[A] Windows has encountered a critical problem and will restart automatically in one minute

Inactive
By ktulu
Oct 9, 2012
Topic Status:
Not open for further replies.
  1. When I start Windows it tries to install a new device driver, although there are no new devices connected. After a few seconds it fails and a warnig dialog is shown with the message:
    Windows has encountered a critical problem and will restart automatically in one minute

    I haven't been able to stop the timeout or run my antivirus software (ESET) before the computer is restarted.

    I've seen posts with similar issues and I've scanned the computer with Farbar Recovery Scan Tool.

    I'm very grateful for any help.

    Here's the log:


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-10-2012
    Ran by SYSTEM at 09-10-2012 22:19:02
    Running from I:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
    HKLM-x32\...\Run: [M-Audio Taskbar Icon] C:\Windows\system32\DeltaIITray.exe [x]
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-01-30] ()
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-13] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKU\Olof\...\Run: [Google Update] "C:\Users\Olof\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-24] (Google Inc.)
    HKU\Olof\...\Run: [Spotify Web Helper] "C:\Users\Olof\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-08-21] ()
    HKU\Olof\...\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background [445624 2012-05-31] (Sony)
    Tcpip\Parameters: [DhcpNameServer] 193.150.193.150 83.255.245.11
    Startup: C:\Users\Olof\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\Olof\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

    ==================== Services (Whitelisted) ===================

    3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (www.BitComet.com)
    2 DiinoService; C:\Users\Olof\AppData\Roaming\Diino\DiinoService_win7_amd64.exe [57968 2012-09-20] ()
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-22] (ESET)
    3 fussvc; "C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe" [137728 2012-02-09] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) =====================

    3 DELTAII; C:\Windows\System32\DRIVERS\MAudioDelta.sys [392712 2009-07-27] (Avid Technology, Inc.)
    2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-04] (ESET)
    3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
    3 VSPerfDrv110; \??\C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [67920 2011-12-11] (Microsoft Corporation)
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-10-09 22:18 - 2012-10-09 22:18 - 00000000 ____D C:\FRST
    2012-10-09 11:31 - 2012-10-09 11:32 - 00001908 ____A C:\Windows\diagwrn.xml
    2012-10-09 11:31 - 2012-10-09 11:32 - 00001908 ____A C:\Windows\diagerr.xml
    2012-10-09 11:31 - 2012-10-09 11:31 - 00000000 ____D C:\$WINDOWS.~BT
    2012-10-09 10:35 - 2012-10-09 10:35 - 09575864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-10-02 11:50 - 2012-10-04 12:40 - 00000000 ____D C:\Users\Olof\Desktop\blocket
    2012-09-30 07:57 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-09-30 07:57 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-09-30 07:57 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-09-30 07:57 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-09-30 07:57 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-09-30 07:57 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-09-30 07:57 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-09-30 07:57 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-09-30 07:57 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-09-30 07:57 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-09-30 07:57 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-09-30 07:57 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-09-30 07:57 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-09-30 07:57 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-09-30 07:57 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-09-30 07:57 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-09-30 07:57 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-09-30 07:57 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-09-30 07:57 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-09-30 07:57 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-09-30 07:57 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-09-30 07:57 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-09-30 07:57 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-09-30 07:57 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-09-30 07:57 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-09-30 07:57 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-09-30 07:57 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-09-30 07:57 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-09-30 07:57 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-09-30 07:57 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-09-30 07:57 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-09-30 07:57 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-09-20 11:45 - 2012-10-07 02:18 - 00000000 ____D C:\Users\Olof\AppData\Roaming\BitComet
    2012-09-20 11:45 - 2012-09-20 11:45 - 00000000 ____D C:\Program Files\BitComet
    2012-09-20 11:41 - 2012-09-20 11:41 - 00000000 ____D C:\Users\Olof\AppData\Local\ESET
    2012-09-20 09:14 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-09-20 09:14 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-09-20 09:14 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

    ==================== 3 Months Modified Files ==================

    2012-10-09 11:53 - 2012-03-24 06:21 - 01599643 ____A C:\Windows\WindowsUpdate.log
    2012-10-09 11:52 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-09 11:52 - 2009-07-13 20:51 - 00001059 ____A C:\Windows\setupact.log
    2012-10-09 11:32 - 2012-10-09 11:31 - 00001908 ____A C:\Windows\diagwrn.xml
    2012-10-09 11:32 - 2012-10-09 11:31 - 00001908 ____A C:\Windows\diagerr.xml
    2012-10-09 11:31 - 2009-07-13 20:51 - 00000000 ____A C:\Windows\setuperr.log
    2012-10-09 10:35 - 2012-10-09 10:35 - 09575864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-10-09 10:35 - 2012-04-16 12:16 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-10-09 10:27 - 2009-07-13 21:13 - 00781298 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-10-08 10:44 - 2012-03-24 06:29 - 00001000 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3557097070-2043288293-3833884491-1001UA.job
    2012-10-08 08:24 - 2009-07-13 20:45 - 00015136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-08 08:24 - 2009-07-13 20:45 - 00015136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-06 19:44 - 2012-03-24 06:29 - 00000948 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3557097070-2043288293-3833884491-1001Core.job
    2012-09-30 05:57 - 2012-03-24 06:29 - 00002489 ____A C:\Users\Olof\Desktop\Google Chrome.lnk
    2012-09-20 17:00 - 2012-03-24 07:18 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-09-20 09:35 - 2012-04-16 12:16 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-09-20 09:35 - 2012-04-16 12:16 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-08 15:09 - 2012-09-08 15:09 - 00188808 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-09-08 15:09 - 2012-09-08 15:09 - 00188808 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-09-08 12:30 - 2012-09-08 12:30 - 00275272 ____A C:\Windows\Minidump\090812-15046-01.dmp
    2012-09-08 12:19 - 2012-09-08 12:19 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-09-08 12:19 - 2012-09-08 12:19 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-09-08 12:19 - 2012-09-08 12:19 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-09-08 12:19 - 2012-09-08 12:19 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-09-08 12:19 - 2012-03-25 02:53 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-09-08 06:26 - 2012-09-08 06:26 - 01721576 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
    2012-09-08 06:26 - 2012-09-08 06:26 - 00027760 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys
    2012-09-08 06:26 - 2012-09-08 06:26 - 00014448 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys
    2012-09-08 05:57 - 2012-03-25 02:54 - 00231414 ____A C:\Windows\DPINST.LOG
    2012-08-24 03:15 - 2012-09-30 07:57 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-09-30 07:57 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-09-30 07:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 02:22 - 2012-09-30 07:57 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-09-30 07:57 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-09-30 07:57 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-09-30 07:57 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-09-30 07:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-09-30 07:57 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:14 - 2012-09-30 07:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:13 - 2012-09-30 07:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-09-30 07:57 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-09-30 07:57 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-09-30 07:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-09-30 07:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-09-30 07:57 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-09-30 07:57 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-09-30 07:57 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-09-30 07:57 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-09-30 07:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-09-30 07:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-09-30 07:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-09-30 07:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-09-30 07:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-09-30 07:57 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:47 - 2012-09-30 07:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-09-30 07:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:45 - 2012-09-30 07:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-09-30 07:57 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:44 - 2012-09-30 07:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:43 - 2012-09-30 07:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-09-30 07:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-22 10:12 - 2012-09-20 09:14 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 10:12 - 2012-09-20 09:14 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 10:12 - 2012-09-20 09:14 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-17 01:14 - 2009-07-13 20:45 - 02902352 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-15 07:04 - 2012-06-28 11:47 - 00002034 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
    2012-07-19 11:18 - 2012-03-24 06:28 - 00064904 ____A C:\Users\Olof\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-19 09:05 - 2009-07-13 21:08 - 00032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-18 10:15 - 2012-08-15 07:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 7FDFD822B0221100D6923BEEB50E865A

    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 15%
    Total physical RAM: 4095.24 MB
    Available physical RAM: 3446.62 MB
    Total Pagefile: 4093.39 MB
    Available Pagefile: 3445.95 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: (Programs) (Fixed) (Total:59.62 GB) (Free:8.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (Storage) (Fixed) (Total:465.76 GB) (Free:113.44 GB) NTFS
    3 Drive e: (Photos) (Fixed) (Total:97.65 GB) (Free:35.68 GB) NTFS
    4 Drive f: (Studio) (Fixed) (Total:78.13 GB) (Free:62.15 GB) NTFS
    5 Drive g: (Extra) (Fixed) (Total:103.68 GB) (Free:70.44 GB) NTFS
    6 Drive h: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
    7 Drive I: () (Removable) (Total:3.87 GB) (Free:0.23 GB) FAT32
    8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 59 GB 3072 KB
    Disk 1 Online 465 GB 1024 KB
    Disk 2 Online 279 GB 1024 KB
    Disk 3 Online 3965 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 59 GB 1024 KB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C Programs NTFS Partition 59 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 31 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D Storage NTFS Partition 465 GB Healthy

    =========================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 97 GB 31 KB
    Partition 2 Primary 78 GB 97 GB
    Partition 3 Primary 103 GB 175 GB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Photos NTFS Partition 97 GB Healthy

    =========================================================

    Disk: 2
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F Studio NTFS Partition 78 GB Healthy

    =========================================================

    Disk: 2
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 G Extra NTFS Partition 103 GB Healthy

    =========================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 3965 MB 0 B

    ==================================================================================

    Disk: 3
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    =========================================================

    Last Boot: 2012-10-07 03:21

    ==================== End Of Log =============================
  2. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  3. ktulu

    ktulu Newcomer, in training Topic Starter

    Here's the Search log:

    Farbar Recovery Scan Tool (x64) Version: 07-10-2012
    Ran by SYSTEM at 2012-10-10 21:27:44
    Running from I:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 7FDFD822B0221100D6923BEEB50E865A

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 7FDFD822B0221100D6923BEEB50E865A

    ====== End Of Search ======


    And I also did another scan, just in case:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-10-2012
    Ran by SYSTEM at 10-10-2012 21:28:41
    Running from I:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
    HKLM-x32\...\Run: [M-Audio Taskbar Icon] C:\Windows\system32\DeltaIITray.exe [x]
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-01-30] ()
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-13] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKU\Olof\...\Run: [Google Update] "C:\Users\Olof\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-24] (Google Inc.)
    HKU\Olof\...\Run: [Spotify Web Helper] "C:\Users\Olof\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-08-21] ()
    HKU\Olof\...\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background [445624 2012-05-31] (Sony)
    Tcpip\Parameters: [DhcpNameServer] 193.150.193.150 83.255.245.11
    Startup: C:\Users\Olof\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\Olof\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

    ==================== Services (Whitelisted) ===================

    3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (www.BitComet.com)
    2 DiinoService; C:\Users\Olof\AppData\Roaming\Diino\DiinoService_win7_amd64.exe [57968 2012-09-20] ()
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-22] (ESET)
    3 fussvc; "C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe" [137728 2012-02-09] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) =====================

    3 DELTAII; C:\Windows\System32\DRIVERS\MAudioDelta.sys [392712 2009-07-27] (Avid Technology, Inc.)
    2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-04] (ESET)
    3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
    3 VSPerfDrv110; \??\C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [67920 2011-12-11] (Microsoft Corporation)
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-10-09 22:18 - 2012-10-09 22:18 - 00000000 ____D C:\FRST
    2012-10-09 11:31 - 2012-10-09 11:32 - 00001908 ____A C:\Windows\diagwrn.xml
    2012-10-09 11:31 - 2012-10-09 11:32 - 00001908 ____A C:\Windows\diagerr.xml
    2012-10-09 11:31 - 2012-10-09 11:31 - 00000000 ____D C:\$WINDOWS.~BT
    2012-10-09 10:35 - 2012-10-09 10:35 - 09575864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-10-02 11:50 - 2012-10-04 12:40 - 00000000 ____D C:\Users\Olof\Desktop\blocket
    2012-09-30 07:57 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-09-30 07:57 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-09-30 07:57 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-09-30 07:57 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-09-30 07:57 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-09-30 07:57 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-09-30 07:57 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-09-30 07:57 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-09-30 07:57 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-09-30 07:57 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-09-30 07:57 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-09-30 07:57 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-09-30 07:57 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-09-30 07:57 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-09-30 07:57 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-09-30 07:57 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-09-30 07:57 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-09-30 07:57 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-09-30 07:57 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-09-30 07:57 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-09-30 07:57 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-09-30 07:57 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-09-30 07:57 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-09-30 07:57 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-09-30 07:57 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-09-30 07:57 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-09-30 07:57 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-09-30 07:57 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-09-30 07:57 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-09-30 07:57 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-09-30 07:57 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-09-30 07:57 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-09-20 11:45 - 2012-10-07 02:18 - 00000000 ____D C:\Users\Olof\AppData\Roaming\BitComet
    2012-09-20 11:45 - 2012-09-20 11:45 - 00000000 ____D C:\Program Files\BitComet
    2012-09-20 11:41 - 2012-09-20 11:41 - 00000000 ____D C:\Users\Olof\AppData\Local\ESET
    2012-09-20 09:14 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-09-20 09:14 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-09-20 09:14 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

    ==================== 3 Months Modified Files ==================

    2012-10-09 12:29 - 2012-03-24 06:21 - 01600701 ____A C:\Windows\WindowsUpdate.log
    2012-10-09 12:29 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-09 12:29 - 2009-07-13 20:51 - 00001115 ____A C:\Windows\setupact.log
    2012-10-09 11:32 - 2012-10-09 11:31 - 00001908 ____A C:\Windows\diagwrn.xml
    2012-10-09 11:32 - 2012-10-09 11:31 - 00001908 ____A C:\Windows\diagerr.xml
    2012-10-09 11:31 - 2009-07-13 20:51 - 00000000 ____A C:\Windows\setuperr.log
    2012-10-09 10:35 - 2012-10-09 10:35 - 09575864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-10-09 10:35 - 2012-04-16 12:16 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-10-09 10:27 - 2009-07-13 21:13 - 00781298 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-10-08 10:44 - 2012-03-24 06:29 - 00001000 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3557097070-2043288293-3833884491-1001UA.job
    2012-10-08 08:24 - 2009-07-13 20:45 - 00015136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-08 08:24 - 2009-07-13 20:45 - 00015136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-06 19:44 - 2012-03-24 06:29 - 00000948 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3557097070-2043288293-3833884491-1001Core.job
    2012-09-30 05:57 - 2012-03-24 06:29 - 00002489 ____A C:\Users\Olof\Desktop\Google Chrome.lnk
    2012-09-20 17:00 - 2012-03-24 07:18 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-09-20 09:35 - 2012-04-16 12:16 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-09-20 09:35 - 2012-04-16 12:16 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-08 15:09 - 2012-09-08 15:09 - 00188808 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-09-08 15:09 - 2012-09-08 15:09 - 00188808 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-09-08 12:30 - 2012-09-08 12:30 - 00275272 ____A C:\Windows\Minidump\090812-15046-01.dmp
    2012-09-08 12:19 - 2012-09-08 12:19 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-09-08 12:19 - 2012-09-08 12:19 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-09-08 12:19 - 2012-09-08 12:19 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-09-08 12:19 - 2012-09-08 12:19 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-09-08 12:19 - 2012-03-25 02:53 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-09-08 06:26 - 2012-09-08 06:26 - 01721576 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
    2012-09-08 06:26 - 2012-09-08 06:26 - 00027760 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys
    2012-09-08 06:26 - 2012-09-08 06:26 - 00014448 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys
    2012-09-08 05:57 - 2012-03-25 02:54 - 00231414 ____A C:\Windows\DPINST.LOG
    2012-08-24 03:15 - 2012-09-30 07:57 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-09-30 07:57 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-09-30 07:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 02:22 - 2012-09-30 07:57 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-09-30 07:57 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-09-30 07:57 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-09-30 07:57 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-09-30 07:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-09-30 07:57 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:14 - 2012-09-30 07:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:13 - 2012-09-30 07:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-09-30 07:57 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-09-30 07:57 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-09-30 07:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-09-30 07:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-09-30 07:57 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-09-30 07:57 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-09-30 07:57 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-09-30 07:57 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-09-30 07:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-09-30 07:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-09-30 07:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-09-30 07:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-09-30 07:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-09-30 07:57 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:47 - 2012-09-30 07:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-09-30 07:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:45 - 2012-09-30 07:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-09-30 07:57 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:44 - 2012-09-30 07:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:43 - 2012-09-30 07:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-09-30 07:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-22 10:12 - 2012-09-20 09:14 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 10:12 - 2012-09-20 09:14 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 10:12 - 2012-09-20 09:14 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-17 01:14 - 2009-07-13 20:45 - 02902352 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-15 07:04 - 2012-06-28 11:47 - 00002034 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
    2012-07-19 11:18 - 2012-03-24 06:28 - 00064904 ____A C:\Users\Olof\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-19 09:05 - 2009-07-13 21:08 - 00032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-18 10:15 - 2012-08-15 07:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 7FDFD822B0221100D6923BEEB50E865A

    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 19%
    Total physical RAM: 4095.24 MB
    Available physical RAM: 3284.84 MB
    Total Pagefile: 4093.39 MB
    Available Pagefile: 3368 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions =============================

    1 Drive c: (Programs) (Fixed) (Total:59.62 GB) (Free:8.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (Storage) (Fixed) (Total:465.76 GB) (Free:113.44 GB) NTFS
    3 Drive e: (Photos) (Fixed) (Total:97.65 GB) (Free:35.68 GB) NTFS
    4 Drive f: (Studio) (Fixed) (Total:78.13 GB) (Free:62.15 GB) NTFS
    5 Drive g: (Extra) (Fixed) (Total:103.68 GB) (Free:70.44 GB) NTFS
    6 Drive h: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
    7 Drive I: () (Removable) (Total:3.87 GB) (Free:0.23 GB) FAT32
    8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 59 GB 3072 KB
    Disk 1 Online 465 GB 1024 KB
    Disk 2 Online 279 GB 1024 KB
    Disk 3 Online 3965 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 59 GB 1024 KB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C Programs NTFS Partition 59 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 31 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D Storage NTFS Partition 465 GB Healthy

    =========================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 97 GB 31 KB
    Partition 2 Primary 78 GB 97 GB
    Partition 3 Primary 103 GB 175 GB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Photos NTFS Partition 97 GB Healthy

    =========================================================

    Disk: 2
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F Studio NTFS Partition 78 GB Healthy

    =========================================================

    Disk: 2
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 G Extra NTFS Partition 103 GB Healthy

    =========================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 3965 MB 0 B

    ==================================================================================

    Disk: 3
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    =========================================================

    Last Boot: 2012-10-07 03:21

    ==================== End Of Log =============================
  4. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    You have one infected system file (services.exe) but there is no healthy replacement for it.
    I uploaded healthy replacement here: http://www.filedropper.com/services_1
    Download it and paste services.exe file into very same USB flash drive you're using.
    Let me know when done.
  5. ktulu

    ktulu Newcomer, in training Topic Starter

    The services.exe file is now on by USB flash drive.
  6. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can start normally.

    Attached Files:

  7. ktulu

    ktulu Newcomer, in training Topic Starter

    It seems to work fine. Thanks!


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-10-2012
    Ran by SYSTEM at 2012-10-12 07:51:41 Run:1
    Running from I:\

    ==============================================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe moved successfully.
    I:\services.exe copied successfully to C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    C:\Windows\System32\services.exe moved successfully.
    I:\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
  8. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Perfect!

    Now we need to run some more scans to make sure you're safe.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ====================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  9. ktulu

    ktulu Newcomer, in training Topic Starter

    00:42:45.0150 3020 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    00:42:45.0415 3020 ============================================================
    00:42:45.0415 3020 Current date / time: 2012/10/13 00:42:45.0415
    00:42:45.0415 3020 SystemInfo:
    00:42:45.0415 3020
    00:42:45.0415 3020 OS Version: 6.1.7601 ServicePack: 1.0
    00:42:45.0415 3020 Product type: Workstation
    00:42:45.0415 3020 ComputerName: OLOF-PC
    00:42:45.0415 3020 UserName: Olof
    00:42:45.0415 3020 Windows directory: C:\Windows
    00:42:45.0415 3020 System windows directory: C:\Windows
    00:42:45.0415 3020 Running under WOW64
    00:42:45.0415 3020 Processor architecture: Intel x64
    00:42:45.0415 3020 Number of processors: 2
    00:42:45.0415 3020 Page size: 0x1000
    00:42:45.0415 3020 Boot type: Normal boot
    00:42:45.0415 3020 ============================================================
    00:42:46.0834 3020 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    00:42:46.0835 3020 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    00:42:46.0854 3020 Drive \Device\Harddisk2\DR2 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    00:42:46.0899 3020 ============================================================
    00:42:46.0899 3020 \Device\Harddisk0\DR0:
    00:42:46.0934 3020 MBR partitions:
    00:42:46.0934 3020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x773E000
    00:42:46.0934 3020 \Device\Harddisk1\DR1:
    00:42:46.0936 3020 MBR partitions:
    00:42:46.0936 3020 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
    00:42:46.0936 3020 \Device\Harddisk2\DR2:
    00:42:46.0968 3020 MBR partitions:
    00:42:46.0968 3020 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
    00:42:46.0968 3020 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0xC34F2CC, BlocksNum 0x9C41B17
    00:42:46.0968 3020 \Device\Harddisk2\DR2\Partition3: MBR, Type 0x7, StartLBA 0x15F90DE3, BlocksNum 0xCF59F5E
    00:42:46.0968 3020 ============================================================
    00:42:47.0111 3020 C: <-> \Device\Harddisk0\DR0\Partition1
    00:42:47.0111 3020 D: <-> \Device\Harddisk1\DR1\Partition1
    00:42:47.0133 3020 E: <-> \Device\Harddisk2\DR2\Partition1
    00:42:47.0187 3020 F: <-> \Device\Harddisk2\DR2\Partition2
    00:42:47.0538 3020 G: <-> \Device\Harddisk2\DR2\Partition3
    00:42:47.0538 3020 ============================================================
    00:42:47.0538 3020 Initialize success
    00:42:47.0538 3020 ============================================================
    00:42:52.0208 1272 ============================================================
    00:42:52.0208 1272 Scan started
    00:42:52.0208 1272 Mode: Manual;
    00:42:52.0208 1272 ============================================================
    00:42:53.0079 1272 ================ Scan system memory ========================
    00:42:53.0079 1272 System memory - ok
    00:42:53.0079 1272 ================ Scan services =============================
    00:42:53.0141 1272 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    00:42:53.0157 1272 1394ohci - ok
    00:42:53.0172 1272 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    00:42:53.0219 1272 ACPI - ok
    00:42:53.0235 1272 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    00:42:53.0235 1272 AcpiPmi - ok
    00:42:53.0250 1272 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
    00:42:53.0266 1272 adfs - ok
    00:42:53.0282 1272 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    00:42:53.0282 1272 AdobeARMservice - ok
    00:42:53.0329 1272 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    00:42:53.0344 1272 AdobeFlashPlayerUpdateSvc - ok
    00:42:53.0360 1272 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    00:42:53.0375 1272 adp94xx - ok
    00:42:53.0375 1272 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    00:42:53.0391 1272 adpahci - ok
    00:42:53.0407 1272 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    00:42:53.0407 1272 adpu320 - ok
    00:42:53.0422 1272 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    00:42:53.0422 1272 AeLookupSvc - ok
    00:42:53.0438 1272 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    00:42:53.0454 1272 AFD - ok
    00:42:53.0469 1272 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    00:42:53.0469 1272 agp440 - ok
    00:42:53.0469 1272 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    00:42:53.0485 1272 ALG - ok
    00:42:53.0485 1272 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    00:42:53.0485 1272 aliide - ok
    00:42:53.0500 1272 [ 9C616BA191B80F5CD1A1B9553E107100 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    00:42:53.0500 1272 AMD External Events Utility - ok
    00:42:53.0516 1272 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    00:42:53.0516 1272 amdide - ok
    00:42:53.0532 1272 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    00:42:53.0532 1272 AmdK8 - ok
    00:42:53.0750 1272 [ 5165E83751B8FF40E5E4925996FCC506 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    00:42:53.0985 1272 amdkmdag - ok
    00:42:54.0016 1272 [ 86AB3CF484260C4318F3A6E8B035F422 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    00:42:54.0016 1272 amdkmdap - ok
    00:42:54.0063 1272 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    00:42:54.0063 1272 AmdPPM - ok
    00:42:54.0085 1272 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    00:42:54.0162 1272 amdsata - ok
    00:42:54.0171 1272 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    00:42:54.0177 1272 amdsbs - ok
    00:42:54.0185 1272 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    00:42:54.0215 1272 amdxata - ok
    00:42:54.0225 1272 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    00:42:54.0229 1272 AppID - ok
    00:42:54.0237 1272 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    00:42:54.0240 1272 AppIDSvc - ok
    00:42:54.0249 1272 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    00:42:54.0252 1272 Appinfo - ok
    00:42:54.0264 1272 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    00:42:54.0270 1272 AppMgmt - ok
    00:42:54.0280 1272 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    00:42:54.0284 1272 arc - ok
    00:42:54.0292 1272 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    00:42:54.0296 1272 arcsas - ok
    00:42:54.0319 1272 [ FA558B04F900EF9801534D20F24FF2BF ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    00:42:54.0327 1272 aspnet_state - ok
    00:42:54.0334 1272 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    00:42:54.0338 1272 AsyncMac - ok
    00:42:54.0345 1272 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    00:42:54.0346 1272 atapi - ok
    00:42:54.0360 1272 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
    00:42:54.0363 1272 AtiHDAudioService - ok
    00:42:54.0382 1272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    00:42:54.0398 1272 AudioEndpointBuilder - ok
    00:42:54.0416 1272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    00:42:54.0420 1272 AudioSrv - ok
    00:42:54.0430 1272 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    00:42:54.0434 1272 AxInstSV - ok
    00:42:54.0451 1272 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    00:42:54.0461 1272 b06bdrv - ok
    00:42:54.0474 1272 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    00:42:54.0482 1272 b57nd60a - ok
    00:42:54.0496 1272 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    00:42:54.0500 1272 BDESVC - ok
    00:42:54.0507 1272 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    00:42:54.0509 1272 Beep - ok
    00:42:54.0531 1272 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    00:42:54.0545 1272 BFE - ok
    00:42:54.0554 1272 BITCOMET_HELPER_SERVICE - ok
    00:42:54.0578 1272 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    00:42:54.0597 1272 BITS - ok
    00:42:54.0606 1272 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    00:42:54.0609 1272 blbdrive - ok
    00:42:54.0618 1272 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    00:42:54.0622 1272 bowser - ok
    00:42:54.0629 1272 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    00:42:54.0632 1272 BrFiltLo - ok
    00:42:54.0640 1272 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    00:42:54.0642 1272 BrFiltUp - ok
    00:42:54.0652 1272 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    00:42:54.0657 1272 Browser - ok
    00:42:54.0668 1272 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    00:42:54.0675 1272 Brserid - ok
    00:42:54.0684 1272 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    00:42:54.0688 1272 BrSerWdm - ok
    00:42:54.0696 1272 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    00:42:54.0698 1272 BrUsbMdm - ok
    00:42:54.0707 1272 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    00:42:54.0711 1272 BrUsbSer - ok
    00:42:54.0740 1272 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    00:42:54.0746 1272 BTHMODEM - ok
    00:42:54.0759 1272 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    00:42:54.0763 1272 bthserv - ok
    00:42:54.0773 1272 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    00:42:54.0780 1272 cdfs - ok
    00:42:54.0791 1272 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    00:42:54.0795 1272 cdrom - ok
    00:42:54.0805 1272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    00:42:54.0809 1272 CertPropSvc - ok
    00:42:54.0816 1272 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    00:42:54.0821 1272 circlass - ok
    00:42:54.0835 1272 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    00:42:54.0843 1272 CLFS - ok
    00:42:54.0854 1272 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    00:42:54.0862 1272 clr_optimization_v2.0.50727_32 - ok
    00:42:54.0872 1272 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    00:42:54.0878 1272 clr_optimization_v2.0.50727_64 - ok
    00:42:54.0895 1272 [ F53E15A89675B7489FABE74F2091568E ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    00:42:54.0907 1272 clr_optimization_v4.0.30319_32 - ok
    00:42:54.0924 1272 [ 101D397632B9007DF13E9A957EA68E04 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    00:42:54.0930 1272 clr_optimization_v4.0.30319_64 - ok
    00:42:54.0937 1272 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    00:42:54.0940 1272 CmBatt - ok
    00:42:54.0948 1272 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    00:42:54.0951 1272 cmdide - ok
    00:42:54.0968 1272 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    00:42:54.0978 1272 CNG - ok
    00:42:54.0986 1272 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    00:42:54.0990 1272 Compbatt - ok
    00:42:54.0998 1272 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    00:42:55.0000 1272 CompositeBus - ok
    00:42:55.0007 1272 COMSysApp - ok
    00:42:55.0017 1272 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    00:42:55.0024 1272 crcdisk - ok
    00:42:55.0039 1272 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    00:42:55.0043 1272 CryptSvc - ok
    00:42:55.0059 1272 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    00:42:55.0070 1272 CSC - ok
    00:42:55.0112 1272 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    00:42:55.0127 1272 CscService - ok
    00:42:55.0143 1272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    00:42:55.0159 1272 DcomLaunch - ok
    00:42:55.0174 1272 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    00:42:55.0174 1272 defragsvc - ok
    00:42:55.0190 1272 [ 877C5F051024231F5774BF8184C78D4A ] DELTAII C:\Windows\system32\DRIVERS\MAudioDelta.sys
    00:42:55.0221 1272 DELTAII - ok
    00:42:55.0237 1272 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    00:42:55.0237 1272 DfsC - ok
    00:42:55.0252 1272 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    00:42:55.0268 1272 Dhcp - ok
    00:42:55.0268 1272 [ 8751872E06286B320220D75B404817BF ] DiinoService C:\Users\Olof\AppData\Roaming\Diino\DiinoService_win7_amd64.exe
    00:42:55.0284 1272 DiinoService - ok
    00:42:55.0284 1272 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    00:42:55.0284 1272 discache - ok
    00:42:55.0299 1272 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    00:42:55.0299 1272 Disk - ok
    00:42:55.0315 1272 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    00:42:55.0315 1272 Dnscache - ok
    00:42:55.0331 1272 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    00:42:55.0331 1272 dot3svc - ok
    00:42:55.0362 1272 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    00:42:55.0362 1272 DPS - ok
    00:42:55.0377 1272 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    00:42:55.0377 1272 drmkaud - ok
    00:42:55.0409 1272 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    00:42:55.0409 1272 DXGKrnl - ok
    00:42:55.0424 1272 [ 13533557D01B88C83110D5CF749F14D7 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
    00:42:55.0424 1272 eamonm - ok
    00:42:55.0440 1272 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    00:42:55.0440 1272 EapHost - ok
    00:42:55.0502 1272 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    00:42:55.0565 1272 ebdrv - ok
    00:42:55.0581 1272 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    00:42:55.0612 1272 EFS - ok
    00:42:55.0627 1272 [ E097728129E7B79BF1089D7AEF42332B ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
    00:42:55.0627 1272 ehdrv - ok
    00:42:55.0643 1272 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    00:42:55.0659 1272 ehRecvr - ok
    00:42:55.0674 1272 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    00:42:55.0674 1272 ehSched - ok
    00:42:55.0706 1272 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    00:42:55.0706 1272 ekrn - ok
    00:42:55.0737 1272 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    00:42:55.0737 1272 elxstor - ok
