# Need help- >angry<



## StormProtocol (May 29, 2012)

hello, i started hearing 5-10 second clips of ads playing in the background of my comp today whether i have a browser open or not.(EXTREMELY ANNOYING BRITISH ADS) i ran avg, malwarebytes, and spybot SD with no luck. i also reran all 3 in safemode with networking. still no luck.Any help would be much appreciated. i think my specs will show in my sig.

im actually getting frustrated now at this point, and am desperate for help. 
Any would be great

-Storm


edit:

Specs:

Intel Sandy Bridge i7 2600k 4.2GHZ
Corsair H100 WC Kit
Corsair Vengeance 16GB 1600 RAM
Corsair AX1200 PSU
Corsair 800D Case
corsair 120GB SSD
Seagate 500GB HDD
Seagate 500GB HDD
Asus P8Z68-V LE 
Asus GTX 560


EDIT 2:

okay, i have no idea why this would change anything, but it does.

i can only hear the ads and stuff when i play through my optical output. if i switch to the regular green plug, it doesnt play the ads( i switch this setting with realtek, and all i do when i switch between them is click "set default device" ) .

so at the top of realtek audio manager, i have 3 tabs. Speakers, digital output, and Digital output(optical). 
when i make "speakers" my default, i hear no ads, but when i make optical my default, i hear the ads. i would just use the other cable but i have 7.1 SS and it sounds alot better with optical. hopefully this will help narrow the problem


----------



## StormProtocol (May 29, 2012)

i just ran them all with default settings ( i performed the "full scan" option when given the choice)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Results of screen317's Security Check version 0.99.41 
Windows 7 x64 *(UAC is disabled!)* 
*Out of date service pack!!* 
Internet Explorer 8 *Out of date!* 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
AVG Anti-Virus Free Edition 2012 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
Spybot - Search & Destroy 
Malwarebytes Anti-Malware version 1.61.0.1400 
Java(TM) 6 Update 31 
*Java version out of date!* 
Adobe Flash Player 11.2.202.235 
Mozilla Firefox (12.0) 
Google Chrome 19.0.1084.46 
Google Chrome 19.0.1084.52 
*````````Process Check: objlist.exe by Laurent````````* 
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbamgui.exe 
AVG avgwdsvc.exe 
AVG avgtray.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 15% *Defragment your hard drive soon!*
*````````````````````End of Log``````````````````````*

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/28/2012 at 09:02 PM

Application Version : 5.0.1150

Core Rules Database Version : 8650
Trace Rules Database Version: 6462

Scan type : Complete Scan
Total Scan Time : 00:05:27

Operating System Information
Windows 7 Ultimate 64-bit (Build 6.01.7600)
UAC Off - Administrator

Memory items scanned : 629
Memory threats detected : 0
Registry items scanned : 70526
Registry threats detected : 0
File items scanned : 37825
File threats detected : 8

Trojan.Agent/Gen-ClickDownload
C:\USERS\STORM\DOWNLOADS\FRAPS_-_LICENSED.EXE
D:\DOWNLOAD FRAPS_-_LICENSED.LNK
C:\USERS\STORM\DOWNLOADS\HARDWARE.SENSORS.MONITOR.PRO.V4.2.5.EXE
C:\USERS\STORM\DOWNLOADS\HOT_CPU_TESTER_AND_SERIAL.EXE

PUP.CNETInstaller
C:\USERS\STORM\DOWNLOADS\CNET2_MINECRAFT_EXE.EXE

Adware.Tracking Cookie
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\[email protected][1].TXT [ /DOUBLECLICK ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\[email protected][3].TXT [ /DOUBLECLICK ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\[email protected][1].TXT [ /SERVING-SYS ]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.29.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Storm :: STORM-PC [administrator]

Protection: Enabled

5/28/2012 9:00:39 PM
mbam-log-2012-05-28 (21-00-39).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 307094
Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## kevinf80 (Mar 21, 2006)

Run the following diagnostic scans:

Download aswMBR from *Here*
*If it asks to update during the process please allow this to happen.*


 Save aswMBR.exe to your Desktop
 Double click aswMBR.exe to run it
 Ensure Quick scan is selected,then select Scan button to start the scan as illustrated below










Note: Do not take action against any ***Rootkit*** entries until I have reviewed the log. Often there are false positives

Once the scan finishes click Save log to save the log to your Desktop.










Copy and paste the contents of aswMBR.txt back here for review

You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

Next,

We need to see some additional information about what is happening in your machine. 
Please perform the following scan:

Download *DDS* by sUBs from one of the following links. Save it to your desktop.
*DDS.com*
*DDS.scr*
*DDS.pif*

Double click on the *DDS* icon, allow it to run.
A small box will open, with an explanation about the tool. 
When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
 Save both reports to your desktop.
 The instructions here ask you to attach the Attach.txt.









*Instead of attaching, please copy/past both logs into your next reply.*
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet. 
Information on A/V control *HERE*

Kevin..


