Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

League of Legends Lag


  • Please log in to reply

#1
Anarchy

Anarchy

    Member

  • Member
  • PipPipPip
  • 136 posts
Hello,

Here is my OTL Log:

OTL logfile created on: 7/21/2013 5:12:17 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Disruption\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 4.75 Gb Available Physical Memory | 60.25% Memory free
9.07 Gb Paging File | 5.60 Gb Available in Paging File | 61.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688.46 Gb Total Space | 423.87 Gb Free Space | 61.57% Space Free | Partition Type: NTFS

Computer Name: DAVIDS-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/21 17:11:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Disruption\Desktop\OTL.exe
PRC - [2013/07/12 20:59:24 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/12 14:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/07/10 14:29:49 | 000,074,752 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.32\deploy\LolClient.exe
PRC - [2013/07/05 18:05:50 | 004,640,768 | ---- | M] (Spotify Ltd) -- C:\Users\Disruption\AppData\Roaming\Spotify\spotify.exe
PRC - [2013/07/05 18:05:49 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Disruption\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/06/06 23:57:24 | 019,676,256 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Disruption\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/23 13:28:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/10/29 15:57:10 | 002,693,008 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.175\deploy\LoLLauncher.exe
PRC - [2012/10/29 15:56:20 | 001,300,376 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2012/08/04 19:02:22 | 001,548,952 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe
PRC - [2012/07/17 18:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 18:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/06/27 16:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/06/25 14:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Disruption\Local Settings\Apps\F.lux\flux.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/20 23:56:53 | 000,128,512 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\_elementtree.pyd
MOD - [2013/07/20 23:56:52 | 000,044,032 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\_socket.pyd
MOD - [2013/07/20 23:56:51 | 000,098,816 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\win32api.pyd
MOD - [2013/07/20 23:56:50 | 000,557,056 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\pysqlite2._sqlite.pyd
MOD - [2013/07/20 23:56:50 | 000,022,528 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\win32ts.pyd
MOD - [2013/07/20 23:56:48 | 000,320,512 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\win32com.shell.shell.pyd
MOD - [2013/07/20 23:56:48 | 000,026,624 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\_multiprocessing.pyd
MOD - [2013/07/20 23:56:47 | 000,070,656 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\wx._html2.pyd
MOD - [2013/07/20 23:56:46 | 000,805,888 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\wx._gdi_.pyd
MOD - [2013/07/20 23:56:46 | 000,011,264 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\win32crypt.pyd
MOD - [2013/07/20 23:56:45 | 001,022,416 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\windows._cacheinvalidation.pyd
MOD - [2013/07/20 23:56:45 | 000,017,408 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\win32profile.pyd
MOD - [2013/07/20 23:56:44 | 000,364,544 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\pythoncom27.dll
MOD - [2013/07/20 23:56:44 | 000,087,040 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\_ctypes.pyd
MOD - [2013/07/20 23:56:43 | 001,175,040 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\wx._core_.pyd
MOD - [2013/07/20 23:56:43 | 000,735,232 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\wx._misc_.pyd
MOD - [2013/07/20 23:56:43 | 000,110,080 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\pywintypes27.dll
MOD - [2013/07/20 23:56:43 | 000,108,544 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\win32security.pyd
MOD - [2013/07/20 23:56:42 | 001,153,024 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\_ssl.pyd
MOD - [2013/07/20 23:56:42 | 000,811,008 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\wx._windows_.pyd
MOD - [2013/07/20 23:56:42 | 000,711,680 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\_hashlib.pyd
MOD - [2013/07/20 23:56:42 | 000,035,840 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\win32process.pyd
MOD - [2013/07/20 23:56:42 | 000,025,600 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\win32pdh.pyd
MOD - [2013/07/20 23:56:41 | 000,122,368 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\wx._wizard.pyd
MOD - [2013/07/20 23:56:41 | 000,119,808 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\win32file.pyd
MOD - [2013/07/20 23:56:41 | 000,038,912 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\win32inet.pyd
MOD - [2013/07/20 23:56:40 | 001,062,400 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\wx._controls_.pyd
MOD - [2013/07/20 23:56:40 | 000,127,488 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\pyexpat.pyd
MOD - [2013/07/20 23:56:40 | 000,018,432 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\win32event.pyd
MOD - [2013/07/20 23:56:39 | 000,686,080 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\unicodedata.pyd
MOD - [2013/07/20 23:56:39 | 000,010,240 | ---- | M] () -- C:\Users\DISRUP~1\AppData\Local\Temp\_MEI45722\select.pyd
MOD - [2013/07/12 14:49:44 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 14:49:43 | 013,599,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
MOD - [2013/07/12 14:49:42 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 14:48:52 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 14:48:51 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 14:48:49 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2013/07/10 14:29:49 | 000,074,752 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.32\deploy\LolClient.exe
MOD - [2013/07/10 14:29:44 | 004,774,248 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.32\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2013/07/05 18:05:50 | 024,985,600 | ---- | M] () -- C:\Users\Disruption\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2013/06/18 16:08:18 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Disruption\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/01/28 16:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 16:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Disruption\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/10/29 15:57:10 | 002,693,008 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.175\deploy\LoLLauncher.exe
MOD - [2012/10/29 15:56:20 | 001,300,376 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Disruption\Local Settings\Apps\F.lux\flux.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/01 05:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/04 02:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 02:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 00:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 22:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 22:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/02/11 15:45:44 | 000,018,152 | ---- | M] (Tenable Network Security, Inc) [Auto | Running] -- C:\Program Files\Tenable\Nessus\nessus-service.exe -- (Tenable Nessus)
