Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help with removing tsassist.exe, maybe more. [Solved]

Started by ular , Oct 15 2013 08:25 AM

  • This topic is locked This topic is locked

#1
ular
Posted 15 October 2013 - 08:25 AM

ular

    Member

  • Member
  • PipPip
  • 37 posts
Within the past two days, tsassist.exe began generating "out of date" software pop-ups in the lower right corner. I made the mistake of clicking the X to close the pop-up and Avira immediately detected a problem. I ran the Avira scanner which resulted in removing two viruses.

Current problem is that tsassist continues to pop-up and I only close it using task manager. I need help cleaning up my PC. Please find the OTL logfile below:


OTL logfile created on: 2013-10-15 08:06:54 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\West\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

3.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 50.62% Memory free
5.99 Gb Paging File | 4.37 Gb Available in Paging File | 72.87% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 703.09 Gb Free Space | 75.48% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 296.99 Gb Free Space | 63.77% Space Free | Partition Type: NTFS
Drive G: | 465.75 Gb Total Space | 310.90 Gb Free Space | 66.75% Space Free | Partition Type: NTFS

Computer Name: XPS | User Name: West | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\West\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\West\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\System32\CTxfispi.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Windows\CTXFIRES.DLL ()
MOD - C:\Windows\System32\APOMngr.DLL ()


========== Services (SafeList) ==========

SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctdvda2k) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV - (ss_bus) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {8D774E46-5697-4820-BF39-77BB25670741}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 6E 3A E6 62 D8 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {8D774E46-5697-4820-BF39-77BB25670741}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{8D774E46-5697-4820-BF39-77BB25670741}: "URL" = http://search.condui...8202634823&UM=2
IE - HKCU\..\SearchScopes\{AC0746EF-7944-49DC-8E48-90AE5AC26ABA}: "URL" = http://websearch.ask...A1-30E3522D562C
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.wundergro... Fruitland, ID"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-07-28 15:34:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-10-02 13:14:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-10-09 05:10:53 | 000,000,000 | ---D | M]

[2012-11-30 23:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\West\AppData\Roaming\Mozilla\Extensions
[2013-10-13 07:30:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\West\AppData\Roaming\Mozilla\Firefox\Profiles\p90ql5z6.default\extensions
[2013-10-08 22:07:53 | 000,534,789 | ---- | M] () (No name found) -- C:\Users\West\AppData\Roaming\Mozilla\Firefox\Profiles\p90ql5z6.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012-12-02 12:55:39 | 000,002,545 | ---- | M] () -- C:\Users\West\AppData\Roaming\Mozilla\Firefox\Profiles\p90ql5z6.default\searchplugins\aol-search.xml
[2012-12-12 21:16:27 | 000,002,580 | ---- | M] () -- C:\Users\West\AppData\Roaming\Mozilla\Firefox\Profiles\p90ql5z6.default\searchplugins\askcom.xml
[2013-10-10 06:50:11 | 000,003,746 | ---- | M] () -- C:\Users\West\AppData\Roaming\Mozilla\Firefox\Profiles\p90ql5z6.default\searchplugins\safeguard-secure-search.xml
[2013-08-05 00:45:06 | 000,001,464 | ---- | M] () -- C:\Users\West\AppData\Roaming\Mozilla\Firefox\Profiles\p90ql5z6.default\searchplugins\tvshows.xml
[2013-10-02 13:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013-10-02 13:14:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009-06-10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [LightShot] C:\Users\West\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\West\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_8_800_168_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.98.144.3 137.118.1.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E3F7F1B-D675-4E46-BA49-84E7D277414F}: DhcpNameServer = 208.98.144.3 137.118.1.32
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{07fd11d5-5cbd-11e2-a365-001e4fa80d89}\Shell - "" = AutoRun
O33 - MountPoints2\{07fd11d5-5cbd-11e2-a365-001e4fa80d89}\Shell\AutoRun\command - "" = F:\setup.exe -- [2009-01-16 02:14:08 | 000,156,312 | ---- | M] (Seagate Technology LLC)
O33 - MountPoints2\{895826b6-490a-11e2-b6f4-001e4fa80d89}\Shell - "" = AutoRun
O33 - MountPoints2\{895826b6-490a-11e2-b6f4-001e4fa80d89}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-10-15 07:51:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\West\Desktop\OTL.exe
[2013-10-13 07:44:45 | 000,000,000 | ---D | C] -- C:\Users\West\Documents\ProcAlyzer Dumps
[2013-10-10 07:05:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013-10-10 06:51:02 | 000,000,000 | ---D | C] -- C:\Users\West\AppData\Local\FileTypeAssistant
[2013-10-10 06:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2013-10-02 19:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013-10-02 19:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013-10-02 19:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013-10-02 19:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013-10-02 13:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013-09-28 09:09:58 | 000,000,000 | ---D | C] -- C:\Users\West\AppData\Local\Overwolf
[2013-09-28 08:30:36 | 000,000,000 | ---D | C] -- C:\Users\West\AppData\Local\WinZip Courier
[2013-09-28 08:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC
[2013-09-28 08:30:32 | 000,000,000 | ---D | C] -- C:\Users\West\AppData\Local\assembly
[2013-09-28 08:30:18 | 000,000,000 | ---D | C] -- C:\Users\West\Documents\Outlook Files
[2013-09-17 18:52:36 | 000,000,000 | ---D | C] -- C:\Users\West\AppData\Roaming\Guild Wars 2
[2013-09-15 22:23:21 | 000,000,000 | ---D | C] -- C:\Users\West\AppData\Local\gtk-2.0
[2013-09-15 22:13:14 | 000,000,000 | ---D | C] -- C:\Users\West\AppData\Local\gegl-0.2
[2013-09-15 22:13:14 | 000,000,000 | ---D | C] -- C:\Users\West\.gimp-2.8
[2013-09-15 22:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-10-15 07:51:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\West\Desktop\OTL.exe
[2013-10-15 07:47:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-466576215-1450445770-3734648723-1001.job
[2013-10-15 05:20:39 | 000,021,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-10-15 05:20:39 | 000,021,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-10-15 05:14:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2013-10-15 05:12:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-10-15 05:12:33 | 2413,834,240 | -HS- | M] () -- C:\hiberfil.sys
[2013-10-15 00:20:52 | 000,054,472 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2013-10-15 00:20:52 | 000,054,472 | ---- | M] () -- C:\Windows\System32\BMXState-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2013-10-15 00:20:52 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2013-10-12 11:49:44 | 000,758,500 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013-10-12 11:49:44 | 000,758,344 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2013-10-12 11:49:44 | 000,726,824 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2013-10-12 11:49:44 | 000,675,392 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-10-12 11:49:44 | 000,162,194 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2013-10-12 11:49:44 | 000,153,162 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013-10-12 11:49:44 | 000,151,350 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2013-10-12 11:49:44 | 000,126,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-10-11 20:46:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013-10-11 20:46:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013-10-10 06:28:17 | 000,004,900 | ---- | M] () -- C:\Users\West\Documents\cc_20131010_062811.reg
[2013-10-09 07:34:52 | 000,000,439 | ---- | M] () -- C:\Users\West\AppData\Local\UserProducts.xml
[2013-10-02 19:45:53 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013-10-01 05:10:44 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013-10-01 05:10:44 | 000,089,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013-10-01 05:10:44 | 000,067,680 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys
[2013-10-01 05:10:44 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013-09-28 08:30:21 | 000,001,165 | ---- | M] () -- C:\Users\West\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013-09-17 05:53:39 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-09-15 22:28:35 | 000,002,577 | ---- | M] () -- C:\Users\West\AppData\Local\recently-used.xbel
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-10-11 20:46:39 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013-10-11 20:46:39 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013-10-10 06:28:15 | 000,004,900 | ---- | C] () -- C:\Users\West\Documents\cc_20131010_062811.reg
[2013-10-02 19:45:53 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013-09-28 08:30:21 | 000,001,165 | ---- | C] () -- C:\Users\West\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013-09-15 22:28:35 | 000,002,577 | ---- | C] () -- C:\Users\West\AppData\Local\recently-used.xbel
[2013-09-15 22:08:39 | 000,001,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013-08-13 15:58:14 | 000,000,439 | ---- | C] () -- C:\Users\West\AppData\Local\UserProducts.xml
[2013-07-30 12:20:37 | 000,106,442 | ---- | C] () -- C:\Users\West\AppData\Roaming\icarus-dxdiag.xml
[2013-06-13 15:24:10 | 000,000,043 | ---- | C] () -- C:\Users\West\jagex_cl_runescape_LIVE.dat
[2013-06-13 15:24:10 | 000,000,024 | ---- | C] () -- C:\Users\West\random.dat
[2013-05-21 09:52:12 | 000,000,108 | ---- | C] () -- C:\Users\West\AppData\Roaming\0bba6861.dat
[2013-03-02 15:03:20 | 000,122,900 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2013-01-06 18:44:20 | 002,953,448 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2013-01-06 17:53:50 | 000,139,904 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013-01-06 17:53:50 | 000,138,056 | ---- | C] () -- C:\Users\West\AppData\Roaming\PnkBstrK.sys
[2013-01-06 17:53:17 | 000,291,096 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013-01-06 17:53:15 | 003,130,440 | ---- | C] () -- C:\Windows\System32\pbsvc_blr.exe
[2013-01-06 17:53:15 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012-12-07 19:31:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012-12-02 13:09:47 | 000,007,606 | ---- | C] () -- C:\Users\West\AppData\Local\Resmon.ResmonCfg
[2012-12-01 20:33:59 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2012-12-01 20:33:59 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2012-12-01 18:01:47 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012-12-01 18:01:00 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012-11-11 06:13:42 | 000,094,208 | ---- | C] () -- C:\Windows\System32\lua5.1a.dll
[2012-09-13 00:23:20 | 000,000,101 | ---- | C] () -- C:\Windows\System32\ud-boot-time.ini

========== ZeroAccess Check ==========

[2009-07-13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013-09-10 17:40:12 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\.minecraft
[2013-07-03 00:32:01 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\Blender Foundation
[2013-09-19 21:47:30 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\Guild Wars 2
[2013-07-23 23:23:25 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\Leadertech
[2012-12-18 06:39:53 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\OpenOffice.org
[2013-01-12 13:02:09 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\Origin
[2013-02-18 17:15:31 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\PACE Anti-Piracy
[2013-06-16 01:01:36 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\RIFT
[2013-09-30 16:05:40 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\Spotify
[2013-06-18 22:14:21 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\Strongvault
[2013-04-09 22:10:55 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\System
[2012-12-09 12:53:16 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\Temp
[2013-08-18 16:17:02 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\Thunderbird
[2013-10-06 00:08:52 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\TS3Client
[2013-02-24 11:28:50 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\WindSolutions
[2013-03-22 22:18:43 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\Wings3D
[2013-06-12 15:28:23 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\WinZip
[2013-06-25 16:32:18 | 000,000,000 | -HSD | M] -- C:\Users\West\AppData\Roaming\wyUpdate AU

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013-09-13 16:59:31 | 097,512,218 | ---- | M] ()(C:\Windows\System32\???b) -- C:\Windows\System32\Ꮜ㓄b
[2013-09-13 05:00:22 | 097,512,218 | ---- | C] ()(C:\Windows\System32\???b) -- C:\Windows\System32\Ꮜ㓄b

========== Alternate Data Streams ==========

@Alternate Data Stream - 1257 bytes -> C:\Program Files\Common Files\microsoft shared:e8XV93RRk3i7jpBlzZg8MQOWvC9E
@Alternate Data Stream - 1223 bytes -> C:\Users\West\AppData\Local\4djFAiz8dRts5w:ZqTV6VmTQX8FdRP02TV35Fo
@Alternate Data Stream - 1184 bytes -> C:\ProgramData\Microsoft:gaJV8m1bgSTiGb2QudPPKqQj0
@Alternate Data Stream - 1158 bytes -> C:\Program Files\Common Files\System:05IQGoNtPFnC5MgG19KMG1zgHdQ3
@Alternate Data Stream - 1052 bytes -> C:\ProgramData\Microsoft:lxb7YRivcU6B0miKAPpFVO5SPuoyQ

< End of report >
  • 0

Advertisements

#2
Pyxis
Posted 16 October 2013 - 09:35 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :)

I am Pyxis and I will be assisting you with the problem at hand. Whilst I am taking the time to analyse your set of provided logs, I would like to stress the following reminders:

  • I am a student that is currently undergoing training. As such, my responses have to be checked by a professional before I present them to you to ensure you get the best quality help. If you deem I have overlooked your thread, which is in a matter of more than 24 hours, please send me a PM and I will get back to you shortly.
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. It is important that you only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
I hope you keep in mind these reminders. I will be right back with a full response! :thumbsup:

Thank you.
  • 0

#3
ular
Posted 16 October 2013 - 05:07 PM

ular

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Pyxis, thank you, I will wait for your advice.
  • 0

#4
Pyxis
Posted 16 October 2013 - 09:28 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi ular,

Don't worry--we'll be able to fix that annoying pop-up. :) To begin, could you disable Windows Defender for me? Your current security already covers everything this does and it is unnecessary to let it continue running.

  • Step 1
You will need to disable Spybot - Search & Destroy's Resident TeaTimer for the entire duration of this fix as it may get in the way.