----------



## StormProtocol (May 29, 2012)

hey thanks for the fast, detailed reply. I have what you need, here:
~~~~~~~~~~~~~~~~~~~~~~~
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-29 02:05:25
-----------------------------
02:05:25.269 OS Version: Windows x64 6.1.7601 Service Pack 1
02:05:25.269 Number of processors: 8 586 0x2A07
02:05:25.270 ComputerName: STORM-PC UserName: Storm
02:05:25.817 Initialize success
02:06:21.612 AVAST engine defs: 12052800
02:07:34.942 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
02:07:34.943 Disk 0 Vendor: ST3500413AS JC4B Size: 476940MB BusType: 11
02:07:34.944 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
02:07:34.945 Disk 1 Vendor: Corsair_Force_3_SSD 1.3.3 Size: 114473MB BusType: 11
02:07:34.948 Disk 1 MBR read successfully
02:07:34.949 Disk 1 MBR scan
02:07:34.951 Disk 1 Windows 7 default MBR code
02:07:34.952 Disk 1 Partition 1 00 07 HPFS/NTFS NTFS 114471 MB offset 2048
02:07:34.956 Disk 1 scanning C:\Windows\system32\drivers
02:07:36.578 Service scanning
02:07:41.208 Modules scanning
02:07:41.212 Disk 1 trace - called modules:
02:07:41.215 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
02:07:41.540 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800d915060]
02:07:41.543 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa800d588e40]
02:07:41.545 5 ACPI.sys[fffff88000f587a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800d585060]
02:07:41.989 AVAST engine scan C:\Windows
02:07:42.362 AVAST engine scan C:\Windows\system32
02:08:24.962 AVAST engine scan C:\Windows\system32\drivers
02:08:27.273 AVAST engine scan C:\Users\Storm
02:08:41.839 File: C:\Users\Storm\Downloads\up.exe **INFECTED** Win32:Trojan-gen
02:08:42.681 AVAST engine scan C:\ProgramData
02:08:44.760 Scan finished successfully
02:09:44.471 Disk 1 MBR has been saved successfully to "C:\Users\Storm\Desktop\MBR.dat"
02:09:44.474 The log file has been saved successfully to "C:\Users\Storm\Desktop\aswMBR.txt"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Storm at 2:10:22 on 2012-05-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16364.13176 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\TEMP\mrt277C.tmp\stdrt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Storm\AppData\Local\Akamai\netsession_win.exe
C:\Users\Storm\Downloads\up.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Storm\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe
C:\Program Files (x86)\Corsair\K90 Keyboard\CorsTra.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\HP\Button Manager\BM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Storm\Downloads\aswMBR.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={42D493EE-A012-4539-863F-3465CA2E8482}&mid=e2cf9646b74547d0b4acc593af11a234-4f3fb2dd29ca52488b6e6acf2a9fc56367aec23c&lang=en&ds=od011&pr=sa&d=2012-04-16 22:54:00&v=10.2.0.3&sap=hp
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "C:\Users\Storm\AppData\Local\Akamai\netsession_win.exe"
uRun: [uptime] C:\Users\Storm\Downloads\up.exe
uRun: [Google Update] "C:\Users\Storm\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Corsair laver] C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [BM.exe] C:\Program Files (x86)\HP\Button Manager\BM.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Storm\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FAHCON~1.LNK - C:\Program Files (x86)\FAHClient\FAHControl.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{D6C376CA-D503-4DC2-A793-70121B283764} : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
mRun-x64: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Corsair laver] C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [BM.exe] C:\Program Files (x86)\HP\Button Manager\BM.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Storm\AppData\Roaming\Mozilla\Firefox\Profiles\5238d3l7.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Storm\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.autoDisableScopes - 14
.
.
============= SERVICES / DRIVERS ===============
.
R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\system32\DRIVERS\AiChargerPlus.sys --> C:\Windows\system32\DRIVERS\AiChargerPlus.sys [?]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Hmonitor45;Hmonitor45;C:\Windows\SysWOW64\drivers\hmonitor45.sys [2012-4-19 14544]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-1 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-4-5 586880]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-28 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-21 2348352]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-28 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe [2012-5-23 104960]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-4-16 918880]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 CORSGKB;Corsair Gaming Keyboard;C:\Windows\system32\drivers\CORSGKB.sys --> C:\Windows\system32\drivers\CORSGKB.sys [?]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 Adobe Licensing Console;Adobe Licensing Console;C:\Windows\SysWOW64\lnsecsl.exe [2012-5-22 910564]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 257696]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVLAN60.sys --> C:\Windows\system32\DRIVERS\RtVLAN60.sys [?]
.
=============== Created Last 30 ================
.
2012-05-29 04:24:42 -------- d-----w- C:\Windows\System32\SPReview
2012-05-29 04:21:01 6144 ----a-w- C:\Windows\System32\drivers\en-US\rdvgkmd.sys.mui
2012-05-29 04:21:01 4096 ----a-w- C:\Windows\System32\drivers\en-US\tsusbhub.sys.mui
2012-05-29 04:21:01 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2012-05-29 04:21:01 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2012-05-29 04:20:58 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2012-05-29 04:20:58 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2012-05-29 04:18:56 -------- d-----w- C:\Windows\System32\EventProviders
2012-05-29 03:46:46 -------- d-----w- C:\Users\Storm\AppData\Roaming\SUPERAntiSpyware.com
2012-05-29 03:46:24 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-05-29 03:46:24 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-05-29 02:50:55 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-29 02:50:55 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-29 02:39:28 -------- d-----w- C:\Program Files\CCleaner
2012-05-29 02:27:30 -------- d-----w- C:\Users\Storm\AppData\Roaming\Malwarebytes
2012-05-29 02:27:28 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-29 02:27:28 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-29 02:27:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-28 02:45:17 -------- d-----w- C:\Users\Storm\AppData\Roaming\Digiarty
2012-05-25 19:57:29 -------- d-----w- C:\temp
2012-05-25 19:57:12 -------- d-----w- C:\Users\Storm\.yawcam
2012-05-25 19:57:07 -------- d-----w- C:\Program Files (x86)\Yawcam
2012-05-23 21:14:58 -------- d-----w- C:\Users\Storm\AppData\Local\SplitMediaLabs
2012-05-23 21:06:40 -------- d-----w- C:\ProgramData\SplitMediaLabs
2012-05-23 21:06:16 -------- d-----w- C:\Users\Storm\AppData\Roaming\SplitMediaLabs
2012-05-23 20:55:21 -------- d-----w- C:\Users\Storm\AppData\Local\ArcSoft
2012-05-23 20:53:14 -------- d-----w- C:\Program Files (x86)\HP
2012-05-23 20:52:49 -------- d--h--w- C:\ProgramData\ArcSoft
2012-05-23 20:52:36 499712 ----a-r- C:\Windows\SysWow64\msvcp71.dll
2012-05-23 20:52:36 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-05-23 20:52:36 249856 ----a-w- C:\Windows\SysWow64\MSLURT.dll
2012-05-23 20:52:36 245408 ----a-w- C:\Windows\SysWow64\unicows.dll
2012-05-23 20:52:35 393216 ----a-w- C:\Windows\SysWow64\MSLUP60.dll
2012-05-23 20:52:35 212480 ----a-w- C:\Windows\SysWow64\PCDLIB32.DLL
2012-05-23 20:52:35 1645320 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-05-23 20:52:28 55808 ----a-w- C:\Windows\system\ArcSoftKsUFilter.dll
2012-05-23 20:52:28 19968 ----a-w- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys
2012-05-23 06:58:39 -------- d-----w- C:\Users\Storm\AppData\Roaming\Image-Line
2012-05-23 06:50:50 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2012-05-23 06:50:30 1431552 ----a-w- C:\Windows\SysWow64\rewire.dll
2012-05-23 06:50:23 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm
2012-05-23 06:49:09 910564 ----a-w- C:\Windows\SysWow64\lnsecsl.exe
2012-05-22 07:37:03 -------- d-----w- C:\Program Files\Oracle
2012-05-22 07:36:56 955800 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-05-22 07:36:56 839056 ----a-w- C:\Windows\System32\deployJava1.dll
2012-05-21 20:49:16 -------- d-----w- C:\Users\Storm\AppData\Local\Google
2012-05-13 19:19:53 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-13 19:19:41 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-13 19:19:32 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-13 19:19:23 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-04 23:19:59 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-04 23:19:56 -------- d-----w- C:\Users\Storm\AppData\Local\PunkBuster
2012-05-04 20:40:30 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
2012-05-04 20:40:30 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-04 20:39:46 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2012-05-04 20:39:46 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2012-05-04 20:39:46 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2012-05-04 20:39:46 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2012-05-04 20:39:45 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2012-05-04 20:39:45 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2012-05-04 03:10:19 -------- d-----w- C:\Users\Storm\AppData\Local\SRS Labs
2012-05-04 03:09:49 -------- d-----w- C:\ProgramData\SRS Labs
2012-05-04 03:08:43 346992 ----a-w- C:\Windows\System32\drivers\SRS_SSCFilter_amd64.sys
2012-05-04 01:33:58 1180753 ----a-w- C:\Windows\unins001.exe
2012-05-04 01:33:37 25600 ----a-w- C:\Windows\System32\drivers\CORSGKB.sys
2012-05-04 01:33:37 1174097 ----a-w- C:\Windows\unins000.exe
2012-05-04 01:33:37 -------- d-----w- C:\Users\Storm\AppData\Roaming\Corsair Vengeance
2012-05-04 01:33:37 -------- d-----w- C:\Program Files (x86)\Corsair
2012-05-01 07:12:36 -------- d-----w- C:\Windows\SysWow64\world
2012-04-30 21:30:29 -------- d-----w- C:\Users\Storm\AppData\Local\Microsoft Games
.
==================== Find3M ====================
.
2012-05-29 04:23:45 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-05-29 04:23:45 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-05-23 21:14:45 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-23 21:14:45 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-06 17:26:03 5265184 ----a-w- C:\Windows\PE_Rom.dll
2012-05-05 11:06:02 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-20 06:15:35 14544 ----a-w- C:\Windows\SysWow64\drivers\hmonitor45.sys
2012-04-19 11:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-05 08:18:11 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-03 21:19:10 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-04-03 21:19:10 147248 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-04-03 21:19:10 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-04-03 21:19:08 320816 ------w- C:\Windows\System32\VBoxNetFltNobj.dll
2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-29 20:59:29 2515790 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-02-29 20:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
============= FINISH: 2:10:30.94 ===============

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume2
Install Date: 4/5/2012 12:22:48 AM
System Uptime: 5/28/2012 9:37:45 PM (5 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8Z68-V LE
Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 36.264 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 435.9 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: Motorola ADB Interface
Device ID: USB\VID_22B8&PID_42F7&MI_01\7&10786E6C&0&0001
Manufacturer: 
Name: Motorola ADB Interface
PNP Device ID: USB\VID_22B8&PID_42F7&MI_01\7&10786E6C&0&0001
Service: 
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
AI Suite II
Akamai NetSession Interface
Apple Application Support
Apple Software Update
ASIO4ALL
Asmedia ASM104x USB 3.0 Host Controller Driver
AVG Security Toolbar
Button Manager
Corsair K90 Firmware Update Application
Corsair K90 Gaming Keyboard Driver V1.0
EVGA Precision X 3.0.2
FAHClient
Fraps (remove only)
Geeks3D.com FurMark 1.9.2
Google Chrome
Hardware sensors monitor 4.5
HP Webcam Software Suite
Intel(R) Management Engine Components
Intel® Watchdog Timer Driver (Intel® WDT)
Java Auto Updater
Java(TM) 6 Update 31
League of Legends
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Minecraft Cracked
MonitorTest V3.1
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
Notepad++
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
QuickTime
Realtek Ethernet Controller Driver
Realtek Ethernet Diagnostic Utility
Realtek High Definition Audio Driver
Skype™ 5.8
Spybot - Search & Destroy
Star Wars: The Old Republic
Visual Studio 2008 x64 Redistributables
WinRAR 4.11 (32-bit)
WinX DVD Ripper 5.5.5
.
==== Event Viewer Messages From Past Week ========
.
5/28/2012 9:40:27 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63AA156-D534-4BAC-9BF1-55359CF5EC30} and APPID {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} to the user Storm-PC\UpdatusUser SID (S-1-5-21-806090809-1033990294-959479435-1006) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/28/2012 9:38:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Licensing Console service to connect.
5/28/2012 9:38:25 PM, Error: Service Control Manager [7000] - The Adobe Licensing Console service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/28/2012 9:26:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
5/28/2012 9:26:36 PM, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).
5/28/2012 9:26:21 PM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).
5/28/2012 9:26:20 PM, Error: Service Control Manager [7034] - The vToolbarUpdater10.2.0 service terminated unexpectedly. It has done this 1 time(s).
5/28/2012 9:26:20 PM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
5/28/2012 9:26:20 PM, Error: Service Control Manager [7034] - The CamMonitor service terminated unexpectedly. It has done this 1 time(s).
5/28/2012 9:26:20 PM, Error: Service Control Manager [7034] - The ASUS System Control Service service terminated unexpectedly. It has done this 1 time(s).
5/28/2012 9:26:20 PM, Error: Service Control Manager [7034] - The ASUS HM Com Service service terminated unexpectedly. It has done this 1 time(s).
5/28/2012 9:26:19 PM, Error: Service Control Manager [7034] - The ASUS Com Service service terminated unexpectedly. It has done this 1 time(s).
5/28/2012 9:26:17 PM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
5/28/2012 9:26:17 PM, Error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s).
5/28/2012 8:09:46 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
5/28/2012 8:09:16 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/28/2012 8:09:16 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
5/28/2012 8:01:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/28/2012 8:01:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/28/2012 8:01:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/28/2012 8:01:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO Avgldx64 Avgmfx64 discache Hmonitor45 spldr Wanarpv6
5/28/2012 8:01:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
5/28/2012 8:01:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/28/2012 10:09:09 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The service has not been started.