SRV:64bit: - [2013/01/28 21:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/01/09 19:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 19:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 05:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 02:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/08/24 21:33:20 | 000,291,240 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Teco\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2012/07/28 13:20:44 | 000,458,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2012/07/27 18:35:00 | 000,053,384 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV:64bit: - [2012/07/25 23:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 23:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 23:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 23:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 23:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 23:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 23:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 23:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 23:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 23:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 23:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 23:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 18:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013/06/21 10:57:12 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/11 14:18:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 18:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/23 13:28:34 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/08/08 06:58:38 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/25 23:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 23:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012/07/25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2012/07/17 18:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 18:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/06/27 16:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/06/25 14:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/27 18:40:27 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/06/27 18:40:27 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/06/27 18:40:27 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/06/01 07:54:16 | 000,194,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/01 07:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/06/01 07:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/05/31 23:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 04:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/05/04 03:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/05/04 03:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/30 04:51:09 | 000,040,616 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/21 07:11:00 | 000,474,864 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/03/21 07:10:58 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/03/02 06:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 06:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 06:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/28 21:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/01/28 19:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/01/09 21:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/13 16:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/29 15:20:48 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\npf.sys -- (npf)
DRV:64bit: - [2012/11/26 23:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 00:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 23:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 04:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 03:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 03:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/20 03:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 03:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 03:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/29 12:37:18 | 001,498,256 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2012/08/21 16:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/07 01:55:42 | 000,019,936 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2012/08/06 09:36:12 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/07/31 16:28:54 | 000,028,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Thotkey.sys -- (Thotkey)
DRV:64bit: - [2012/07/31 15:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/26 01:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 01:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 01:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 01:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 01:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 01:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 01:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 01:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 01:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 01:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 01:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 01:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 01:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 01:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 01:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 01:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 01:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 00:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 00:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/26 00:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 23:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 22:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 22:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 22:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 22:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 22:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 22:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 22:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 22:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 22:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 22:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 22:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 22:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 22:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 22:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 22:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 22:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 22:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 22:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 22:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 22:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 22:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 22:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/25 20:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2012/07/25 04:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2012/07/21 19:59:02 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2012/07/13 16:04:30 | 000,103,936 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012/07/11 16:49:34 | 000,024,208 | ---- | M] (Realtek Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtkBtfilter.sys -- (RtkBtFilter)
DRV:64bit: - [2012/07/10 20:35:44 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2012/07/02 19:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/19 10:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/18 14:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2012/06/15 16:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/08/31 14:15:34 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2007/06/21 17:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2007/06/21 17:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2007/06/21 17:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\emScan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2012/07/13 16:13:14 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110)
DRV - [2003/04/04 15:07:20 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf.sys -- (npf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2F2085F5-B82D-43EB-AAAF-848B59B5B8FF}
IE:64bit: - HKLM\..\SearchScopes\{2F2085F5-B82D-43EB-AAAF-848B59B5B8FF}: "URL" = http://www.bing.com/...E10TR&pc=MATBJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {2F2085F5-B82D-43EB-AAAF-848B59B5B8FF}
IE - HKLM\..\SearchScopes\{2F2085F5-B82D-43EB-AAAF-848B59B5B8FF}: "URL" = http://www.bing.com/...E10TR&pc=MATBJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {2F2085F5-B82D-43EB-AAAF-848B59B5B8FF}
IE - HKCU\..\SearchScopes\{630BC5C1-1E2A-46A4-B3F0-FC766ED9DB81}: "URL" = http://websearch.ask...F7-1CCFE5A5E70C
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/13 18:56:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/10 17:48:24 | 000,000,000 | ---D | M]