  • Launch Spybot - Search & Destroy.
  • Go to Mode and select Advanced Mode.
  • On the left pane, choose Tools > Resident.
  • Uncheck Resident TeaTimer and TeaTimer. Click OK.
Note: Once you are clean, you can re-enable it using the same steps but this time place a check next to Resident TeaTimer and TeaTimer.
  • Step 2
Download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.

    Posted Image

  • Copy and paste the following into the Custom Scans/Fixes box:

    :OTL
IE - HKCU\..\SearchScopes\{8D774E46-5697-4820-BF39-77BB25670741}: "URL" = http://search.condui...8202634823&UM=2
IE - HKCU\..\SearchScopes\{AC0746EF-7944-49DC-8E48-90AE5AC26ABA}: "URL" = http://websearch.ask...A1-30E3522D562C
FF - prefs.js..browser.startup.homepage: "http://www.wunderground.com/cgi-bin/findweather/hdfForecast?query=83619+-+Fruitland%2C+ID"
[2012-12-02 12:55:39 | 000,002,545 | ---- | M] () -- C:\Users\West\AppData\Roaming\Mozilla\Firefox\Profiles\p90ql5z6.default\searchplugins\aol-search.xml
[2012-12-12 21:16:27 | 000,002,580 | ---- | M] () -- C:\Users\West\AppData\Roaming\Mozilla\Firefox\Profiles\p90ql5z6.default\searchplugins\askcom.xml
[2013-10-10 06:50:11 | 000,003,746 | ---- | M] () -- C:\Users\West\AppData\Roaming\Mozilla\Firefox\Profiles\p90ql5z6.default\searchplugins\safeguard-secure-search.xml
[2013-08-05 00:45:06 | 000,001,464 | ---- | M] () -- C:\Users\West\AppData\Roaming\Mozilla\Firefox\Profiles\p90ql5z6.default\searchplugins\tvshows.xml
[2013-10-15 07:47:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-466576215-1450445770-3734648723-1001.job
[2013-10-15 05:14:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2013-06-18 22:14:21 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\Strongvault
[2013-04-09 22:10:55 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\System
[2013-09-13 16:59:31 | 097,512,218 | ---- | M] ()(C:\Windows\System32\???b) -- C:\Windows\System32\Ꮜ㓄b
[2013-09-13 05:00:22 | 097,512,218 | ---- | C] ()(C:\Windows\System32\???b) -- C:\Windows\System32\Ꮜ㓄b
@Alternate Data Stream - 1257 bytes -> C:\Program Files\Common Files\microsoft shared:e8XV93RRk3i7jpBlzZg8MQOWvC9E
@Alternate Data Stream - 1223 bytes -> C:\Users\West\AppData\Local\4djFAiz8dRts5w:ZqTV6VmTQX8FdRP02TV35Fo
@Alternate Data Stream - 1184 bytes -> C:\ProgramData\Microsoft:gaJV8m1bgSTiGb2QudPPKqQj0
@Alternate Data Stream - 1158 bytes -> C:\Program Files\Common Files\System:05IQGoNtPFnC5MgG19KMG1zgHdQ3
@Alternate Data Stream - 1052 bytes -> C:\ProgramData\Microsoft:lxb7YRivcU6B0miKAPpFVO5SPuoyQ
[2013-10-10 06:51:02 | 000,000,000 | ---D | C] -- C:\Users\West\AppData\Local\FileTypeAssistant
[2013-10-10 06:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant

:Commands
[emptytemp]
  • Click Run Fix.
  • OTL will reboot your system. Allow it by clicking OK.
  • After a the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
  • Copy and paste (CTRL + A and CTRL + C) the content of that log in your next reply.
  • Step 3
Download 'Junkware Removal Tool by thisisu' and save it to your desktop.

  • Ensure all programs and windows are closed before proceeding.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • A black window will appear. Press any key to continue.
  • Wait for it to finish. It won't take long.
  • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the log back here.
  • Step 4
If you haven't already, download 'OTL by OldTimer' and save it to your desktop.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Ensure that the following settings are followed. Make sure all other windows are closed and let it run uninterrupted.

    Posted Image

  • Click Run Scan.
  • After a short while, two Notepad windows will appear, named OTL.txt and Extras.txt. Alternatively, you can also find these at your desktop.
  • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.
  • Logs to Post
In summary of the above, I will need you to post the following log(s):

  • MMDDYYYY_HHMMSS.log (OTL)
  • JRT.txt (Junkware Removal Tool)
  • Extras.txt (OTL)
  • OTL.txt (OTL)

  • 0

#5
ular
Posted 16 October 2013 - 11:11 PM

ular

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi Pyxis,

Please find logs below as requested.

First OTL

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8D774E46-5697-4820-BF39-77BB25670741}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D774E46-5697-4820-BF39-77BB25670741}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AC0746EF-7944-49DC-8E48-90AE5AC26ABA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC0746EF-7944-49DC-8E48-90AE5AC26ABA}\ not found.
Prefs.js: "http://www.wundergro... Fruitland, ID" removed from browser.startup.homepage
C:\Users\West\AppData\Roaming\Mozilla\Firefox\Profiles\p90ql5z6.default\searchplugins\aol-search.xml moved successfully.
C:\Users\West\AppData\Roaming\Mozilla\Firefox\Profiles\p90ql5z6.default\searchplugins\askcom.xml moved successfully.
C:\Users\West\AppData\Roaming\Mozilla\Firefox\Profiles\p90ql5z6.default\searchplugins\safeguard-secure-search.xml moved successfully.
C:\Users\West\AppData\Roaming\Mozilla\Firefox\Profiles\p90ql5z6.default\searchplugins\tvshows.xml moved successfully.
C:\Windows\Tasks\update-S-1-5-21-466576215-1450445770-3734648723-1001.job moved successfully.
C:\Windows\Tasks\update-sys.job moved successfully.
C:\Users\West\AppData\Roaming\Strongvault folder moved successfully.
C:\Users\West\AppData\Roaming\System folder moved successfully.
C:\Windows\System32\Ꮜ㓄b moved successfully.
File C:\Windows\System32\Ꮜ㓄b not found.
ADS C:\Program Files\Common Files\microsoft shared:e8XV93RRk3i7jpBlzZg8MQOWvC9E deleted successfully.
ADS C:\Users\West\AppData\Local\4djFAiz8dRts5w:ZqTV6VmTQX8FdRP02TV35Fo deleted successfully.
ADS C:\ProgramData\Microsoft:gaJV8m1bgSTiGb2QudPPKqQj0 deleted successfully.
ADS C:\Program Files\Common Files\System:05IQGoNtPFnC5MgG19KMG1zgHdQ3 deleted successfully.
ADS C:\ProgramData\Microsoft:lxb7YRivcU6B0miKAPpFVO5SPuoyQ deleted successfully.
C:\Users\West\AppData\Local\FileTypeAssistant\temp\0 folder moved successfully.
C:\Users\West\AppData\Local\FileTypeAssistant\temp folder moved successfully.
C:\Users\West\AppData\Local\FileTypeAssistant folder moved successfully.
C:\Program Files\File Type Assistant folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: West
->Temp folder emptied: 11496637 bytes
->Temporary Internet Files folder emptied: 53274 bytes
->Java cache emptied: 1611826 bytes
->FireFox cache emptied: 18409864 bytes
->Flash cache emptied: 523 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 844 bytes
RecycleBin emptied: 92468978 bytes

Total Files Cleaned = 118.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10162013_222109

Files\Folders moved on Reboot...
C:\Windows\temp\FireFly(20131016135928514).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(20131016135928514).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(20131016135929514).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