5/22/2012 6:41:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
5/22/2012 12:16:20 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR9.
.
==== End Of File ===========================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*i think thats everything, if you need anything else, please let me know. Also, i dont know if you saw my edit but ill post it here as well:

EDIT 2:* *

okay, i have no idea why this would change anything, but it does.* *

i can only hear the ads when i play through my optical output. if i switch to the regular green plug, it doesnt play the ads( i switch this setting with realtek, and all i do when i switch between them is click "set default device" ) .* *

so at the top of realtek audio manager, i have 3 tabs. Speakers, digital output, and Digital output(optical). * *
when i make "speakers" my default, i hear no ads, but when i make optical my default, i hear the ads. i would just use the other cable but i have 7.1 SS and it sounds alot better with optical. hopefully this will help narrow the problem

Thanks again, * *
-Storm*


----------



## kevinf80 (Mar 21, 2006)

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

*Link 1*
*Link 2*


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available *Here* if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available *Here* if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read *Here* why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 *If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal*
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin


----------



## StormProtocol (May 29, 2012)

ComboFix 12-05-28.05 - Storm 05/29/2012 2:59.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16364.13538 [GMT -7:00]
Running from: c:\users\Storm\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Storm\Downloads\up.exe
c:\windows\SysWow64\local.txt
c:\windows\SysWow64\server.log
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-29 )))))))))))))))))))))))))))))))
.
.
2012-05-29 04:24 . 2012-05-29 04:24 -------- d-----w- c:\windows\system32\SPReview
2012-05-29 04:21 . 2010-11-20 12:13 6144 ----a-w- c:\windows\system32\drivers\en-US\rdvgkmd.sys.mui
2012-05-29 04:21 . 2010-11-20 12:11 4096 ----a-w- c:\windows\system32\drivers\en-US\tsusbhub.sys.mui
2012-05-29 04:21 . 2010-11-20 12:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2012-05-29 04:21 . 2010-11-20 11:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-05-29 04:20 . 2010-11-20 12:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2012-05-29 04:20 . 2010-11-20 12:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2012-05-29 04:18 . 2012-05-29 04:18 -------- d-----w- c:\windows\system32\EventProviders
2012-05-29 03:46 . 2012-05-29 03:46 -------- d-----w- c:\users\Storm\AppData\Roaming\SUPERAntiSpyware.com
2012-05-29 03:46 . 2012-05-29 04:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-29 03:46 . 2012-05-29 03:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-29 02:50 . 2012-05-29 03:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-29 02:50 . 2012-05-29 02:50 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-29 02:39 . 2012-05-29 02:39 -------- d-----w- c:\program files\CCleaner
2012-05-29 02:27 . 2012-05-29 02:27 -------- d-----w- c:\users\Storm\AppData\Roaming\Malwarebytes
2012-05-29 02:27 . 2012-05-29 02:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-29 02:27 . 2012-05-29 02:27 -------- d-----w- c:\programdata\Malwarebytes
2012-05-29 02:27 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-28 02:45 . 2012-05-28 02:45 -------- d-----w- c:\users\Storm\AppData\Roaming\Digiarty
2012-05-25 19:57 . 2012-05-25 20:10 -------- d-----w- C:\temp
2012-05-25 19:57 . 2012-05-25 20:02 -------- d-----w- c:\users\Storm\.yawcam
2012-05-25 19:57 . 2012-05-29 02:47 -------- d-----w- c:\program files (x86)\Yawcam
2012-05-23 21:14 . 2012-05-23 21:14 -------- d-----w- c:\users\Storm\AppData\Local\SplitMediaLabs
2012-05-23 21:08 . 2012-05-23 21:08 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-05-23 21:06 . 2012-05-23 21:06 -------- d-----w- c:\programdata\SplitMediaLabs
2012-05-23 21:06 . 2012-05-23 21:06 -------- d-----w- c:\users\Storm\AppData\Roaming\SplitMediaLabs
2012-05-23 20:55 . 2012-05-23 20:55 -------- d-----w- c:\users\Storm\AppData\Local\ArcSoft
2012-05-23 20:53 . 2012-05-23 21:00 -------- d-----w- c:\users\Storm\AppData\Roaming\ArcSoft
2012-05-23 20:53 . 2012-05-23 20:53 -------- d-----w- c:\program files (x86)\HP
2012-05-23 20:52 . 2012-05-23 20:56 -------- d--h--w- c:\programdata\ArcSoft
2012-05-23 20:52 . 2005-05-27 21:58 249856 ----a-w- c:\windows\SysWow64\MSLURT.dll
2012-05-23 20:52 . 2005-04-27 23:36 245408 ----a-w- c:\windows\SysWow64\unicows.dll
2012-05-23 20:52 . 2003-03-19 05:14 499712 ----a-r- c:\windows\SysWow64\msvcp71.dll
2012-05-23 20:52 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-23 20:52 . 2006-01-24 17:20 1645320 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-05-23 20:52 . 2005-05-27 21:58 393216 ----a-w- c:\windows\SysWow64\MSLUP60.dll
2012-05-23 20:52 . 1995-07-31 20:44 212480 ----a-w- c:\windows\SysWow64\PCDLIB32.DLL
2012-05-23 20:52 . 2009-05-26 21:32 19968 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys
2012-05-23 20:52 . 2008-09-05 00:06 55808 ----a-w- c:\windows\system\ArcSoftKsUFilter.dll
2012-05-23 20:52 . 2012-05-23 20:52 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2012-05-23 20:52 . 2012-05-23 20:52 -------- d-----w- c:\program files (x86)\ArcSoft
2012-05-23 06:58 . 2012-05-23 06:58 -------- d-----w- c:\users\Storm\AppData\Roaming\Image-Line
2012-05-23 06:50 . 2012-05-23 06:50 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2012-05-23 06:50 . 2011-10-11 14:45 1431552 ----a-w- c:\windows\SysWow64\rewire.dll
2012-05-23 06:50 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-05-23 06:49 . 2012-05-23 06:49 910564 ----a-w- c:\windows\SysWow64\lnsecsl.exe
2012-05-22 07:37 . 2012-05-22 07:37 -------- d-----w- c:\program files\Oracle
2012-05-22 07:36 . 2012-04-05 01:33 955800 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-22 07:36 . 2012-04-05 01:33 839056 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-22 07:36 . 2012-05-22 07:36 -------- d-----w- c:\program files\Java
2012-05-21 20:49 . 2012-05-21 20:49 -------- d-----w- c:\users\Storm\AppData\Local\Google
2012-05-21 06:16 . 2012-05-21 06:17 -------- d-----w- c:\users\Storm\AppData\Roaming\Notepad++
2012-05-21 06:16 . 2012-05-21 06:16 -------- d-----w- c:\program files (x86)\Notepad++
2012-05-13 19:19 . 2012-05-13 19:19 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-13 19:19 . 2012-05-13 19:19 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-13 19:19 . 2012-05-13 19:19 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-13 19:19 . 2012-05-13 19:19 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-07 14:37 . 2012-05-07 14:37 -------- d-----w- c:\users\Storm\AppData\Roaming\Apple Computer
2012-05-05 02:18 . 2012-05-05 02:18 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-05 02:18 . 2012-05-05 02:18 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-04 23:19 . 2012-05-29 02:46 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-04 23:19 . 2012-05-04 23:19 -------- d-----w- c:\users\Storm\AppData\Local\PunkBuster
2012-05-04 20:40 . 2012-05-10 17:04 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-04 20:39 . 2008-10-15 13:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-05-04 20:39 . 2008-10-15 13:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-05-04 20:39 . 2008-10-15 13:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-05-04 20:39 . 2008-10-15 13:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-05-04 20:39 . 2008-10-15 13:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-05-04 20:39 . 2008-10-15 13:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-05-04 03:10 . 2012-05-04 03:10 -------- d-----w- c:\users\Storm\AppData\Local\SRS Labs
2012-05-04 03:09 . 2012-05-04 03:09 -------- d-----w- c:\programdata\SRS Labs
2012-05-04 03:08 . 2009-12-15 21:41 346992 ----a-w- c:\windows\system32\drivers\SRS_SSCFilter_amd64.sys
2012-05-04 01:33 . 2012-05-04 01:33 1180753 ----a-w- c:\windows\unins001.exe
2012-05-04 01:33 . 2012-05-04 01:33 -------- d-----w- c:\program files (x86)\Corsair
2012-05-04 01:33 . 2012-05-04 01:33 -------- d-----w- c:\users\Storm\AppData\Roaming\Corsair Vengeance
2012-05-04 01:33 . 2012-05-04 01:33 1174097 ----a-w- c:\windows\unins000.exe
2012-05-04 01:33 . 2011-06-21 17:38 25600 ----a-w- c:\windows\system32\drivers\CORSGKB.sys
2012-05-01 07:12 . 2012-05-01 07:12 -------- d-----w- c:\windows\SysWow64\world
2012-04-30 21:30 . 2012-05-06 17:16 -------- d-----w- c:\users\Storm\AppData\Local\Microsoft Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-29 04:23 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-05-29 04:23 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-23 21:14 . 2012-04-05 08:42 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-23 21:14 . 2012-04-05 08:42 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 17:26 . 2012-04-05 08:05 5265184 ----a-w- c:\windows\PE_Rom.dll
2012-05-05 11:06 . 2012-04-14 03:06 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-20 06:15 . 2012-04-20 06:15 14544 ----a-w- c:\windows\SysWow64\drivers\hmonitor45.sys
2012-04-19 11:50 . 2012-04-19 11:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-07 15:50 . 2012-04-07 15:50 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4DFBD99-D096-457C-9D75-50294CBC15AD}\offreg.dll
2012-04-05 08:18 . 2012-04-05 08:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-03 21:19 . 2012-04-09 01:51 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-04-03 21:19 . 2012-04-09 01:51 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-04-03 21:19 . 2012-04-03 21:19 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-04-03 21:19 . 2012-04-03 21:19 320816 ------w- c:\windows\system32\VBoxNetFltNobj.dll
2012-03-20 10:51 . 2012-04-05 08:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4DFBD99-D096-457C-9D75-50294CBC15AD}\mpengine.dll
2012-03-01 00:02 . 2012-04-20 20:36 962368 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-03-01 00:02 . 2012-04-20 20:36 812352 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-03-01 00:02 . 2012-04-20 20:36 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-03-01 00:02 . 2012-04-20 20:36 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-03-01 00:02 . 2012-04-20 20:36 260416 ----a-w- c:\windows\system32\nvinitx.dll
2012-03-01 00:02 . 2012-04-20 20:36 215360 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-03-01 00:02 . 2012-04-20 20:36 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2012-04-20 20:36 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2012-04-20 02:41 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2012-04-20 02:41 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-01 00:02 . 2012-04-20 02:41 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-01 00:02 . 2012-04-20 02:41 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-01 00:02 . 2012-04-20 02:41 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-01 00:02 . 2012-04-20 02:41 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-03-01 00:02 . 2012-04-20 02:41 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-01 00:02 . 2012-04-20 02:41 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-01 00:02 . 2012-04-20 02:41 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2012-04-20 02:41 25543488 ----a-w- c:\windows\system32\nvoglv64.dll
2012-03-01 00:02 . 2012-04-20 02:41 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-01 00:02 . 2012-04-20 02:41 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-03-01 00:02 . 2012-04-20 02:41 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-03-01 00:02 . 2012-04-20 02:41 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2012-04-20 02:41 19444544 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-03-01 00:02 . 2012-04-20 02:41 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-03-01 00:02 . 2012-04-20 02:41 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-03-01 00:02 . 2012-04-20 02:41 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-03-01 00:02 . 2012-04-20 02:41 13626688 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 21:00 . 2011-03-21 00:33 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2011-03-21 00:33 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2011-03-21 00:34 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2011-03-21 00:34 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 20:59 . 2011-03-21 00:34 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2012-04-20 20:36 2515790 ----a-w- c:\windows\system32\nvcoproc.bin
2012-02-29 20:26 . 2012-02-29 20:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-17 05:53 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-04-17 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Storm\AppData\Local\Akamai\netsession_win.exe" [2012-05-08 3331872]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-04-17 982880]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Corsair laver"="c:\program files (x86)\Corsair\K90 Keyboard\K90Hid.exe" [2012-01-06 1711616]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"BM.exe"="c:\program files (x86)\HP\Button Manager\BM.exe" [2011-05-02 1571328]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Storm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FAHControl.lnk - c:\program files (x86)\FAHClient\FAHControl.exe [2012-3-20 1525760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\SysWOW64\lnsecsl.exe [2012-05-23 910564]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R3 7ByteIO;7ByteIO;c:\program files (x86)\Hot CPU Tester Pro 4\SysInfoX64.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 257696]
R3 cpuz135;cpuz135;c:\users\Storm\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [x]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Hmonitor45;Hmonitor45;c:\windows\SysWOW64\drivers\hmonitor45.sys [2012-04-20 14544]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-04-17 918880]
S3 ALSysIO;ALSysIO;c:\users\Storm\AppData\Local\Temp\ALSysIO64.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 CORSGKB;Corsair Gaming Keyboard;c:\windows\system32\drivers\CORSGKB.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 21:14]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-806090809-1033990294-959479435-1000Core.job
- c:\users\Storm\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-21 20:49]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-806090809-1033990294-959479435-1000UA.job
- c:\users\Storm\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-21 20:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={42D493EE-A012-4539-863F-3465CA2E8482}&mid=e2cf9646b74547d0b4acc593af11a234-4f3fb2dd29ca52488b6e6acf2a9fc56367aec23c&lang=en&ds=od011&pr=sa&d=2012-04-16 22:54&v=10.2.0.3&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Storm\AppData\Roaming\Mozilla\Firefox\Profiles\5238d3l7.default\
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-uptime - c:\users\Storm\Downloads\up.exe
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\windows\TEMP\mrt1C84.tmp\stdrt.exe
c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
.
**************************************************************************
.
Completion time: 2012-05-29 03:02:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-29 10:02
.
Pre-Run: 39,098,601,472 bytes free
Post-Run: 39,190,536,192 bytes free
.
- - End Of File - - AF631A40B4C60D1248E6B90756F0AD7B