[2013/04/28 01:38:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Disruption\AppData\Roaming\mozilla\Extensions
[2013/04/28 02:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Disruption\AppData\Roaming\mozilla\Firefox\Profiles\dpuzzi6p.default\extensions
[2013/04/28 02:01:25 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Disruption\AppData\Roaming\mozilla\firefox\profiles\dpuzzi6p.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/05/18 13:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/18 13:17:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/13 20:45:42 | 000,034,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Google Docs = C:\Users\Disruption\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Disruption\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Users\Disruption\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.13_0\
CHR - Extension: YouTube = C:\Users\Disruption\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Disruption\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: WOT Safe Search = C:\Users\Disruption\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddcihbboebboehpkkdfdkhbodacmmfkk\2_0\
CHR - Extension: Pandora = C:\Users\Disruption\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
CHR - Extension: AdBlock = C:\Users\Disruption\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: Gmail = C:\Users\Disruption\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/26 01:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\Toshiba\Teco\TecoResident.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe ()
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [F.lux] C:\Users\Disruption\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Spotify] C:\Users\Disruption\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Disruption\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Disruption\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Disruption\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E6D9990-A36B-4A78-8395-F0CBD69CAFA8}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6D4EDCF-1ED7-493B-91CB-15A3DA67AF4F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6D4EDCF-1ED7-493B-91CB-15A3DA67AF4F}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/21 17:11:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Disruption\Desktop\OTL.exe
[2013/07/21 13:47:25 | 000,760,937 | ---- | C] (Farbar) -- C:\Users\Disruption\Desktop\MiniToolBox.exe
[2013/07/17 17:40:55 | 000,000,000 | RH-D | C] -- C:\Users\Disruption\AppData\Roaming\SecuROM
[2013/07/17 17:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013/07/17 17:20:16 | 000,000,000 | ---D | C] -- C:\Users\Disruption\Documents\Electronic Arts
[2013/07/17 17:18:24 | 000,447,752 | ---- | C] (On2.com) -- C:\windows\SysWow64\vp6vfw.dll
[2013/07/17 17:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2013/07/10 17:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/07/10 17:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/07/10 17:45:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/07/05 20:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AzTools
[2013/07/03 16:27:20 | 000,000,000 | ---D | C] -- C:\Users\Disruption\AppData\Local\Spotify
[2013/07/03 16:26:25 | 000,000,000 | ---D | C] -- C:\Users\Disruption\AppData\Roaming\Spotify
[2013/06/29 15:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/06/29 15:10:12 | 000,000,000 | ---D | C] -- C:\Users\Disruption\AppData\Roaming\Oracle
[2013/06/29 12:52:39 | 000,000,000 | ---D | C] -- C:\Users\Disruption\AppData\Roaming\QFX Software
[2013/06/29 12:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2013/06/26 15:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2013/06/26 15:00:23 | 000,000,000 | ---D | C] -- C:\Users\Disruption\AppData\Roaming\SystemRequirementsLab
[2013/06/26 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft

========== Files - Modified Within 30 Days ==========

[2013/07/21 17:11:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Disruption\Desktop\OTL.exe
[2013/07/21 17:04:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/21 16:18:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/07/21 13:47:28 | 000,760,937 | ---- | M] (Farbar) -- C:\Users\Disruption\Desktop\MiniToolBox.exe
[2013/07/21 13:04:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/21 02:21:56 | 000,035,119 | ---- | M] () -- C:\Users\Disruption\Desktop\IMG_3290.jpg
[2013/07/20 23:55:58 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/20 23:55:33 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/07/20 23:55:05 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/07/20 23:55:01 | 2479,849,471 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/19 19:31:18 | 000,898,288 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/07/19 19:31:18 | 000,754,258 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/07/19 19:31:18 | 000,146,472 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/07/19 19:26:56 | 005,113,176 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/07/17 17:17:40 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2013/07/17 17:16:03 | 000,447,752 | ---- | M] (On2.com) -- C:\windows\SysWow64\vp6vfw.dll
[2013/07/15 13:17:29 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2013/07/12 21:05:28 | 000,002,154 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/09 22:45:56 | 000,002,250 | ---- | M] () -- C:\Users\Disruption\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/06 14:43:57 | 000,000,806 | ---- | M] () -- C:\Users\Disruption\Desktop\GEEKSTOGO LOG 2.BL
[2013/07/05 20:50:28 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Blueline.lnk
[2013/07/03 16:27:20 | 000,001,843 | ---- | M] () -- C:\Users\Disruption\Desktop\Spotify.lnk
[2013/06/27 18:40:27 | 001,030,952 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/06/27 18:40:27 | 000,378,944 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/06/27 18:40:27 | 000,189,936 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/06/27 18:40:27 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/27 18:40:27 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswSP.sys.sum
[2013/06/27 18:40:27 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/23 16:00:02 | 000,000,024 | ---- | M] () -- C:\Users\Disruption\random.dat
[2013/06/23 15:42:37 | 000,000,049 | ---- | M] () -- C:\Users\Disruption\jagex_cl_runescape_LIVE.dat
[2013/06/22 18:26:39 | 000,001,971 | ---- | M] () -- C:\Users\Disruption\Desktop\FileZilla Client.lnk

========== Files Created - No Company Name ==========

[2013/07/21 02:21:55 | 000,035,119 | ---- | C] () -- C:\Users\Disruption\Desktop\IMG_3290.jpg
[2013/07/19 19:26:33 | 005,113,176 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/07/17 17:17:40 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2013/07/16 18:00:31 | 000,386,642 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013/07/05 21:16:59 | 000,000,806 | ---- | C] () -- C:\Users\Disruption\Desktop\GEEKSTOGO LOG 2.BL
[2013/07/05 20:50:28 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Blueline.lnk
[2013/07/03 16:27:20 | 000,001,843 | ---- | C] () -- C:\Users\Disruption\Desktop\Spotify.lnk
[2013/07/03 16:27:20 | 000,001,829 | ---- | C] () -- C:\Users\Disruption\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/06/27 18:40:27 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/26 19:06:20 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswSP.sys.sum
[2013/06/26 19:06:20 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswSnx.sys.sum
[2013/05/25 17:25:23 | 000,000,049 | ---- | C] () -- C:\Users\Disruption\jagex_cl_runescape_LIVE.dat
[2013/05/25 17:25:23 | 000,000,024 | ---- | C] () -- C:\Users\Disruption\random.dat
[2013/04/06 23:07:31 | 000,008,704 | ---- | C] () -- C:\Users\Disruption\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/23 13:28:37 | 000,280,600 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2013/03/23 13:28:34 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2013/03/16 00:43:22 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/02/18 06:12:55 | 000,037,820 | ---- | C] () -- C:\windows\rlt8723a_chip_bt40_fw_asic_rom_patch.dll
[2013/02/18 06:11:29 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/11/29 15:20:50 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll
[2012/08/06 09:36:22 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2012/08/06 09:36:08 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/08/06 09:36:06 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012/07/26 04:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 04:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 03:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 21:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 16:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 16:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/06/02 10:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012/04/20 17:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2013/03/23 13:27:05 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 02:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 01:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 23:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/06/18 16:16:28 | 000,000,000 | ---D | M] -- C:\Users\Disruption\AppData\Roaming\.minecraft
[2013/07/21 00:08:21 | 000,000,000 | ---D | M] -- C:\Users\Disruption\AppData\Roaming\.purple
[2013/03/16 00:34:21 | 000,000,000 | ---D | M] -- C:\Users\Disruption\AppData\Roaming\Book Place
[2013/07/20 23:57:11 | 000,000,000 | ---D | M] -- C:\Users\Disruption\AppData\Roaming\Dropbox
[2013/06/22 21:38:19 | 000,000,000 | ---D | M] -- C:\Users\Disruption\AppData\Roaming\FileZilla
[2013/04/03 15:41:48 | 000,000,000 | ---D | M] -- C:\Users\Disruption\AppData\Roaming\Gyazo
[2013/04/10 22:14:19 | 000,000,000 | ---D | M] -- C:\Users\Disruption\AppData\Roaming\LolClient
[2013/06/29 15:10:12 | 000,000,000 | ---D | M] -- C:\Users\Disruption\AppData\Roaming\Oracle
[2013/07/17 14:56:52 | 000,000,000 | ---D | M] -- C:\Users\Disruption\AppData\Roaming\Origin
[2013/05/25 01:56:21 | 000,000,000 | ---D | M] -- C:\Users\Disruption\AppData\Roaming\PACE Anti-Piracy
[2013/06/29 12:52:39 | 000,000,000 | ---D | M] -- C:\Users\Disruption\AppData\Roaming\QFX Software
[2013/05/20 15:20:06 | 000,000,000 | ---D | M] -- C:\Users\Disruption\AppData\Roaming\sMedio
[2013/06/11 13:37:35 | 000,000,000 | ---D | M] -- C:\Users\Disruption\AppData\Roaming\SplitMediaLabs
[2013/07/21 17:17:27 | 000,000,000 | ---D | M] -- C:\Users\Disruption\AppData\Roaming\Spotify
[2013/06/26 15:00:23 | 000,000,000 | ---D | M] -- C:\Users\Disruption\AppData\Roaming\SystemRequirementsLab
[2013/07/05 02:27:54 | 000,000,000 | ---D | M] -- C:\Users\Disruption\AppData\Roaming\uTorrent
[2013/03/15 21:38:04 | 000,000,000 | ---D | M] -- C:\Users\Disruption\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >

Below is the discussion regarding the issue.

Original Convo: http://www.geekstogo...iew__getnewpost


Thanks,
Anarchy

Edited by Anarchy, 21 July 2013 - 07:27 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
I don't see any malware. You might let Avast run a boot-time scan one night while you sleep just to make sure:


First mute the speakers so it won't wake you up when Windows loads. Click on the Orange ball. Click on Security. Click on AntiVirus. Scroll down to the bottom and find Boot-time scan. Click on Settings. Where it says Heuristic Sensitivity click on the last rectangle so that all of them are orange and it says High. Then change When a threat is found ... to: Move to Chest. OK. Now click on Schedule Now. Close the Avast window and then reboot. The scan will start. It will tell you where it will save the report. Usually it's
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. When Windows loads Click on the Orange Ball then Maintenance then Scan Logs. Click on the Boot-time scan log and then View Results. IF it found anything then open the saved Report and copy and paste the text into a reply so I can see it.



Let's do a few other checks. (Be warned all of my canned instructions are for win 7. Haven't updated to Win 8 yet but you should be able to figure them out. Let me know if something doesn't work on Win 8.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

(Since you are in training: We are looking for System Idle to be in the 90% or better tho sometimes Process Explorer will take a bit so you can add that to the System Idle. Also Looking for unverified files.)


Since your complaint is mostly with LOL, you should make a second log when LOL is running slow.


Go to http://www.speedtest.net/ and click on Begin Test

When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v
Repeat the above test when LOL starts lagging.

Do this next one when the computer has been on for a while as we want to make sure it is maintaining a healthy temperature. Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post. Uninstall Speccy once you post the log.


You are getting CodeIntegrity errors from guard64.dll. This is usually a Comodo file and I do not see Comodo so I'm wondering what is going on. Perhaps you had Comodo and uninstalled and it left the file?
Can you do a Search for guard64.dll and right click on it and check its properties? If it's from Comodo I think you can just delete it.

I also see Bonjour errors. I would just uninstall it. You don't really need it and you will get a new version the next time you download some Apple software like Safari or iTunes.

You can also install: Intel® Management Engine Components (Version: 8.1.0.1252)

Is there a reason you have WinPcap 4.1.2?

Do you really need Google Drive?

I usually do the following on Win 7. I think it will all work on Win 8 but the procedure is a bit different:


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
(Just clearing the Events)

Reboot.

(On this next one we need an elevated Command Window)
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Running sfc checks the system files. Clearing the errors and rebooting and looking at the errors reveals any problems with the boot.