JRT.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:2)
OS: Windows 7 Ultimate x86
Ran by West on 2013-10-16 at 22:41:40.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\domaiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298569
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_surgeon-simulator-2013_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_surgeon-simulator-2013_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_the-sims-2-university_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_the-sims-2-university_RASMANCS



~~~ Files

Successfully deleted: [File] "C:\Windows\System32\Tasks\desk 365 runasstduser"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\West\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Users\West\AppData\Roaming\mozilla\firefox\profiles\p90ql5z6.default\user.js
Emptied folder: C:\Users\West\AppData\Roaming\mozilla\firefox\profiles\p90ql5z6.default\minidumps [497 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2013-10-16 at 22:44:19.62
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Extras.

OTL Extras logfile created on: 2013-10-16 22:51:52 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\West\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

3.00 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 67.66% Memory free
5.99 Gb Paging File | 4.73 Gb Available in Paging File | 78.97% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 703.03 Gb Free Space | 75.47% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 296.99 Gb Free Space | 63.77% Space Free | Partition Type: NTFS
Drive G: | 465.75 Gb Total Space | 310.76 Gb Free Space | 66.72% Space Free | Partition Type: NTFS

Computer Name: XPS | User Name: West | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-466576215-1450445770-3734648723-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01223B77-DC03-4F0C-8A3F-2167947DD591}" = rport=80 | protocol=6 | dir=out | app=c:\program files\steam\steamapps\common\warframe\warframe.x64.exe |
"{0568201D-4E45-4CA1-B761-9710BFF45E54}" = rport=80 | protocol=6 | dir=out | app=c:\program files\steam\steamapps\common\warframe\warframe.exe |
"{0568DF7F-FD7F-4265-B564-9E8DA0FD416D}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{06BFD2EA-010F-4FD5-BE8E-89DCB159133D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0FE859FD-0685-4ACF-B271-80FF5B1449EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{136164BA-E6F2-4387-A2E8-0CA64C3AC1D1}" = lport=138 | protocol=17 | dir=in | app=system |
"{2743E1FC-E91A-4517-B29B-EC0748734E1F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3042CC84-8DAD-4B4A-80E6-16A9F238FC6A}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{4799F03F-EF8B-4C8A-9375-6F6D30A565C9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4EE792FF-B399-47BD-B4FA-D7F83D69B56F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{69226107-2633-4D43-8DCC-47C2F1D434C5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{73A18830-082D-44F8-9042-A719E28A244E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{82ACB0C0-4283-42D7-895F-173DF4FD0966}" = rport=445 | protocol=6 | dir=out | app=system |
"{8348E415-D152-40DB-BFAE-F1701364BD2F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{90E30440-84BF-445B-93AA-D0FDB76235F2}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{978AECC4-7109-4B06-A20B-9F30B5781A45}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99ADDF3F-EDE6-494A-854D-74B3D1A500BF}" = lport=139 | protocol=6 | dir=in | app=system |
"{B2E4663B-528F-4C6D-B93B-F361EED5B768}" = rport=137 | protocol=17 | dir=out | app=system |
"{B82A5019-9AC5-4F83-8F0A-950BE2F72177}" = rport=138 | protocol=17 | dir=out | app=system |
"{BF461201-5AEA-40E8-A6AE-40119637808C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C3238CDB-6ADC-46E4-B865-3A83320A85D1}" = lport=137 | protocol=17 | dir=in | app=system |
"{C338967D-160A-40CA-AB26-A4E48E04BA08}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C8710346-4847-4DC3-9A0E-9028BB66A1E6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA04CA9C-1A4D-4504-9BB4-41D0BF17F9F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D2D7C6AD-898B-4DE2-B8CE-0854B67AE9B1}" = lport=445 | protocol=6 | dir=in | app=system |
"{DF44B906-1990-4687-A67F-F4CEFC936E3E}" = rport=80 | protocol=6 | dir=out | app=c:\program files\steam\steamapps\common\warframe\tools\launcher.exe |
"{E6B85656-5802-4C10-A239-5EA3492790EA}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{E766013A-D4A7-4D2E-94AB-8081D8C34173}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EAE39B18-6018-4358-A948-99F790F6A018}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F26EC4FB-B8B7-4733-9557-D0927416F53D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FAD6B878-D658-40D0-A092-119B544FF8F2}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006A3C49-1D3C-47A3-99E6-EF683CD3761F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\warframe\warframe.exe |
"{02405595-68E8-4AE1-B58E-99DEBE950B68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{058EC663-52E3-426C-B319-3780B4B34EBE}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{06CBBB23-0BD7-4D53-B6F6-777866417DFE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\vindictus\en-us\nmservice.exe |
"{06E7AD89-D3C8-4291-A261-E2E1637FC1E9}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{08A8E18C-F114-4B2E-BC07-2F5081EAD27B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the witcher 2\launcher.exe |
"{0D8E2373-9D28-42BA-BD36-C72BEF74EBF9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mabinogi\nxsteam.exe |
"{0DBE1BDA-2449-4699-B0D0-27ECF2D894FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{116F50C1-7D82-491E-9A37-7FE579C5DB10}" = protocol=17 | dir=out | app=c:\program files\steam\steamapps\common\warframe\warframe.x64.exe |
"{1323847B-9186-4E8D-947A-7C1855A5D827}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{13A2DCE2-4DCB-463D-B0C6-570BA4C30097}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{14D7EFD1-6A21-4E1D-B3D6-939D5A1A524D}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{1715B11A-8224-4807-9B66-B7D41514DFFF}" = protocol=6 | dir=in | app=c:\users\west\appdata\roaming\spotify\spotify.exe |
"{172D526C-7AFA-4837-91D9-F1F9CE9FD5C7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{194E120D-C463-4A40-A498-AAF7A10DBEA0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\vindictus\en-us\nmservice.exe |
"{198D21E5-A53B-490A-B0FA-F07B8D2EE27C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{19F6F822-ED38-4E0A-AD7E-E33F558C7733}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army\aapg\binaries\aalauncher32.exe |
"{1AC9E764-B1BA-4966-AE5F-EF7E5F54F610}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the witcher 2\launcher.exe |
"{1B683F2F-3687-4BBF-884F-1A81D8163536}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{1E402115-6137-4B28-B36E-3711CCDD223A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\defiance\patcher.exe |
"{1FC31B47-CEE4-4A04-8D17-4B6A8229FC3C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{297CE56F-F254-4C0C-891D-E5F2045E432B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
"{2CBB1C45-E916-4AE5-93CD-F09F10448564}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\maplestory\nxsteam.exe |
"{2DC38A8D-D22D-4F5E-A366-EC8AE67FD962}" = protocol=58 | dir=out | [email protected],-28546 |
"{3541AF23-0078-43FD-B37D-DB292B0B8105}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{380A42BF-C5D1-4785-82F5-A8F68A8275CA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3A33F5CB-0CC3-416F-A294-CB0654384A90}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{453ED9C7-4C2D-4A35-9EFA-A6644098E799}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{4902A6D3-9E63-4668-B7E7-31781DE974FD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
"{49D3D854-8DC4-48FE-94B6-DDF21CC77EFF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\garrysmod\hl2.exe |
"{4DEFCC8D-3CFE-46B1-A3C7-11B49BE33106}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{4F17972D-1839-4512-B3C9-DAE36F1FF0C1}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{509AB86D-6CC4-46CE-83B9-35246D83A961}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\defiance\patcher.exe |
"{512082C2-9A1C-4E7B-B49F-2D51ADE755EF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mabinogi\nxsteam.exe |
"{53CF214C-F967-472B-AD04-EDF5D05B28F0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\vindictus\en-us\nmservice.exe |
"{5871D17D-6DC7-4CBF-B0B9-B78B68A93B2F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5AFE2BCD-B41B-470A-BB89-BCD4BF194315}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\garrysmod\hl2.exe |
"{5EA07528-7DA7-4F98-9DED-4E3B81D573F9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army\aapg\binaries\aalauncher32.exe |
"{60190009-BFA7-4AFE-A663-25D5E6FC0E06}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mabinogi\nxsteam.exe |
"{604F8370-F913-442F-A584-EE1D32A090C7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terraria.exe |
"{61444632-3885-4778-99AA-1ABD39DEB0E2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{62B3C5D8-CBE9-465B-B8E3-7BAEF6382210}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{645CBF5E-6386-4043-8178-40C98F4CF795}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{675DDBDD-DF64-4D0A-8003-8245E6A7417C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terraria.exe |
"{684996EF-31B5-42BF-BA61-0C24F7368249}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mabinogi\nxsteam.exe |
"{691A359C-E45F-4948-B058-60A86F43574B}" = protocol=6 | dir=in | app=c:\users\west\appdata\roaming\spotify\spotify.exe |
"{705CA8DF-255E-4558-923B-401A08A6556C}" = dir=in | app=c:\program files\file type assistant\tsassist.exe |
"{70608772-C231-40FB-98FE-1D19C82C2CD8}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7C732AA4-F053-495C-917C-58A0321D29C0}" = protocol=17 | dir=in | app=c:\users\west\appdata\roaming\spotify\spotify.exe |
"{7DD24A5A-390C-46F8-B931-0D74D5B8A52C}" = protocol=17 | dir=out | app=c:\program files\steam\steamapps\common\warframe\warframe.exe |
"{80C0E78F-460F-48FC-B1DB-A5A5EF0B5EF3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8371B164-F88B-476A-B7BA-E13B9D8C8B2C}" = protocol=17 | dir=in | app=c:\users\west\appdata\roaming\spotify\spotify.exe |
"{846299ED-6C44-4917-9D89-09E85AD2DEBB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{84F4164D-CD43-4136-850C-5B2D99BAF273}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8557AA5A-49C6-434E-945C-61852B043653}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{85D44FCA-5FCE-4BC5-B0FE-1E05F6560829}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{864762DE-7A28-4D74-ACCD-046F38F767BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8652681D-87F3-41C0-899C-F05C9BAC0740}" = protocol=1 | dir=out | [email protected],-28544 |
"{87E51054-FA8E-49FD-985C-5EA0452B647F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\warframe\tools\launcher.exe |
"{8ACDEB6A-135D-4691-8AFE-AAF998599714}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{95814547-D0AE-405F-91CA-1E16AE4CDB8A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{9753E4EF-2164-4A29-B99C-F73906DF75A5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{9970F8D0-4781-434A-A146-A51D759AC9EC}" = protocol=58 | dir=in | [email protected],-28545 |
"{A05D6BE8-99B6-41C8-ACAF-FE77F9BC9985}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{A2EA952E-7AF0-4D1D-A1AF-953A1C09DD9B}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{A3CCDD75-C35F-44C7-88DA-4AD2C55B5773}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6F52CF4-ECC1-4FB6-91ED-585B32951DC3}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |
"{A98B05B3-214A-400B-9436-683F577420BA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\warframe\warframe.x64.exe |
"{AAB001D7-23F0-4015-98EB-E7F804CB1817}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{AAC21BB5-93C6-4814-B28A-42D2DA242934}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\war thunder\launcher.exe |
"{ADBB865D-1551-4ACA-95B7-6845D14F6957}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{AEEAAEA2-4B5A-4C20-A04B-36FE3997924C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\vindictus\en-us\nmservice.exe |
"{AEED14D2-869B-4ABB-A4E2-DA9FDEB96DC0}" = protocol=6 | dir=out | app=system |
"{B0364707-E455-4652-8D0C-955E12B931ED}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{B0DE69A9-3FFF-4AF4-A1DF-61A59CFDE310}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{B214E15F-F15E-4705-A2D3-AC407624F6A8}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{B2F1F5F2-756B-4854-BB77-DF0CD08A5EA1}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |
"{B364CDBD-905C-41DB-B57F-423634C3854D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3FF8D48-9765-44C6-B2AC-BD50C0D22867}" = protocol=1 | dir=in | [email protected],-28543 |
"{B58AC202-1D40-4A49-B351-84CBDCE60D00}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{B6B26BE0-84F7-4698-B02D-98070F4614EF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B80819D8-93DB-4A66-82A9-FC1B269F1274}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{B9BBD4B1-6F0A-4BB9-A8A7-946362619F4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C46E46D3-B451-4708-8380-943763BC55C9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\maplestory\nxsteam.exe |
"{C5494C9B-1664-41A4-8AFE-382240460941}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\warframe\tools\launcher.exe |
"{CA0B9332-65F2-4C02-A836-2858C82C5399}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fallen earth f2p\feupdater.exe |
"{CCD98C68-A973-4B5F-B0FD-A09F4F6B11BA}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{CFB8C60F-169F-42CF-B7FF-5E0EC12DAD3F}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{D113DA73-80DA-4F95-90B6-622B375F6C58}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D4B79911-7BE0-4F87-8E66-A663D0F37936}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7ADC61A-9004-4015-B36D-7D52D5D6F644}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{DA3BAB82-8204-4BC3-8237-26D82442DD32}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{DEF84B6C-4711-4A0C-81ED-AB63F135547B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
"{DFFA028C-5259-41ED-AD06-50B21463D557}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{E446B073-3EF4-430B-BF25-1AB4778F08E7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\war thunder\launcher.exe |
"{E5F4B6A4-D40D-4F64-8D6A-365B45D8C3F7}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{EBBD1438-CE30-4850-940A-CCE0B3EC8FB4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fallen earth f2p\feupdater.exe |
"{F327D4D7-C674-407C-B027-9679BFE92B08}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{F7AC2E58-34BD-4746-8736-E7DB983631BE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{F8BBC7A0-C61A-44DA-8378-A6621C5A261A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{FB5456B2-2FC2-4B4A-9F14-269E546D3E47}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"TCP Query User{047CFAD4-1B45-4D33-9D03-0FDFAE643C28}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{0C4DB2C0-2F0F-4371-9593-11246EA3E27A}C:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe |
"TCP Query User{10DD37BC-A2B3-4B48-AF0E-A63720FDCD8B}C:\program files\steam\steamapps\common\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\war thunder\aces.exe |
"TCP Query User{341157FA-B103-4CEE-BB40-7A799B8DC9B4}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{570646EA-7241-4918-AED2-237A71DE652E}G:\guildwars2\gw2.exe" = protocol=6 | dir=in | app=g:\guildwars2\gw2.exe |
"TCP Query User{57C7F3C6-017C-4F73-8079-EEC8BDA08EB3}C:\program files\steam\steamapps\ulargila\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\ulargila\garrysmod\hl2.exe |
"TCP Query User{8FE9A04B-ADBE-44A5-A026-3F68A956AB12}C:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe |
"TCP Query User{B230EA62-F774-4591-AC85-8C359F3469B5}C:\program files\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe |
"TCP Query User{E59CA783-B298-45A2-AA6A-520FDBCCA7DF}C:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{0FA23156-E3B2-42AD-8EFE-FAF3664F469B}C:\program files\steam\steamapps\common\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\war thunder\aces.exe |
"UDP Query User{1B96EF73-E40B-4B0A-8755-D6D364CEC490}C:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{4E024099-96B7-485A-9712-4EADCEFDA589}C:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe |
"UDP Query User{817BFABB-B80C-476E-8BE0-30A7009DCD58}C:\program files\steam\steamapps\ulargila\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\ulargila\garrysmod\hl2.exe |
"UDP Query User{8C12C2CC-3050-4C75-BFD6-E62CBC6BCD32}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{C39ACE09-F987-4292-8543-F0CD00FDB455}C:\program files\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe |
"UDP Query User{D015AAA4-90AA-4FBE-A0BC-1A473BE4C6AB}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{D6FD9733-E0FB-4D56-B44D-4101E754EF05}G:\guildwars2\gw2.exe" = protocol=17 | dir=in | app=g:\guildwars2\gw2.exe |
"UDP Query User{F5B84F91-57DB-41E5-8335-92047C79FD41}C:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-4.4.2.10
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{41AA7187-8272-462C-9EED-7B614DA1404E}" = The Sims™ 2 Fun with Pets Collection