~~~~~~~~~~

thanks again for the help. I really appreciate it.


----------



## StormProtocol (May 29, 2012)

looks like its c:\windows\TEMP\mrt1C84.tmp\stdrt.exe 

though i have no idea how to delete it.


----------



## kevinf80 (Mar 21, 2006)

Are you still hearing the ads?


----------



## StormProtocol (May 29, 2012)

unfortunately yes. i just did a search after seeing my "Other Running Processes" and it looks like "stdrt.exe" is a known virus that causes this exact problem i'm having.

but it doesnt show up on my process list

------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\windows\TEMP\mrt1C84.tmp\stdrt.exe <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
.
**************************************************************************


----------



## kevinf80 (Mar 21, 2006)

Yep I saw that, it is running from Windows\Temp folder That would have been emptied when we ran CF, obviously something put it straight back....

Run the following:

*Please read carefully and follow these steps.*

Download *TDSSKiller* and save it to your Desktop.

Doubleclick on







to run the application.

The "Ready to scan" window will open, Click on* "Change parameters"*










Place a checkmark next to Verify *Driver Digital Signature* and *Detect TDLFS file system*, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.










Select "Start Scan"










If an infected file is detected, the default action will be *Cure*, click on *Continue.*










If a suspicious file is detected, the default action will be *Skip*, click on *Continue.*










It may ask you to reboot the computer to complete the process. Click on *Reboot Now*.










If no reboot is require, click on *Report*. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.


----------



## StormProtocol (May 29, 2012)




----------



## StormProtocol (May 29, 2012)

i copied both to quarantine

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

03:40:19.0594 3824 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
03:40:19.0944 3824 ============================================================
03:40:19.0944 3824 Current date / time: 2012/05/29 03:40:19.0944
03:40:19.0944 3824 SystemInfo:
03:40:19.0944 3824 
03:40:19.0944 3824 OS Version: 6.1.7601 ServicePack: 1.0
03:40:19.0944 3824 Product type: Workstation
03:40:19.0944 3824 ComputerName: STORM-PC
03:40:19.0944 3824 UserName: Storm
03:40:19.0944 3824 Windows directory: C:\Windows
03:40:19.0944 3824 System windows directory: C:\Windows
03:40:19.0944 3824 Running under WOW64
03:40:19.0944 3824 Processor architecture: Intel x64
03:40:19.0944 3824 Number of processors: 8
03:40:19.0944 3824 Page size: 0x1000
03:40:19.0944 3824 Boot type: Normal boot
03:40:19.0944 3824 ============================================================
03:40:20.0067 3824 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:40:23.0967 3824 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:40:23.0973 3824 Drive \Device\Harddisk2\DR2 - Size: 0x200CE0000 (8.01 Gb), SectorSize: 0x200, Cylinders: 0x415, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
03:40:23.0974 3824 Drive \Device\Harddisk3\DR3 - Size: 0x3BA000000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x799, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
03:40:23.0976 3824 ============================================================
03:40:23.0976 3824 \Device\Harddisk1\DR1:
03:40:23.0978 3824 MBR partitions:
03:40:23.0978 3824 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
03:40:23.0978 3824 \Device\Harddisk0\DR0:
03:40:23.0978 3824 MBR partitions:
03:40:23.0978 3824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
03:40:23.0978 3824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A352800
03:40:23.0978 3824 \Device\Harddisk2\DR2:
03:40:23.0979 3824 MBR partitions:
03:40:23.0979 3824 \Device\Harddisk3\DR3:
03:40:23.0979 3824 MBR partitions:
03:40:23.0979 3824 \Device\Harddisk3\DR3\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DCE000
03:40:23.0979 3824 ============================================================
03:40:23.0981 3824 C: <-> \Device\Harddisk1\DR1\Partition0
03:40:24.0005 3824 D: <-> \Device\Harddisk0\DR0\Partition1
03:40:24.0005 3824 ============================================================
03:40:24.0005 3824 Initialize success
03:40:24.0005 3824 ============================================================
03:40:50.0734 5096 ============================================================
03:40:50.0734 5096 Scan started
03:40:50.0734 5096 Mode: Manual; SigCheck; TDLFS; 
03:40:50.0734 5096 ============================================================
03:40:50.0790 5096 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
03:40:50.0808 5096 !SASCORE - ok
03:40:50.0845 5096 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
03:40:50.0857 5096 1394ohci - ok
03:40:50.0860 5096 7ByteIO - ok
03:40:50.0867 5096 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
03:40:50.0877 5096 ACDaemon - ok
03:40:50.0887 5096 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
03:40:50.0894 5096 ACPI - ok
03:40:50.0897 5096 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
03:40:50.0911 5096 AcpiPmi - ok
03:40:50.0954 5096 Adobe Licensing Console (c55b6aa97bf54a893abfe5cc35712326) C:\Windows\SysWOW64\lnsecsl.exe
03:40:50.0963 5096 Adobe Licensing Console ( UnsignedFile.Multi.Generic ) - warning
03:40:50.0963 5096 Adobe Licensing Console - detected UnsignedFile.Multi.Generic (1)
03:40:50.0971 5096 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
03:40:50.0976 5096 AdobeFlashPlayerUpdateSvc - ok
03:40:51.0015 5096 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
03:40:51.0025 5096 adp94xx - ok
03:40:51.0038 5096 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
03:40:51.0046 5096 adpahci - ok
03:40:51.0052 5096 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
03:40:51.0057 5096 adpu320 - ok
03:40:51.0063 5096 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
03:40:51.0103 5096 AeLookupSvc - ok
03:40:51.0116 5096 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
03:40:51.0138 5096 AFD - ok
03:40:51.0142 5096 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
03:40:51.0146 5096 agp440 - ok
03:40:51.0149 5096 AiChargerPlus (8b6625d53c18774f0102f690e285b5e8) C:\Windows\system32\DRIVERS\AiChargerPlus.sys
03:40:51.0152 5096 AiChargerPlus - ok
03:40:51.0156 5096 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
03:40:51.0164 5096 ALG - ok
03:40:51.0166 5096 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
03:40:51.0170 5096 aliide - ok
03:40:51.0177 5096 ALSysIO - ok
03:40:51.0179 5096 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
03:40:51.0182 5096 amdide - ok
03:40:51.0186 5096 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
03:40:51.0194 5096 AmdK8 - ok
03:40:51.0197 5096 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
03:40:51.0202 5096 AmdPPM - ok
03:40:51.0206 5096 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
03:40:51.0211 5096 amdsata - ok
03:40:51.0217 5096 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
03:40:51.0224 5096 amdsbs - ok
03:40:51.0226 5096 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
03:40:51.0230 5096 amdxata - ok
03:40:51.0233 5096 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
03:40:51.0251 5096 AppID - ok
03:40:51.0253 5096 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
03:40:51.0271 5096 AppIDSvc - ok
03:40:51.0276 5096 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
03:40:51.0293 5096 Appinfo - ok
03:40:51.0301 5096 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
03:40:51.0308 5096 AppMgmt - ok
03:40:51.0312 5096 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
03:40:51.0317 5096 arc - ok
03:40:51.0321 5096 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
03:40:51.0326 5096 arcsas - ok
03:40:51.0329 5096 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
03:40:51.0332 5096 ArcSoftKsUFilter - ok
03:40:51.0357 5096 asComSvc (fb03a917c1294d3e6d671f24722e1ba3) C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
03:40:51.0369 5096 asComSvc - ok
03:40:51.0395 5096 asHmComSvc (a63173897ea1a73a75d0e65036de5b15) C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
03:40:51.0408 5096 asHmComSvc - ok
03:40:51.0430 5096 AsIO (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys
03:40:51.0433 5096 AsIO - ok
03:40:51.0459 5096 asmthub3 (954950d11ada98ac1b7ee3c770e4622c) C:\Windows\system32\DRIVERS\asmthub3.sys
03:40:51.0467 5096 asmthub3 - ok
03:40:51.0479 5096 asmtxhci (01dbb05db1db95803e3c9f2b49afe79c) C:\Windows\system32\DRIVERS\asmtxhci.sys
03:40:51.0489 5096 asmtxhci - ok
03:40:51.0505 5096 AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
03:40:51.0514 5096 AsSysCtrlService - ok
03:40:51.0531 5096 AsUpIO (1392b92179b07b672720763d9b1028a5) C:\Windows\syswow64\drivers\AsUpIO.sys
03:40:51.0533 5096 AsUpIO - ok
03:40:51.0557 5096 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
03:40:51.0575 5096 AsyncMac - ok
03:40:51.0578 5096 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
03:40:51.0581 5096 atapi - ok
03:40:51.0601 5096 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
03:40:51.0624 5096 AudioEndpointBuilder - ok
03:40:51.0627 5096 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
03:40:51.0647 5096 AudioSrv - ok
03:40:51.0651 5096 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
03:40:51.0655 5096 AVGIDSHA - ok
03:40:51.0663 5096 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
03:40:51.0668 5096 Avgldx64 - ok
03:40:51.0671 5096 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
03:40:51.0674 5096 Avgmfx64 - ok
03:40:51.0676 5096 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
03:40:51.0679 5096 Avgrkx64 - ok
03:40:51.0686 5096 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
03:40:51.0690 5096 avgwd - ok
03:40:51.0695 5096 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
03:40:51.0708 5096 AxInstSV - ok
03:40:51.0720 5096 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
03:40:51.0731 5096 b06bdrv - ok
03:40:51.0739 5096 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
03:40:51.0748 5096 b57nd60a - ok
03:40:51.0754 5096 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
03:40:51.0761 5096 BDESVC - ok
03:40:51.0762 5096 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
03:40:51.0780 5096 Beep - ok
03:40:51.0799 5096 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
03:40:51.0822 5096 BFE - ok
03:40:51.0846 5096 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
03:40:51.0870 5096 BITS - ok
03:40:51.0876 5096 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
03:40:51.0882 5096 blbdrive - ok
03:40:51.0886 5096 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
03:40:51.0905 5096 bowser - ok
03:40:51.0907 5096 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
03:40:51.0923 5096 BrFiltLo - ok
03:40:51.0925 5096 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
03:40:51.0931 5096 BrFiltUp - ok
03:40:51.0935 5096 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
03:40:51.0954 5096 BridgeMP - ok
03:40:51.0960 5096 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
03:40:51.0978 5096 Browser - ok
03:40:51.0985 5096 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
03:40:51.0995 5096 Brserid - ok
03:40:51.0997 5096 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
03:40:52.0005 5096 BrSerWdm - ok
03:40:52.0006 5096 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
03:40:52.0013 5096 BrUsbMdm - ok
03:40:52.0015 5096 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
03:40:52.0021 5096 BrUsbSer - ok
03:40:52.0025 5096 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
03:40:52.0032 5096 BTHMODEM - ok
03:40:52.0037 5096 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
03:40:52.0055 5096 bthserv - ok
03:40:52.0057 5096 catchme - ok
03:40:52.0061 5096 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
03:40:52.0079 5096 cdfs - ok
03:40:52.0085 5096 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
03:40:52.0091 5096 cdrom - ok
03:40:52.0095 5096 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
03:40:52.0114 5096 CertPropSvc - ok
03:40:52.0117 5096 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
03:40:52.0125 5096 circlass - ok
03:40:52.0136 5096 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
03:40:52.0145 5096 CLFS - ok
03:40:52.0150 5096 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:40:52.0155 5096 clr_optimization_v2.0.50727_32 - ok
03:40:52.0160 5096 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:40:52.0165 5096 clr_optimization_v2.0.50727_64 - ok
03:40:52.0172 5096 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:40:52.0177 5096 clr_optimization_v4.0.30319_32 - ok
03:40:52.0185 5096 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:40:52.0189 5096 clr_optimization_v4.0.30319_64 - ok
03:40:52.0192 5096 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
03:40:52.0198 5096 CmBatt - ok
03:40:52.0200 5096 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
03:40:52.0203 5096 cmdide - ok
03:40:52.0217 5096 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
03:40:52.0229 5096 CNG - ok
03:40:52.0232 5096 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
03:40:52.0236 5096 Compbatt - ok
03:40:52.0239 5096 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
03:40:52.0246 5096 CompositeBus - ok
03:40:52.0248 5096 COMSysApp - ok
03:40:52.0251 5096 CORSGKB (51e7182652a7a5af46afcde6afddcdf5) C:\Windows\system32\drivers\CORSGKB.sys
03:40:52.0256 5096 CORSGKB - ok
03:40:52.0262 5096 cpuz135 - ok
03:40:52.0265 5096 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
03:40:52.0268 5096 crcdisk - ok
03:40:52.0275 5096 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
03:40:52.0295 5096 CryptSvc - ok
03:40:52.0309 5096 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
03:40:52.0320 5096 CSC - ok
03:40:52.0337 5096 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
03:40:52.0348 5096 CscService - ok
03:40:52.0365 5096 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
03:40:52.0387 5096 DcomLaunch - ok
03:40:52.0396 5096 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
03:40:52.0417 5096 defragsvc - ok
03:40:52.0424 5096 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
03:40:52.0442 5096 DfsC - ok
03:40:52.0451 5096 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
03:40:52.0470 5096 Dhcp - ok
03:40:52.0473 5096 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
03:40:52.0491 5096 discache - ok
03:40:52.0494 5096 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
03:40:52.0498 5096 Disk - ok
03:40:52.0503 5096 Dnscache (cd55f5355d8f55d44c9f4ed875705bd6) C:\Windows\System32\dnsrslvr.dll
03:40:52.0522 5096 Dnscache - ok
03:40:52.0529 5096 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
03:40:52.0547 5096 dot3svc - ok
03:40:52.0552 5096 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
03:40:52.0570 5096 DPS - ok
03:40:52.0572 5096 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
03:40:52.0578 5096 drmkaud - ok
03:40:52.0602 5096 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
03:40:52.0613 5096 DXGKrnl - ok
03:40:52.0618 5096 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
03:40:52.0636 5096 EapHost - ok
03:40:52.0715 5096 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
03:40:52.0746 5096 ebdrv - ok
03:40:52.0773 5096 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
03:40:52.0779 5096 EFS - ok
03:40:52.0798 5096 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
03:40:52.0813 5096 ehRecvr - ok
03:40:52.0818 5096 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
03:40:52.0826 5096 ehSched - ok
03:40:52.0831 5096 EIO64 - ok
03:40:52.0847 5096 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
03:40:52.0856 5096 elxstor - ok
03:40:52.0858 5096 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
03:40:52.0865 5096 ErrDev - ok
03:40:52.0880 5096 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
03:40:52.0903 5096 EventSystem - ok
03:40:52.0911 5096 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
03:40:52.0930 5096 exfat - ok
03:40:52.0937 5096 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
03:40:52.0957 5096 fastfat - ok
03:40:52.0976 5096 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
03:40:52.0988 5096 Fax - ok
03:40:52.0991 5096 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
03:40:52.0997 5096 fdc - ok
03:40:52.0999 5096 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
03:40:53.0017 5096 fdPHost - ok
03:40:53.0020 5096 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
03:40:53.0037 5096 FDResPub - ok
03:40:53.0041 5096 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
03:40:53.0045 5096 FileInfo - ok
03:40:53.0048 5096 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
03:40:53.0065 5096 Filetrace - ok
03:40:53.0068 5096 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
03:40:53.0073 5096 flpydisk - ok
03:40:53.0082 5096 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
03:40:53.0089 5096 FltMgr - ok
03:40:53.0118 5096 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
03:40:53.0145 5096 FontCache - ok
03:40:53.0149 5096 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:40:53.0153 5096 FontCache3.0.0.0 - ok
03:40:53.0158 5096 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
03:40:53.0162 5096 FsDepends - ok
03:40:53.0164 5096 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
03:40:53.0167 5096 Fs_Rec - ok
03:40:53.0174 5096 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
03:40:53.0181 5096 fvevol - ok
03:40:53.0184 5096 gagp30kx  (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
03:40:53.0189 5096 gagp30kx - ok
03:40:53.0206 5096 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
03:40:53.0229 5096 gpsvc - ok
03:40:53.0231 5096 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
03:40:53.0237 5096 hcw85cir - ok
03:40:53.0247 5096 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
03:40:53.0257 5096 HdAudAddService - ok
03:40:53.0261 5096 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
03:40:53.0268 5096 HDAudBus - ok
03:40:53.0270 5096 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
03:40:53.0276 5096 HidBatt - ok
03:40:53.0280 5096 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
03:40:53.0288 5096 HidBth - ok
03:40:53.0291 5096 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
03:40:53.0298 5096 HidIr - ok
03:40:53.0301 5096 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
03:40:53.0320 5096 hidserv - ok
03:40:53.0323 5096 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
03:40:53.0328 5096 HidUsb - ok
03:40:53.0332 5096 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
03:40:53.0350 5096 hkmsvc - ok
03:40:53.0365 5096 Hmonitor45 (0c0195c48b6b8582fa6f6373032118da) C:\Windows\SysWOW64\drivers\hmonitor45.sys
03:40:53.0368 5096 Hmonitor45 - ok
03:40:53.0375 5096 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
03:40:53.0383 5096 HomeGroupListener - ok
03:40:53.0390 5096 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
03:40:53.0397 5096 HomeGroupProvider - ok
03:40:53.0401 5096 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
03:40:53.0405 5096 HpSAMD - ok
03:40:53.0427 5096 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
03:40:53.0451 5096 HTTP - ok
03:40:53.0453 5096 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
03:40:53.0456 5096 hwpolicy - ok
03:40:53.0461 5096 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
03:40:53.0466 5096 i8042prt - ok
03:40:53.0479 5096 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
03:40:53.0487 5096 iaStorV - ok
03:40:53.0490 5096 ICCWDT (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys
03:40:53.0493 5096 ICCWDT - ok
03:40:53.0499 5096 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
03:40:53.0502 5096 IDriverT ( UnsignedFile.Multi.Generic ) - warning
03:40:53.0502 5096 IDriverT - detected UnsignedFile.Multi.Generic (1)
03:40:53.0526 5096 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:40:53.0539 5096 idsvc - ok
03:40:53.0542 5096 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
03:40:53.0546 5096 iirsp - ok
03:40:53.0569 5096 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
03:40:53.0594 5096 IKEEXT - ok
03:40:53.0650 5096 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
03:40:53.0673 5096 IntcAzAudAddService - ok
03:40:53.0696 5096 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
03:40:53.0700 5096 intelide - ok
03:40:53.0703 5096 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
03:40:53.0709 5096 intelppm - ok
03:40:53.0713 5096 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
03:40:53.0731 5096 IPBusEnum - ok
03:40:53.0735 5096 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:40:53.0753 5096 IpFilterDriver - ok
03:40:53.0769 5096 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
03:40:53.0792 5096 iphlpsvc - ok
03:40:53.0796 5096 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
03:40:53.0802 5096 IPMIDRV - ok
03:40:53.0807 5096 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
03:40:53.0826 5096 IPNAT - ok
03:40:53.0828 5096 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
03:40:53.0843 5096 IRENUM - ok
03:40:53.0846 5096 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
03:40:53.0850 5096 isapnp - ok
03:40:53.0858 5096 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
03:40:53.0865 5096 iScsiPrt - ok
03:40:53.0868 5096 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
03:40:53.0872 5096 kbdclass - ok
03:40:53.0875 5096 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
03:40:53.0881 5096 kbdhid - ok
03:40:53.0883 5096 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:40:53.0888 5096 KeyIso - ok
03:40:53.0892 5096 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
03:40:53.0897 5096 KSecDD - ok
03:40:53.0903 5096 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
03:40:53.0908 5096 KSecPkg - ok
03:40:53.0910 5096 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
03:40:53.0928 5096 ksthunk - ok
03:40:53.0939 5096 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
03:40:53.0959 5096 KtmRm - ok
03:40:53.0967 5096 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
03:40:53.0987 5096 LanmanServer - ok
03:40:53.0993 5096 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
03:40:54.0011 5096 LanmanWorkstation - ok
03:40:54.0014 5096 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
03:40:54.0032 5096 lltdio - ok
03:40:54.0041 5096 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
03:40:54.0060 5096 lltdsvc - ok
03:40:54.0063 5096 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
03:40:54.0080 5096 lmhosts - ok
03:40:54.0085 5096 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
03:40:54.0090 5096 LSI_FC - ok
03:40:54.0094 5096 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
03:40:54.0099 5096 LSI_SAS - ok
03:40:54.0103 5096 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
03:40:54.0107 5096 LSI_SAS2 - ok
03:40:54.0113 5096 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
03:40:54.0118 5096 LSI_SCSI - ok
03:40:54.0122 5096 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
03:40:54.0140 5096 luafv - ok
03:40:54.0143 5096 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
03:40:54.0148 5096 MBAMProtector - ok
03:40:54.0166 5096 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
03:40:54.0177 5096 MBAMService - ok
03:40:54.0182 5096 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
03:40:54.0190 5096 Mcx2Svc - ok
03:40:54.0192 5096 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
03:40:54.0197 5096 megasas - ok
03:40:54.0206 5096 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
03:40:54.0213 5096 MegaSR - ok
03:40:54.0218 5096 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
03:40:54.0222 5096 MEIx64 - ok
03:40:54.0225 5096 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
03:40:54.0244 5096 MMCSS - ok
03:40:54.0246 5096 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
03:40:54.0265 5096 Modem - ok
03:40:54.0267 5096 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
03:40:54.0274 5096 monitor - ok
03:40:54.0277 5096 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
03:40:54.0280 5096 mouclass - ok
03:40:54.0283 5096 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
03:40:54.0288 5096 mouhid - ok
03:40:54.0292 5096 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
03:40:54.0296 5096 mountmgr - ok
03:40:54.0301 5096 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
03:40:54.0306 5096 MozillaMaintenance - ok
03:40:54.0311 5096 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
03:40:54.0316 5096 mpio - ok
03:40:54.0319 5096 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
03:40:54.0337 5096 mpsdrv - ok
03:40:54.0356 5096 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
03:40:54.0380 5096 MpsSvc - ok
03:40:54.0386 5096 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
03:40:54.0396 5096 MRxDAV - ok
03:40:54.0401 5096 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:40:54.0420 5096 mrxsmb - ok
03:40:54.0430 5096 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:40:54.0450 5096 mrxsmb10 - ok
03:40:54.0455 5096 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:40:54.0473 5096 mrxsmb20 - ok
03:40:54.0477 5096 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
03:40:54.0480 5096 msahci - ok
03:40:54.0486 5096 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
03:40:54.0492 5096 msdsm - ok
03:40:54.0497 5096 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
03:40:54.0504 5096 MSDTC - ok
03:40:54.0508 5096 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
03:40:54.0525 5096 Msfs - ok
03:40:54.0527 5096 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
03:40:54.0545 5096 mshidkmdf - ok
03:40:54.0547 5096 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
03:40:54.0550 5096 msisadrv - ok
03:40:54.0556 5096 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
03:40:54.0574 5096 MSiSCSI - ok
03:40:54.0576 5096 msiserver - ok
03:40:54.0578 5096 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
03:40:54.0596 5096 MSKSSRV - ok
03:40:54.0598 5096 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
03:40:54.0615 5096 MSPCLOCK - ok
03:40:54.0617 5096 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
03:40:54.0634 5096 MSPQM - ok
03:40:54.0643 5096 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
03:40:54.0651 5096 MsRPC - ok
03:40:54.0654 5096 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
03:40:54.0657 5096 mssmbios - ok
03:40:54.0659 5096 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
03:40:54.0677 5096 MSTEE - ok
03:40:54.0678 5096 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
03:40:54.0684 5096 MTConfig - ok
03:40:54.0687 5096 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
03:40:54.0691 5096 Mup - ok
03:40:54.0705 5096 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
03:40:54.0726 5096 napagent - ok
03:40:54.0736 5096 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
03:40:54.0747 5096 NativeWifiP - ok
03:40:54.0771 5096 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
03:40:54.0785 5096 NDIS - ok
03:40:54.0788 5096 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
03:40:54.0807 5096 NdisCap - ok
03:40:54.0809 5096 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
03:40:54.0826 5096 NdisTapi - ok
03:40:54.0830 5096 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
03:40:54.0847 5096 Ndisuio - ok
03:40:54.0852 5096 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
03:40:54.0870 5096 NdisWan - ok
03:40:54.0873 5096 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
03:40:54.0890 5096 NDProxy - ok
03:40:54.0893 5096 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
03:40:54.0910 5096 NetBIOS - ok
03:40:54.0918 5096 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
03:40:54.0936 5096 NetBT - ok
03:40:54.0939 5096 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:40:54.0944 5096 Netlogon - ok
03:40:54.0956 5096 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
03:40:54.0979 5096 Netman - ok
03:40:54.0994 5096 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
03:40:55.0019 5096 netprofm - ok
03:40:55.0024 5096 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:40:55.0029 5096 NetTcpPortSharing - ok
03:40:55.0036 5096 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
03:40:55.0040 5096 nfrd960 - ok
03:40:55.0050 5096 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
03:40:55.0070 5096 NlaSvc - ok
03:40:55.0073 5096 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
03:40:55.0091 5096 Npfs - ok
03:40:55.0093 5096 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
03:40:55.0111 5096 nsi - ok
03:40:55.0113 5096 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
03:40:55.0131 5096 nsiproxy - ok
03:40:55.0172 5096 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
03:40:55.0194 5096 Ntfs - ok
03:40:55.0222 5096 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
03:40:55.0239 5096 Null - ok
03:40:55.0247 5096 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
03:40:55.0252 5096 NVHDA - ok
03:40:55.0611 5096 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
03:40:55.0723 5096 nvlddmkm - ok
03:40:55.0753 5096 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
03:40:55.0758 5096 nvraid - ok
03:40:55.0764 5096 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
03:40:55.0769 5096 nvstor - ok
03:40:55.0793 5096 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
03:40:55.0807 5096 nvsvc - ok
03:40:55.0869 5096 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
03:40:55.0898 5096 nvUpdatusService - ok
03:40:55.0925 5096 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
03:40:55.0930 5096 nv_agp - ok
03:40:55.0934 5096 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
03:40:55.0941 5096 ohci1394 - ok
03:40:55.0950 5096 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
03:40:55.0960 5096 p2pimsvc - ok
03:40:55.0972 5096 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
03:40:55.0982 5096 p2psvc - ok
03:40:55.0986 5096 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
03:40:55.0993 5096 Parport - ok
03:40:55.0997 5096 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
03:40:56.0001 5096 partmgr - ok
03:40:56.0008 5096 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
03:40:56.0017 5096 PcaSvc - ok
03:40:56.0024 5096 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
03:40:56.0029 5096 pci - ok
03:40:56.0031 5096 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
03:40:56.0035 5096 pciide - ok
03:40:56.0041 5096 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
03:40:56.0047 5096 pcmcia - ok
03:40:56.0051 5096 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
03:40:56.0054 5096 pcw - ok
03:40:56.0072 5096 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
03:40:56.0096 5096 PEAUTH - ok
03:40:56.0135 5096 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
03:40:56.0156 5096 PeerDistSvc - ok
03:40:56.0173 5096 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
03:40:56.0179 5096 PerfHost - ok
03:40:56.0242 5096 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
03:40:56.0271 5096 pla - ok
03:40:56.0304 5096 PlugPlay (b806e50427511bcf4ad8e8239c3e25fa) C:\Windows\system32\umpnpmgr.dll
03:40:56.0325 5096 PlugPlay - ok
03:40:56.0328 5096 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
03:40:56.0333 5096 PNRPAutoReg - ok
03:40:56.0343 5096 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
03:40:56.0350 5096 PNRPsvc - ok
03:40:56.0366 5096 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
03:40:56.0388 5096 PolicyAgent - ok
03:40:56.0396 5096 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
03:40:56.0416 5096 Power - ok
03:40:56.0422 5096 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
03:40:56.0440 5096 PptpMiniport - ok
03:40:56.0444 5096 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
03:40:56.0451 5096 Processor - ok
03:40:56.0457 5096 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
03:40:56.0477 5096 ProfSvc - ok
03:40:56.0480 5096 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:40:56.0486 5096 ProtectedStorage - ok
03:40:56.0491 5096 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
03:40:56.0509 5096 Psched - ok
03:40:56.0543 5096 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
03:40:56.0563 5096 ql2300 - ok
03:40:56.0588 5096 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
03:40:56.0592 5096 ql40xx - ok
03:40:56.0600 5096 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
03:40:56.0609 5096 QWAVE - ok
03:40:56.0612 5096 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
03:40:56.0620 5096 QWAVEdrv - ok
03:40:56.0622 5096 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
03:40:56.0639 5096 RasAcd - ok
03:40:56.0644 5096 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
03:40:56.0662 5096 RasAgileVpn - ok
03:40:56.0666 5096 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
03:40:56.0685 5096 RasAuto - ok
03:40:56.0689 5096 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:40:56.0707 5096 Rasl2tp - ok
03:40:56.0716 5096 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
03:40:56.0736 5096 RasMan - ok
03:40:56.0741 5096 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
03:40:56.0759 5096 RasPppoe - ok
03:40:56.0763 5096 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
03:40:56.0782 5096 RasSstp - ok
03:40:56.0791 5096 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
03:40:56.0811 5096 rdbss - ok
03:40:56.0814 5096 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
03:40:56.0821 5096 rdpbus - ok
03:40:56.0824 5096 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:40:56.0841 5096 RDPCDD - ok
03:40:56.0848 5096 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
03:40:56.0855 5096 RDPDR - ok
03:40:56.0857 5096 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
03:40:56.0874 5096 RDPENCDD - ok
03:40:56.0877 5096 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
03:40:56.0894 5096 RDPREFMP - ok
03:40:56.0898 5096 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
03:40:56.0904 5096 RdpVideoMiniport - ok
03:40:56.0912 5096 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
03:40:56.0930 5096 RDPWD - ok
03:40:56.0937 5096 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
03:40:56.0943 5096 rdyboost - ok
03:40:56.0948 5096 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
03:40:56.0967 5096 RemoteAccess - ok
03:40:56.0974 5096 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
03:40:56.0993 5096 RemoteRegistry - ok
03:40:56.0998 5096 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
03:40:57.0016 5096 RpcEptMapper - ok
03:40:57.0018 5096 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
03:40:57.0024 5096 RpcLocator - ok
03:40:57.0038 5096 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
03:40:57.0058 5096 RpcSs - ok
03:40:57.0063 5096 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
03:40:57.0080 5096 rspndr - ok
03:40:57.0095 5096 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\Windows\system32\DRIVERS\Rt64win7.sys
03:40:57.0103 5096 RTL8167 - ok
03:40:57.0105 5096 RtNdPt60 (e16b7c030a05ef649b18fab0a93d871f) C:\Windows\system32\DRIVERS\RtNdPt60.sys
03:40:57.0108 5096 RtNdPt60 - ok
03:40:57.0111 5096 RTTEAMPT (1de78f5008120cd79b34c12394dcd493) C:\Windows\system32\DRIVERS\RtTeam60.sys
03:40:57.0114 5096 RTTEAMPT - ok
03:40:57.0117 5096 RTVLANPT (b1018aa1b5735f5fa89fd4dadf4bea7a) C:\Windows\system32\DRIVERS\RtVlan60.sys
03:40:57.0119 5096 RTVLANPT - ok
03:40:57.0121 5096 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
03:40:57.0127 5096 s3cap - ok
03:40:57.0129 5096 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:40:57.0135 5096 SamSs - ok
03:40:57.0139 5096 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
03:40:57.0142 5096 SASDIFSV - ok
03:40:57.0144 5096 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
03:40:57.0146 5096 SASKUTIL - ok
03:40:57.0150 5096 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
03:40:57.0155 5096 sbp2port - ok
03:40:57.0187 5096 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
03:40:57.0202 5096 SBSDWSCService - ok
03:40:57.0231 5096 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
03:40:57.0250 5096 SCardSvr - ok
03:40:57.0256 5096 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
03:40:57.0274 5096 scfilter - ok
03:40:57.0301 5096 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
03:40:57.0328 5096 Schedule - ok
03:40:57.0333 5096 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
03:40:57.0349 5096 SCPolicySvc - ok
03:40:57.0356 5096 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
03:40:57.0363 5096 SDRSVC - ok
03:40:57.0369 5096 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
03:40:57.0386 5096 secdrv - ok
03:40:57.0389 5096 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
03:40:57.0407 5096 seclogon - ok
03:40:57.0411 5096 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
03:40:57.0429 5096 SENS - ok
03:40:57.0431 5096 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
03:40:57.0438 5096 SensrSvc - ok
03:40:57.0441 5096 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
03:40:57.0446 5096 Serenum - ok
03:40:57.0450 5096 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
03:40:57.0456 5096 Serial - ok
03:40:57.0459 5096 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
03:40:57.0464 5096 sermouse - ok
03:40:57.0471 5096 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
03:40:57.0490 5096 SessionEnv - ok
03:40:57.0492 5096 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
03:40:57.0499 5096 sffdisk - ok
03:40:57.0501 5096 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
03:40:57.0508 5096 sffp_mmc - ok
03:40:57.0510 5096 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
03:40:57.0517 5096 sffp_sd - ok
03:40:57.0519 5096 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
03:40:57.0525 5096 sfloppy - ok
03:40:57.0537 5096 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
03:40:57.0557 5096 SharedAccess - ok
03:40:57.0568 5096 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
03:40:57.0589 5096 ShellHWDetection - ok
03:40:57.0593 5096 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
03:40:57.0597 5096 SiSRaid2 - ok
03:40:57.0601 5096 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
03:40:57.0606 5096 SiSRaid4 - ok
03:40:57.0615 5096 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
03:40:57.0619 5096 SkypeUpdate - ok
03:40:57.0623 5096 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
03:40:57.0642 5096 Smb - ok
03:40:57.0646 5096 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
03:40:57.0653 5096 SNMPTRAP - ok
03:40:57.0655 5096 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
03:40:57.0658 5096 spldr - ok
03:40:57.0675 5096 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
03:40:57.0697 5096 Spooler - ok
03:40:57.0789 5096 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
03:40:57.0838 5096 sppsvc - ok
03:40:57.0866 5096 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
03:40:57.0885 5096 sppuinotify - ok
03:40:57.0899 5096 SRS_SSCFilter (83be26217fd07b3613d151d24aaa9beb) C:\Windows\system32\drivers\srs_sscfilter_amd64.sys
03:40:57.0905 5096 SRS_SSCFilter - ok
03:40:57.0920 5096 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
03:40:57.0942 5096 srv - ok
03:40:57.0952 5096 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
03:40:57.0972 5096 srv2 - ok
03:40:57.0978 5096 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
03:40:57.0995 5096 srvnet - ok
03:40:58.0002 5096 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
03:40:58.0021 5096 SSDPSRV - ok
03:40:58.0025 5096 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
03:40:58.0043 5096 SstpSvc - ok
03:40:58.0056 5096 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
03:40:58.0064 5096 Stereo Service - ok
03:40:58.0066 5096 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
03:40:58.0071 5096 stexstor - ok
03:40:58.0085 5096 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
03:40:58.0098 5096 stisvc - ok
03:40:58.0101 5096 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
03:40:58.0105 5096 storflt - ok
03:40:58.0108 5096 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
03:40:58.0112 5096 storvsc - ok
03:40:58.0114 5096 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
03:40:58.0117 5096 swenum - ok
03:40:58.0131 5096 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
03:40:58.0154 5096 swprv - ok
03:40:58.0156 5096 Synth3dVsc - ok
03:40:58.0205 5096 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
03:40:58.0230 5096 SysMain - ok
03:40:58.0255 5096 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
03:40:58.0265 5096 TabletInputService - ok
03:40:58.0275 5096 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
03:40:58.0296 5096 TapiSrv - ok
03:40:58.0300 5096 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
03:40:58.0318 5096 TBS - ok
03:40:58.0369 5096 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
03:40:58.0395 5096 Tcpip - ok
03:40:58.0468 5096 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
03:40:58.0487 5096 TCPIP6 - ok
03:40:58.0515 5096 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
03:40:58.0533 5096 tcpipreg - ok
03:40:58.0536 5096 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
03:40:58.0554 5096 TDPIPE - ok
03:40:58.0556 5096 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
03:40:58.0574 5096 TDTCP - ok
03:40:58.0578 5096 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
03:40:58.0596 5096 tdx - ok
03:40:58.0599 5096 TEAM (1de78f5008120cd79b34c12394dcd493) C:\Windows\system32\DRIVERS\RtTeam60.sys
03:40:58.0602 5096 TEAM - ok
03:40:58.0605 5096 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
03:40:58.0609 5096 TermDD - ok
03:40:58.0625 5096 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
03:40:58.0648 5096 TermService - ok
03:40:58.0651 5096 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
03:40:58.0659 5096 Themes - ok
03:40:58.0662 5096 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
03:40:58.0679 5096 THREADORDER - ok
03:40:58.0684 5096 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
03:40:58.0702 5096 TrkWks - ok
03:40:58.0710 5096 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
03:40:58.0729 5096 TrustedInstaller - ok
03:40:58.0736 5096 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:40:58.0752 5096 tssecsrv - ok
03:40:58.0755 5096 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
03:40:58.0760 5096 TsUsbFlt - ok
03:40:58.0762 5096 tsusbhub - ok
03:40:58.0767 5096 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
03:40:58.0784 5096 tunnel - ok
03:40:58.0787 5096 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
03:40:58.0792 5096 uagp35 - ok
03:40:58.0798 5096 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe
03:40:58.0802 5096 uCamMonitor - ok
03:40:58.0811 5096 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
03:40:58.0831 5096 udfs - ok
03:40:58.0836 5096 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
03:40:58.0842 5096 UI0Detect - ok
03:40:58.0847 5096 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
03:40:58.0851 5096 uliagpkx - ok
03:40:58.0854 5096 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
03:40:58.0861 5096 umbus - ok
03:40:58.0863 5096 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
03:40:58.0869 5096 UmPass - ok
03:40:58.0876 5096 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
03:40:58.0884 5096 UmRdpService - ok
03:40:58.0895 5096 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
03:40:58.0917 5096 upnphost - ok
03:40:58.0923 5096 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
03:40:58.0931 5096 usbaudio - ok
03:40:58.0936 5096 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
03:40:58.0941 5096 usbccgp - ok
03:40:58.0948 5096 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
03:40:58.0955 5096 usbcir - ok
03:40:58.0958 5096 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
03:40:58.0964 5096 usbehci - ok
03:40:58.0975 5096 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
03:40:58.0983 5096 usbhub - ok
03:40:58.0986 5096 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
03:40:58.0991 5096 usbohci - ok
03:40:58.0993 5096 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
03:40:59.0001 5096 usbprint - ok
03:40:59.0006 5096 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
03:40:59.0012 5096 USBSTOR - ok
03:40:59.0015 5096 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
03:40:59.0021 5096 usbuhci - ok
03:40:59.0028 5096 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
03:40:59.0036 5096 usbvideo - ok
03:40:59.0039 5096 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
03:40:59.0057 5096 UxSms - ok
03:40:59.0061 5096 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:40:59.0066 5096 VaultSvc - ok
03:40:59.0073 5096 VBoxNetAdp (51cee8e2b356fdc351db20c87f25f5a8) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
03:40:59.0078 5096 VBoxNetAdp - ok
03:40:59.0080 5096 VBoxNetFlt - ok
03:40:59.0083 5096 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
03:40:59.0087 5096 vdrvroot - ok
03:40:59.0101 5096 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
03:40:59.0123 5096 vds - ok
03:40:59.0126 5096 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
03:40:59.0133 5096 vga - ok
03:40:59.0136 5096 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
03:40:59.0153 5096 VgaSave - ok
03:40:59.0155 5096 VGPU - ok
03:40:59.0161 5096 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
03:40:59.0167 5096 vhdmp - ok
03:40:59.0170 5096 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
03:40:59.0173 5096 viaide - ok
03:40:59.0176 5096 VLAN (b1018aa1b5735f5fa89fd4dadf4bea7a) C:\Windows\system32\DRIVERS\RtVLAN60.sys
03:40:59.0178 5096 VLAN - ok
03:40:59.0184 5096 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
03:40:59.0189 5096 vmbus - ok
03:40:59.0192 5096 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
03:40:59.0196 5096 VMBusHID - ok
03:40:59.0200 5096 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
03:40:59.0204 5096 volmgr - ok
03:40:59.0216 5096 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
03:40:59.0223 5096 volmgrx - ok
03:40:59.0233 5096 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
03:40:59.0240 5096 volsnap - ok
03:40:59.0248 5096 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
03:40:59.0253 5096 vsmraid - ok
03:40:59.0293 5096 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
03:40:59.0324 5096 VSS - ok
03:40:59.0351 5096 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
03:40:59.0364 5096 vToolbarUpdater10.2.0 - ok
03:40:59.0392 5096 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
03:40:59.0400 5096 vwifibus - ok
03:40:59.0412 5096 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
03:40:59.0433 5096 W32Time - ok
03:40:59.0436 5096 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
03:40:59.0442 5096 WacomPen - ok
03:40:59.0447 5096 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
03:40:59.0464 5096 WANARP - ok
03:40:59.0465 5096 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
03:40:59.0482 5096 Wanarpv6 - ok
03:40:59.0516 5096 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
03:40:59.0536 5096 wbengine - ok
03:40:59.0565 5096 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
03:40:59.0574 5096 WbioSrvc - ok
03:40:59.0587 5096 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
03:40:59.0599 5096 wcncsvc - ok
03:40:59.0602 5096 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
03:40:59.0609 5096 WcsPlugInService - ok
03:40:59.0615 5096 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
03:40:59.0619 5096 Wd - ok
03:40:59.0637 5096 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
03:40:59.0647 5096 Wdf01000 - ok
03:40:59.0652 5096 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
03:40:59.0675 5096 WdiServiceHost - ok
03:40:59.0676 5096 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
03:40:59.0685 5096 WdiSystemHost - ok
03:40:59.0694 5096 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
03:40:59.0705 5096 WebClient - ok
03:40:59.0714 5096 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
03:40:59.0734 5096 Wecsvc - ok
03:40:59.0738 5096 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
03:40:59.0757 5096 wercplsupport - ok
03:40:59.0761 5096 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
03:40:59.0779 5096 WerSvc - ok
03:40:59.0785 5096 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
03:40:59.0802 5096 WfpLwf - ok
03:40:59.0804 5096 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
03:40:59.0808 5096 WIMMount - ok
03:40:59.0810 5096 WinDefend - ok
03:40:59.0812 5096 WinHttpAutoProxySvc - ok
03:40:59.0821 5096 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
03:40:59.0840 5096 Winmgmt - ok
03:40:59.0886 5096 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
03:40:59.0921 5096 WinRM - ok
03:40:59.0970 5096 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
03:40:59.0987 5096 Wlansvc - ok
03:40:59.0993 5096 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
03:40:59.0998 5096 WmiAcpi - ok
03:41:00.0007 5096 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
03:41:00.0015 5096 wmiApSrv - ok
03:41:00.0018 5096 WMPNetworkSvc - ok
03:41:00.0020 5096 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
03:41:00.0026 5096 WPCSvc - ok
03:41:00.0031 5096 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
03:41:00.0042 5096 WPDBusEnum - ok
03:41:00.0045 5096 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
03:41:00.0062 5096 ws2ifsl - ok
03:41:00.0068 5096 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
03:41:00.0077 5096 wscsvc - ok
03:41:00.0078 5096 WSearch - ok
03:41:00.0139 5096 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
03:41:00.0177 5096 wuauserv - ok
03:41:00.0209 5096 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
03:41:00.0227 5096 WudfPf - ok
03:41:00.0234 5096 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:41:00.0253 5096 WUDFRd - ok
03:41:00.0257 5096 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
03:41:00.0275 5096 wudfsvc - ok
03:41:00.0282 5096 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
03:41:00.0293 5096 WwanSvc - ok
03:41:00.0298 5096 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
03:41:00.0311 5096 \Device\Harddisk1\DR1 - ok
03:41:00.0312 5096 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
03:41:00.0491 5096 \Device\Harddisk0\DR0 - ok
03:41:00.0494 5096 MBR (0x1B8) (1fee9886f8cc1ab0bad47875716d3f34) \Device\Harddisk2\DR2
03:41:05.0583 5096 \Device\Harddisk2\DR2 - ok
03:41:05.0594 5096 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR3
03:41:05.0925 5096 \Device\Harddisk3\DR3 - ok
03:41:05.0928 5096 Boot (0x1200) (6eadc9fa162975c40d4deb98c8084e1c) \Device\Harddisk1\DR1\Partition0
03:41:05.0928 5096 \Device\Harddisk1\DR1\Partition0 - ok
03:41:05.0948 5096 Boot (0x1200) (4c0562b0c639c3ad90c7d22f7e7dba7c) \Device\Harddisk0\DR0\Partition0
03:41:05.0950 5096 \Device\Harddisk0\DR0\Partition0 - ok
03:41:05.0951 5096 Boot (0x1200) (f20e399dab5c98f1f17c5a2eaf63611e) \Device\Harddisk0\DR0\Partition1
03:41:05.0952 5096 \Device\Harddisk0\DR0\Partition1 - ok
03:41:05.0955 5096 Boot (0x1200) (a8dccf4ead48491eac1e9080f671fe8b) \Device\Harddisk3\DR3\Partition0
03:41:05.0957 5096 \Device\Harddisk3\DR3\Partition0 - ok
03:41:05.0957 5096 ============================================================
03:41:05.0957 5096 Scan finished
03:41:05.0957 5096 ============================================================
03:41:05.0961 5676 Detected object count: 2
03:41:05.0961 5676 Actual detected object count: 2
03:45:34.0569 5676 C:\Windows\SysWOW64\lnsecsl.exe - copied to quarantine
03:45:34.0569 5676 Adobe Licensing Console ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
03:45:34.0576 5676 C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe - copied to quarantine
03:45:34.0577 5676 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*Ads are still playing *

-Storm


----------



## kevinf80 (Mar 21, 2006)

Run the following;

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select Run as Administartor
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run, even if not prompted*

Update and run Malwarebytes, post its log


----------



## StormProtocol (May 29, 2012)

*okay, i ran TFC and ran malwarebytes but it didnt find anything. here is the log
~~~~~~~~~~~~~~~

*Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.29.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Storm :: STORM-PC [administrator]

Protection: Disabled

5/29/2012 4:11:42 AM
mbam-log-2012-05-29 (04-11-42).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 320073
Time elapsed: 4 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

~~~~~~~~~~~

Also still getting ad audio.


----------



## kevinf80 (Mar 21, 2006)

OK, do you have flash drive to do the following:

Download *Farbar Recovery Scan Tool* and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter *System Recovery Options* I give two methods, use whichever is convenient for you.

*To enter System Recovery Options from the Advanced Boot Options:*

Restart the computer.
As soon as the BIOS is loaded begin tapping the* F8* key until Advanced Boot Options appears.
Use the arrow keys to select the *Repair your computer* menu item.
Select *US* as the keyboard language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account an click *Next*.

*To enter System Recovery Options by using Windows installation disc:*

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click *Repair your computer*.
Select *Your Country* as the keyboard language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account and click *Next*.

*On the System Recovery Options menu you will get the following options:*
*Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt*


Select *Command Prompt*
In the command window type in *notepad* and press *Enter*.
The notepad opens. Under File menu select *Open*.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type *e:\frst64*) and press *Enter* 
*Note:* Replace letter *e* with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press *Scan* button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


----------



## StormProtocol (May 29, 2012)

okay, sorry my mouse wasnt working i think the driver didnt load or something so i couldnt click file-open in notepad. but i plugged in another mouse and it worked. 

anyway;

i did what you said, and when i typed "G:\frst64"
it said it wasnt compatible with my version of windows 7. 

strange 

im going to try it one more time but ya for now assume that didnt work


----------



## kevinf80 (Mar 21, 2006)

I gave you 64 bit version so should run OK, If you cannot get that to run try this scan :-

Download the *Windows Defender Offline Tool* and save to your Desktop.
You will have to select the correct version for your system, either 32 or 64 bit










Double click







to run the tool, Windows 7 or Vista user right click and select "Run as Administrator"

Read the instructions in the new window and select "Next"










In the new window accept the agreement:










In the new window select your USB Flash Drive, then select "Next"










In the new window ensure you Flash drive is selected, if not click on "Refresh" then select "Next"










In the new window accept the formatting alert by selecting "Next"










Files will be Downloaded:










Files will be processed and created










Flash drive will be formatted and prepared










Files will be added to the Flash Drive and the tool will be created.










The procedure is finished and the Tool created, click on "Finish" to complete.










Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required, Use F12 as it boots, change options...
As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds. 
When complete do a full scan, deal with what it finds.
When finished, remove the USB stick then press the *Esc key* to boot into regular windows.
Navigate to the following file:
*"C:\windows\windows defender offline\support\mssWrapper.log"* Open with notepad and copy and paste it into a reply.

Also when you boot back into windows run the following and post its log:

Please run the MGA Diagnostic Tool and post back the report it creates:

Download *MGADiag* to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.


----------



## StormProtocol (May 29, 2012)

okay, the first program you gave me didnt work (frst64) but the second one did (mssstool64). i ran the scan and it found 1 file and i removed it.

but when i go to local C i cant find the log your describing.

here is the log from MGADiag though:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-TMVMJ-BBMRX-3MBMV
Windows Product Key Hash: 55n8g6xdzhe4AOWhmTzdzQoLfa4=
Windows Product ID: 00426-292-0000007-85733
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {64B93AFA-4F4B-43CA-9D1D-ABF9901A431A}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_rtm.101119-1850
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{64B93AFA-4F4B-43CA-9D1D-ABF9901A431A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3MBMV</PKey><PID>00426-292-0000007-85733</PID><PIDType>5</PIDType><SID>S-1-5-21-806090809-1033990294-959479435</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0504</Version><SMBIOSVersion major="2" minor="6"/><Date>20110712000000.000000+000</Date></BIOS><HWID>7CAB3F07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00170-292-000000-00-1033-7600.0000-0962012
Installation ID: 004431660730503836521992590670447432152710209373805754
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 3MBMV
License Status: Initial grace period
Time remaining: 42720 minute(s) (29 day(s))
Remaining Windows rearm count: 4
Trusted time: 5/29/2012 5:43:51 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: LAAAAAEAAgABAAEAAAABAAAAAQABAAEAHKKQgz66fOkaXcROXv0+kwQCLnM=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information: 
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
SSDT AMICPU PROC

~~~~~~~~~~~~~~~~~~~~~~~
And i'm still getting the ads. I'm sorry to waste so much of your time, but this has proven to be a real pain in the *** and i appreciate your help greatly

-storm


----------



## StormProtocol (May 29, 2012)

6am seems like a good time to go to sleep though, so ill be inactive for a few hours. thanks again for your help, and i'll talk to you soon


----------



## Cookiegal (Aug 27, 2003)

StormProtocol,

Just a word to please be careful of your language here as this is a family friendly site. I've edited the title of the thread and one of your posts for language. It's still not acceptable even if the filters have starred the word out. I understand your frustration but using such language is inappropriate. Please govern yourself accordingly in the future.


----------



## kevinf80 (Mar 21, 2006)

We are not making any progress with your issue, with that in mind and the status of your system and as you`ve not yet activated this version of windows. I think your best way forward is to Reformat your HD, re-install windows and activate. You will of course need a *genuine licence key*.

The partial key indicated in the MGA log is the default key used by windows when no activation has been done:

Windows Product Key: *****-*****-TMVMJ-BBMRX-3MBMV

As can be clearly seen in the log information you are running in the grace period..

Partial Product Key: 3MBMV
License Status: Initial grace period
Time remaining: 42720 minute(s) (29 day(s))
Remaining Windows rearm count: 4
Trusted time: 5/29/2012 5:43:51 AM


----------



## StormProtocol (May 29, 2012)

ya i noticed that, it said it was pre-cracked but apparently not. anyway, i really appreciate your help, and just have one more question. would just wiping my boot drive fix this or do i need to wipe my HDDs as well? 

I know we dont know where this temp file is coming from but is there any way to find out what drive its coming from? because i really dont want to wipe all m drives


----------



## kevinf80 (Mar 21, 2006)

Boot drive only will be sufficient, if you`ve backed anything up to other drives i`d scan them with an AV program to be sure they are OK.
If you paid money for that version of Windows i`d ask for a refund.....


----------