If VEW won't run, then just rerun MiniToolBox like you did in your other post. The only one we need checked is
List last 10 Event Viewer log

I have seen cases (my own pc) where the wireless adapter (builtin to my HP All in One) seems to work fine but fails under a consistent load (you can't call it heavy because my download speed is only .8 M. I think it overheats. It happens to mine if I try to download a major program like Office from MS. On my slow link it takes all night to do and I've had the adapter crash so many times that I connect up with an Ethernet cable when I have a heavy file to download. I bought a USB wireless adapter and it does not have the same problem.


Ron
  • 0

#3
Anarchy

Anarchy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Hey Ron,

I'll start with the Boot scan. How long would you assume the scan may take? I can do it now if needed :happy:
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Depends on how many files you have and how fast your PC is. It takes about 6 hours on my PC which is why I suggest you let it run while you sleep. My guess is you do not have malware so I would wait until tonight to run it.
  • 0

#5
Anarchy

Anarchy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Alright. I'll perform the other stuff now and after lunch and try to get it back to you as quickly as possible! I appreciate your help Ron.

With Regards,
Anarchy
  • 0

#6
Anarchy

Anarchy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Hey Ron,


Speedtest: http://www.speedtest...sult/2853022451


System Idle Process Text:

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 98.05 0 K 20 K 0
procexp (1)64.exe 0.41 27,392 K 55,956 K 6304 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
spotify.exe 0.40 136,844 K 147,436 K 5536 Spotify Spotify Ltd (Verified) Spotify AB
audiodg.exe 0.36 15,024 K 17,112 K 2252 (No signature was present in the subject)
Interrupts 0.22 0 K 0 K n/a Hardware Interrupts and DPCs
csrss.exe 0.13 2,912 K 26,128 K 716 (No signature was present in the subject)
explorer.exe 0.07 37,172 K 81,752 K 6436 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 0.06 17,516 K 32,988 K 460 (No signature was present in the subject)
TecoService.exe 0.06 2,532 K 8,120 K 2208 TOSHIBA eco Utility Service TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
System 0.05 136 K 6,840 K 4
nessusd.exe 0.03 130,148 K 128,444 K 2136 (No signature was present in the subject)
Skype.exe 0.03 70,280 K 93,284 K 5368 Skype Skype Technologies S.A. (Verified) Skype Technologies SA
chrome.exe 0.03 206,652 K 243,240 K 3048 Google Chrome Google Inc. (Verified) Google Inc
TecoResident.exe 0.01 2,064 K 6,952 K 4260 Resident module of eco Utility TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
chrome.exe 0.01 66,164 K 99,428 K 6872 Google Chrome Google Inc. (Verified) Google Inc
AppleMobileDeviceService.exe 0.01 2,780 K 9,124 K 1856 MobileDeviceService Apple Inc. (Verified) Apple Inc.
googledrivesync.exe 0.01 44,572 K 57,184 K 5472 Google Drive Google (Verified) Google Inc
svchost.exe 0.01 46,888 K 49,500 K 1712 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
LMS.exe 0.01 1,684 K 4,996 K 4524 Local Manageability Service Intel Corporation (Verified) Intel Corporation
AvastUI.exe 0.01 13,104 K 7,320 K 5620 avast! Antivirus AVAST Software (Verified) AVAST Software
SRSPanel_64.exe 0.01 9,780 K 20,060 K 4432 SRS Control Panel SRS Labs, Inc. (Verified) SRS Labs
AvastSvc.exe 0.01 48,384 K 3,552 K 1316 avast! Service AVAST Software (Verified) AVAST Software
SearchIndexer.exe < 0.01 31,876 K 30,044 K 5072 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
iPodService.exe < 0.01 2,420 K 6,936 K 6040 iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
flux.exe < 0.01 4,372 K 10,636 K 5984 (No signature was present in the subject)
svchost.exe < 0.01 24,824 K 39,292 K 488 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mbamservice.exe < 0.01 116,728 K 117,044 K 868 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
chrome.exe < 0.01 64,032 K 93,636 K 4816 Google Chrome Google Inc. (Verified) Google Inc
Dropbox.exe < 0.01 62,540 K 77,392 K 1924 Dropbox Dropbox, Inc. (Verified) Dropbox
mbamgui.exe < 0.01 2,716 K 7,432 K 4372 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
chrome.exe < 0.01 118,604 K 142,680 K 3424 Google Chrome Google Inc. (Verified) Google Inc
PnkBstrA.exe < 0.01 1,164 K 4,180 K 1452 (No signature was present in the subject)
svchost.exe < 0.01 16,372 K 25,372 K 344 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe < 0.01 77,088 K 107,072 K 7132 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe < 0.01 79,056 K 85,236 K 1064 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SynTPEnh.exe < 0.01 4,184 K 1,608 K 4364 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