    00:42:55.0752 1272 [ 2380976CF8A4A56611F35633ACD2A74F ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
    00:42:55.0752 1272 epfwwfpr - ok
    00:42:55.0768 1272 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    00:42:55.0768 1272 ErrDev - ok
    00:42:55.0784 1272 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    00:42:55.0799 1272 EventSystem - ok
    00:42:55.0815 1272 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    00:42:55.0831 1272 exfat - ok
    00:42:55.0846 1272 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    00:42:55.0862 1272 fastfat - ok
    00:42:55.0877 1272 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    00:42:55.0893 1272 Fax - ok
    00:42:55.0909 1272 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    00:42:55.0909 1272 fdc - ok
    00:42:55.0909 1272 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    00:42:55.0909 1272 fdPHost - ok
    00:42:55.0956 1272 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    00:42:55.0956 1272 FDResPub - ok
    00:42:56.0002 1272 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    00:42:56.0018 1272 FileInfo - ok
    00:42:56.0049 1272 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    00:42:56.0049 1272 Filetrace - ok
    00:42:56.0143 1272 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    00:42:56.0159 1272 FLEXnet Licensing Service - ok
    00:42:56.0206 1272 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    00:42:56.0237 1272 FLEXnet Licensing Service 64 - ok
    00:42:56.0268 1272 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    00:42:56.0268 1272 flpydisk - ok
    00:42:56.0706 1272 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    00:42:56.0706 1272 FltMgr - ok
    00:42:56.0737 1272 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    00:42:56.0752 1272 FontCache - ok
    00:42:56.0752 1272 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    00:42:56.0768 1272 FontCache3.0.0.0 - ok
    00:42:56.0768 1272 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    00:42:56.0784 1272 FsDepends - ok
    00:42:56.0784 1272 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    00:42:56.0784 1272 Fs_Rec - ok
    00:42:56.0799 1272 [ 35FD2BB5131714E657B7AB3A78642854 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
    00:42:56.0831 1272 FTDIBUS - ok
    00:42:56.0831 1272 [ 196C9BDDBEF9B6D0973F398BEF5B2EEE ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
    00:42:56.0862 1272 FTSER2K - ok
    00:42:56.0877 1272 [ BAEA55DDFC899B2388C498FFB6227F49 ] fussvc C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe
    00:42:56.0877 1272 fussvc - ok
    00:42:56.0893 1272 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    00:42:56.0893 1272 fvevol - ok
    00:42:56.0909 1272 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    00:42:56.0909 1272 gagp30kx - ok
    00:42:56.0924 1272 [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
    00:42:56.0940 1272 ggflt - ok
    00:42:56.0956 1272 [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
    00:42:56.0956 1272 ggsemc - ok
    00:42:56.0987 1272 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    00:42:57.0002 1272 gpsvc - ok
    00:42:57.0002 1272 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    00:42:57.0018 1272 hcw85cir - ok
    00:42:57.0018 1272 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    00:42:57.0034 1272 HdAudAddService - ok
    00:42:57.0049 1272 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    00:42:57.0049 1272 HDAudBus - ok
    00:42:57.0049 1272 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    00:42:57.0065 1272 HidBatt - ok
    00:42:57.0065 1272 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    00:42:57.0065 1272 HidBth - ok
    00:42:57.0081 1272 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    00:42:57.0081 1272 HidIr - ok
    00:42:57.0096 1272 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    00:42:57.0096 1272 hidserv - ok
    00:42:57.0112 1272 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
    00:42:57.0112 1272 HidUsb - ok
    00:42:57.0112 1272 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    00:42:57.0127 1272 hkmsvc - ok
    00:42:57.0127 1272 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    00:42:57.0143 1272 HomeGroupListener - ok
    00:42:57.0143 1272 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    00:42:57.0159 1272 HomeGroupProvider - ok
    00:42:57.0159 1272 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    00:42:57.0174 1272 HpSAMD - ok
    00:42:57.0190 1272 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    00:42:57.0206 1272 HTTP - ok
    00:42:57.0221 1272 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    00:42:57.0221 1272 hwpolicy - ok
    00:42:57.0221 1272 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    00:42:57.0237 1272 i8042prt - ok
    00:42:57.0252 1272 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    00:42:57.0284 1272 iaStorV - ok
    00:42:57.0299 1272 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    00:42:57.0331 1272 idsvc - ok
    00:42:57.0331 1272 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    00:42:57.0331 1272 iirsp - ok
    00:42:57.0393 1272 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    00:42:57.0409 1272 IKEEXT - ok
    00:42:57.0424 1272 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    00:42:57.0424 1272 intelide - ok
    00:42:57.0440 1272 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    00:42:57.0440 1272 intelppm - ok
    00:42:57.0456 1272 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    00:42:57.0456 1272 IPBusEnum - ok
    00:42:57.0471 1272 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    00:42:57.0471 1272 IpFilterDriver - ok
    00:42:57.0487 1272 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    00:42:57.0502 1272 iphlpsvc - ok
    00:42:57.0502 1272 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    00:42:57.0518 1272 IPMIDRV - ok
    00:42:57.0518 1272 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    00:42:57.0518 1272 IPNAT - ok
    00:42:57.0534 1272 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    00:42:57.0534 1272 IRENUM - ok
    00:42:57.0549 1272 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    00:42:57.0549 1272 isapnp - ok
    00:42:57.0565 1272 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    00:42:57.0565 1272 iScsiPrt - ok
    00:42:57.0565 1272 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    00:42:57.0565 1272 kbdclass - ok
    00:42:57.0581 1272 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    00:42:57.0581 1272 kbdhid - ok
    00:42:57.0596 1272 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    00:42:57.0596 1272 KeyIso - ok
    00:42:57.0596 1272 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    00:42:57.0612 1272 KSecDD - ok
    00:42:57.0612 1272 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    00:42:57.0627 1272 KSecPkg - ok
    00:42:57.0627 1272 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    00:42:57.0627 1272 ksthunk - ok
    00:42:57.0643 1272 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    00:42:57.0659 1272 KtmRm - ok
    00:42:57.0674 1272 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    00:42:57.0674 1272 LanmanServer - ok
    00:42:57.0690 1272 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    00:42:57.0690 1272 LanmanWorkstation - ok
    00:42:57.0706 1272 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    00:42:57.0706 1272 lltdio - ok
    00:42:57.0721 1272 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    00:42:57.0737 1272 lltdsvc - ok
    00:42:57.0737 1272 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    00:42:57.0737 1272 lmhosts - ok
    00:42:57.0752 1272 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    00:42:57.0752 1272 LSI_FC - ok
    00:42:57.0768 1272 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    00:42:57.0768 1272 LSI_SAS - ok
    00:42:57.0784 1272 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    00:42:57.0784 1272 LSI_SAS2 - ok
    00:42:57.0799 1272 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    00:42:57.0799 1272 LSI_SCSI - ok
    00:42:57.0815 1272 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    00:42:57.0815 1272 luafv - ok
    00:42:57.0815 1272 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    00:42:57.0831 1272 Mcx2Svc - ok
    00:42:57.0831 1272 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    00:42:57.0846 1272 megasas - ok
    00:42:57.0846 1272 [ CC94F81D6975EBF9D7250F0D42840527 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    00:42:57.0862 1272 MegaSR - ok
    00:42:57.0862 1272 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    00:42:57.0877 1272 MMCSS - ok
    00:42:57.0877 1272 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    00:42:57.0877 1272 Modem - ok
    00:42:57.0893 1272 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    00:42:57.0893 1272 monitor - ok
    00:42:57.0909 1272 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
    00:42:57.0909 1272 mouclass - ok
    00:42:57.0909 1272 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    00:42:57.0909 1272 mouhid - ok
    00:42:57.0924 1272 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    00:42:57.0924 1272 mountmgr - ok
    00:42:57.0940 1272 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    00:42:57.0940 1272 mpio - ok
    00:42:57.0956 1272 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    00:42:57.0956 1272 mpsdrv - ok
    00:42:57.0987 1272 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    00:42:58.0002 1272 MpsSvc - ok
    00:42:58.0002 1272 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    00:42:58.0018 1272 MRxDAV - ok
    00:42:58.0018 1272 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    00:42:58.0034 1272 mrxsmb - ok
    00:42:58.0049 1272 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    00:42:58.0049 1272 mrxsmb10 - ok
    00:42:58.0065 1272 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    00:42:58.0065 1272 mrxsmb20 - ok
    00:42:58.0065 1272 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    00:42:58.0081 1272 msahci - ok
    00:42:58.0081 1272 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    00:42:58.0096 1272 msdsm - ok
    00:42:58.0096 1272 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    00:42:58.0112 1272 MSDTC - ok
    00:42:58.0127 1272 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    00:42:58.0127 1272 Msfs - ok
    00:42:58.0127 1272 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    00:42:58.0143 1272 mshidkmdf - ok
    00:42:58.0143 1272 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    00:42:58.0143 1272 msisadrv - ok
    00:42:58.0159 1272 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    00:42:58.0159 1272 MSiSCSI - ok
    00:42:58.0174 1272 msiserver - ok
    00:42:58.0174 1272 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    00:42:58.0174 1272 MSKSSRV - ok
    00:42:58.0190 1272 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    00:42:58.0190 1272 MSPCLOCK - ok
    00:42:58.0206 1272 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    00:42:58.0206 1272 MSPQM - ok
    00:42:58.0221 1272 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    00:42:58.0237 1272 MsRPC - ok
    00:42:58.0237 1272 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    00:42:58.0237 1272 mssmbios - ok
    00:42:58.0252 1272 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    00:42:58.0252 1272 MSTEE - ok
    00:42:58.0268 1272 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    00:42:58.0268 1272 MTConfig - ok
    00:42:58.0268 1272 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
    00:42:58.0268 1272 MTsensor - ok
    00:42:58.0284 1272 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    00:42:58.0284 1272 Mup - ok
    00:42:58.0299 1272 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    00:42:58.0315 1272 napagent - ok
    00:42:58.0331 1272 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    00:42:58.0331 1272 NativeWifiP - ok
    00:42:58.0362 1272 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    00:42:58.0377 1272 NDIS - ok
    00:42:58.0377 1272 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    00:42:58.0377 1272 NdisCap - ok
    00:42:58.0393 1272 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    00:42:58.0393 1272 NdisTapi - ok
    00:42:58.0409 1272 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    00:42:58.0409 1272 Ndisuio - ok
    00:42:58.0409 1272 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    00:42:58.0424 1272 NdisWan - ok
    00:42:58.0424 1272 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    00:42:58.0440 1272 NDProxy - ok
    00:42:58.0440 1272 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    00:42:58.0440 1272 NetBIOS - ok
    00:42:58.0456 1272 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    00:42:58.0456 1272 NetBT - ok
    00:42:58.0471 1272 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    00:42:58.0471 1272 Netlogon - ok
    00:42:58.0487 1272 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    00:42:58.0502 1272 Netman - ok
    00:42:58.0502 1272 [ 7E9228C814C0D0B551AF9A114B7E0B16 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    00:42:58.0518 1272 NetMsmqActivator - ok
    00:42:58.0518 1272 [ 7E9228C814C0D0B551AF9A114B7E0B16 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    00:42:58.0534 1272 NetPipeActivator - ok
    00:42:58.0549 1272 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    00:42:58.0549 1272 netprofm - ok
    00:42:58.0565 1272 [ 7E9228C814C0D0B551AF9A114B7E0B16 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    00:42:58.0565 1272 NetTcpActivator - ok
    00:42:58.0581 1272 [ 7E9228C814C0D0B551AF9A114B7E0B16 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
  10. ktulu

    ktulu Newcomer, in training Topic Starter

    00:42:58.0581 1272 NetTcpPortSharing - ok
    00:42:58.0581 1272 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    00:42:58.0596 1272 nfrd960 - ok
    00:42:58.0596 1272 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    00:42:58.0612 1272 NlaSvc - ok
    00:42:58.0612 1272 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    00:42:58.0627 1272 Npfs - ok
    00:42:58.0627 1272 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    00:42:58.0643 1272 nsi - ok
    00:42:58.0643 1272 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    00:42:58.0643 1272 nsiproxy - ok
    00:42:58.0690 1272 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    00:42:58.0721 1272 Ntfs - ok
    00:42:58.0721 1272 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    00:42:58.0721 1272 Null - ok
    00:42:58.0737 1272 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    00:42:58.0737 1272 nvraid - ok
    00:42:58.0752 1272 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    00:42:58.0752 1272 nvstor - ok
    00:42:58.0768 1272 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    00:42:58.0768 1272 nv_agp - ok
    00:42:58.0784 1272 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    00:42:58.0784 1272 ohci1394 - ok
    00:42:58.0799 1272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    00:42:58.0815 1272 p2pimsvc - ok
    00:42:58.0831 1272 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    00:42:58.0846 1272 p2psvc - ok
    00:42:58.0846 1272 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    00:42:58.0846 1272 Parport - ok
    00:42:58.0862 1272 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    00:42:58.0862 1272 partmgr - ok
    00:42:58.0877 1272 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    00:42:58.0877 1272 PcaSvc - ok
    00:42:58.0893 1272 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    00:42:58.0893 1272 pci - ok
    00:42:58.0909 1272 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    00:42:58.0909 1272 pciide - ok
    00:42:58.0924 1272 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    00:42:58.0924 1272 pcmcia - ok
    00:42:58.0940 1272 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    00:42:58.0940 1272 pcw - ok
    00:42:58.0987 1272 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    00:42:58.0987 1272 PEAUTH - ok
    00:42:59.0049 1272 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    00:42:59.0081 1272 PeerDistSvc - ok
    00:42:59.0112 1272 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    00:42:59.0112 1272 PerfHost - ok
    00:42:59.0159 1272 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    00:42:59.0190 1272 pla - ok
    00:42:59.0206 1272 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    00:42:59.0221 1272 PlugPlay - ok
    00:42:59.0237 1272 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    00:42:59.0268 1272 PNRPAutoReg - ok
    00:42:59.0284 1272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    00:42:59.0284 1272 PNRPsvc - ok
    00:42:59.0299 1272 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    00:42:59.0315 1272 PolicyAgent - ok
    00:42:59.0315 1272 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    00:42:59.0331 1272 Power - ok
    00:42:59.0331 1272 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    00:42:59.0346 1272 PptpMiniport - ok
    00:42:59.0346 1272 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    00:42:59.0362 1272 Processor - ok
    00:42:59.0362 1272 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
    00:42:59.0377 1272 ProfSvc - ok
    00:42:59.0377 1272 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    00:42:59.0377 1272 ProtectedStorage - ok
    00:42:59.0393 1272 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    00:42:59.0393 1272 Psched - ok
    00:42:59.0424 1272 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    00:42:59.0456 1272 ql2300 - ok
    00:42:59.0471 1272 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    00:42:59.0471 1272 ql40xx - ok
    00:42:59.0487 1272 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    00:42:59.0534 1272 QWAVE - ok
    00:42:59.0549 1272 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    00:42:59.0549 1272 QWAVEdrv - ok
    00:42:59.0549 1272 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    00:42:59.0565 1272 RasAcd - ok
    00:42:59.0565 1272 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    00:42:59.0581 1272 RasAgileVpn - ok
    00:42:59.0581 1272 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    00:42:59.0596 1272 RasAuto - ok
    00:42:59.0596 1272 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    00:42:59.0612 1272 Rasl2tp - ok
    00:42:59.0627 1272 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    00:42:59.0627 1272 RasMan - ok
    00:42:59.0643 1272 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    00:42:59.0643 1272 RasPppoe - ok
    00:42:59.0659 1272 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    00:42:59.0659 1272 RasSstp - ok
    00:42:59.0674 1272 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    00:42:59.0674 1272 rdbss - ok
    00:42:59.0690 1272 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    00:42:59.0690 1272 rdpbus - ok
    00:42:59.0690 1272 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    00:42:59.0690 1272 RDPCDD - ok
    00:42:59.0706 1272 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    00:42:59.0706 1272 RDPDR - ok
    00:42:59.0721 1272 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    00:42:59.0721 1272 RDPENCDD - ok
    00:42:59.0737 1272 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    00:42:59.0737 1272 RDPREFMP - ok
    00:42:59.0752 1272 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    00:42:59.0752 1272 RdpVideoMiniport - ok
    00:42:59.0752 1272 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    00:42:59.0768 1272 RDPWD - ok
    00:42:59.0784 1272 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    00:42:59.0784 1272 rdyboost - ok
    00:42:59.0799 1272 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    00:42:59.0799 1272 RemoteAccess - ok
    00:42:59.0799 1272 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    00:42:59.0815 1272 RemoteRegistry - ok
    00:42:59.0815 1272 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    00:42:59.0831 1272 RpcEptMapper - ok
    00:42:59.0831 1272 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    00:42:59.0831 1272 RpcLocator - ok
    00:42:59.0862 1272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    00:42:59.0862 1272 RpcSs - ok
    00:42:59.0877 1272 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    00:42:59.0877 1272 rspndr - ok
    00:42:59.0877 1272 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    00:42:59.0893 1272 RTL8167 - ok
    00:42:59.0893 1272 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    00:42:59.0909 1272 s3cap - ok
    00:42:59.0909 1272 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    00:42:59.0909 1272 SamSs - ok
    00:42:59.0924 1272 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    00:42:59.0924 1272 sbp2port - ok
    00:42:59.0940 1272 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    00:42:59.0940 1272 SCardSvr - ok
    00:42:59.0956 1272 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    00:42:59.0956 1272 scfilter - ok
    00:43:00.0018 1272 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    00:43:00.0034 1272 Schedule - ok
    00:43:00.0034 1272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    00:43:00.0049 1272 SCPolicySvc - ok
    00:43:00.0049 1272 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    00:43:00.0065 1272 SDRSVC - ok
    00:43:00.0065 1272 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    00:43:00.0065 1272 secdrv - ok
    00:43:00.0081 1272 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    00:43:00.0081 1272 seclogon - ok
    00:43:00.0096 1272 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    00:43:00.0096 1272 SENS - ok
    00:43:00.0096 1272 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    00:43:00.0112 1272 SensrSvc - ok
    00:43:00.0112 1272 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    00:43:00.0112 1272 Serenum - ok
    00:43:00.0127 1272 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    00:43:00.0127 1272 Serial - ok
    00:43:00.0143 1272 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    00:43:00.0143 1272 sermouse - ok
    00:43:00.0174 1272 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    00:43:00.0237 1272 SessionEnv - ok
    00:43:00.0237 1272 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    00:43:00.0252 1272 sffdisk - ok
    00:43:00.0252 1272 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    00:43:00.0252 1272 sffp_mmc - ok
    00:43:00.0268 1272 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    00:43:00.0268 1272 sffp_sd - ok
    00:43:00.0284 1272 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    00:43:00.0284 1272 sfloppy - ok
    00:43:00.0299 1272 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    00:43:00.0315 1272 SharedAccess - ok
    00:43:00.0331 1272 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    00:43:00.0346 1272 ShellHWDetection - ok
    00:43:00.0346 1272 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    00:43:00.0346 1272 SiSRaid2 - ok
    00:43:00.0362 1272 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    00:43:00.0362 1272 SiSRaid4 - ok
    00:43:00.0377 1272 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    00:43:00.0377 1272 Smb - ok
    00:43:00.0393 1272 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    00:43:00.0393 1272 SNMPTRAP - ok
    00:43:00.0409 1272 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
    00:43:00.0424 1272 Sony PC Companion - ok
    00:43:00.0424 1272 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    00:43:00.0424 1272 spldr - ok
    00:43:00.0440 1272 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    00:43:00.0456 1272 Spooler - ok
    00:43:00.0565 1272 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    00:43:00.0643 1272 sppsvc - ok
    00:43:00.0643 1272 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    00:43:00.0659 1272 sppuinotify - ok
    00:43:00.0674 1272 [ EAD5300C93946B0250A309E2BF2BE4CF ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    00:43:00.0674 1272 SQLWriter - ok
    00:43:00.0768 1272 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    00:43:00.0784 1272 srv - ok
    00:43:00.0831 1272 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    00:43:00.0831 1272 srv2 - ok
    00:43:00.0846 1272 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    00:43:00.0846 1272 srvnet - ok
    00:43:00.0862 1272 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    00:43:00.0862 1272 SSDPSRV - ok
    00:43:00.0877 1272 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    00:43:00.0877 1272 SstpSvc - ok
    00:43:00.0893 1272 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    00:43:00.0893 1272 stexstor - ok
    00:43:00.0909 1272 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    00:43:00.0924 1272 stisvc - ok
    00:43:00.0924 1272 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    00:43:00.0940 1272 storflt - ok
    00:43:00.0940 1272 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    00:43:00.0956 1272 storvsc - ok
    00:43:00.0956 1272 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    00:43:00.0956 1272 swenum - ok
    00:43:00.0971 1272 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    00:43:00.0987 1272 swprv - ok
    00:43:01.0002 1272 Synth3dVsc - ok
    00:43:01.0034 1272 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    00:43:01.0081 1272 SysMain - ok
    00:43:01.0081 1272 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    00:43:01.0096 1272 TabletInputService - ok
    00:43:01.0112 1272 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    00:43:01.0112 1272 TapiSrv - ok
    00:43:01.0127 1272 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    00:43:01.0127 1272 TBS - ok
    00:43:01.0174 1272 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    00:43:01.0206 1272 Tcpip - ok
    00:43:01.0252 1272 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    00:43:01.0268 1272 TCPIP6 - ok
    00:43:01.0268 1272 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    00:43:01.0284 1272 tcpipreg - ok
    00:43:01.0284 1272 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    00:43:01.0299 1272 TDPIPE - ok
    00:43:01.0299 1272 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    00:43:01.0299 1272 TDTCP - ok
    00:43:01.0315 1272 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    00:43:01.0315 1272 tdx - ok
    00:43:01.0331 1272 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    00:43:01.0331 1272 TermDD - ok
    00:43:01.0346 1272 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    00:43:01.0362 1272 TermService - ok
    00:43:01.0377 1272 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    00:43:01.0377 1272 Themes - ok
    00:43:01.0393 1272 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    00:43:01.0393 1272 THREADORDER - ok
    00:43:01.0393 1272 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    00:43:01.0409 1272 TrkWks - ok
    00:43:01.0409 1272 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    00:43:01.0424 1272 TrustedInstaller - ok
    00:43:01.0424 1272 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    00:43:01.0440 1272 tssecsrv - ok
    00:43:01.0440 1272 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    00:43:01.0456 1272 TsUsbFlt - ok
    00:43:01.0456 1272 tsusbhub - ok
    00:43:01.0471 1272 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    00:43:01.0471 1272 tunnel - ok
    00:43:01.0487 1272 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    00:43:01.0487 1272 uagp35 - ok
    00:43:01.0502 1272 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    00:43:01.0502 1272 udfs - ok
    00:43:01.0518 1272 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    00:43:01.0534 1272 UI0Detect - ok
    00:43:01.0534 1272 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    00:43:01.0549 1272 uliagpkx - ok
    00:43:01.0549 1272 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    00:43:01.0549 1272 umbus - ok
    00:43:01.0565 1272 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    00:43:01.0565 1272 UmPass - ok
    00:43:01.0581 1272 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    00:43:01.0581 1272 UmRdpService - ok
    00:43:01.0596 1272 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    00:43:01.0612 1272 upnphost - ok
    00:43:01.0612 1272 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    00:43:01.0627 1272 usbccgp - ok
    00:43:01.0627 1272 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    00:43:01.0643 1272 usbcir - ok
    00:43:01.0643 1272 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    00:43:01.0643 1272 usbehci - ok
    00:43:01.0659 1272 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    00:43:01.0690 1272 usbhub - ok
    00:43:01.0690 1272 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    00:43:01.0706 1272 usbohci - ok
    00:43:01.0706 1272 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    00:43:01.0706 1272 usbprint - ok
    00:43:01.0721 1272 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    00:43:01.0721 1272 USBSTOR - ok
    00:43:01.0737 1272 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    00:43:01.0752 1272 usbuhci - ok
    00:43:01.0752 1272 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    00:43:01.0752 1272 UxSms - ok
    00:43:01.0768 1272 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    00:43:01.0768 1272 VaultSvc - ok
    00:43:01.0768 1272 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    00:43:01.0784 1272 vdrvroot - ok
    00:43:01.0799 1272 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    00:43:01.0815 1272 vds - ok
    00:43:01.0831 1272 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    00:43:01.0831 1272 vga - ok
    00:43:01.0831 1272 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    00:43:01.0831 1272 VgaSave - ok
    00:43:01.0846 1272 VGPU - ok
    00:43:01.0862 1272 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    00:43:01.0862 1272 vhdmp - ok
    00:43:01.0877 1272 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    00:43:01.0877 1272 viaide - ok
    00:43:01.0877 1272 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    00:43:01.0893 1272 vmbus - ok
    00:43:01.0893 1272 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    00:43:01.0893 1272 VMBusHID - ok
    00:43:01.0909 1272 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    00:43:01.0909 1272 volmgr - ok
    00:43:01.0924 1272 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    00:43:01.0940 1272 volmgrx - ok
    00:43:01.0956 1272 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    00:43:01.0956 1272 volsnap - ok
    00:43:01.0971 1272 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    00:43:01.0971 1272 vsmraid - ok
    00:43:01.0987 1272 [ 2264088602A687D6032DDE26E808C4C5 ] VSPerfDrv110 C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys
    00:43:02.0018 1272 VSPerfDrv110 - ok
    00:43:02.0049 1272 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    00:43:02.0081 1272 VSS - ok
    00:43:02.0096 1272 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    00:43:02.0096 1272 vwifibus - ok
    00:43:02.0112 1272 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    00:43:02.0127 1272 W32Time - ok
    00:43:02.0143 1272 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    00:43:02.0143 1272 WacomPen - ok
    00:43:02.0143 1272 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    00:43:02.0159 1272 WANARP - ok
    00:43:02.0159 1272 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    00:43:02.0159 1272 Wanarpv6 - ok
    00:43:02.0190 1272 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    00:43:02.0221 1272 WatAdminSvc - ok
    00:43:02.0252 1272 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    00:43:02.0284 1272 wbengine - ok
    00:43:02.0299 1272 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    00:43:02.0315 1272 WbioSrvc - ok
    00:43:02.0331 1272 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    00:43:02.0331 1272 wcncsvc - ok
    00:43:02.0346 1272 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    00:43:02.0346 1272 WcsPlugInService - ok
    00:43:02.0362 1272 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    00:43:02.0362 1272 Wd - ok
    00:43:02.0377 1272 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    00:43:02.0393 1272 Wdf01000 - ok
    00:43:02.0409 1272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    00:43:02.0409 1272 WdiServiceHost - ok
    00:43:02.0409 1272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    00:43:02.0424 1272 WdiSystemHost - ok
    00:43:02.0424 1272 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    00:43:02.0440 1272 WebClient - ok
    00:43:02.0456 1272 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    00:43:02.0471 1272 Wecsvc - ok
    00:43:02.0471 1272 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    00:43:02.0471 1272 wercplsupport - ok
    00:43:02.0487 1272 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    00:43:02.0487 1272 WerSvc - ok
    00:43:02.0502 1272 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    00:43:02.0502 1272 WfpLwf - ok
    00:43:02.0502 1272 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    00:43:02.0518 1272 WIMMount - ok
    00:43:02.0518 1272 WinDefend - ok
    00:43:02.0534 1272 WinHttpAutoProxySvc - ok
    00:43:02.0565 1272 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    00:43:02.0565 1272 Winmgmt - ok
    00:43:02.0612 1272 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    00:43:02.0643 1272 WinRM - ok
    00:43:02.0659 1272 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    00:43:02.0674 1272 WinUsb - ok
    00:43:02.0690 1272 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    00:43:02.0721 1272 Wlansvc - ok
    00:43:02.0721 1272 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    00:43:02.0721 1272 WmiAcpi - ok
    00:43:02.0737 1272 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    00:43:02.0752 1272 wmiApSrv - ok
    00:43:02.0752 1272 WMPNetworkSvc - ok
    00:43:02.0768 1272 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    00:43:02.0768 1272 WPCSvc - ok
    00:43:02.0768 1272 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    00:43:02.0784 1272 WPDBusEnum - ok
    00:43:02.0784 1272 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    00:43:02.0784 1272 ws2ifsl - ok
    00:43:02.0799 1272 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    00:43:02.0799 1272 wscsvc - ok
    00:43:02.0815 1272 WSearch - ok
    00:43:02.0877 1272 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    00:43:02.0924 1272 wuauserv - ok
    00:43:02.0924 1272 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    00:43:02.0940 1272 WudfPf - ok
    00:43:02.0940 1272 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    00:43:02.0956 1272 WUDFRd - ok
    00:43:02.0956 1272 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    00:43:02.0971 1272 wudfsvc - ok
    00:43:02.0971 1272 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    00:43:02.0987 1272 WwanSvc - ok
    00:43:02.0987 1272 ================ Scan global ===============================
    00:43:03.0002 1272 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    00:43:03.0018 1272 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    00:43:03.0034 1272 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    00:43:03.0034 1272 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    00:43:03.0049 1272 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    00:43:03.0065 1272 [Global] - ok
    00:43:03.0065 1272 ================ Scan MBR ==================================
    00:43:03.0065 1272 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    00:43:03.0159 1272 \Device\Harddisk0\DR0 - ok
    00:43:03.0159 1272 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    00:43:03.0159 1272 \Device\Harddisk1\DR1 - ok
    00:43:03.0174 1272 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
    00:43:03.0206 1272 \Device\Harddisk2\DR2 - ok
    00:43:03.0206 1272 ================ Scan VBR ==================================
    00:43:03.0206 1272 [ 25F6DC3B33B426F2AB9C64CE9F513A96 ] \Device\Harddisk0\DR0\Partition1
    00:43:03.0206 1272 \Device\Harddisk0\DR0\Partition1 - ok
    00:43:03.0206 1272 [ 4E278C250D66C1A3F4D2B6D456C7A6BB ] \Device\Harddisk1\DR1\Partition1
    00:43:03.0221 1272 \Device\Harddisk1\DR1\Partition1 - ok
    00:43:03.0221 1272 [ 95217957F79D1A46B6C76629203620BA ] \Device\Harddisk2\DR2\Partition1
    00:43:03.0221 1272 \Device\Harddisk2\DR2\Partition1 - ok
    00:43:03.0237 1272 [ 846CB05BCECBE459F239DCA2A65E9718 ] \Device\Harddisk2\DR2\Partition2
    00:43:03.0237 1272 \Device\Harddisk2\DR2\Partition2 - ok
    00:43:03.0237 1272 [ A9E687571845CFB96720F4CFFB3FF59B ] \Device\Harddisk2\DR2\Partition3
    00:43:03.0237 1272 \Device\Harddisk2\DR2\Partition3 - ok
    00:43:03.0237 1272 ============================================================
    00:43:03.0237 1272 Scan finished
    00:43:03.0237 1272 ============================================================
    00:43:03.0268 4060 Detected object count: 0
    00:43:03.0268 4060 Actual detected object count: 0
  11. ktulu

    ktulu Newcomer, in training Topic Starter

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Olof [Admin rights]
    Mode : Remove -- Date : 10/13/2012 00:47:28
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 6 ¤¤¤
    [TASK][SUSP PATH] {2D040926-3904-4518-92F7-110BCE675A8D} : C:\Windows\system32\pcalua.exe -a C:\Users\Olof\AppData\Local\Temp\a1eeb273-b7f1-46ad-ae74-d66ddacadc40\InstallShieldUninstaller.exe -d C:\Users\Olof\Downloads -> DELETED
    [TASK][SUSP PATH] {4DFD845C-59F3-4603-B4F0-BC0635CDB17A} : C:\Windows\system32\pcalua.exe -a "C:\Temp\Adobe Photoshop Lightroom 2.4 Build 572242\Install Lightroom 2.4.exe" -d "C:\Temp\Adobe Photoshop Lightroom 2.4 Build 572242" -> DELETED
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 activate.adobe.com
     
  12. ktulu

    ktulu Newcomer, in training Topic Starter

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: OCZ-OCTANE S2 ATA Device +++++
    --- User ---
    [MBR] 69090b740c859c1ca469f54bba23cc64
    [BSP] 073c8e6c48837f03ca69a5f703067af3 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 61052 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: WDC WD5000AAKS-65YGA0 ATA Device +++++
    --- User ---
    [MBR] d127a2682eb2334f26feb425bc5bef6a
    [BSP] 4d87d59b5f7c173547878e89af81ddc6 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive2: SAMSUNG HD300LJ ATA Device +++++
    --- User ---
    [MBR] dbb004441d4404ba359a900a2ffab981
    [BSP] 9326cddd4b21765e0217bffd29109d64 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204796620 | Size: 80003 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 368643555 | Size: 106163 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-13 00:51:19
    -----------------------------
    00:51:19.365 OS Version: Windows x64 6.1.7601 Service Pack 1
    00:51:19.366 Number of processors: 2 586 0x404
    00:51:19.367 ComputerName: OLOF-PC UserName: Olof
    00:51:19.677 Initialize success
    00:51:55.951 AVAST engine defs: 12101202
    00:53:00.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-3
    00:53:00.299 Disk 0 Vendor: OCZ-OCTANE_S2 4.11 Size: 61057MB BusType: 3
    00:53:00.304 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-5
    00:53:00.308 Disk 1 Vendor: WDC_WD5000AAKS-65YGA0 12.01C02 Size: 476940MB BusType: 3
    00:53:00.316 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-7
    00:53:00.320 Disk 2 Vendor: SAMSUNG_HD300LJ ZT100-12 Size: 286168MB BusType: 3
    00:53:00.327 Disk 0 MBR read successfully
    00:53:00.333 Disk 0 MBR scan
    00:53:00.343 Disk 0 Windows 7 default MBR code
    00:53:00.350 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 61052 MB offset 2048
    00:53:00.370 Disk 0 scanning C:\Windows\system32\drivers
    00:53:15.435 Service scanning
    00:53:39.464 Modules scanning
    00:53:39.820 Disk 0 trace - called modules:
    00:53:39.832 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
    00:53:39.838 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005537060]
    00:53:39.850 3 CLASSPNP.SYS[fffff880019a243f] -> nt!IofCallDriver -> [0xfffffa80052fed20]
    00:53:39.858 5 ACPI.sys[fffff88000f707a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-3[0xfffffa800532f060]
    00:53:40.085 AVAST engine scan C:\Windows
    00:53:41.256 AVAST engine scan C:\Windows\system32
    00:59:50.801 AVAST engine scan C:\Windows\system32\drivers
    01:00:04.174 AVAST engine scan C:\Users\Olof
    01:01:36.840 AVAST engine scan C:\ProgramData
    01:02:01.069 Scan finished successfully
    01:02:21.041 Disk 0 MBR has been saved successfully to "C:\Users\Olof\Desktop\MBR.dat"
    01:02:21.056 The log file has been saved successfully to "C:\Users\Olof\Desktop\aswMBR.txt"
  13. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Good :)

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ===============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  14. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Still with me?
  15. ktulu

    ktulu Newcomer, in training Topic Starter

    Sorry, I've been away for a while.
    Here are the logs...

    -------------------------------------

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.10.31.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Olof :: OLOF-PC [administrator]

    2012-10-31 22:37:48
    mbam-log-2012-10-31 (22-37-48).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 222228
    Time elapsed: 2 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    ------------------------------------
    OTL logfile created on: 2012-10-31 22:46:01 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = G:\Downloads
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

    4,00 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 58,88% Memory free
    8,00 Gb Paging File | 6,11 Gb Available in Paging File | 76,41% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 59,62 Gb Total Space | 7,95 Gb Free Space | 13,34% Space Free | Partition Type: NTFS
    Drive D: | 465,76 Gb Total Space | 130,75 Gb Free Space | 28,07% Space Free | Partition Type: NTFS
    Drive E: | 97,65 Gb Total Space | 35,68 Gb Free Space | 36,54% Space Free | Partition Type: NTFS
    Drive F: | 78,13 Gb Total Space | 62,15 Gb Free Space | 79,55% Space Free | Partition Type: NTFS
    Drive G: | 103,68 Gb Total Space | 49,48 Gb Free Space | 47,73% Space Free | Partition Type: NTFS
    Drive I: | 7,53 Gb Total Space | 7,53 Gb Free Space | 100,00% Space Free | Partition Type: FAT32

    Computer Name: OLOF-PC | User Name: Olof | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012-10-31 22:42:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Downloads\OTL.exe
    PRC - [2012-10-27 12:25:55 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Olof\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2012-09-12 12:17:12 | 000,445,624 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
    PRC - [2012-08-26 10:14:37 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
    PRC - [2012-08-26 10:14:04 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
    PRC - [2012-08-26 09:41:30 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    PRC - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012-05-24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Olof\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012-04-30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
    PRC - [2011-01-17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    PRC - [2011-01-17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    PRC - [2009-07-27 13:44:58 | 000,236,040 | ---- | M] () -- C:\Windows\SysWOW64\DeltaIITray.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012-10-24 08:04:57 | 000,460,312 | ---- | M] () -- C:\Users\Olof\AppData\Local\Google\Chrome\Application\22.0.1229.96\ppgooglenaclpluginchrome.dll
    MOD - [2012-10-24 08:04:55 | 012,435,992 | ---- | M] () -- C:\Users\Olof\AppData\Local\Google\Chrome\Application\22.0.1229.96\PepperFlash\pepflashplayer.dll
    MOD - [2012-10-24 08:04:54 | 004,005,912 | ---- | M] () -- C:\Users\Olof\AppData\Local\Google\Chrome\Application\22.0.1229.96\pdf.dll
    MOD - [2012-10-24 08:03:38 | 000,578,072 | ---- | M] () -- C:\Users\Olof\AppData\Local\Google\Chrome\Application\22.0.1229.96\libglesv2.dll
    MOD - [2012-10-24 08:03:37 | 000,123,928 | ---- | M] () -- C:\Users\Olof\AppData\Local\Google\Chrome\Application\22.0.1229.96\libegl.dll
    MOD - [2012-10-24 08:03:25 | 000,156,712 | ---- | M] () -- C:\Users\Olof\AppData\Local\Google\Chrome\Application\22.0.1229.96\avutil-51.dll
    MOD - [2012-10-24 08:03:24 | 000,275,496 | ---- | M] () -- C:\Users\Olof\AppData\Local\Google\Chrome\Application\22.0.1229.96\avformat-54.dll
    MOD - [2012-10-24 08:03:23 | 002,168,360 | ---- | M] () -- C:\Users\Olof\AppData\Local\Google\Chrome\Application\22.0.1229.96\avcodec-54.dll
    MOD - [2012-10-16 21:48:22 | 000,357,376 | ---- | M] () -- C:\Users\Olof\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.5_0\plugin\screen_capture.dll
    MOD - [2012-09-18 10:42:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
    MOD - [2012-05-24 11:50:32 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
    MOD - [2012-04-30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
    MOD - [2012-04-30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
    MOD - [2012-03-25 12:00:53 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
    MOD - [2012-01-08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
    MOD - [2011-07-07 13:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
    MOD - [2010-01-11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
    MOD - [2009-07-27 13:44:58 | 000,236,040 | ---- | M] () -- C:\Windows\SysWOW64\DeltaIITray.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012-07-19 20:12:19 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2012-06-11 18:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010-12-28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
    SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012-10-12 07:35:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012-09-20 18:10:46 | 000,057,968 | ---- | M] () [Auto | Running] -- C:\Users\Olof\AppData\Roaming\Diino\DiinoService_win7_amd64.exe -- (DiinoService)
    SRV - [2012-08-26 10:14:37 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService)
    SRV - [2012-08-26 09:41:30 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
    SRV - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012-07-19 20:12:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2012-07-09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2012-01-18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
    SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012-09-08 15:26:43 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
    DRV:64bit: - [2012-09-08 15:26:43 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
    DRV:64bit: - [2012-08-26 09:46:07 | 000,130,088 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
    DRV:64bit: - [2012-08-26 09:46:07 | 000,124,456 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
    DRV:64bit: - [2012-08-26 09:46:06 | 000,205,352 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
    DRV:64bit: - [2012-08-26 09:46:06 | 000,168,488 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
    DRV:64bit: - [2012-08-26 09:46:06 | 000,120,872 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
    DRV:64bit: - [2012-07-12 10:18:56 | 000,219,688 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSStrm.sys -- (NNSSTRM)
    DRV:64bit: - [2012-06-27 14:51:24 | 000,105,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNStlsc.sys -- (NNSTLSC)
    DRV:64bit: - [2012-06-27 14:51:23 | 000,112,680 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSSmtp.sys -- (NNSSMTP)
    DRV:64bit: - [2012-06-27 14:51:23 | 000,109,096 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPrv.sys -- (NNSPRV)
    DRV:64bit: - [2012-06-27 14:51:22 | 000,304,680 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSProt.sys -- (NNSPROT)
    DRV:64bit: - [2012-06-27 14:51:22 | 000,116,776 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPop3.sys -- (NNSPOP3)
    DRV:64bit: - [2012-06-27 14:51:22 | 000,068,648 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\NNSPihsw.sys -- (NNSPIHSW)
    DRV:64bit: - [2012-06-27 14:51:21 | 000,093,224 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSpicc.sys -- (NNSPICC)
    DRV:64bit: - [2012-06-27 14:51:21 | 000,033,320 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSNAHSL.sys -- (NNSNAHSL)
    DRV:64bit: - [2012-06-27 14:51:20 | 000,113,192 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSIds.sys -- (NNSIDS)
    DRV:64bit: - [2012-06-27 14:51:19 | 000,116,776 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSHttp.sys -- (NNSHTTP)
    DRV:64bit: - [2012-06-27 14:51:19 | 000,089,128 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSAlpc.sys -- (NNSALPC)
    DRV:64bit: - [2012-06-11 19:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012-06-11 17:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012-04-13 09:05:16 | 000,075,016 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
    DRV:64bit: - [2012-04-13 09:05:02 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
    DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012-02-23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011-03-10 17:05:04 | 000,057,928 | ---- | M] (Panda Security) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
    DRV:64bit: - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010-11-20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2009-07-27 13:44:48 | 000,392,712 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioDelta.sys -- (DELTAII)
    DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009-03-01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2008-06-27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
    DRV:64bit: - [2005-03-29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3557097070-2043288293-3833884491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-3557097070-2043288293-3833884491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
    IE - HKU\S-1-5-21-3557097070-2043288293-3833884491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 B8 B7 EC A9 B7 CD 01 [binary data]
    IE - HKU\S-1-5-21-3557097070-2043288293-3833884491-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3557097070-2043288293-3833884491-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3557097070-2043288293-3833884491-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
    FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Olof\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Olof\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Olof\AppData\Local\Google\Chrome\Application\22.0.1229.96\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Olof\AppData\Local\Google\Chrome\Application\22.0.1229.96\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Olof\AppData\Local\Google\Chrome\Application\22.0.1229.96\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Olof\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: WPI Detector 1.5 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Olof\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Windows\system32\C2MP\npdivx32.dll
    CHR - Extension: YouTube = C:\Users\Olof\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: S\u00F6k p\u00E5 Google = C:\Users\Olof\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Screen Capture (by Google) = C:\Users\Olof\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.5_0\
    CHR - Extension: HTTPS Everywhere = C:\Users\Olof\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2012.10.18_0\
    CHR - Extension: Gmail = C:\Users\Olof\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012-03-25 01:59:34 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\DeltaIITray.exe ()
    O4 - HKLM..\Run: [PSUAMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3557097070-2043288293-3833884491-1001..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
    O4 - HKU\S-1-5-21-3557097070-2043288293-3833884491-1001..\Run: [Spotify Web Helper] C:\Users\Olof\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Olof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Olof\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Olof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\S-1-5-21-3557097070-2043288293-3833884491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
    O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
    O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.150.193.150 83.255.245.11
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{895419DF-28C8-45CD-B4FA-B63BDCFBCC3E}: DhcpNameServer = 193.150.193.150 83.255.245.11
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{baec2f0c-c153-11e1-8f0d-00173182b2a9}\Shell - "" = AutoRun
    O33 - MountPoints2\{baec2f0c-c153-11e1-8f0d-00173182b2a9}\Shell\AutoRun\command - "" = I:\Startme.exe
    O33 - MountPoints2\{baec2f26-c153-11e1-8f0d-00173182b2a9}\Shell - "" = AutoRun
    O33 - MountPoints2\{baec2f26-c153-11e1-8f0d-00173182b2a9}\Shell\AutoRun\command - "" = I:\Startme.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012-10-31 22:37:17 | 000,000,000 | ---D | C] -- C:\Users\Olof\AppData\Roaming\Malwarebytes
    [2012-10-31 22:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012-10-31 22:36:34 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012-10-31 22:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012-10-31 20:10:22 | 000,057,928 | ---- | C] (Panda Security) -- C:\Windows\SysNative\drivers\PSKMAD.sys
    [2012-10-30 20:18:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012-10-25 22:24:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Azure Tools
    [2012-10-25 22:23:10 | 000,000,000 | ---D | C] -- C:\Users\Olof\AppData\Local\DevelopmentStorage
    [2012-10-25 22:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Azure
    [2012-10-25 22:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
    [2012-10-25 22:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Kits
    [2012-10-25 22:18:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
    [2012-10-25 22:15:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NuGet
    [2012-10-25 22:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\IIS Express
    [2012-10-25 22:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS Express
    [2012-10-25 22:12:51 | 000,000,000 | ---D | C] -- C:\Users\Olof\Documents\Visual Studio 2012
    [2012-10-25 22:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Help Viewer
    [2012-10-25 22:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
    [2012-10-25 22:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0
    [2012-10-25 21:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
    [2012-10-25 21:45:06 | 000,000,000 | ---D | C] -- C:\Users\Olof\AppData\Roaming\Panda Security
    [2012-10-25 21:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
    [2012-10-25 21:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
    [2012-10-25 21:43:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
    [2012-10-21 12:06:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TDSSKiller
    [2012-10-21 11:55:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
    [2012-10-21 11:55:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
    [2012-10-21 11:05:06 | 000,000,000 | ---D | C] -- C:\Users\Olof\AppData\Roaming\FileZilla
    [2012-10-20 13:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS 7.0 Extensions
    [2012-10-16 21:55:38 | 000,000,000 | ---D | C] -- C:\Users\Olof\AppData\Local\Wisdom-soft
    [2012-10-16 21:54:48 | 000,000,000 | ---D | C] -- C:\Users\Olof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
    [2012-10-16 21:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
    [2012-10-16 21:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free
    [2012-10-10 07:18:37 | 000,000,000 | ---D | C] -- C:\FRST
    [2012-10-09 20:31:58 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT

    ========== Files - Modified Within 30 Days ==========

    [2012-10-31 22:44:00 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3557097070-2043288293-3833884491-1001UA.job
    [2012-10-31 22:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012-10-31 20:18:50 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012-10-31 20:18:50 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012-10-31 20:12:32 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012-10-31 20:12:32 | 000,653,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012-10-31 20:12:32 | 000,121,472 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012-10-31 20:08:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012-10-31 20:07:59 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
    [2012-10-30 18:21:19 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
    [2012-10-28 16:17:08 | 000,765,280 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012-10-25 23:23:00 | 000,000,000 | ---- | M] () -- C:\ProgramData\0x0304A000.sfl
    [2012-10-25 22:28:28 | 003,211,264 | ---- | M] () -- C:\Users\Olof\DevelopmentStorageDb201206.mdf
    [2012-10-25 22:28:28 | 000,851,968 | ---- | M] () -- C:\Users\Olof\DevelopmentStorageDb201206_log.ldf
    [2012-10-24 20:47:05 | 000,002,489 | ---- | M] () -- C:\Users\Olof\Desktop\Google Chrome.lnk
    [2012-10-09 20:32:22 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2012-10-09 20:32:22 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
    [2012-10-07 04:44:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3557097070-2043288293-3833884491-1001Core.job

    ========== Files Created - No Company Name ==========

    [2012-10-25 23:23:00 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
    [2012-10-25 22:23:21 | 003,211,264 | ---- | C] () -- C:\Users\Olof\DevelopmentStorageDb201206.mdf
    [2012-10-25 22:23:21 | 000,851,968 | ---- | C] () -- C:\Users\Olof\DevelopmentStorageDb201206_log.ldf
    [2012-10-09 20:31:40 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
    [2012-10-09 20:31:40 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
    [2012-03-24 19:18:42 | 000,166,400 | ---- | C] () -- C:\Windows\SysWow64\netiohlp.dll
    [2012-03-24 17:08:54 | 000,765,280 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012-03-24 15:28:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012-03-09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012-03-09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012-01-31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2011-09-12 22:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

    ========== ZeroAccess Check ==========

    [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012-10-26 22:12:13 | 000,000,000 | ---D | M] -- C:\Users\Olof\AppData\Roaming\BitComet
    [2012-10-27 12:02:35 | 000,000,000 | ---D | M] -- C:\Users\Olof\AppData\Roaming\Diino
    [2012-10-31 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\Olof\AppData\Roaming\Dropbox
    [2012-10-31 22:31:58 | 000,000,000 | ---D | M] -- C:\Users\Olof\AppData\Roaming\FileZilla
    [2012-03-25 19:45:36 | 000,000,000 | ---D | M] -- C:\Users\Olof\AppData\Roaming\JetBrains
    [2012-03-25 02:12:47 | 000,000,000 | ---D | M] -- C:\Users\Olof\AppData\Roaming\Notepad++
    [2012-03-25 18:22:37 | 000,000,000 | ---D | M] -- C:\Users\Olof\AppData\Roaming\NuGet
    [2012-03-27 21:58:40 | 000,000,000 | ---D | M] -- C:\Users\Olof\AppData\Roaming\OpenOffice.org
    [2012-10-25 21:45:06 | 000,000,000 | ---D | M] -- C:\Users\Olof\AppData\Roaming\Panda Security
    [2012-10-06 22:27:52 | 000,000,000 | ---D | M] -- C:\Users\Olof\AppData\Roaming\REAPER
    [2012-06-28 21:23:26 | 000,000,000 | ---D | M] -- C:\Users\Olof\AppData\Roaming\Sony
    [2012-10-28 16:03:24 | 000,000,000 | ---D | M] -- C:\Users\Olof\AppData\Roaming\Spotify

    ========== Purity Check ==========


    < End of report >
  16. ktulu

    ktulu Newcomer, in training Topic Starter

    OTL Extras logfile created on: 2012-10-31 22:46:01 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = G:\Downloads
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

    4,00 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 58,88% Memory free
    8,00 Gb Paging File | 6,11 Gb Available in Paging File | 76,41% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 59,62 Gb Total Space | 7,95 Gb Free Space | 13,34% Space Free | Partition Type: NTFS
    Drive D: | 465,76 Gb Total Space | 130,75 Gb Free Space | 28,07% Space Free | Partition Type: NTFS
    Drive E: | 97,65 Gb Total Space | 35,68 Gb Free Space | 36,54% Space Free | Partition Type: NTFS
    Drive F: | 78,13 Gb Total Space | 62,15 Gb Free Space | 79,55% Space Free | Partition Type: NTFS
    Drive G: | 103,68 Gb Total Space | 49,48 Gb Free Space | 47,73% Space Free | Partition Type: NTFS
    Drive I: | 7,53 Gb Total Space | 7,53 Gb Free Space | 100,00% Space Free | Partition Type: FAT32

    Computer Name: OLOF-PC | User Name: Olof | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{16655CA1-E262-4AE7-B3E8-D780ED910332}" = lport=26139 | protocol=6 | dir=in | name=bitcomet 26139 tcp |
    "{2CA2F334-FDBF-4FED-8A5A-6F73D2BCE741}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{3274471E-0E2B-4A6C-BFAC-4A0838DAABEA}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{337D8DAF-CF0E-477B-A5FD-75A1F7ABD654}" = rport=137 | protocol=17 | dir=out | app=system |
    "{406B1305-860B-49CF-A858-BF041095B78E}" = rport=138 | protocol=17 | dir=out | app=system |
    "{4C49728D-BA8D-482C-B64F-5F020059152B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{51A525EB-BEB9-4083-8FB0-C45BC695AD99}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{56E2F23D-40F3-4E6A-8A9E-C09DCCF50357}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
    "{5B03E0D2-B43D-42F7-8B10-3F727D5198D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{616E8267-4156-43C1-A512-888FD5C7CB53}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{75DA9C68-CFD7-40E1-ADA5-0291E6301946}" = lport=137 | protocol=17 | dir=in | app=system |
    "{88998BA2-8D2D-4033-90DB-947551502633}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8B1D6629-E012-4076-A03C-4A50B5174BC2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{998061A0-640C-4546-B530-ECEDE9F580BE}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{B18E2C85-DB12-430E-BF62-CF9BE69A108C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{BB1BF0D5-0DCA-471D-9161-520635D9097D}" = lport=26139 | protocol=17 | dir=in | name=bitcomet 26139 udp |
    "{BFB1184C-A609-4F30-B6D4-5EB5C1FC7476}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C45710B8-C56A-444A-8244-180EF3280EB5}" = lport=445 | protocol=6 | dir=in | app=system |
    "{C7EB8D2F-73EA-48E9-B6E4-F4F6432558E8}" = rport=139 | protocol=6 | dir=out | app=system |
    "{CF2F5DB1-EB62-466D-AE67-B1BE2ED5E872}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CFA33ED9-2E6C-4DB8-AEBD-2BC824AF3D30}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{D9C82746-ABD0-445E-8943-887F3A6DBB8C}" = rport=445 | protocol=6 | dir=out | app=system |
    "{EFD97901-D7F4-4A7F-AEC5-07A2464F82D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F67E8E1B-6509-4991-90D5-77A26C2B5299}" = lport=139 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00D81A5D-17C1-4061-B59B-C7A1CA39AE16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{02863BA2-EEB7-4AD5-8331-11DDCE7D1FB8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{04E0A983-9732-49EF-B76C-B336A1DCDC82}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{11D04674-37C4-412E-84F0-30EFEA4D8386}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{1338E503-970D-4022-B652-EF21C51607B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{13FB4B7D-4831-4B2F-A895-030A081E46B9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{29C455D6-FF68-430B-AEF4-AB7B4618BFC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{2B4FB088-D9FF-4988-BEEC-C369D0BE96F2}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
    "{415771E7-5A44-4AFC-91F3-3FBFB172A131}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{43F8A354-6833-4B91-A80E-75EC6267FE84}" = protocol=6 | dir=in | app=c:\users\olof\appdata\roaming\dropbox\bin\dropbox.exe |
    "{44F2C47D-E619-4A32-8085-9E25E1CC487D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{50C5A818-5E69-462F-9B08-F28C9700170F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{63D1B0C9-5437-4248-8FF9-B1D56B83DF5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{63FB6DF8-9832-4BF6-86F6-8E041F3EA634}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{6ADE1AED-9029-400F-8649-6EC81A57D5A9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{8B386685-F808-49E7-A05B-4F3F4A770142}" = protocol=6 | dir=out | app=system |
    "{8D4827AB-41F9-4516-B8FC-264D8E699B83}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{8E38F573-C76C-4AD3-83F9-94C7A5AC9FA0}" = protocol=17 | dir=in | app=c:\users\olof\appdata\roaming\spotify\spotify.exe |
    "{9A9D08CA-3531-472B-AE77-1E2E6CCD0607}" = protocol=17 | dir=in | app=c:\users\olof\appdata\roaming\dropbox\bin\dropbox.exe |
    "{9F51BC64-3305-49A9-99B9-E5795A5A887C}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
    "{A84181B7-8D02-44AB-9DDF-8E1A86C093F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B0ED88C1-A7B7-4D83-8CD0-2D7F5CF8A984}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{B5C1CDE8-4FD0-4E2B-90C6-6C2FC7CC2067}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{BDF1DF8E-72D8-41DC-A6DD-150BCE5601D2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{CCC98E6A-C2A7-452E-86A4-A032413D5C76}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
    "{D33F72C7-AF3D-4C7B-BF69-2FC47F027AB6}" = protocol=6 | dir=in | app=c:\users\olof\appdata\roaming\spotify\spotify.exe |
    "{E92B2E38-3A32-4A92-847C-7D8434E12FC5}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
    "{EB3FC59D-3646-4B5A-91EC-728BF189AEB2}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{EF6F9C5E-8267-4B49-BED3-1BDD9AA95B61}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "TCP Query User{4245C8BC-F70A-4B8A-B737-2F12CD132F66}C:\users\olof\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\olof\appdata\roaming\spotify\spotify.exe |
    "TCP Query User{8E678AD0-2F3A-4DD4-8520-42C3E52AD4CC}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
    "TCP Query User{A0F27F2C-A695-4BEA-8D44-814FD859C374}C:\users\olof\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\olof\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{476A7691-412C-4D3B-832F-613FC4D17CBB}C:\users\olof\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\olof\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{55671A99-19FA-4FB6-A6AE-5BCD8198EC98}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
    "UDP Query User{96D02FDD-2344-4FC3-B2DB-8268ED462307}C:\users\olof\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\olof\appdata\roaming\spotify\spotify.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
    "{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
    "{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
    "{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{116C20CC-0843-1FC0-2AE8-BD3535911B36}" = AMD Drag and Drop Transcoding
    "{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
    "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
    "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
    "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
    "{30CAD3B3-7EF6-4087-2A50-97EF66966776}" = ATI AVIVO64 Codecs
    "{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework
    "{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
    "{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)
    "{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5134B35A-B559-4762-94A4-FD4918977953}" = Microsoft Web Deploy 2.0
    "{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
    "{596F9D40-D906-4FF5-9D48-EE21C503D2F3}" = Panda Cloud Antivirus
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{646A1C52-6194-4992-8D21-8D9E42AE820A}" = Windows Azure Authoring Tools - June 2012 Release
    "{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
    "{75E2C40C-4345-4DD0-B5B3-B8EB92EEECB5}" = Microsoft Web Platform Installer 4.0
    "{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
    "{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
    "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
    "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
    "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
    "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B9DBB81-1F48-48B0-8CB3-051311DC73F7}" = Adobe Photoshop Lightroom 2.7 64-bit
    "{9CE5F7AE-9D50-4BE6-A32A-00E6914BDB71}" = M-Audio Delta Driver 6.0.2 (x64)
    "{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities
    "{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
    "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
    "{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0
    "{AED07B87-975F-4F60-B7C9-38B8596C6531}" = Windows Azure Libraries for .NET 1.7 – June 2012
    "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    "{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
    "{C28962A1-AF7A-355D-AFD5-F8906D0971C8}" = Microsoft Visual Studio Team Foundation Server 11 Beta Object Model
    "{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
    "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
    "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
    "{E75776B2-EAE5-42F9-A800-0A10763DEDF0}" = Microsoft SQL Server 2012 Express LocalDB
    "{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
    "{F63F99F1-5A28-4910-AEFD-EE3A22171539}" = Windows Azure Emulator - June 2012 Release
    "{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects (x64)
    "{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
    "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "REAPER" = REAPER (x64)
    "Windows Azure Emulator - June 2012 Release" = Windows Azure Emulator - June 2012 Release

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{04ECD674-1A5E-4318-9FD4-DE872C07DAAF}" = Microsoft ASP.NET Visual Studio 2010 Uninstall Finalizer
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
    "{0A1A1D48-DB23-443A-BC7B-49255D138020}" = Entity Framework Designer for Visual Studio 2012 - enu
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
    "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
    "{21E7A706-31FF-46AA-A294-FA4A8917B59F}" = Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools Update
    "{22B4F250-F40C-4E59-9800-E4AE88C35CFC}" = Microsoft NuGet for Visual Studio 2010
    "{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = Catalyst Control Center
    "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
    "{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
    "{2AC0E564-56A5-42F9-888E-8FC8D8D880CA}" = Microsoft ASP.NET Web Pages 2 - VWD Express 2010 Tools
    "{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
    "{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3CFFC382-6C23-42CB-8B1E-625F9F84E362}" = Microsoft ASP.NET Web Pages - VWD Express 2010 Tools
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3dcba276-d593-49cc-9141-08b8a339c984}" = Windows Azure Tools for Microsoft Visual Studio 2010 - June 2012 SP1
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
    "{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
    "{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{540cc2f4-4f11-47be-8ebb-e665ed4e9d01}" = Windows Azure Tools for Microsoft Visual Studio 2012 - June 2012 SP1
    "{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
    "{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
    "{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
    "{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
    "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    "{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
    "{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
    "{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service
    "{6F187617-80E6-3D65-8FE5-85D73472EC6E}" = Microsoft Visual Studio 11 SharePoint Developer Tools Beta enu Language Pack
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
    "{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
    "{790E9425-8570-493F-9AE7-81AFC9E46930}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
    "{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
    "{7A87CA5A-A56F-4965-9819-104B54F9C9B0}" = Windows Azure Tools for Microsoft Visual Studio 2010 Core
    "{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
    "{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.107.12050
    "{800F326D-A61E-40D4-BEFF-8002F30D81A7}" = Windows Azure Tools for Microsoft Visual Studio 2010 - June 2012 SP1
    "{81AEC7B5-3FC8-47B2-B6E5-D0381584FB4F}" = Microsoft ASP.NET MVC 4 - VWD Express 2010 Tools
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU
    "{8644B2F3-2A95-4CD9-B116-BD5872239161}" = Microsoft ASP.NET Visual Studio 2010 Finalizer
    "{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
    "{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types
    "{A48CE6DE-1E75-EBE2-8EF7-6E6EA51962AC}" = HydraVision
    "{A6A4CD8C-B9E2-443E-82F2-1313AD3C9A16}" = Microsoft Web Publish - Visual Web Developer Express 2010
    "{A8D0D986-2552-3925-8A4D-1ECB22EA94E2}" = Microsoft Visual C++ Microsoft Foundation Class Libraries 11
    "{AC76BA86-7AD7-1053-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Svenska
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{cb29be6c-39c4-493e-9da7-d585d5353714}" = Microsoft ASP.NET Web Pages 2
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
    "{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
    "{D25C502E-FF51-424C-8C38-8596FE47D0CD}" = Visual Studio 2010 SP1 Tools for SQL Server Compact 4.0 ENU
    "{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects
    "{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
    "{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
    "{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go
    "{dbf56337-7459-4a20-9a7f-1d39bde9b436}" = Microsoft Visual Studio 11 Developer Preview Pre-Clean Tool
    "{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
    "{DFE7FC34-62B0-4FC3-8DCF-1EABCA384FF9}" = Windows Azure Tools for Microsoft Visual Studio 2012 Core
    "{E074AD54-9E9D-4160-BC29-868C644AC98B}" = Windows Azure Tools for Microsoft Visual Studio 2012 - June 2012 SP1
    "{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
    "{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK
    "{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
    "{E287CD67-9542-4B20-A091-6BA114861DB2}" = WCF RIA Services V1.0 SP2
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E4C33F5B-1B2F-466E-957E-B274F08151A0}" = Microsoft Web Deploy dbSqlPackage Provider - enu
    "{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
    "{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
    "{ea411dc1-f74d-476e-b431-e90a3c4b552e}" = Microsoft ASP.NET MVC 4
    "{EA63C5C1-EBBC-477C-9CC7-41454DDFAFF2}" = Microsoft ASP.NET Web Pages 2 Runtime
    "{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
    "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.108
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FA804794-2CCB-4301-954F-2C2894698876}" = Microsoft SQL Server Data Tools - enu (11.1.20627.00)
    "{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "Android SDK Tools" = Android SDK Tools
    "BitComet_x64" = BitComet 1.34 64-bit
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "D-I-v-X - AVI Codec Pack Pro" = D-I-v-X AVI Codec Pack Pro 2.4.0
    "FileZilla Client" = FileZilla Client 3.5.3
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
    "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU
    "Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
    "Notepad++" = Notepad++
    "Panda Universal Agent Endpoint" = Panda Cloud Antivirus
    "Update Engine" = Sony Ericsson Update Engine
    "Wisdom-soft ScreenHunter 6.0 Free" = Wisdom-soft ScreenHunter 6.0 Free
    "VLC media player" = VLC media player 2.0.2

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3557097070-2043288293-3833884491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "Spotify" = Spotify

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2012-10-28 17:21:36 | Computer Name = Olof-PC | Source = ASP.NET 4.0.30319.0 | ID = 1325
    Description =

    Error - 2012-10-28 17:21:36 | Computer Name = Olof-PC | Source = .NET Runtime | ID = 1026
    Description =

    Error - 2012-10-28 17:21:38 | Computer Name = Olof-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: WebDev.WebServer40.exe, version: 10.0.40219.1,
    time stamp: 0x4d5f345a Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
    time stamp: 0x4e211319 Exception code: 0xe0434352 Fault offset: 0x0000b9bc Faulting
    process id: 0x12c8 Faulting application start time: 0x01cdb551e5ff391a Faulting application
    path: C:\Program Files (x86)\Common Files\Microsoft Shared\DevServer\10.0\WebDev.WebServer40.exe
    Faulting
    module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 74e73bde-2145-11e2-bf12-00173182b2a9

    Error - 2012-10-29 17:20:37 | Computer Name = Olof-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: MOM.exe, version: 2.0.0.0, time stamp:
    0x4f2058d9 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x0000000000018e3d Faulting process
    id: 0x8e8 Faulting application start time: 0x01cdb61b34f42da7 Faulting application
    path: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe Faulting
    module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 7b26d9c6-220e-11e2-98a1-00173182b2a9

    Error - 2012-10-30 13:20:23 | Computer Name = Olof-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: MOM.exe, version: 2.0.0.0, time stamp:
    0x4f2058d9 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec4aa8e Exception code: 0xc0000006 Fault offset: 0x0000000000018f55 Faulting process
    id: 0x968 Faulting application start time: 0x01cdb6c2cfa138f0 Faulting application
    path: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe Faulting
    module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 15ef29f4-22b6-11e2-b4bc-00173182b2a9

    Error - 2012-10-30 13:20:23 | Computer Name = Olof-PC | Source = Application Error | ID = 1005
    Description = Windows cannot access the file C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
    for one of the following reasons: there is a problem with the network connection,
    the disk that the file is stored on, or the storage drivers installed on this computer;
    or the disk is missing. Windows closed the program Catalyst Control Center: Monitoring
    program because of this error. Program: Catalyst Control Center: Monitoring program
    File:
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll The error value is
    listed in the Additional Data section. User Action 1. Open the file again. This situation
    might be a temporary problem that corrects itself when the program runs again. 2.
    If
    the file still cannot be accessed and - It is on the network, your network administrator
    should verify that there is not a problem with the network and that the server
    can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM,
    verify that the disk is fully inserted into the computer. 3. Check and repair the
    file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD,
    and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4.
    If the problem persists, restore the file from a backup copy. 5. Determine whether
    other files on the same disk can be opened. If not, the disk might be damaged.
    If it is a hard disk, contact your administrator or computer hardware vendor for
    further
    assistance. Additional Data Error value: C000009C Disk type: 3

    Error - 2012-10-30 13:52:08 | Computer Name = Olof-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: sdiagnhost.exe, version: 6.1.7600.16385,
    time stamp: 0x4a5bc3d4 Faulting module name: mscorwks.dll, version: 2.0.50727.5456,
    time stamp: 0x4ef6c091 Exception code: 0xc0000005 Fault offset: 0x00000000002b0646
    Faulting
    process id: 0x1114 Faulting application start time: 0x01cdb6c747631454 Faulting application
    path: C:\Windows\System32\sdiagnhost.exe Faulting module path: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
    Report
    Id: 857d4c5a-22ba-11e2-b4bc-00173182b2a9

    Error - 2012-10-30 15:12:19 | Computer Name = Olof-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: MOM.exe, version: 2.0.0.0, time stamp:
    0x4f2058d9 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec4aa8e Exception code: 0xc0000006 Fault offset: 0x0000000000018f55 Faulting process
    id: 0x828 Faulting application start time: 0x01cdb6d271ab6861 Faulting application
    path: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe Faulting
    module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: b8fc088a-22c5-11e2-a949-00173182b2a9

    Error - 2012-10-30 15:12:19 | Computer Name = Olof-PC | Source = Application Error | ID = 1005
    Description = Windows cannot access the file C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
    for one of the following reasons: there is a problem with the network connection,
    the disk that the file is stored on, or the storage drivers installed on this computer;
    or the disk is missing. Windows closed the program Catalyst Control Center: Monitoring
    program because of this error. Program: Catalyst Control Center: Monitoring program
    File:
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll The error value is
    listed in the Additional Data section. User Action 1. Open the file again. This situation
    might be a temporary problem that corrects itself when the program runs again. 2.
    If
    the file still cannot be accessed and - It is on the network, your network administrator
    should verify that there is not a problem with the network and that the server
    can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM,
    verify that the disk is fully inserted into the computer. 3. Check and repair the
    file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD,
    and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4.
    If the problem persists, restore the file from a backup copy. 5. Determine whether
    other files on the same disk can be opened. If not, the disk might be damaged.
    If it is a hard disk, contact your administrator or computer hardware vendor for
    further
    assistance. Additional Data Error value: C000009C Disk type: 3

    Error - 2012-10-31 17:45:37 | Computer Name = Olof-PC | Source = Application Hang | ID = 1002
    Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: ccc Start Time:
    01cdb7b0b234d6fb Termination Time: 8 Application Path: G:\Downloads\OTL.exe Report
    Id: 4c4e5809-23a4-11e2-96d9-00173182b2a9

    [ System Events ]
    Error - 2012-10-31 17:49:40 | Computer Name = Olof-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 2012-10-31 17:49:40 | Computer Name = Olof-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 2012-10-31 17:49:40 | Computer Name = Olof-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 2012-10-31 17:49:40 | Computer Name = Olof-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 2012-10-31 17:49:40 | Computer Name = Olof-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 2012-10-31 17:49:40 | Computer Name = Olof-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 2012-10-31 17:49:40 | Computer Name = Olof-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 2012-10-31 17:49:40 | Computer Name = Olof-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 2012-10-31 17:49:51 | Computer Name = Olof-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 2012-10-31 17:51:03 | Computer Name = Olof-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.


    < End of report >
  17. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O33 - MountPoints2\{baec2f0c-c153-11e1-8f0d-00173182b2a9}\Shell - "" = AutoRun
      O33 - MountPoints2\{baec2f0c-c153-11e1-8f0d-00173182b2a9}\Shell\AutoRun\command - "" = I:\Startme.exe
      O33 - MountPoints2\{baec2f26-c153-11e1-8f0d-00173182b2a9}\Shell - "" = AutoRun
      O33 - MountPoints2\{baec2f26-c153-11e1-8f0d-00173182b2a9}\Shell\AutoRun\command - "" = I:\Startme.exe
      [2012-10-10 07:18:37 | 000,000,000 | ---D | C] -- C:\FRST
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ===================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  18. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Still with me?
  19. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.