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5A39D5C2-A28B-421D-925A-0390FD1E5529}_is1" = Hot CPU Tester Pro 4.4.1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}" = DefianceRuntimes
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90150000-007E-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9BF1AB-E2C4-4470-9398-58F7BACB29DC}" = Ragnarok Online 2
"{A00169C6-9203-43CC-B995-7A2E8E3022E2}_is1" = Xtreme-G 310.54 Win7-8 32bit
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW 2011 Home Edition
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C22E50B4-B9D0-4A07-B1F3-12362514FEA7}" = The Sims™ 2 Double Deluxe
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DC}" = WinZip 17.5
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE7A5DDF-47B3-42FF-A082-E158DEA37392}" = EMET
"{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}" = iTunes
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Blender" = Blender
"CCleaner" = CCleaner
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"GIMP-2_is1" = GIMP 2.8.6
"Guild Wars" = Guild Wars
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PrintProjects" = PrintProjects
"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.94
"sp6" = Logitech SetPoint 6.52
"Steam App 105600" = Terraria
"Steam App 113420" = Fallen Earth
"Steam App 203290" = America's Army: Proving Grounds Beta
"Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition
"Steam App 209870" = Blacklight: Retribution
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 212160" = Vindictus
"Steam App 212200" = Mabinogi
"Steam App 216150" = MapleStory
"Steam App 224600" = Defiance
"Steam App 230410" = Warframe
"Steam App 236390" = War Thunder
"Steam App 4000" = Garry's Mod
"Steam App 570" = Dota 2
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Terraria Game Launcher GUI_is1" = Terraria Game Launcher GUI version 1.3
"Trusted Software Assistant_is1" = File Type Assistant
"UltraDefrag" = Ultra Defragmenter
"Universe Sandbox" = Universe Sandbox
"Wings 3D 1.4.1" = Wings 3D 1.4.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-466576215-1450445770-3734648723-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Haunt 1.1" = Haunt 1.1
"Haunt 1.1 64bit" = Haunt 1.1 64bit
"RIFT" = RIFT
"Spotify" = Spotify
"Wings 3D 1.4.1" = Wings 3D 1.4.1

< End of report >

Last OTL Scan.

OTL logfile created on: 2013-10-16 22:51:51 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\West\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

3.00 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 67.66% Memory free
5.99 Gb Paging File | 4.73 Gb Available in Paging File | 78.97% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 703.03 Gb Free Space | 75.47% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 296.99 Gb Free Space | 63.77% Space Free | Partition Type: NTFS
Drive G: | 465.75 Gb Total Space | 310.76 Gb Free Space | 66.72% Space Free | Partition Type: NTFS

Computer Name: XPS | User Name: West | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-10-16 22:19:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\West\Desktop\OTL.exe
PRC - [2013-10-10 05:36:05 | 000,448,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
PRC - [2013-10-01 05:10:40 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013-10-01 05:10:24 | 000,431,688 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013-10-01 05:10:20 | 000,681,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013-10-01 05:10:20 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013-09-27 13:39:50 | 000,313,120 | ---- | M] (Skillbrains) -- C:\Users\West\AppData\Local\Skillbrains\lightshot\4.4.2.10\Lightshot.exe
PRC - [2013-09-24 16:13:32 | 001,140,736 | ---- | M] (Spotify Ltd) -- C:\Users\West\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013-09-06 18:32:36 | 001,320,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
PRC - [2013-07-25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013-05-16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013-05-16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013-05-15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013-03-15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013-01-18 08:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013-01-18 08:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013-01-15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012-11-22 20:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012-10-08 10:05:40 | 002,804,224 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2012-05-09 14:25:58 | 000,152,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\EMET\EMET_notifier.exe
PRC - [2011-02-24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011-01-26 23:55:56 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011-01-26 23:55:26 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010-05-05 20:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2010-05-05 20:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe


========== Modules (No Company Name) ==========

MOD - [2013-10-10 05:31:54 | 000,359,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
MOD - [2013-10-10 05:31:53 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2013-10-10 05:18:09 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013-09-12 19:50:25 | 008,866,472 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll
MOD - [2013-08-14 13:28:06 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013-08-14 13:27:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013-07-10 05:20:35 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013-05-16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013-05-16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2010-05-05 20:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\CTXFIRES.DLL
MOD - [2009-03-26 15:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013-10-16 05:36:24 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-10-02 13:14:47 | 000,118,680 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-10-01 05:10:40 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013-10-01 05:10:20 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013-09-06 18:32:36 | 001,320,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe -- (OfficeSvc)
SRV - [2013-05-26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-05-11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-03-15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013-02-26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013-02-08 12:29:56 | 000,295,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2013-01-18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013-01-15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012-11-30 23:30:05 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012-11-19 18:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011-01-26 23:55:26 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009-07-13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2013-10-01 05:10:44 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013-10-01 05:10:44 | 000,089,376 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013-10-01 05:10:44 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013-02-26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013-01-03 02:18:04 | 000,040,200 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2013-01-03 02:18:00 | 000,044,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2013-01-03 02:18:00 | 000,044,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2013-01-03 02:18:00 | 000,012,808 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2012-11-26 18:05:22 | 000,064,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012-08-27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012-07-03 09:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011-01-27 00:36:16 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011-01-26 23:13:12 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010-11-20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 04:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010-11-20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-05-05 22:29:18 | 001,178,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2010-05-05 22:29:10 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2010-05-05 22:29:02 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010-05-05 22:28:54 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010-05-05 22:24:44 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010-05-05 22:24:34 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010-05-05 22:24:24 | 000,526,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2010-05-05 22:24:14 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010-05-05 22:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV - [2010-05-05 22:24:04 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2010-05-05 22:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV - [2010-05-05 22:23:52 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2010-05-05 22:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV - [2010-05-05 22:23:46 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009-09-21 01:43:48 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {8D774E46-5697-4820-BF39-77BB25670741}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-466576215-1450445770-3734648723-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-466576215-1450445770-3734648723-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-466576215-1450445770-3734648723-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-466576215-1450445770-3734648723-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 6E 3A E6 62 D8 CD 01 [binary data]
IE - HKU\S-1-5-21-466576215-1450445770-3734648723-1001\..\SearchScopes,DefaultScope = {8D774E46-5697-4820-BF39-77BB25670741}
IE - HKU\S-1-5-21-466576215-1450445770-3734648723-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-466576215-1450445770-3734648723-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-466576215-1450445770-3734648723-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-07-28 15:34:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-10-02 13:14:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-10-09 05:10:53 | 000,000,000 | ---D | M]

[2012-11-30 23:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\West\AppData\Roaming\Mozilla\Extensions
[2013-10-15 13:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\West\AppData\Roaming\Mozilla\Firefox\Profiles\p90ql5z6.default\extensions
[2013-10-15 13:48:52 | 000,534,870 | ---- | M] () (No name found) -- C:\Users\West\AppData\Roaming\Mozilla\Firefox\Profiles\p90ql5z6.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013-10-02 13:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013-10-02 13:14:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009-06-10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-466576215-1450445770-3734648723-1001..\Run: [LightShot] C:\Users\West\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - HKU\S-1-5-21-466576215-1450445770-3734648723-1001..\Run: [Spotify Web Helper] C:\Users\West\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-466576215-1450445770-3734648723-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-466576215-1450445770-3734648723-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-466576215-1450445770-3734648723-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-466576215-1450445770-3734648723-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-466576215-1450445770-3734648723-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.98.144.3 137.118.1.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E3F7F1B-D675-4E46-BA49-84E7D277414F}: DhcpNameServer = 208.98.144.3 137.118.1.32
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{07fd11d5-5cbd-11e2-a365-001e4fa80d89}\Shell - "" = AutoRun
O33 - MountPoints2\{07fd11d5-5cbd-11e2-a365-001e4fa80d89}\Shell\AutoRun\command - "" = F:\setup.exe -- [2009-01-16 02:14:08 | 000,156,312 | ---- | M] (Seagate Technology LLC)
O33 - MountPoints2\{895826b6-490a-11e2-b6f4-001e4fa80d89}\Shell - "" = AutoRun
O33 - MountPoints2\{895826b6-490a-11e2-b6f4-001e4fa80d89}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-10-16 22:40:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013-10-16 22:39:24 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\West\Desktop\JRT.exe
[2013-10-16 22:21:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-10-16 22:19:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\West\Desktop\OTL.exe
[2013-10-16 09:30:46 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013-10-13 07:44:45 | 000,000,000 | ---D | C] -- C:\Users\West\Documents\ProcAlyzer Dumps
[2013-10-10 07:05:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013-10-09 23:14:59 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013-10-09 23:14:58 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013-10-09 23:14:57 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013-10-09 23:14:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013-10-09 23:14:57 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013-10-09 23:14:56 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013-10-09 23:14:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013-10-09 23:14:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013-10-09 23:14:56 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013-10-09 23:14:56 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013-10-09 17:27:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2013-10-09 17:27:42 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013-10-09 17:27:37 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013-10-09 17:27:37 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013-10-09 17:27:37 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2013-10-09 17:27:34 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013-10-09 17:27:34 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013-10-09 17:27:34 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013-10-09 17:27:34 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013-10-09 17:27:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2013-10-09 17:27:33 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2013-10-09 17:27:31 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013-10-02 19:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013-10-02 19:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013-10-02 19:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013-10-02 19:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013-10-02 13:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013-09-28 09:09:58 | 000,000,000 | ---D | C] -- C:\Users\West\AppData\Local\Overwolf
[2013-09-28 08:30:36 | 000,000,000 | ---D | C] -- C:\Users\West\AppData\Local\WinZip Courier
[2013-09-28 08:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC
[2013-09-28 08:30:32 | 000,000,000 | ---D | C] -- C:\Users\West\AppData\Local\assembly
[2013-09-28 08:30:18 | 000,000,000 | ---D | C] -- C:\Users\West\Documents\Outlook Files
[2013-09-17 18:52:36 | 000,000,000 | ---D | C] -- C:\Users\West\AppData\Roaming\Guild Wars 2

========== Files - Modified Within 30 Days ==========

[2013-10-16 22:49:20 | 000,021,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-10-16 22:49:20 | 000,021,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-10-16 22:41:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-10-16 22:41:18 | 2413,834,240 | -HS- | M] () -- C:\hiberfil.sys
[2013-10-16 22:40:46 | 000,054,472 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2013-10-16 22:40:46 | 000,054,472 | ---- | M] () -- C:\Windows\System32\BMXState-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2013-10-16 22:40:46 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2013-10-16 22:39:22 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\West\Desktop\JRT.exe
[2013-10-16 22:23:46 | 000,438,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-10-16 22:19:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\West\Desktop\OTL.exe
[2013-10-16 08:51:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-10-16 05:36:24 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-10-16 05:36:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-10-15 09:47:00 | 001,048,960 | ---- | M] () -- C:\Users\West\Desktop\AdwCleaner.exe
[2013-10-12 11:49:44 | 000,758,500 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013-10-12 11:49:44 | 000,758,344 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2013-10-12 11:49:44 | 000,726,824 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2013-10-12 11:49:44 | 000,675,392 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-10-12 11:49:44 | 000,162,194 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2013-10-12 11:49:44 | 000,153,162 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013-10-12 11:49:44 | 000,151,350 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2013-10-12 11:49:44 | 000,126,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-10-11 20:46:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013-10-11 20:46:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013-10-10 06:28:17 | 000,004,900 | ---- | M] () -- C:\Users\West\Documents\cc_20131010_062811.reg
[2013-10-09 07:34:52 | 000,000,439 | ---- | M] () -- C:\Users\West\AppData\Local\UserProducts.xml
[2013-10-02 19:45:53 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013-10-01 05:10:44 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013-10-01 05:10:44 | 000,089,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013-10-01 05:10:44 | 000,067,680 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys
[2013-10-01 05:10:44 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013-09-28 08:30:21 | 000,001,165 | ---- | M] () -- C:\Users\West\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013-09-22 17:28:12 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013-09-22 17:27:53 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013-09-22 17:27:49 | 002,876,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013-09-22 17:27:49 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013-09-22 17:27:48 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013-09-22 17:27:48 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013-09-22 17:27:48 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013-09-22 17:27:48 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013-09-20 21:30:24 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013-09-20 20:39:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

========== Files Created - No Company Name ==========

[2013-10-16 22:23:31 | 000,438,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-10-15 09:47:02 | 001,048,960 | ---- | C] () -- C:\Users\West\Desktop\AdwCleaner.exe
[2013-10-11 20:46:39 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013-10-11 20:46:39 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013-10-10 06:28:15 | 000,004,900 | ---- | C] () -- C:\Users\West\Documents\cc_20131010_062811.reg
[2013-10-02 19:45:53 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013-09-28 08:30:21 | 000,001,165 | ---- | C] () -- C:\Users\West\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013-09-15 22:28:35 | 000,002,577 | ---- | C] () -- C:\Users\West\AppData\Local\recently-used.xbel
[2013-08-13 15:58:14 | 000,000,439 | ---- | C] () -- C:\Users\West\AppData\Local\UserProducts.xml
[2013-07-30 12:20:37 | 000,106,442 | ---- | C] () -- C:\Users\West\AppData\Roaming\icarus-dxdiag.xml
[2013-06-13 15:24:10 | 000,000,043 | ---- | C] () -- C:\Users\West\jagex_cl_runescape_LIVE.dat
[2013-06-13 15:24:10 | 000,000,024 | ---- | C] () -- C:\Users\West\random.dat
[2013-05-21 09:52:12 | 000,000,108 | ---- | C] () -- C:\Users\West\AppData\Roaming\0bba6861.dat
[2013-03-02 15:03:20 | 000,122,900 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2013-01-06 18:44:20 | 002,953,448 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2013-01-06 17:53:50 | 000,139,904 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013-01-06 17:53:50 | 000,138,056 | ---- | C] () -- C:\Users\West\AppData\Roaming\PnkBstrK.sys
[2013-01-06 17:53:17 | 000,291,096 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013-01-06 17:53:15 | 003,130,440 | ---- | C] () -- C:\Windows\System32\pbsvc_blr.exe
[2013-01-06 17:53:15 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012-12-07 19:31:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012-12-02 13:09:47 | 000,007,606 | ---- | C] () -- C:\Users\West\AppData\Local\Resmon.ResmonCfg
[2012-12-01 20:33:59 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2012-12-01 20:33:59 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2012-12-01 18:01:47 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012-12-01 18:01:00 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012-11-11 06:13:42 | 000,094,208 | ---- | C] () -- C:\Windows\System32\lua5.1a.dll
[2012-09-13 00:23:20 | 000,000,101 | ---- | C] () -- C:\Windows\System32\ud-boot-time.ini

========== ZeroAccess Check ==========

[2009-07-13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013-06-30 14:24:34 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2013-06-30 14:24:34 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
[2013-09-10 17:40:12 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\.minecraft
[2013-07-03 00:32:01 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\Blender Foundation
[2013-09-19 21:47:30 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\Guild Wars 2
[2013-07-23 23:23:25 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\Leadertech
[2012-12-18 06:39:53 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\OpenOffice.org
[2013-01-12 13:02:09 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\Origin
[2013-02-18 17:15:31 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\PACE Anti-Piracy
[2013-06-16 01:01:36 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\RIFT
[2013-10-16 20:40:51 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\Spotify
[2012-12-09 12:53:16 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\Temp
[2013-08-18 16:17:02 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\Thunderbird
[2013-10-15 23:32:04 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\TS3Client
[2013-02-24 11:28:50 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\WindSolutions
[2013-03-22 22:18:43 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\Wings3D
[2013-06-12 15:28:23 | 000,000,000 | ---D | M] -- C:\Users\West\AppData\Roaming\WinZip
[2013-06-25 16:32:18 | 000,000,000 | -HSD | M] -- C:\Users\West\AppData\Roaming\wyUpdate AU

========== Purity Check ==========



< End of report >

Thank you for your time!
  • 0

#6
Pyxis
Posted 16 October 2013 - 11:29 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Thanks for the logs. Are you still being bothered by File Type Assistant?
  • 0

#7
ular
Posted 17 October 2013 - 05:51 AM

ular

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Pyxis,

Thank you for your quick response. No, I have not seen the pop-up this morning.

Again, thank you for your help.
  • 0

#8
Pyxis
Posted 17 October 2013 - 10:40 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
That's great to hear! :) Let's fully remove all remnants and check for other things that may need removing.

  • Step 1
Copy and paste the content of the code box below into an empty Notepad window.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown]
"AlwaysShowExt"=""
"QueryClassStore"=""
"TypeOverlay"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell]
@="openas"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas]
"MultiSelectModel"="Single"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
  6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,25,00,53,\
  00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,\
  79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,65,00,6c,00,6c,\
  00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,4f,00,70,00,65,00,6e,00,41,00,\
  73,00,5f,00,52,00,75,00,6e,00,44,00,4c,00,4c,00,20,00,25,00,31,00,00,00
"DelegateExecute"="{e44e9428-bdbc-4987-a099-40dc8fd255e7}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\opendlg]
"LegacyDisable"=""
"MultiSelectModel"="Single"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\opendlg\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
  6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,25,00,53,\
  00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,\
  79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,65,00,6c,00,6c,\
  00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,4f,00,70,00,65,00,6e,00,41,00,\
  73,00,5f,00,52,00,75,00,6e,00,44,00,4c,00,4c,00,20,00,25,00,31,00,00,00
  • Save it on your desktop as Fix.reg.
  • Open the file by double-clicking it and allow it to run. You will be prompted for an action.

    Posted Image

  • Don't be afraid as it is safe. Click Yes to proceed.
  • Step 2
Upon careful inspection, your log indicates that the program(s) listed below is installed on your computer. I would like to request for the removal of the program(s) as it is associated with malware, adware or spyware. Please proceed to uninstalling by going to Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7). If Windows says it cannot locate the program(s) and that it prompts for it to be removed from the list instead, do so by allowing it.

File Type AssistantInform me if you encounter problems in the removal process.
  • Step 3
Run a free 'ESET Online Scan by ESET' by firstly saving the file to your desktop.

  • Double-click esetsmartinstaller_enu.exe. Accept the Terms of Use then click on Start.
  • Ensure the following settings are followed before clicking Start (you may or may not see the software warning at the very bottom):

    Posted Image

  • The virus signature database will begin to download. Wait for the scan to end--it may take several hours.
  • Upon completion, use Notepad to open and save C:\Program Files\ESET\EsetOnlineScanner\log.txt to your desktop.
  • Select Uninstall application on close and click Finish.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the log back here.
  • Step 4
Download 'SecurityCheck by screen317' and save it to your desktop.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • A black window will appear. Press any key to continue.
  • Wait for it to finish. It won't take long.
  • A log will automatically pop-up after once done.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the log back here.
  • Logs to Post
In summary of the above, I will need you to post the following log(s):

  • log.txt (ESET Online Scan)
  • checkup.txt (SecurityCheck)

  • 0

#9
ular
Posted 19 October 2013 - 04:30 PM

ular

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi Pyxis,

I was able to run programs as requested. I was unable to find File Type Assist in Programs and Features. ESET required just over five hours to run with 17 detections. Please find logs below in the order requested.

ESET

C:\Music\New folder\cnet2_fkeylogger_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\Uninstaller\Uninstall.exe MSIL/DomaIQ.A application cleaned by deleting - quarantined
C:\Users\West\Documents\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\West\Documents\winzip setup.exe a variant of Win32/Soft32Downloader.D application cleaned by deleting - quarantined
C:\Users\West\Downloads\WinZip175.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined
F:\JonsStuff\kmd.exe a variant of Win32/Adware.Kazaa.A application cleaned by deleting - quarantined
F:\Seagate Backup\XPS_2008\C\Program Files\BadCopy Pro 3.76.0716\BadCopy.Pro.v3.76.0716.Keygen.zip probably a variant of Win32/Agent.EDZOQYQ trojan deleted - quarantined
G:\DOWNLOADS\SmitfraudFix\Process.exe Win32/PrcView application cleaned by deleting - quarantined
G:\Logan\SoftonicDownloader_for_surgeon-simulator-2013.exe Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
G:\Program Files\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
G:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
G:\TDSSKiller_Quarantine\25.11.2012_22.48.16\tdlfs0000\tsk0004.dta Win32/Olmarik.XU trojan cleaned by deleting - quarantined
G:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22JE8UFN\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
G:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N0N7XVRA\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined


Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
DH Driver Cleaner Professional Edition
Java 7 Update 25
Java version out of Date!
Adobe Flash Player 11.9.900.117
Adobe Reader XI
Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#10
Pyxis
Posted 20 October 2013 - 10:02 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
The scans gave me something to double-check before I declare you clean. This one is going to take less than five minutes. Please let me know how your system is running after. :)

  • Step 1
    Download 'TDSSKiller by Kaspersky Lab ZAO' and save it to your desktop.

    • Double-click TDSSKiller.exe to run it. It will ask for administrator privileges.
    • Click Start Scan to begin the scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now. If not, click Close.
  • The log will be made available at C:\TDSSKiller.*_*_*_log.txt. Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the log back here.
  • Step 2
You currently have the following outdated program(s) installed. I highly recommend that you perform an update. You will find the download link(s) for the new version(s) below.

Uninstall the previous version(s) before installing the updated one(s). If you run into any errors, let me know.
  • Logs to Post
In summary of the above, I will need you to post the following log(s):

  • TDSSKiller.*_*_*_log.txt (TDSSKiller)

  • 0

#11
ular
Posted 20 October 2013 - 07:15 PM

ular

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi Pyxis,

Completed as requested. Please find log below for your use.

19:02:51.0183 5516 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:02:51.0978 5516 ============================================================
19:02:51.0978 5516 Current date / time: 2013/10/20 19:02:51.0978
19:02:51.0978 5516 SystemInfo:
19:02:51.0978 5516
19:02:51.0978 5516 OS Version: 6.1.7601 ServicePack: 1.0
19:02:51.0978 5516 Product type: Workstation
19:02:51.0978 5516 ComputerName: XPS
19:02:51.0978 5516 UserName: West
19:02:51.0978 5516 Windows directory: C:\Windows
19:02:51.0978 5516 System windows directory: C:\Windows
19:02:51.0978 5516 Processor architecture: Intel x86
19:02:51.0978 5516 Number of processors: 4
19:02:51.0978 5516 Page size: 0x1000
19:02:51.0978 5516 Boot type: Normal boot
19:02:51.0978 5516 ============================================================
19:02:53.0039 5516 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:02:53.0039 5516 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:02:53.0164 5516 Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:02:53.0180 5516 ============================================================
19:02:53.0180 5516 \Device\Harddisk0\DR0:
19:02:53.0180 5516 MBR partitions:
19:02:53.0180 5516 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
19:02:53.0180 5516 \Device\Harddisk1\DR1:
19:02:53.0180 5516 MBR partitions:
19:02:53.0180 5516 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
19:02:53.0180 5516 \Device\Harddisk3\DR3:
19:02:53.0180 5516 MBR partitions:
19:02:53.0180 5516 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
19:02:53.0180 5516 ============================================================
19:02:53.0226 5516 C: <-> \Device\Harddisk0\DR0\Partition1
19:02:53.0258 5516 F: <-> \Device\Harddisk3\DR3\Partition1
19:02:53.0273 5516 G: <-> \Device\Harddisk1\DR1\Partition1
19:02:53.0367 5516 ============================================================
19:02:53.0367 5516 Initialize success
19:02:53.0367 5516 ============================================================
19:03:54.0373 4896 ============================================================
19:03:54.0373 4896 Scan started
19:03:54.0373 4896 Mode: Manual;
19:03:54.0373 4896 ============================================================
19:03:55.0113 4896 ================ Scan system memory ========================
19:03:55.0113 4896 System memory - ok
19:03:55.0114 4896 ================ Scan services =============================
19:03:55.0222 4896 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:03:55.0224 4896 1394ohci - ok
19:03:55.0251 4896 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:03:55.0254 4896 ACPI - ok
19:03:55.0274 4896 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:03:55.0289 4896 AcpiPmi - ok
19:03:55.0358 4896 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:03:55.0359 4896 AdobeARMservice - ok
19:03:55.0390 4896 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:03:55.0411 4896 AdobeFlashPlayerUpdateSvc - ok
19:03:55.0442 4896 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:03:55.0463 4896 adp94xx - ok
19:03:55.0477 4896 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:03:55.0488 4896 adpahci - ok
19:03:55.0498 4896 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:03:55.0518 4896 adpu320 - ok
19:03:55.0550 4896 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:03:55.0558 4896 AeLookupSvc - ok
19:03:55.0590 4896 [ F81BB7E487EDCEAB630A7EE66CF23913 ] AFD C:\Windows\system32\drivers\afd.sys
19:03:55.0594 4896 AFD - ok
19:03:55.0611 4896 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:03:55.0627 4896 agp440 - ok
19:03:55.0640 4896 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:03:55.0647 4896 aic78xx - ok
19:03:55.0659 4896 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:03:55.0667 4896 ALG - ok
19:03:55.0694 4896 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:03:55.0718 4896 aliide - ok
19:03:55.0739 4896 [ AEFEEE2E852F2774A4491C8EFA6C3B6E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:03:55.0763 4896 AMD External Events Utility - ok
19:03:55.0777 4896 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:03:55.0783 4896 amdagp - ok
19:03:55.0814 4896 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:03:55.0837 4896 amdide - ok
19:03:55.0853 4896 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:03:55.0872 4896 AmdK8 - ok
19:03:55.0994 4896 [ D05CF4523E0C04EF82454ABFD84FDC1D ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:03:56.0269 4896 amdkmdag - ok
19:03:56.0303 4896 [ 92DC2E0AE49148F83B24D89C737B0C97 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:03:56.0324 4896 amdkmdap - ok
19:03:56.0339 4896 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:03:56.0353 4896 AmdPPM - ok
19:03:56.0366 4896 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:03:56.0388 4896 amdsata - ok
19:03:56.0402 4896 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:03:56.0417 4896 amdsbs - ok
19:03:56.0431 4896 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:03:56.0432 4896 amdxata - ok
19:03:56.0488 4896 [ 3478F48B23A0D9F6EADD4A2405BA70EF ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:03:56.0493 4896 AntiVirSchedulerService - ok
19:03:56.0505 4896 [ AFFE7C21A4FCA1963371F10066911D3A ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:03:56.0510 4896 AntiVirService - ok
19:03:56.0532 4896 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:03:56.0540 4896 AppID - ok
19:03:56.0572 4896 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:03:56.0585 4896 AppIDSvc - ok
19:03:56.0612 4896 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
19:03:56.0620 4896 Appinfo - ok
19:03:56.0659 4896 [ 30E3850F303EAE5C364782EA78579CC9 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:03:56.0660 4896 Apple Mobile Device - ok
19:03:56.0686 4896 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
19:03:56.0694 4896 AppMgmt - ok
19:03:56.0708 4896 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:03:56.0716 4896 arc - ok
19:03:56.0728 4896 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:03:56.0740 4896 arcsas - ok
19:03:56.0797 4896 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:03:56.0806 4896 aspnet_state - ok
19:03:56.0813 4896 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:03:56.0822 4896 AsyncMac - ok
19:03:56.0840 4896 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:03:56.0841 4896 atapi - ok
19:03:56.0866 4896 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:03:56.0871 4896 AudioEndpointBuilder - ok
19:03:56.0878 4896 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:03:56.0881 4896 Audiosrv - ok
19:03:56.0894 4896 [ 683A089D14B60CD58E06ECE079065235 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:03:56.0895 4896 avgntflt - ok
19:03:56.0909 4896 [ D62D0CFABA19B111067613101D43FA7E ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:03:56.0919 4896 avipbb - ok
19:03:56.0924 4896 [ D8C712305F73CD34D1B344810E522728 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:03:56.0931 4896 avkmgr - ok
19:03:56.0953 4896 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:03:56.0971 4896 AxInstSV - ok
19:03:56.0990 4896 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:03:57.0005 4896 b06bdrv - ok
19:03:57.0026 4896 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:03:57.0036 4896 b57nd60x - ok
19:03:57.0047 4896 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:03:57.0064 4896 BDESVC - ok
19:03:57.0079 4896 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:03:57.0090 4896 Beep - ok
19:03:57.0110 4896 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:03:57.0116 4896 BFE - ok
19:03:57.0130 4896 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
19:03:57.0138 4896 BITS - ok
19:03:57.0147 4896 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:03:57.0164 4896 blbdrive - ok
19:03:57.0206 4896 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:03:57.0210 4896 Bonjour Service - ok
19:03:57.0234 4896 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:03:57.0235 4896 bowser - ok
19:03:57.0247 4896 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:03:57.0258 4896 BrFiltLo - ok
19:03:57.0266 4896 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:03:57.0281 4896 BrFiltUp - ok
19:03:57.0301 4896 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:03:57.0303 4896 Browser - ok
19:03:57.0322 4896 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:03:57.0342 4896 Brserid - ok
19:03:57.0358 4896 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:03:57.0365 4896 BrSerWdm - ok
19:03:57.0379 4896 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:03:57.0399 4896 BrUsbMdm - ok
19:03:57.0404 4896 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:03:57.0415 4896 BrUsbSer - ok
19:03:57.0423 4896 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:03:57.0438 4896 BTHMODEM - ok
19:03:57.0456 4896 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:03:57.0464 4896 bthserv - ok
19:03:57.0478 4896 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:03:57.0498 4896 cdfs - ok
19:03:57.0524 4896 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:03:57.0540 4896 cdrom - ok
19:03:57.0566 4896 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:03:57.0575 4896 CertPropSvc - ok
19:03:57.0584 4896 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:03:57.0600 4896 circlass - ok
19:03:57.0618 4896 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:03:57.0621 4896 CLFS - ok
19:03:57.0655 4896 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:03:57.0664 4896 clr_optimization_v2.0.50727_32 - ok
19:03:57.0698 4896 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:03:57.0700 4896 clr_optimization_v4.0.30319_32 - ok
19:03:57.0713 4896 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:03:57.0724 4896 CmBatt - ok
19:03:57.0752 4896 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:03:57.0776 4896 cmdide - ok
19:03:57.0807 4896 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
19:03:57.0811 4896 CNG - ok
19:03:57.0823 4896 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:03:57.0863 4896 Compbatt - ok
19:03:57.0907 4896 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:03:57.0925 4896 CompositeBus - ok
19:03:57.0937 4896 COMSysApp - ok
19:03:57.0952 4896 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:03:57.0965 4896 crcdisk - ok
19:03:57.0992 4896 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:03:57.0995 4896 CryptSvc - ok
19:03:58.0011 4896 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
19:03:58.0025 4896 CSC - ok
19:03:58.0044 4896 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
19:03:58.0050 4896 CscService - ok
19:03:58.0070 4896 [ B9106942EB5DD0E034AB40A9D48D056E ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
19:03:58.0093 4896 CT20XUT - ok
19:03:58.0099 4896 [ B9106942EB5DD0E034AB40A9D48D056E ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
19:03:58.0100 4896 CT20XUT.SYS - ok
19:03:58.0116 4896 [ F2B1D0A3D21BD0D9F46457CBCEC1A0E9 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
19:03:58.0139 4896 ctac32k - ok
19:03:58.0156 4896 [ 44F60A5E3C3A8A6BBA4C280948EA6095 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
19:03:58.0179 4896 ctaud2k - ok
19:03:58.0195 4896 [ 8CBE82D6BBF206E144F22CB33FAB1F2C ] ctdvda2k C:\Windows\system32\drivers\ctdvda2k.sys
19:03:58.0224 4896 ctdvda2k - ok
19:03:58.0252 4896 [ 4AE083D16AC9FC9BDF98498F93426226 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
19:03:58.0284 4896 CTEXFIFX - ok
19:03:58.0308 4896 [ 4AE083D16AC9FC9BDF98498F93426226 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
19:03:58.0315 4896 CTEXFIFX.SYS - ok
19:03:58.0328 4896 [ B610BFE02F9FC0CB0B1CDE3EC4C13FFA ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
19:03:58.0344 4896 CTHWIUT - ok
19:03:58.0350 4896 [ B610BFE02F9FC0CB0B1CDE3EC4C13FFA ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
19:03:58.0350 4896 CTHWIUT.SYS - ok
19:03:58.0362 4896 [ F0F19A13C948E5289601E354B08E0941 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
19:03:58.0386 4896 ctprxy2k - ok
19:03:58.0400 4896 [ C7B2C36A6203A5F3D0A378FD78C5DDD6 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
19:03:58.0407 4896 ctsfm2k - ok
19:03:58.0435 4896 [ 418114393BFCCE0B4F7CAE96405F4428 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
19:03:58.0454 4896 dc3d - ok
19:03:58.0471 4896 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:03:58.0477 4896 DcomLaunch - ok
19:03:58.0487 4896 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:03:58.0491 4896 defragsvc - ok
19:03:58.0502 4896 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:03:58.0503 4896 DfsC - ok
19:03:58.0513 4896 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:03:58.0517 4896 Dhcp - ok
19:03:58.0525 4896 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:03:58.0533 4896 discache - ok
19:03:58.0561 4896 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:03:58.0562 4896 Disk - ok
19:03:58.0594 4896 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:03:58.0596 4896 Dnscache - ok
19:03:58.0623 4896 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:03:58.0635 4896 dot3svc - ok
19:03:58.0651 4896 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:03:58.0654 4896 DPS - ok
19:03:58.0674 4896 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:03:58.0685 4896 drmkaud - ok
19:03:58.0719 4896 [ 71BC35067CABC02C9453AEAA42B2E43E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:03:58.0738 4896 DXGKrnl - ok
19:03:58.0754 4896 EagleXNt - ok
19:03:58.0765 4896 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:03:58.0773 4896 EapHost - ok
19:03:58.0825 4896 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:03:58.0892 4896 ebdrv - ok
19:03:58.0918 4896 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:03:58.0927 4896 EFS - ok
19:03:58.0959 4896 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:03:58.0978 4896 ehRecvr - ok
19:03:59.0003 4896 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:03:59.0021 4896 ehSched - ok
19:03:59.0036 4896 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:03:59.0054 4896 elxstor - ok
19:03:59.0065 4896 [ FB2D6D4D14AE801F5267B0368FC0CB0C ] emupia C:\Windows\system32\drivers\emupia2k.sys
19:03:59.0073 4896 emupia - ok
19:03:59.0088 4896 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:03:59.0110 4896 ErrDev - ok
19:03:59.0137 4896 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:03:59.0141 4896 EventSystem - ok
19:03:59.0158 4896 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:03:59.0167 4896 exfat - ok
19:03:59.0181 4896 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:03:59.0189 4896 fastfat - ok
19:03:59.0213 4896 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:03:59.0220 4896 Fax - ok
19:03:59.0228 4896 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:03:59.0242 4896 fdc - ok
19:03:59.0257 4896 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:03:59.0259 4896 fdPHost - ok
19:03:59.0267 4896 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:03:59.0274 4896 FDResPub - ok
19:03:59.0286 4896 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:03:59.0287 4896 FileInfo - ok
19:03:59.0300 4896 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:03:59.0312 4896 Filetrace - ok
19:03:59.0328 4896 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:03:59.0346 4896 flpydisk - ok
19:03:59.0365 4896 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:03:59.0367 4896 FltMgr - ok
19:03:59.0391 4896 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
19:03:59.0402 4896 FontCache - ok
19:03:59.0421 4896 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:03:59.0435 4896 FontCache3.0.0.0 - ok
19:03:59.0451 4896 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:03:59.0470 4896 FsDepends - ok
19:03:59.0489 4896 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:03:59.0514 4896 Fs_Rec - ok
19:03:59.0538 4896 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:03:59.0541 4896 fvevol - ok
19:03:59.0557 4896 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:03:59.0572 4896 gagp30kx - ok
19:03:59.0613 4896 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:03:59.0619 4896 GEARAspiWDM - ok
19:03:59.0645 4896 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:03:59.0652 4896 gpsvc - ok
19:03:59.0694 4896 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:03:59.0706 4896 gupdate - ok
19:03:59.0714 4896 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:03:59.0715 4896 gupdatem - ok
19:03:59.0738 4896 [ 7FF1CED1201C169A783B0E81CC561FBA ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
19:03:59.0766 4896 ha20x2k - ok
19:03:59.0779 4896 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:03:59.0785 4896 hcw85cir - ok
19:03:59.0805 4896 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:03:59.0829 4896 HdAudAddService - ok
19:03:59.0844 4896 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:03:59.0852 4896 HDAudBus - ok
19:03:59.0870 4896 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:03:59.0883 4896 HidBatt - ok
19:03:59.0898 4896 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:03:59.0905 4896 HidBth - ok
19:03:59.0912 4896 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:03:59.0918 4896 HidIr - ok
19:03:59.0929 4896 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
19:03:59.0931 4896 hidserv - ok
19:03:59.0962 4896 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:03:59.0976 4896 HidUsb - ok
19:04:00.0000 4896 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:04:00.0009 4896 hkmsvc - ok
19:04:00.0017 4896 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:04:00.0036 4896 HomeGroupListener - ok
19:04:00.0050 4896 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:04:00.0054 4896 HomeGroupProvider - ok
19:04:00.0071 4896 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:04:00.0091 4896 HpSAMD - ok
19:04:00.0120 4896 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:04:00.0125 4896 HTTP - ok
19:04:00.0130 4896 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:04:00.0131 4896 hwpolicy - ok
19:04:00.0151 4896 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:04:00.0159 4896 i8042prt - ok
19:04:00.0187 4896 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:04:00.0201 4896 iaStorV - ok
19:04:00.0238 4896 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:04:00.0278 4896 idsvc - ok
19:04:00.0290 4896 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:04:00.0296 4896 iirsp - ok
19:04:00.0313 4896 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:04:00.0321 4896 IKEEXT - ok
19:04:00.0359 4896 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:04:00.0379 4896 intelide - ok
19:04:00.0404 4896 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:04:00.0406 4896 intelppm - ok
19:04:00.0418 4896 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:04:00.0427 4896 IPBusEnum - ok
19:04:00.0432 4896 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:04:00.0446 4896 IpFilterDriver - ok
19:04:00.0469 4896 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:04:00.0475 4896 iphlpsvc - ok
19:04:00.0489 4896 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:04:00.0496 4896 IPMIDRV - ok
19:04:00.0508 4896 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:04:00.0527 4896 IPNAT - ok
19:04:00.0563 4896 [ C00149A7027081539A66DC5A46695EAD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:04:00.0568 4896 iPod Service - ok
19:04:00.0583 4896 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:04:00.0595 4896 IRENUM - ok
19:04:00.0611 4896 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:04:00.0618 4896 isapnp - ok
19:04:00.0634 4896 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:04:00.0654 4896 iScsiPrt - ok
19:04:00.0664 4896 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:04:00.0676 4896 kbdclass - ok
19:04:00.0685 4896 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:04:00.0690 4896 kbdhid - ok
19:04:00.0702 4896 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:04:00.0704 4896 KeyIso - ok
19:04:00.0772 4896 [ 140692763A50BFFF322CDC076300587E ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
19:04:00.0774 4896 Kodak AiO Network Discovery Service - ok
19:04:00.0807 4896 [ E29F999616D7C08B0E91296908C47CAF ] Kodak AiO Status Monitor Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
19:04:00.0812 4896 Kodak AiO Status Monitor Service - ok
19:04:00.0833 4896 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:04:00.0834 4896 KSecDD - ok
19:04:00.0847 4896 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:04:00.0848 4896 KSecPkg - ok
19:04:00.0866 4896 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:04:00.0885 4896 KtmRm - ok
19:04:00.0897 4896 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
19:04:00.0902 4896 LanmanServer - ok
19:04:00.0912 4896 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:04:00.0920 4896 LanmanWorkstation - ok
19:04:00.0969 4896 [ 7AC2D769C4C29D0C8D58C0FB8528FD82 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:04:00.0992 4896 LBTServ - ok
19:04:01.0010 4896 [ 069C12D174323218E820E5043BA3764A ] LEqdUsb C:\Windows\system32\Drivers\LEqdUsb.Sys
19:04:01.0016 4896 LEqdUsb - ok
19:04:01.0026 4896 [ 1441298D98E2E19027024998745E49F8 ] LHidEqd C:\Windows\system32\Drivers\LHidEqd.Sys
19:04:01.0038 4896 LHidEqd - ok
19:04:01.0055 4896 [ 006540C9CDC7E72ADD1435CF778EC674 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:04:01.0078 4896 LHidFilt - ok
19:04:01.0115 4896 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:04:01.0127 4896 lltdio - ok
19:04:01.0144 4896 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:04:01.0160 4896 lltdsvc - ok
19:04:01.0173 4896 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:04:01.0185 4896 lmhosts - ok