TMachInfo.exe < 0.01 23,560 K 31,396 K 4624 TSS TMachInfo Service TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
csrss.exe < 0.01 1,604 K 6,316 K 648 (No signature was present in the subject)
iTunesHelper.exe < 0.01 3,616 K 11,572 K 5156 iTunesHelper Apple Inc. (Verified) Apple Inc.
TODDSrv.exe < 0.01 956 K 3,936 K 2080 TDCSrv Application TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
WUDFHost.exe 1,460 K 5,580 K 2612 (No signature was present in the subject)
wmpnetwk.exe 6,528 K 872 K 352 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 1,792 K 4,932 K 1308 (No signature was present in the subject)
winlogon.exe 1,368 K 8,112 K 780 (No signature was present in the subject)
wininit.exe 924 K 3,716 K 724 (No signature was present in the subject)
UNS.exe 3,760 K 11,460 K 4392 User Notification Service Intel Corporation (Verified) Intel Corporation
TSleepSrv.exe 1,988 K 6,840 K 4804 Sleep and Charge Service TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TPCHWMsg.exe 1,884 K 6,180 K 4792 TOSHIBA PC Health Monitor TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TPCHSrv.exe 2,992 K 8,488 K 6300 TOSHIBA PC Health Monitor TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
ToshibaServiceStation.exe 32,880 K 5,416 K 2872 TOSHIBA Service Station TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TCrdMain_Win8.exe 3,604 K 12,220 K 188 TOSHIBA Hotkey Main Module TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
taskhostex.exe 9,716 K 14,544 K 2832 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 1,168 K 380 K 2472 (No signature was present in the subject)
svchost.exe 5,380 K 13,124 K 2860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,076 K 8,840 K 928 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 8,632 K 13,932 K 1400 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,692 K 6,912 K 992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 15,240 K 19,884 K 1180 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 11,708 K 19,984 K 1008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,948 K 6,436 K 1808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,280 K 4,452 K 2324 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sqlwriter.exe 1,440 K 5,440 K 1872 SQL Server VSS Writer - 64 Bit Microsoft Corporation (Verified) Microsoft Corporation
SpotifyWebHelper.exe 1,808 K 6,420 K 5940 SpotifyWebHelper Spotify Ltd (Verified) Spotify AB
spoolsv.exe 3,008 K 9,056 K 1684 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 288 K 976 K 432 (No signature was present in the subject)
services.exe 5,416 K 8,968 K 812 (No signature was present in the subject)
SearchProtocolHost.exe 2,340 K 7,932 K 6192 (No signature was present in the subject)
SearchFilterHost.exe 1,608 K 4,708 K 5296 (No signature was present in the subject)
RAVCpl64.exe 4,160 K 10,616 K 1404 Realtek HD Audio Manager Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
procexp (1).exe 2,612 K 8,180 K 6468 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
nessus-service.exe 580 K 2,340 K 2060 Tenable Network Security, Inc (Verified) Tenable Network Security Inc.
mDNSResponder.exe 1,468 K 4,868 K 1944 Bonjour Service Apple Inc. (Verified) Apple Inc.
mbamscheduler.exe 1,764 K 5,400 K 952 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
lsass.exe 4,976 K 11,960 K 820 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
Jhi_service.exe 1,188 K 4,516 K 2024 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation
IntelMeFWService.exe 1,224 K 3,996 K 4396 Intel® ME Service Intel Corporation (Verified) Intel Corporation
igfxtray.exe 1,956 K 6,568 K 2932 igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 2,252 K 7,644 K 1540 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
hkcmd.exe 1,916 K 6,352 K 3076 hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
HeciServer.exe 1,220 K 4,964 K 1988 Intel® Capability Licensing Service Interface Intel® Corporation (Verified) Intel® Upgrade Service
googledrivesync.exe 1,156 K 3,652 K 5132 Google Drive Google (Verified) Google Inc
GoogleCrashHandler64.exe 1,816 K 364 K 4304 (No signature was present in the subject)
GoogleCrashHandler.exe 1,740 K 380 K 5068 (No signature was present in the subject)
dllhost.exe 2,032 K 6,892 K 4876 (No signature was present in the subject)
dasHost.exe 4,020 K 12,744 K 1084 (No signature was present in the subject)
ctfmon.exe 1,212 K 4,428 K 5184 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 576 K 2,436 K 1324 (No signature was present in the subject)
chrome.exe 89,424 K 116,052 K 5884 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 27,156 K 54,900 K 6060 Google Chrome Google Inc. (Verified) Google Inc
armsvc.exe 1,120 K 3,876 K 1832 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems


I am now rebooting so I shall be back ASAP with more content.

Attached Files


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Your laptop is running fairly hot (58-60). That's about 10 degrees more than I like. Not critical but could be a problem over time. Are you running it on a hard surface? It's really a bad idea to run it on a soft surface like a bed (or your lap). Blocks the air flow and can even cause a fire. You might want to invest in a laptop cooler tray. See if Speedfan works on Win 8:

Try speedfan

http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. If they seem hot (over 50) then check Automatic Fan Speed.
Leave it running and see if the temps drop. What it does on a laptop if it works is turn the fan on full which seems to help.
Also sometimes propping up the back of the laptop with a book (don't block the vents) will help the heat flow.

There are several files that show as not having signatures in Proc Explorer:

audiodg.exe
csrss.exe
nessusd.exe
wlanext.exe
winlogon.exe
wininit.exe

Sometimes Process Explorer doesn't get them right the first time but if you run it again they may check out OK. If they show up without signatures a second time we will run an OTL scan as follows:



Copy the text in the code box:

DRIVES
/md5start
audiodg.exe
csrss.exe
nessusd.exe
wlanext.exe 
winlogon.exe 
wininit.exe 
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get 1 log. Please copy and paste it.

That will look at the checksums for the files and allow us to compare them with the backup copies. We can also see if they are located in the wrong folder. If there is only one of a file then we need to submit it to virustotal.com.
  • 0

#8
Anarchy

Anarchy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Hey Ron,

When doing the sfc /scannow it appeared to not have fixed everything and when typing those two scans in, it didn't work. Also, the two things you told me to type if it didn't work, didn't work. However it said I should reboot. Any suggestions?
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt
notepad  \windows\logs\cbs\junk.txt

Above exaggerates the spacing to make it easier to type in. If that doesn't work does the file
c:\windows\logs\cbs\cbs.log
exist? Can you copy it then attach the copy?

Did you see my previous post?
  • 0

#10
Anarchy

Anarchy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
I honestly am unable to type that into Command prompt. It doesn't do anything. I've also done the Process thing again.

Attached Files


  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Try this:
http://www.eightforu...indows-8-a.html



Did you see my previous post?

It's possible that your ISP is dropping packets. In the article you cited per PM it sounds to me like a router in the chain is experiencing a too heavy load and is dropping packets from the queue or delaying them quite a bit. Since it seems to be nationwide I would expect the overloaded router to be near the LOL server. Your LOL game client uses UDP so it's going to be vulnerable to lost packets. If the people reporting lags had run a traceroute to the LOL server you could probably isolate it down to a common router. tracert -d (then put in the name of the LOL server.)
  • 0

#12
Anarchy

Anarchy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Attached is the CBS file. I hope that's what you meant. Also how would I go about dealing with the ISP then?

Attached Files

  • Attached File  CBS.log   35.08KB   407 downloads

  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
It's clear why the command didn't work. Win 8 must store the info elsewhere. The link I gave you in the last post is supposed to automatically repair stuff that SFC found.

I guess you just start by calling your ISP customer service. Doesn't sound like a lot of fun tho since you will no doubt talk to an idiot who has to work from a script.
  • 0

#14
Anarchy

Anarchy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Can you explain how to use it. I wasn't sure which instructions to follow :confused:
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Try Option 1. It's the simplest way.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP