.0146 5668  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:54:58.0165 5668  QWAVEdrv - ok
22:54:58.0177 5668  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:54:58.0212 5668  RasAcd - ok
22:54:58.0265 5668  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:54:58.0292 5668  RasAgileVpn - ok
22:54:58.0308 5668  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:54:58.0346 5668  RasAuto - ok
22:54:58.0386 5668  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:54:58.0421 5668  Rasl2tp - ok
22:54:58.0465 5668  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:54:58.0512 5668  RasMan - ok
22:54:58.0557 5668  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:54:58.0615 5668  RasPppoe - ok
22:54:58.0643 5668  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:54:58.0682 5668  RasSstp - ok
22:54:58.0716 5668  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:54:58.0754 5668  rdbss - ok
22:54:58.0770 5668  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:54:58.0792 5668  rdpbus - ok
22:54:58.0806 5668  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:54:58.0847 5668  RDPCDD - ok
22:54:58.0867 5668  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:54:58.0908 5668  RDPENCDD - ok
22:54:58.0926 5668  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:54:58.0952 5668  RDPREFMP - ok
22:54:58.0995 5668  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:54:59.0030 5668  RDPWD - ok
22:54:59.0085 5668  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:54:59.0097 5668  rdyboost - ok
22:54:59.0142 5668  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:54:59.0184 5668  RemoteAccess - ok
22:54:59.0222 5668  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:54:59.0262 5668  RemoteRegistry - ok
22:54:59.0289 5668  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:54:59.0318 5668  RpcEptMapper - ok
22:54:59.0355 5668  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:54:59.0385 5668  RpcLocator - ok
22:54:59.0436 5668  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\System32\rpcss.dll
22:54:59.0481 5668  RpcSs - ok
22:54:59.0529 5668  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:54:59.0568 5668  rspndr - ok
22:54:59.0599 5668  [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:54:59.0612 5668  RTL8167 - ok
22:54:59.0619 5668  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:54:59.0629 5668  SamSs - ok
22:54:59.0669 5668  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:54:59.0696 5668  sbp2port - ok
22:54:59.0741 5668  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:54:59.0783 5668  SCardSvr - ok
22:54:59.0837 5668  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:54:59.0883 5668  scfilter - ok
22:54:59.0947 5668  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:55:00.0011 5668  Schedule - ok
22:55:00.0047 5668  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:55:00.0073 5668  SCPolicySvc - ok
22:55:00.0115 5668  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:55:00.0160 5668  SDRSVC - ok
22:55:00.0202 5668  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:55:00.0231 5668  secdrv - ok
22:55:00.0268 5668  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:55:00.0311 5668  seclogon - ok
22:55:00.0381 5668  [ 86C9FD4982D0BEAEDF0C8BBF02AA148B ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
22:55:00.0414 5668  Secunia PSI Agent - ok
22:55:00.0437 5668  [ 808E07BBD5C68BEB844F46F164F8509E ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
22:55:00.0452 5668  Secunia Update Agent - ok
22:55:00.0489 5668  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
22:55:00.0528 5668  SENS - ok
22:55:00.0546 5668  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:55:00.0582 5668  SensrSvc - ok
22:55:00.0611 5668  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:55:00.0633 5668  Serenum - ok
22:55:00.0689 5668  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:55:00.0713 5668  Serial - ok
22:55:00.0743 5668  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:55:00.0767 5668  sermouse - ok
22:55:00.0809 5668  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:55:00.0866 5668  SessionEnv - ok
22:55:00.0908 5668  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:55:00.0951 5668  sffdisk - ok
22:55:00.0965 5668  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:55:00.0985 5668  sffp_mmc - ok
22:55:01.0000 5668  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:55:01.0018 5668  sffp_sd - ok
22:55:01.0034 5668  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:55:01.0043 5668  sfloppy - ok
22:55:01.0087 5668  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:55:01.0154 5668  SharedAccess - ok
22:55:01.0197 5668  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:55:01.0244 5668  ShellHWDetection - ok
22:55:01.0268 5668  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:55:01.0277 5668  SiSRaid2 - ok
22:55:01.0289 5668  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:55:01.0300 5668  SiSRaid4 - ok
22:55:01.0320 5668  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:55:01.0361 5668  Smb - ok
22:55:01.0413 5668  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:55:01.0435 5668  SNMPTRAP - ok
22:55:01.0456 5668  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:55:01.0465 5668  spldr - ok
22:55:01.0507 5668  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
22:55:01.0552 5668  Spooler - ok
22:55:01.0676 5668  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:55:01.0751 5668  sppsvc - ok
22:55:01.0764 5668  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:55:01.0802 5668  sppuinotify - ok
22:55:01.0853 5668  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:55:01.0891 5668  srv - ok
22:55:01.0925 5668  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:55:01.0965 5668  srv2 - ok
22:55:02.0001 5668  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:55:02.0016 5668  srvnet - ok
22:55:02.0070 5668  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:55:02.0139 5668  SSDPSRV - ok
22:55:02.0160 5668  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:55:02.0190 5668  SstpSvc - ok
22:55:02.0213 5668  Steam Client Service - ok
22:55:02.0239 5668  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:55:02.0249 5668  stexstor - ok
22:55:02.0303 5668  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:55:02.0323 5668  stisvc - ok
22:55:02.0362 5668  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:55:02.0370 5668  swenum - ok
22:55:02.0388 5668  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:55:02.0438 5668  swprv - ok
22:55:02.0513 5668  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:55:02.0574 5668  SysMain - ok
22:55:02.0615 5668  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:55:02.0632 5668  TabletInputService - ok
22:55:02.0679 5668  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:55:02.0719 5668  TapiSrv - ok
22:55:02.0759 5668  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:55:02.0802 5668  TBS - ok
22:55:02.0879 5668  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:55:02.0952 5668  Tcpip - ok
22:55:02.0996 5668  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:55:03.0026 5668  TCPIP6 - ok
22:55:03.0065 5668  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:55:03.0074 5668  tcpipreg - ok
22:55:03.0120 5668  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:55:03.0157 5668  TDPIPE - ok
22:55:03.0212 5668  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:55:03.0237 5668  TDTCP - ok
22:55:03.0305 5668  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:55:03.0349 5668  tdx - ok
22:55:03.0390 5668  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:55:03.0410 5668  TermDD - ok
22:55:03.0467 5668  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:55:03.0536 5668  TermService - ok
22:55:03.0573 5668  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:55:03.0600 5668  Themes - ok
22:55:03.0635 5668  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:55:03.0661 5668  THREADORDER - ok
22:55:03.0673 5668  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:55:03.0712 5668  TrkWks - ok
22:55:03.0779 5668  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:55:03.0822 5668  TrustedInstaller - ok
22:55:03.0861 5668  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:55:03.0913 5668  tssecsrv - ok
22:55:03.0965 5668  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:55:03.0998 5668  TsUsbFlt - ok
22:55:04.0064 5668  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:55:04.0132 5668  tunnel - ok
22:55:04.0258 5668  [ 6406A138625914A0B4FBD275B7C2CF04 ] TVersityMediaServer C:\ProgramData\TVersity\Media Server\MediaServer.exe
22:55:04.0292 5668  TVersityMediaServer - ok
22:55:04.0332 5668  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:55:04.0341 5668  uagp35 - ok
22:55:04.0383 5668  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:55:04.0427 5668  udfs - ok
22:55:04.0477 5668  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:55:04.0503 5668  UI0Detect - ok
22:55:04.0523 5668  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:55:04.0541 5668  uliagpkx - ok
22:55:04.0595 5668  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
22:55:04.0612 5668  umbus - ok
22:55:04.0628 5668  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:55:04.0649 5668  UmPass - ok
22:55:04.0671 5668  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:55:04.0712 5668  upnphost - ok
22:55:04.0748 5668  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:55:04.0759 5668  usbaudio - ok
22:55:04.0767 5668  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:55:04.0776 5668  usbccgp - ok
22:55:04.0821 5668  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:55:04.0833 5668  usbcir - ok
22:55:04.0852 5668  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:55:04.0875 5668  usbehci - ok
22:55:04.0915 5668  [ 573D192E268F0C5B486B7E96F661E538 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
22:55:04.0930 5668  usbfilter - ok
22:55:04.0961 5668  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:55:04.0990 5668  usbhub - ok
22:55:05.0006 5668  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:55:05.0027 5668  usbohci - ok
22:55:05.0079 5668  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:55:05.0114 5668  usbprint - ok
22:55:05.0152 5668  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:55:05.0187 5668  usbscan - ok
22:55:05.0204 5668  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
22:55:05.0230 5668  USBSTOR - ok
22:55:05.0247 5668  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:55:05.0269 5668  usbuhci - ok
22:55:05.0285 5668  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:55:05.0298 5668  usbvideo - ok
22:55:05.0338 5668  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:55:05.0404 5668  UxSms - ok
22:55:05.0416 5668  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:55:05.0424 5668  VaultSvc - ok
22:55:05.0440 5668  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:55:05.0448 5668  vdrvroot - ok
22:55:05.0494 5668  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:55:05.0547 5668  vds - ok
22:55:05.0587 5668  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:55:05.0598 5668  vga - ok
22:55:05.0633 5668  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:55:05.0682 5668  VgaSave - ok
22:55:05.0721 5668  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:55:05.0734 5668  vhdmp - ok
22:55:05.0775 5668  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:55:05.0784 5668  viaide - ok
22:55:05.0801 5668  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:55:05.0811 5668  volmgr - ok
22:55:05.0856 5668  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:55:05.0882 5668  volmgrx - ok
22:55:05.0895 5668  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:55:05.0909 5668  volsnap - ok
22:55:05.0939 5668  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:55:05.0951 5668  vsmraid - ok
22:55:06.0025 5668  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:55:06.0095 5668  VSS - ok
22:55:06.0113 5668  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:55:06.0137 5668  vwifibus - ok
22:55:06.0179 5668  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:55:06.0227 5668  W32Time - ok
22:55:06.0243 5668  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:55:06.0264 5668  WacomPen - ok
22:55:06.0321 5668  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:55:06.0360 5668  WANARP - ok
22:55:06.0374 5668  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:55:06.0400 5668  Wanarpv6 - ok
22:55:06.0476 5668  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:55:06.0547 5668  WatAdminSvc - ok
22:55:06.0619 5668  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:55:06.0683 5668  wbengine - ok
22:55:06.0729 5668  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:55:06.0751 5668  WbioSrvc - ok
22:55:06.0794 5668  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:55:06.0824 5668  wcncsvc - ok
22:55:06.0841 5668  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:55:06.0867 5668  WcsPlugInService - ok
22:55:06.0905 5668  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:55:06.0913 5668  Wd - ok
22:55:06.0976 5668  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:55:07.0008 5668  Wdf01000 - ok
22:55:07.0026 5668  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:55:07.0105 5668  WdiServiceHost - ok
22:55:07.0109 5668  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:55:07.0124 5668  WdiSystemHost - ok
22:55:07.0169 5668  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:55:07.0196 5668  WebClient - ok
22:55:07.0211 5668  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:55:07.0255 5668  Wecsvc - ok
22:55:07.0274 5668  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:55:07.0316 5668  wercplsupport - ok
22:55:07.0339 5668  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:55:07.0368 5668  WerSvc - ok
22:55:07.0419 5668  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:55:07.0445 5668  WfpLwf - ok
22:55:07.0463 5668  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:55:07.0472 5668  WIMMount - ok
22:55:07.0489 5668  WinDefend - ok
22:55:07.0493 5668  WinHttpAutoProxySvc - ok
22:55:07.0557 5668  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:55:07.0597 5668  Winmgmt - ok
22:55:07.0677 5668  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:55:07.0767 5668  WinRM - ok
22:55:07.0804 5668  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:55:07.0817 5668  WinUsb - ok
22:55:07.0872 5668  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:55:07.0933 5668  Wlansvc - ok
22:55:07.0967 5668  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:55:07.0988 5668  WmiAcpi - ok
22:55:08.0028 5668  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:55:08.0049 5668  wmiApSrv - ok
22:55:08.0085 5668  WMPNetworkSvc - ok
22:55:08.0103 5668  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:55:08.0126 5668  WPCSvc - ok
22:55:08.0165 5668  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:55:08.0195 5668  WPDBusEnum - ok
22:55:08.0234 5668  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:55:08.0269 5668  ws2ifsl - ok
22:55:08.0289 5668  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
22:55:08.0313 5668  wscsvc - ok
22:55:08.0316 5668  WSearch - ok
22:55:08.0399 5668  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:55:08.0438 5668  wuauserv - ok
22:55:08.0479 5668  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:55:08.0515 5668  WudfPf - ok
22:55:08.0547 5668  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:55:08.0571 5668  WUDFRd - ok
22:55:08.0613 5668  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:55:08.0643 5668  wudfsvc - ok
22:55:08.0682 5668  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:55:08.0720 5668  WwanSvc - ok
22:55:08.0727 5668  ================ Scan global ===============================
22:55:08.0769 5668  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:55:08.0811 5668  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:55:08.0817 5668  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:55:08.0859 5668  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:55:08.0900 5668  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:55:08.0903 5668  [Global] - ok
22:55:08.0903 5668  ================ Scan MBR ==================================
22:55:08.0911 5668  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:55:09.0214 5668  \Device\Harddisk0\DR0 - ok
22:55:09.0218 5668  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
22:55:09.0308 5668  \Device\Harddisk1\DR1 - ok
22:55:09.0314 5668  [ 31CFC50FBD443DAEEC9A5C7AE8DA8F6D ] \Device\Harddisk2\DR2
22:55:18.0769 5668  \Device\Harddisk2\DR2 - ok
22:55:18.0773 5668  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
22:55:18.0869 5668  \Device\Harddisk3\DR3 - ok
22:55:18.0886 5668  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk8\DR8
22:55:20.0620 5668  \Device\Harddisk8\DR8 - ok
22:55:20.0621 5668  ================ Scan VBR ==================================
22:55:20.0623 5668  [ 34C869BC7DA5EAE0380440D305042079 ] \Device\Harddisk0\DR0\Partition1
22:55:20.0624 5668  \Device\Harddisk0\DR0\Partition1 - ok
22:55:20.0627 5668  [ 63D47FEAC0AA86868402ED52D7650433 ] \Device\Harddisk1\DR1\Partition1
22:55:20.0628 5668  \Device\Harddisk1\DR1\Partition1 - ok
22:55:20.0631 5668  [ A43594874627F43749FF34C8D6E83D9E ] \Device\Harddisk2\DR2\Partition1
22:55:20.0632 5668  \Device\Harddisk2\DR2\Partition1 - ok
22:55:20.0635 5668  [ 03D6AA0F91545844E54D071F86950339 ] \Device\Harddisk3\DR3\Partition1
22:55:20.0636 5668  \Device\Harddisk3\DR3\Partition1 - ok
22:55:20.0671 5668  [ 7690766DD32E7693BAE1CE906F52AB21 ] \Device\Harddisk8\DR8\Partition1
22:55:20.0676 5668  \Device\Harddisk8\DR8\Partition1 - ok
22:55:20.0677 5668  ============================================================
22:55:20.0677 5668  Scan finished
22:55:20.0677 5668  ============================================================
22:55:20.0693 5276  Detected object count: 2
22:55:20.0693 5276  Actual detected object count: 2
22:55:28.0106 5276  CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:28.0107 5276  CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:55:28.0108 5276  Freemake Improver ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:28.0108 5276  Freemake Improver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:55:29.0951 5556  Deinitialize success


#11 Phep

Phep
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 29 May 2013 - 01:00 PM

Memory:

 

1) chrome.exe

2) chrome.exe

3) chrome.exe

4) explorer.exe

5) dwm.exe

 

CPU (it changes rapidly so it's hard for me to pin down top 5 so i'll do a couple more)

 

1) taskmgr.exe (usually at the top)

2) dwm.exe (usually second but sometimes drops to 3,4, or 5th position)

3) chrome.exe (tere are 3 or 4 instances of these and they bounce around  a lot. One of them shot up to 50 cpu or something really weird for a second, but it hasn't done that again and I'm unable to reproduce)

4) googletalkplugin.exe bounces around 4-7

5) igfxsrvc.exe (i see this one regularly sometimes coming in 2nd but it's fleeting and it doesn't really have a pattern)

6) PCMService.exe (this one is fleeting just like igfxsrvc.exe and sometimes comes in position 3-5)

7) netsession_win.exe (less frequent but sometimes jumps in position 4-6 or so)



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:39 PM

Posted 29 May 2013 - 01:27 PM

Hi Dave,

Please provide me with your Belarc Advisor information. Run the program, click File, Save Page As, and then select Web Page,complete. Upload the file here and let me know when that has been done successfully. Please run this as well.

===================================================

Autoruns

--------------------
  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save
  • Please zip and upload the file here
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Belarc upload
  • Autoruns zip file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Phep

Phep
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 29 May 2013 - 01:46 PM

They are both sent. I forgot to put in the link to the topic for the Belarc form though.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:39 PM

Posted 29 May 2013 - 01:55 PM

Got them both. No problem referencing the link. That is just reference information but I already know it is yours.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:39 PM

Posted 29 May 2013 - 02:26 PM

Hi Dave,

Well this is my best guess. You have a minimal amount of memory installed on your computer and it appears there may be times when very little of it is available for use. Here is some information from a post with Broni:

========================= Memory info: ===================================

Percentage of memory in use: 81%
Total physical RAM: 2037.31 MB
Available physical RAM: 380.4 MB

Total Pagefile: 4315.9 MB
Available Pagefile: 1961.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.04 MB

 
I did see where you were in the 60's in one of the posts with me but the 81% in use is a lot.  And even 60% (leaving 40% available) of only 2 gigabytes of memory is not an overabundance. That does not leave much room for your system to operate quickly and most efficiently. It has to work harder to compensate.
 
There are many autoruns entries that do not need to start and because they are automatically run at startup (hence autoruns) they run in the background whether or not you intend on using them. They take up precious resources, resources you can't afford to freely give.  My suggestion is that you rerun autoruns and uncheck the items you don't need at startup.  If you are unsure about an entry/program, you can right click on it and select Search Online or Process Explorer.  As an example, very few people use Windows Mail.  That is selected for autorun on your computer but if you don't use that program then you should uncheck it.  Simply uncheck all the items you don't need to run right away (that doesn't mean they are never available to launch) and close autoruns.  Then reboot and check your computer again to see if the performance is any better.
 
I agree with Broni (who is one of the best, by the way) that there is no evidence of malicious software on your computer.
 
Please let me know the results.

Edited by Oh My, 31 May 2013 - 08:02 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users