19:04:01.0197 4896 [ 3C5BA4B2E4D1180BF9810963A494799A ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:04:01.0212 4896 LMouFilt - ok
19:04:01.0233 4896 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:04:01.0241 4896 LSI_FC - ok
19:04:01.0253 4896 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:04:01.0272 4896 LSI_SAS - ok
19:04:01.0282 4896 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:04:01.0302 4896 LSI_SAS2 - ok
19:04:01.0314 4896 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:04:01.0328 4896 LSI_SCSI - ok
19:04:01.0343 4896 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:04:01.0344 4896 luafv - ok
19:04:01.0364 4896 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:04:01.0373 4896 Mcx2Svc - ok
19:04:01.0389 4896 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:04:01.0406 4896 megasas - ok
19:04:01.0417 4896 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:04:01.0437 4896 MegaSR - ok
19:04:01.0453 4896 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:04:01.0455 4896 MMCSS - ok
19:04:01.0465 4896 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:04:01.0471 4896 Modem - ok
19:04:01.0475 4896 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:04:01.0477 4896 monitor - ok
19:04:01.0497 4896 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:04:01.0510 4896 mouclass - ok
19:04:01.0526 4896 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:04:01.0542 4896 mouhid - ok
19:04:01.0560 4896 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:04:01.0561 4896 mountmgr - ok
19:04:01.0603 4896 [ 0329A45C849C9D77901094B8FFE8BBB9 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:04:01.0606 4896 MozillaMaintenance - ok
19:04:01.0623 4896 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:04:01.0640 4896 mpio - ok
19:04:01.0652 4896 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:04:01.0668 4896 mpsdrv - ok
19:04:01.0689 4896 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:04:01.0696 4896 MpsSvc - ok
19:04:01.0731 4896 [ 21F4B24ACFC79A483515BD986DD9043F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:04:01.0732 4896 MRxDAV - ok
19:04:01.0762 4896 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:04:01.0763 4896 mrxsmb - ok
19:04:01.0780 4896 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:04:01.0782 4896 mrxsmb10 - ok
19:04:01.0790 4896 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:04:01.0792 4896 mrxsmb20 - ok
19:04:01.0804 4896 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:04:01.0810 4896 msahci - ok
19:04:01.0822 4896 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:04:01.0830 4896 msdsm - ok
19:04:01.0850 4896 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:04:01.0861 4896 MSDTC - ok
19:04:01.0876 4896 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:04:01.0877 4896 Msfs - ok
19:04:01.0889 4896 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:04:01.0900 4896 mshidkmdf - ok
19:04:01.0912 4896 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:04:01.0913 4896 msisadrv - ok
19:04:01.0928 4896 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:04:01.0944 4896 MSiSCSI - ok
19:04:01.0948 4896 msiserver - ok
19:04:01.0966 4896 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:04:01.0971 4896 MSKSSRV - ok
19:04:01.0982 4896 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:04:01.0993 4896 MSPCLOCK - ok
19:04:02.0006 4896 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:04:02.0026 4896 MSPQM - ok
19:04:02.0041 4896 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:04:02.0043 4896 MsRPC - ok
19:04:02.0055 4896 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:04:02.0064 4896 mssmbios - ok
19:04:02.0079 4896 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:04:02.0095 4896 MSTEE - ok
19:04:02.0121 4896 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:04:02.0132 4896 MTConfig - ok
19:04:02.0151 4896 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:04:02.0152 4896 Mup - ok
19:04:02.0180 4896 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:04:02.0186 4896 napagent - ok
19:04:02.0209 4896 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:04:02.0221 4896 NativeWifiP - ok
19:04:02.0245 4896 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:04:02.0252 4896 NDIS - ok
19:04:02.0262 4896 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:04:02.0274 4896 NdisCap - ok
19:04:02.0290 4896 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:04:02.0300 4896 NdisTapi - ok
19:04:02.0323 4896 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:04:02.0329 4896 Ndisuio - ok
19:04:02.0351 4896 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:04:02.0371 4896 NdisWan - ok
19:04:02.0382 4896 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:04:02.0389 4896 NDProxy - ok
19:04:02.0393 4896 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:04:02.0394 4896 NetBIOS - ok
19:04:02.0416 4896 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:04:02.0418 4896 NetBT - ok
19:04:02.0427 4896 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:04:02.0429 4896 Netlogon - ok
19:04:02.0453 4896 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:04:02.0458 4896 Netman - ok
19:04:02.0492 4896 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:04:02.0494 4896 NetMsmqActivator - ok
19:04:02.0498 4896 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:04:02.0499 4896 NetPipeActivator - ok
19:04:02.0512 4896 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:04:02.0517 4896 netprofm - ok
19:04:02.0522 4896 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:04:02.0524 4896 NetTcpActivator - ok
19:04:02.0527 4896 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:04:02.0528 4896 NetTcpPortSharing - ok
19:04:02.0543 4896 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:04:02.0569 4896 nfrd960 - ok
19:04:02.0590 4896 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
19:04:02.0595 4896 NlaSvc - ok
19:04:02.0604 4896 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:04:02.0605 4896 Npfs - ok
19:04:02.0617 4896 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:04:02.0630 4896 nsi - ok
19:04:02.0638 4896 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:04:02.0640 4896 nsiproxy - ok
19:04:02.0676 4896 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:04:02.0693 4896 Ntfs - ok
19:04:02.0706 4896 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:04:02.0711 4896 Null - ok
19:04:02.0736 4896 [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
19:04:02.0745 4896 NVHDA - ok
19:04:02.0879 4896 [ B69E6F70CE1151C8D62ABC9DEF64DFBE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:04:03.0049 4896 nvlddmkm - ok
19:04:03.0078 4896 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:04:03.0100 4896 nvraid - ok
19:04:03.0116 4896 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:04:03.0117 4896 nvstor - ok
19:04:03.0139 4896 [ E4284FCF99FEA13A7E1836F87AE356F6 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:04:03.0161 4896 nvsvc - ok
19:04:03.0198 4896 [ 03E60E0BFA53ED15DC984FA34B44BB0F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:04:03.0244 4896 nvUpdatusService - ok
19:04:03.0259 4896 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:04:03.0275 4896 nv_agp - ok
19:04:03.0336 4896 [ 893B16E57D4896DE0411F92FDE5FA82C ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
19:04:03.0354 4896 OfficeSvc - ok
19:04:03.0371 4896 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:04:03.0380 4896 ohci1394 - ok
19:04:03.0409 4896 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:04:03.0434 4896 ose - ok
19:04:03.0523 4896 [ EE5756BDA5BE5891270E0CC6CEC44096 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:04:03.0583 4896 osppsvc - ok
19:04:03.0596 4896 [ AC5BF1A610EFFAAE9CFC48CB53483F08 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
19:04:03.0603 4896 ossrv - ok
19:04:03.0633 4896 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:04:03.0637 4896 p2pimsvc - ok
19:04:03.0647 4896 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:04:03.0675 4896 p2psvc - ok
19:04:03.0704 4896 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:04:03.0711 4896 Parport - ok
19:04:03.0725 4896 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:04:03.0726 4896 partmgr - ok
19:04:03.0735 4896 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:04:03.0739 4896 Parvdm - ok
19:04:03.0754 4896 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:04:03.0757 4896 PcaSvc - ok
19:04:03.0762 4896 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:04:03.0764 4896 pci - ok
19:04:03.0789 4896 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:04:03.0789 4896 pciide - ok
19:04:03.0805 4896 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:04:03.0815 4896 pcmcia - ok
19:04:03.0828 4896 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:04:03.0829 4896 pcw - ok
19:04:03.0852 4896 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:04:03.0881 4896 PEAUTH - ok
19:04:03.0918 4896 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:04:03.0930 4896 PeerDistSvc - ok
19:04:03.0975 4896 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:04:04.0018 4896 pla - ok
19:04:04.0060 4896 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:04:04.0066 4896 PlugPlay - ok
19:04:04.0102 4896 [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
19:04:04.0125 4896 PnkBstrA - ok
19:04:04.0131 4896 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:04:04.0139 4896 PNRPAutoReg - ok
19:04:04.0149 4896 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:04:04.0152 4896 PNRPsvc - ok
19:04:04.0171 4896 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:04:04.0199 4896 PolicyAgent - ok
19:04:04.0212 4896 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:04:04.0216 4896 Power - ok
19:04:04.0229 4896 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:04:04.0248 4896 PptpMiniport - ok
19:04:04.0259 4896 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:04:04.0276 4896 Processor - ok
19:04:04.0293 4896 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:04:04.0297 4896 ProfSvc - ok
19:04:04.0311 4896 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:04:04.0312 4896 ProtectedStorage - ok
19:04:04.0326 4896 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:04:04.0328 4896 Psched - ok
19:04:04.0357 4896 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:04:04.0399 4896 ql2300 - ok
19:04:04.0411 4896 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:04:04.0421 4896 ql40xx - ok
19:04:04.0442 4896 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:04:04.0467 4896 QWAVE - ok
19:04:04.0483 4896 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:04:04.0489 4896 QWAVEdrv - ok
19:04:04.0500 4896 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:04:04.0523 4896 RasAcd - ok
19:04:04.0540 4896 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:04:04.0547 4896 RasAgileVpn - ok
19:04:04.0555 4896 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:04:04.0578 4896 RasAuto - ok
19:04:04.0596 4896 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:04:04.0604 4896 Rasl2tp - ok
19:04:04.0624 4896 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:04:04.0652 4896 RasMan - ok
19:04:04.0662 4896 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:04:04.0670 4896 RasPppoe - ok
19:04:04.0677 4896 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:04:04.0690 4896 RasSstp - ok
19:04:04.0714 4896 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:04:04.0716 4896 rdbss - ok
19:04:04.0726 4896 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:04:04.0749 4896 rdpbus - ok
19:04:04.0764 4896 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:04:04.0765 4896 RDPCDD - ok
19:04:04.0782 4896 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:04:04.0798 4896 RDPDR - ok
19:04:04.0816 4896 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:04:04.0824 4896 RDPENCDD - ok
19:04:04.0831 4896 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:04:04.0833 4896 RDPREFMP - ok
19:04:04.0875 4896 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:04:04.0887 4896 RdpVideoMiniport - ok
19:04:04.0920 4896 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:04:04.0936 4896 RDPWD - ok
19:04:04.0955 4896 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:04:04.0957 4896 rdyboost - ok
19:04:04.0971 4896 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:04:04.0984 4896 RemoteAccess - ok
19:04:04.0997 4896 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:04:05.0016 4896 RemoteRegistry - ok
19:04:05.0043 4896 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:04:05.0046 4896 RpcEptMapper - ok
19:04:05.0050 4896 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:04:05.0068 4896 RpcLocator - ok
19:04:05.0088 4896 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:04:05.0092 4896 RpcSs - ok
19:04:05.0102 4896 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:04:05.0108 4896 rspndr - ok
19:04:05.0134 4896 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:04:05.0145 4896 s3cap - ok
19:04:05.0149 4896 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:04:05.0151 4896 SamSs - ok
19:04:05.0185 4896 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:04:05.0201 4896 sbp2port - ok
19:04:05.0215 4896 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:04:05.0230 4896 SCardSvr - ok
19:04:05.0242 4896 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:04:05.0257 4896 scfilter - ok
19:04:05.0280 4896 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:04:05.0290 4896 Schedule - ok
19:04:05.0301 4896 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:04:05.0302 4896 SCPolicySvc - ok
19:04:05.0309 4896 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:04:05.0321 4896 SDRSVC - ok
19:04:05.0389 4896 [ 95AA9E165C7DE1B64A11E8B18E91E499 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
19:04:05.0414 4896 SDScannerService - ok
19:04:05.0446 4896 [ D31398D4BB4907B517B6E784C2100C4A ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
19:04:05.0455 4896 SDUpdateService - ok
19:04:05.0474 4896 [ 6AE8E702D1027A9627DDE2B77BB9992B ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
19:04:05.0475 4896 SDWSCService - ok
19:04:05.0488 4896 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:04:05.0500 4896 secdrv - ok
19:04:05.0517 4896 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:04:05.0525 4896 seclogon - ok
19:04:05.0543 4896 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
19:04:05.0546 4896 SENS - ok
19:04:05.0556 4896 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:04:05.0564 4896 SensrSvc - ok
19:04:05.0575 4896 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:04:05.0587 4896 Serenum - ok
19:04:05.0596 4896 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:04:05.0603 4896 Serial - ok
19:04:05.0617 4896 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:04:05.0639 4896 sermouse - ok
19:04:05.0663 4896 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:04:05.0671 4896 SessionEnv - ok
19:04:05.0686 4896 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:04:05.0701 4896 sffdisk - ok
19:04:05.0705 4896 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:04:05.0710 4896 sffp_mmc - ok
19:04:05.0715 4896 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:04:05.0719 4896 sffp_sd - ok
19:04:05.0723 4896 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:04:05.0737 4896 sfloppy - ok
19:04:05.0756 4896 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:04:05.0777 4896 SharedAccess - ok
19:04:05.0795 4896 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:04:05.0801 4896 ShellHWDetection - ok
19:04:05.0809 4896 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:04:05.0816 4896 sisagp - ok
19:04:05.0836 4896 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:04:05.0843 4896 SiSRaid2 - ok
19:04:05.0858 4896 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:04:05.0873 4896 SiSRaid4 - ok
19:04:05.0894 4896 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:04:05.0901 4896 Smb - ok
19:04:05.0914 4896 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:04:05.0921 4896 SNMPTRAP - ok
19:04:05.0928 4896 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:04:05.0929 4896 spldr - ok
19:04:05.0950 4896 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:04:05.0955 4896 Spooler - ok
19:04:06.0001 4896 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:04:06.0044 4896 sppsvc - ok
19:04:06.0069 4896 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:04:06.0078 4896 sppuinotify - ok
19:04:06.0096 4896 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:04:06.0098 4896 srv - ok
19:04:06.0109 4896 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:04:06.0111 4896 srv2 - ok
19:04:06.0126 4896 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:04:06.0128 4896 srvnet - ok
19:04:06.0148 4896 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:04:06.0152 4896 SSDPSRV - ok
19:04:06.0168 4896 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
19:04:06.0174 4896 ssmdrv - ok
19:04:06.0187 4896 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:04:06.0198 4896 SstpSvc - ok
19:04:06.0230 4896 [ 54946449A0EB74915A4BB34F7EE51A5A ] ss_bus C:\Windows\system32\DRIVERS\ss_bus.sys
19:04:06.0238 4896 ss_bus - ok
19:04:06.0264 4896 Steam Client Service - ok
19:04:06.0308 4896 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:04:06.0310 4896 Stereo Service - ok
19:04:06.0325 4896 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:04:06.0341 4896 stexstor - ok
19:04:06.0362 4896 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:04:06.0388 4896 StiSvc - ok
19:04:06.0401 4896 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:04:06.0402 4896 storflt - ok
19:04:06.0418 4896 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:04:06.0424 4896 storvsc - ok
19:04:06.0445 4896 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:04:06.0469 4896 swenum - ok
19:04:06.0482 4896 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:04:06.0486 4896 swprv - ok
19:04:06.0490 4896 Synth3dVsc - ok
19:04:06.0516 4896 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:04:06.0534 4896 SysMain - ok
19:04:06.0546 4896 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:04:06.0556 4896 TabletInputService - ok
19:04:06.0572 4896 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:04:06.0585 4896 TapiSrv - ok
19:04:06.0597 4896 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:04:06.0601 4896 TBS - ok
19:04:06.0646 4896 [ CA59F7C570AF70BC174F477CFE2D9EE3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:04:06.0663 4896 Tcpip - ok
19:04:06.0696 4896 [ CA59F7C570AF70BC174F477CFE2D9EE3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:04:06.0704 4896 TCPIP6 - ok
19:04:06.0725 4896 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:04:06.0738 4896 tcpipreg - ok
19:04:06.0761 4896 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:04:06.0777 4896 TDPIPE - ok
19:04:06.0792 4896 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:04:06.0798 4896 TDTCP - ok
19:04:06.0813 4896 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:04:06.0820 4896 tdx - ok
19:04:06.0827 4896 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:04:06.0847 4896 TermDD - ok
19:04:06.0865 4896 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:04:06.0873 4896 TermService - ok
19:04:06.0886 4896 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:04:06.0890 4896 Themes - ok
19:04:06.0895 4896 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:04:06.0897 4896 THREADORDER - ok
19:04:06.0910 4896 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:04:06.0913 4896 TrkWks - ok
19:04:06.0939 4896 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:04:06.0942 4896 TrustedInstaller - ok
19:04:06.0965 4896 [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:04:06.0981 4896 tssecsrv - ok
19:04:06.0996 4896 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:04:07.0010 4896 TsUsbFlt - ok
19:04:07.0014 4896 tsusbhub - ok
19:04:07.0039 4896 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:04:07.0048 4896 tunnel - ok
19:04:07.0073 4896 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:04:07.0080 4896 uagp35 - ok
19:04:07.0095 4896 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:04:07.0119 4896 udfs - ok
19:04:07.0134 4896 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:04:07.0152 4896 UI0Detect - ok
19:04:07.0172 4896 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:04:07.0179 4896 uliagpkx - ok
19:04:07.0201 4896 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
19:04:07.0208 4896 umbus - ok
19:04:07.0225 4896 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:04:07.0244 4896 UmPass - ok
19:04:07.0269 4896 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
19:04:07.0273 4896 UmRdpService - ok
19:04:07.0286 4896 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:04:07.0291 4896 upnphost - ok
19:04:07.0314 4896 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:04:07.0320 4896 USBAAPL - ok
19:04:07.0334 4896 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:04:07.0341 4896 usbccgp - ok
19:04:07.0366 4896 [ 2352AB5F9F8F097BF9D41D5A4718A041 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:04:07.0389 4896 usbcir - ok
19:04:07.0405 4896 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:04:07.0418 4896 usbehci - ok
19:04:07.0432 4896 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:04:07.0443 4896 usbhub - ok
19:04:07.0457 4896 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:04:07.0479 4896 usbohci - ok
19:04:07.0494 4896 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:04:07.0507 4896 usbprint - ok
19:04:07.0529 4896 [ FC6B21DB4B5B398AB93DBE59CBF11036 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:04:07.0542 4896 usbscan - ok
19:04:07.0554 4896 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:04:07.0567 4896 USBSTOR - ok
19:04:07.0583 4896 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:04:07.0600 4896 usbuhci - ok
19:04:07.0617 4896 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:04:07.0625 4896 UxSms - ok
19:04:07.0636 4896 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:04:07.0638 4896 VaultSvc - ok
19:04:07.0644 4896 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:04:07.0645 4896 vdrvroot - ok
19:04:07.0663 4896 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:04:07.0693 4896 vds - ok
19:04:07.0704 4896 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:04:07.0723 4896 vga - ok
19:04:07.0727 4896 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:04:07.0733 4896 VgaSave - ok
19:04:07.0742 4896 VGPU - ok
19:04:07.0766 4896 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:04:07.0776 4896 vhdmp - ok
19:04:07.0797 4896 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:04:07.0804 4896 viaagp - ok
19:04:07.0816 4896 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:04:07.0824 4896 ViaC7 - ok
19:04:07.0852 4896 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:04:07.0877 4896 viaide - ok
19:04:07.0890 4896 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:04:07.0892 4896 vmbus - ok
19:04:07.0907 4896 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:04:07.0929 4896 VMBusHID - ok
19:04:07.0944 4896 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:04:07.0945 4896 volmgr - ok
19:04:07.0962 4896 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:04:07.0966 4896 volmgrx - ok
19:04:07.0976 4896 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:04:07.0978 4896 volsnap - ok
19:04:07.0993 4896 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:04:08.0006 4896 vsmraid - ok
19:04:08.0037 4896 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:04:08.0046 4896 VSS - ok
19:04:08.0061 4896 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:04:08.0078 4896 vwifibus - ok
19:04:08.0092 4896 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:04:08.0098 4896 W32Time - ok
19:04:08.0117 4896 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:04:08.0133 4896 WacomPen - ok
19:04:08.0152 4896 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:04:08.0165 4896 WANARP - ok
19:04:08.0168 4896 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:04:08.0169 4896 Wanarpv6 - ok
19:04:08.0212 4896 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:04:08.0263 4896 WatAdminSvc - ok
19:04:08.0292 4896 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:04:08.0321 4896 wbengine - ok
19:04:08.0342 4896 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:04:08.0364 4896 WbioSrvc - ok
19:04:08.0384 4896 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:04:08.0405 4896 wcncsvc - ok
19:04:08.0415 4896 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:04:08.0444 4896 WcsPlugInService - ok
19:04:08.0452 4896 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:04:08.0463 4896 Wd - ok
19:04:08.0495 4896 [ 25944D2CC49E0A6C581D02A74B7D6645 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:04:08.0500 4896 Wdf01000 - ok
19:04:08.0511 4896 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:04:08.0515 4896 WdiServiceHost - ok
19:04:08.0519 4896 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:04:08.0522 4896 WdiSystemHost - ok
19:04:08.0551 4896 [ 75E8EBD7040CE238684333F97014762A ] WebClient C:\Windows\System32\webclnt.dll
19:04:08.0563 4896 WebClient - ok
19:04:08.0572 4896 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:04:08.0582 4896 Wecsvc - ok
19:04:08.0592 4896 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:04:08.0601 4896 wercplsupport - ok
19:04:08.0615 4896 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:04:08.0624 4896 WerSvc - ok
19:04:08.0634 4896 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:04:08.0653 4896 WfpLwf - ok
19:04:08.0662 4896 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:04:08.0674 4896 WIMMount - ok
19:04:08.0717 4896 [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:04:08.0724 4896 WinDefend - ok
19:04:08.0736 4896 WinHttpAutoProxySvc - ok
19:04:08.0767 4896 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:04:08.0783 4896 Winmgmt - ok
19:04:08.0809 4896 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:04:08.0835 4896 WinRM - ok
19:04:08.0867 4896 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:04:08.0873 4896 WinUsb - ok
19:04:08.0892 4896 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:04:08.0926 4896 Wlansvc - ok
19:04:08.0994 4896 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:04:09.0020 4896 wlidsvc - ok
19:04:09.0037 4896 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:04:09.0046 4896 WmiAcpi - ok
19:04:09.0066 4896 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:04:09.0084 4896 wmiApSrv - ok
19:04:09.0181 4896 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:04:09.0208 4896 WMPNetworkSvc - ok
19:04:09.0219 4896 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:04:09.0240 4896 WPCSvc - ok
19:04:09.0266 4896 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:04:09.0287 4896 WPDBusEnum - ok
19:04:09.0291 4896 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:04:09.0302 4896 ws2ifsl - ok
19:04:09.0316 4896 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
19:04:09.0324 4896 wscsvc - ok
19:04:09.0328 4896 WSearch - ok
19:04:09.0376 4896 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:04:09.0411 4896 wuauserv - ok
19:04:09.0436 4896 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:04:09.0438 4896 WudfPf - ok
19:04:09.0466 4896 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:04:09.0486 4896 WUDFRd - ok
19:04:09.0510 4896 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:04:09.0519 4896 wudfsvc - ok
19:04:09.0538 4896 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:04:09.0549 4896 WwanSvc - ok
19:04:09.0564 4896 [ C26C68BCBAC1F33F890C226769759209 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
19:04:09.0572 4896 xusb21 - ok
19:04:09.0577 4896 ================ Scan global ===============================
19:04:09.0598 4896 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:04:09.0640 4896 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
19:04:09.0648 4896 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
19:04:09.0675 4896 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:04:09.0688 4896 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:04:09.0693 4896 [Global] - ok
19:04:09.0694 4896 ================ Scan MBR ==================================
19:04:09.0696 4896 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:04:09.0834 4896 \Device\Harddisk0\DR0 - ok
19:04:09.0836 4896 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:04:09.0987 4896 \Device\Harddisk1\DR1 - ok
19:04:09.0991 4896 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
19:04:09.0995 4896 \Device\Harddisk3\DR3 - ok
19:04:09.0996 4896 ================ Scan VBR ==================================
19:04:09.0998 4896 [ DA8F8F549C7800569EF695E7B9B3FF6C ] \Device\Harddisk0\DR0\Partition1
19:04:09.0999 4896 \Device\Harddisk0\DR0\Partition1 - ok
19:04:10.0001 4896 [ 2DD18B9EE174B0D073AA1A3ED3B41790 ] \Device\Harddisk1\DR1\Partition1
19:04:10.0003 4896 \Device\Harddisk1\DR1\Partition1 - ok
19:04:10.0007 4896 [ 32362441ABD710FF1242F23A09F9540C ] \Device\Harddisk3\DR3\Partition1
19:04:10.0009 4896 \Device\Harddisk3\DR3\Partition1 - ok
19:04:10.0009 4896 ============================================================
19:04:10.0009 4896 Scan finished
19:04:10.0009 4896 ============================================================
19:04:10.0016 1208 Detected object count: 0
19:04:10.0016 1208 Actual detected object count: 0
19:04:21.0265 0736 Deinitialize success
  • 0

#12
Pyxis
Posted 21 October 2013 - 07:41 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Thank you for your cooperation. Your logs show no sign of infection. Congratulations, your system is now clean. :thumbsup: Below are a few more steps you have to complete to ensure the good working condition of your system.

Remove Special Tools with OTL by OldTimer

Using this tool will remove all temporary, and unnecessary files still in your computer after using the tools I asked you to run earlier.

  • Double-click OTL.exe to run it. For Windows Vista and Windows 7 users, please run it as an administrator.

  • As seen on the interface, click the CleanUp button.
  • You will be asked to reboot after. Please allow it to do so by clicking Yes on the next prompt.
Set a Clean Restore Point

Doing this will prevent you from a possible reinfection. You see, malicious files try to save a copy of themselves in the System Volume Information storage. The latter is a protected directory; the best way to get rid of these possible copies is to do the step below. Since your system is now clean, it is essential to set a clean and working backup.

  • Navigate to Start, right-click Computer and click Properties.

  • On the left, click System protection.
  • Click Configure... > Delete.
  • Choose Continue when asked. Click Close and then OK.
  • Now click Create.... Input any title and press Create.
  • Once done, press Close > OK.
  • System Restore will now be working again.
I will now proceed to giving to tips on how to maintain your system as it is. You can do the following as a routine to ensure that your system will work properly. Anytime you encounter an infection again, please do not hesitate to go back here at Geeks to Go. :)

Keep Your Computer Updated

Your current Windows operating system needs to install additional updates which are important, one of which is the Service Pack. The latter and other updates contain fixes and patches to prevent attackers from compromising your system. It is imperative that you keep your system up-to-date by obtaining free updates whenever they are available.

Install the latest Service Pack by going 'here'. If you already have, continually visit the official 'Microsoft Windows Update' site to keep your system up-to-date. Update Your Anti-Virus Every Day

UpdatingEnsuring that you have one anti-virus installed in your system is a good way to prevent being infected. You must always make sure to update your anti-virus every day; anti-virus companies see to to it that the latest definition updates are distributed to be in par with the growing advancement and propagation of malware. Your anti-virus is useless if you do not update it.

ScanningSet a scanning routine. Ensure that you do a full scan with your anti-virus monthly. This is part of maintaining a clean system--a scanning routine proves to be effective. You can never be sure when your computer has caught an infection.

Install Supplementary Programs

Alongside your anti-virus and firewall, various programs are can be obtained to help keep your system secure. Don't worry, they pose no conflict to your current installation. The best of all, these programs are free. The names contain the download links.

MVPS Hosts FileThe MVPS Hosts File replaces your current HOSTS file with one containing well-known ad sites, etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. This also helps to protect your privacy and security by blocking sites that may track your viewing habits, also known as "click-thru tracking" or data miners.

SpywareBlasterSpywareBlaster can help keep your system secure, without interfering with the "good side" of the web. And unlike other programs, SpywareBlaster does not have to remain running in the background. It works alongside the programs you have to help secure your system.

  • Just like your regular security programs, SpywareBlaster needs to be updated every day.

  • Open the program by clicking the icon.
  • Click Updates > Check For Updates.
  • If there happens to be an update, a Enable All Protection button will appear. Please click that button.
If you have any unresolved issues with regard to this thread or you need more :help: please ask me. I would assist you further, should it be required. Otherwise, enjoy your clean system.

:cheers:

Thank you.
  • 0

#13
ular
Posted 21 October 2013 - 10:50 PM

ular

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Pyxis,

I have completed all requested tasks. Avira had an issue allowing the MVPS Hosts file, but I worked around it.

The PC seems to better connect with the internet at this time. I did not realize how many issues were present.

Thank you for your time and assistance!

Best Regards,

Ular
  • 0

#14
Essexboy
Posted 22 October 2013 - 10:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP