mobile999 Skrevet 14. juli 2012 Del Skrevet 14. juli 2012 Last ned og kjør OTL fra følgende nettside: http://www.geekstogo.com/1888/otl-by-oldtimer-a-modern-replacement-for-hijackthis/ Klikk Quick Scan for å kjøre scanningen. Post innholdet i begge filene som dukker opp når scanningen er ferdig, sett dem i hver sin spoilertekst. Lenke til kommentar
lando calrissian Skrevet 14. juli 2012 Forfatter Del Skrevet 14. juli 2012 (endret) Takk igjen for at du er så behjelpelig. Det kom bare en fil. OTL logfile created on: 14.07.2012 16:22:19 - Run 2 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\whoisX\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy 7,92 Gb Total Physical Memory | 5,77 Gb Available Physical Memory | 72,91% Memory free 15,84 Gb Paging File | 13,58 Gb Available in Paging File | 85,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 63,59 Gb Free Space | 53,38% Space Free | Partition Type: NTFS Drive D: | 149,05 Gb Total Space | 145,17 Gb Free Space | 97,40% Space Free | Partition Type: NTFS Drive E: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: GAMINGRIG | User Name: whoisX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.14 16:22:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\whoisX\Downloads\OTL (1).exe PRC - [2012.07.12 16:25:03 | 003,407,496 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe PRC - [2012.07.12 16:17:44 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012.07.12 16:17:44 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe PRC - [2012.07.12 14:10:56 | 007,601,880 | ---- | M] (Spotify Ltd) -- C:\Users\whoisX\AppData\Roaming\Spotify\spotify.exe PRC - [2012.07.12 14:10:56 | 001,193,176 | ---- | M] () -- C:\Users\whoisX\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.07.12 13:03:51 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2011.10.03 20:23:58 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2011.10.03 20:23:54 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2011.08.22 15:26:10 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe PRC - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.05.20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2011.03.24 06:37:18 | 000,493,384 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe PRC - [2011.03.22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe PRC - [2010.11.20 14:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2010.11.15 13:21:56 | 000,841,544 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe PRC - [2010.11.15 13:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe PRC - [2010.04.22 15:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2009.10.13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe ========== Modules (No Company Name) ========== MOD - [2012.07.12 16:17:44 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2012.07.12 16:17:44 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll MOD - [2012.07.12 14:10:56 | 020,219,096 | ---- | M] () -- C:\Users\whoisX\AppData\Roaming\Spotify\Data\libcef.dll MOD - [2012.07.12 14:10:56 | 001,193,176 | ---- | M] () -- C:\Users\whoisX\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012.07.10 06:09:00 | 000,438,296 | ---- | M] () -- C:\Users\whoisX\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll MOD - [2012.07.10 06:08:59 | 003,972,120 | ---- | M] () -- C:\Users\whoisX\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll MOD - [2012.07.10 06:07:39 | 000,554,520 | ---- | M] () -- C:\Users\whoisX\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll MOD - [2012.07.10 06:07:37 | 000,117,784 | ---- | M] () -- C:\Users\whoisX\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll MOD - [2012.07.10 06:07:22 | 000,140,328 | ---- | M] () -- C:\Users\whoisX\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll MOD - [2012.07.10 06:07:21 | 000,262,184 | ---- | M] () -- C:\Users\whoisX\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll MOD - [2012.07.10 06:07:19 | 002,386,984 | ---- | M] () -- C:\Users\whoisX\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll MOD - [2012.04.24 00:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2012.03.22 00:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2012.02.11 01:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll MOD - [2012.01.04 04:51:03 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.01.04 04:50:59 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2010.11.05 03:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2010.11.05 03:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2010.11.05 03:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2009.06.10 23:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.12 16:30:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.12 16:17:44 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0) SRV - [2012.07.12 13:03:51 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.03.19 16:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel® SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011.10.03 20:23:58 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2011.10.03 20:23:54 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2011.08.22 15:26:10 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service) SRV - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2011.03.24 06:37:18 | 000,493,384 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe -- (WCUService_STC_FF) SRV - [2011.03.22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE) SRV - [2010.11.15 13:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.19 16:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011.12.23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2011.12.12 17:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX) DRV:64bit: - [2011.12.06 04:23:10 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV:64bit: - [2011.09.22 09:49:56 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel® DRV:64bit: - [2011.07.29 05:40:00 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.07.29 05:40:00 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011.06.01 05:16:50 | 000,535,656 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.04.09 10:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr) DRV - [2012.07.14 16:10:47 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2012.07.12 11:48:10 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nb-NO IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 23 D8 F7 FD 60 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1D25BD54-586E-446f-B650-240CC259D16F}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} IE - HKCU\..\SearchScopes\{21AD30B5-D188-4b2c-B9B0-5833BC11972D}: "URL" = http://no.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV IE - HKCU\..\SearchScopes\{765CDD20-DCD3-4b9d-89EB-1705003D85A6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={1FBCAF58-0B2C-4E4C-83C5-392F9A8997B8}&mid=4b2406eec23647d0ab3d416272f15a39-237cb14f828802a818005a4f2c6e194029dbcbd8&lang=en&ds=AVG&pr=fr&d=2012-07-12 16:17:44&v=11.1.0.12&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\whoisX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\whoisX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2012.07.12 15:39:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2012.07.12 15:39:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d9284e50-81fc-11da-a72b-0800200c9a66}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2012.07.12 15:39:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.12 16:17:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.12 16:17:45 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\whoisX\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\whoisX\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\whoisX\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Google Update (Enabled) = C:\Users\whoisX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\whoisX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\whoisX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Skype Click to Call = C:\Users\whoisX\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\ CHR - Extension: AVG Do Not Track = C:\Users\whoisX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: Gmail = C:\Users\whoisX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [sTCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.) O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [spotify] C:\Users\whoisX\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [spotify Web Helper] C:\Users\whoisX\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{330DE321-EB7F-4D9E-933B-654CA0F35BD7}: DhcpNameServer = 193.75.75.75 193.75.75.193 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEF58ABB-91FD-46D6-8B0C-F06F9A0F916F}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FECC3F41-7D16-456C-A721-B67C2254338A}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003.10.21 16:05:32 | 000,000,039 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{f64255bf-cc25-11e1-9260-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f64255bf-cc25-11e1-9260-806e6f6e6963}\Shell\AutoRun\command - "" = E:\run.exe -- [2009.09.02 08:03:54 | 000,240,168 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.13 15:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Robot [2012.07.13 15:47:47 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Roaming\Blitware [2012.07.13 15:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Robot [2012.07.13 15:00:43 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2012.07.13 14:13:05 | 000,000,000 | ---D | C] -- C:\Users\whoisX\Desktop\minidump [2012.07.13 14:12:11 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Roaming\WinRAR [2012.07.13 14:12:11 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.07.13 14:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.07.13 14:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.07.13 04:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2012.07.13 04:24:25 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Roaming\SystemRequirementsLab [2012.07.13 01:31:02 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012.07.13 01:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012.07.13 00:50:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.07.13 00:50:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.07.13 00:49:29 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2012.07.13 00:49:26 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2012.07.12 23:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.07.12 23:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.07.12 23:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.07.12 23:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.07.12 22:10:55 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Roaming\Skype [2012.07.12 22:10:54 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.07.12 22:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.07.12 22:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.07.12 22:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.07.12 21:51:21 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\wpcap.dll [2012.07.12 21:51:21 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\Packet.dll [2012.07.12 21:51:21 | 000,047,632 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys [2012.07.12 17:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins [2012.07.12 17:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2012.07.12 16:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2012.07.12 16:43:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2012.07.12 16:22:52 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Roaming\Origin [2012.07.12 16:22:51 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Local\Origin [2012.07.12 16:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2012.07.12 16:22:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2012.07.12 16:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2012.07.12 16:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012.07.12 16:22:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2012.07.12 16:18:15 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Roaming\AVG2012 [2012.07.12 16:17:46 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Local\AVG Secure Search [2012.07.12 16:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.07.12 16:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012.07.12 16:17:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2012.07.12 16:17:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2012.07.12 16:17:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG [2012.07.12 16:17:33 | 000,000,000 | -H-D | C] -- C:\$AVG [2012.07.12 16:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012.07.12 16:17:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG [2012.07.12 16:17:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012.07.12 16:16:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.07.12 16:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012.07.12 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.07.12 16:11:46 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Local\Google [2012.07.12 16:11:19 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Roaming\Macromedia [2012.07.12 16:09:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2012.07.12 16:09:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2012.07.12 16:09:14 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Local\Deployment [2012.07.12 16:09:14 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Local\Apps [2012.07.12 16:09:04 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Roaming\Adobe [2012.07.12 16:08:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012.07.12 16:08:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.07.12 16:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.07.12 16:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2012.07.12 16:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.07.12 16:05:59 | 000,020,992 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.07.12 16:05:59 | 000,017,920 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.07.12 16:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.07.12 16:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.07.12 16:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.07.12 16:04:59 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012.07.12 15:58:00 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2012.07.12 15:57:59 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2012.07.12 15:57:59 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll [2012.07.12 15:57:59 | 000,527,872 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2012.07.12 15:57:59 | 000,515,584 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2012.07.12 15:57:59 | 000,439,808 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2012.07.12 15:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\obj [2012.07.12 15:50:28 | 000,000,000 | ---D | C] -- C:\Windows\GBD [2012.07.12 15:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation [2012.07.12 15:48:38 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Roaming\Intel Corporation [2012.07.12 15:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2012.07.12 15:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE [2012.07.12 15:44:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD [2012.07.12 15:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop [2012.07.12 15:43:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2012.07.12 15:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\GIGABYTE [2012.07.12 15:43:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE [2012.07.12 15:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Etron Technology [2012.07.12 15:42:28 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Roaming\InstallShield [2012.07.12 15:41:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dolby Home Theater v4 [2012.07.12 15:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby [2012.07.12 15:41:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012.07.12 15:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2012.07.12 15:41:15 | 000,535,656 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2012.07.12 15:41:04 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012.07.12 15:41:04 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2012.07.12 15:41:04 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2012.07.12 15:41:04 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012.07.12 15:41:03 | 000,220,512 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2012.07.12 15:41:03 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2012.07.12 15:41:03 | 000,078,176 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2012.07.12 15:41:03 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2012.07.12 15:40:56 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012.07.12 15:40:56 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012.07.12 15:40:56 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012.07.12 15:40:56 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012.07.12 15:40:55 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012.07.12 15:40:55 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012.07.12 15:40:44 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2012.07.12 15:40:44 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2012.07.12 15:40:43 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2012.07.12 15:40:43 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2012.07.12 15:40:43 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2012.07.12 15:40:43 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2012.07.12 15:40:42 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2012.07.12 15:40:41 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2012.07.12 15:40:41 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2012.07.12 15:40:30 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012.07.12 15:40:30 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2012.07.12 15:40:29 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2012.07.12 15:40:29 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2012.07.12 15:40:29 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2012.07.12 15:40:29 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2012.07.12 15:40:29 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2012.07.12 15:40:28 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2012.07.12 15:40:28 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2012.07.12 15:40:28 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2012.07.12 15:40:28 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2012.07.12 15:40:28 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2012.07.12 15:40:28 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2012.07.12 15:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012.07.12 15:40:22 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2012.07.12 15:40:22 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.07.12 15:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012.07.12 15:40:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2012.07.12 15:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2012.07.12 15:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel [2012.07.12 15:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2012.07.12 15:39:03 | 000,000,000 | ---D | C] -- C:\Intel [2012.07.12 15:38:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3} [2012.07.12 15:38:40 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Roaming\Splashtop [2012.07.12 15:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Splashtop [2012.07.12 15:38:29 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.07.12 15:36:28 | 000,000,000 | R--D | C] -- C:\Users\whoisX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.07.12 15:36:28 | 000,000,000 | R--D | C] -- C:\Users\whoisX\Searches [2012.07.12 15:36:28 | 000,000,000 | R--D | C] -- C:\Users\whoisX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.07.12 15:36:28 | 000,000,000 | -H-D | C] -- C:\Users\whoisX\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2012.07.12 15:36:22 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Roaming\Identities [2012.07.12 15:36:21 | 000,000,000 | R--D | C] -- C:\Users\whoisX\Contacts [2012.07.12 15:36:21 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Local\VirtualStore [2012.07.12 15:35:42 | 000,000,000 | --SD | C] -- C:\Users\whoisX\AppData\Roaming\Microsoft [2012.07.12 15:35:42 | 000,000,000 | R--D | C] -- C:\Users\whoisX\Videos [2012.07.12 15:35:42 | 000,000,000 | R--D | C] -- C:\Users\whoisX\Saved Games [2012.07.12 15:35:42 | 000,000,000 | R--D | C] -- C:\Users\whoisX\Pictures [2012.07.12 15:35:42 | 000,000,000 | R--D | C] -- C:\Users\whoisX\Music [2012.07.12 15:35:42 | 000,000,000 | R--D | C] -- C:\Users\whoisX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.07.12 15:35:42 | 000,000,000 | R--D | C] -- C:\Users\whoisX\Links [2012.07.12 15:35:42 | 000,000,000 | R--D | C] -- C:\Users\whoisX\Favorites [2012.07.12 15:35:42 | 000,000,000 | R--D | C] -- C:\Users\whoisX\Downloads [2012.07.12 15:35:42 | 000,000,000 | R--D | C] -- C:\Users\whoisX\Documents [2012.07.12 15:35:42 | 000,000,000 | R--D | C] -- C:\Users\whoisX\Desktop [2012.07.12 15:35:42 | 000,000,000 | R--D | C] -- C:\Users\whoisX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.07.12 15:35:42 | 000,000,000 | -HSD | C] -- C:\Users\whoisX\AppData\Local\Temporary Internet Files [2012.07.12 15:35:42 | 000,000,000 | -HSD | C] -- C:\Users\whoisX\Templates [2012.07.12 15:35:42 | 000,000,000 | -HSD | C] -- C:\Users\whoisX\Start Menu [2012.07.12 15:35:42 | 000,000,000 | -HSD | C] -- C:\Users\whoisX\SendTo [2012.07.12 15:35:42 | 000,000,000 | -HSD | C] -- C:\Users\whoisX\Recent [2012.07.12 15:35:42 | 000,000,000 | -HSD | C] -- C:\Users\whoisX\PrintHood [2012.07.12 15:35:42 | 000,000,000 | -HSD | C] -- C:\Users\whoisX\NetHood [2012.07.12 15:35:42 | 000,000,000 | -HSD | C] -- C:\Users\whoisX\Documents\My Videos [2012.07.12 15:35:42 | 000,000,000 | -HSD | C] -- C:\Users\whoisX\Documents\My Pictures [2012.07.12 15:35:42 | 000,000,000 | -HSD | C] -- C:\Users\whoisX\Documents\My Music [2012.07.12 15:35:42 | 000,000,000 | -HSD | C] -- C:\Users\whoisX\My Documents [2012.07.12 15:35:42 | 000,000,000 | -HSD | C] -- C:\Users\whoisX\Local Settings [2012.07.12 15:35:42 | 000,000,000 | -HSD | C] -- C:\Users\whoisX\AppData\Local\History [2012.07.12 15:35:42 | 000,000,000 | -HSD | C] -- C:\Users\whoisX\Cookies [2012.07.12 15:35:42 | 000,000,000 | -HSD | C] -- C:\Users\whoisX\Application Data [2012.07.12 15:35:42 | 000,000,000 | -HSD | C] -- C:\Users\whoisX\AppData\Local\Application Data [2012.07.12 15:35:42 | 000,000,000 | -H-D | C] -- C:\Users\whoisX\AppData [2012.07.12 15:35:42 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Local\Temp [2012.07.12 15:35:42 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Local\Microsoft [2012.07.12 15:35:42 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Roaming\Media Center Programs [2012.07.12 15:35:26 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.07.12 15:35:25 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.07.12 15:32:19 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.07.12 15:32:04 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.07.12 14:10:57 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Local\Spotify [2012.07.12 14:10:39 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Roaming\Spotify [2012.07.12 11:41:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.07.12 02:48:18 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Local\PunkBuster [2012.07.12 02:48:15 | 000,000,000 | ---D | C] -- C:\Users\whoisX\Documents\Battlefield 3 [2012.07.12 02:47:26 | 000,000,000 | ---D | C] -- C:\Users\whoisX\AppData\Local\ESN Sonar [2012.07.12 02:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs ========== Files - Modified Within 30 Days ========== [2012.07.14 16:16:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3635487587-749428666-3091529855-1000UA.job [2012.07.14 16:16:00 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3635487587-749428666-3091529855-1000Core.job [2012.07.14 16:15:44 | 000,683,170 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.14 16:15:44 | 000,170,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.14 16:15:44 | 000,005,152 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.14 16:10:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.14 16:10:42 | 524,692,282 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.07.14 16:10:42 | 2082,295,807 | -HS- | M] () -- C:\hiberfil.sys [2012.07.14 16:02:42 | 000,028,289 | ---- | M] () -- C:\Users\whoisX\Desktop\bs.rar [2012.07.13 15:52:08 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job [2012.07.13 15:52:07 | 000,295,592 | ---- | M] () -- C:\Users\whoisX\Desktop\071312-16879-01.dmp [2012.07.13 15:47:47 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Driver Robot.lnk [2012.07.13 15:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.13 15:00:03 | 000,027,520 | ---- | M] () -- C:\Users\whoisX\AppData\Local\dt.dat [2012.07.13 14:59:19 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini [2012.07.13 14:50:56 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2012.07.13 14:15:23 | 101,479,373 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012.07.13 14:13:19 | 000,162,125 | ---- | M] () -- C:\Users\whoisX\Desktop\minidump.rar [2012.07.13 04:39:15 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.13 04:39:15 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.13 04:29:33 | 000,018,602 | ---- | M] () -- C:\Windows\SysNative\results.xml [2012.07.13 02:40:36 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.07.13 02:40:36 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.13 02:40:27 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.07.13 01:06:25 | 000,274,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.13 00:20:31 | 000,001,437 | ---- | M] () -- C:\Users\whoisX\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012.07.12 23:54:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.07.12 23:54:26 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.07.12 22:10:54 | 000,002,513 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.12 21:59:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf [2012.07.12 21:58:27 | 000,045,383 | ---- | M] () -- C:\Users\whoisX\Desktop\Untitled.wma [2012.07.12 16:22:46 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2012.07.12 16:17:45 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012.07.12 16:17:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012.07.12 16:17:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012.07.12 16:09:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.07.12 15:45:00 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\smart6.lnk [2012.07.12 15:44:45 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\ET6.lnk [2012.07.12 15:33:50 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.07.12 15:33:50 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.07.12 14:10:57 | 000,001,772 | ---- | M] () -- C:\Users\whoisX\Desktop\Spotify.lnk [2012.07.12 13:03:51 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.07.12 11:48:10 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys [2012.07.12 11:48:10 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref [2012.07.12 02:46:47 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk ========== Files Created - No Company Name ========== [2012.07.14 16:02:42 | 000,028,289 | ---- | C] () -- C:\Users\whoisX\Desktop\bs.rar [2012.07.14 16:02:36 | 000,295,592 | ---- | C] () -- C:\Users\whoisX\Desktop\071312-16879-01.dmp [2012.07.13 15:47:47 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Driver Robot.lnk [2012.07.13 15:47:47 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\Driver Robot.job [2012.07.13 15:00:03 | 000,027,520 | ---- | C] () -- C:\Users\whoisX\AppData\Local\dt.dat [2012.07.13 14:50:56 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2012.07.13 14:15:23 | 101,479,373 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012.07.13 14:13:19 | 000,162,125 | ---- | C] () -- C:\Users\whoisX\Desktop\minidump.rar [2012.07.13 00:49:44 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe [2012.07.13 00:49:40 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2012.07.13 00:49:24 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2012.07.13 00:49:23 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2012.07.13 00:49:23 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2012.07.13 00:49:20 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc [2012.07.13 00:49:20 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2012.07.12 23:54:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.07.12 23:54:26 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.07.12 22:10:54 | 000,002,513 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.12 21:59:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf [2012.07.12 21:58:18 | 000,045,383 | ---- | C] () -- C:\Users\whoisX\Desktop\Untitled.wma [2012.07.12 21:51:21 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2012.07.12 16:43:15 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2012.07.12 16:42:55 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.12 16:42:55 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.07.12 16:42:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.07.12 16:22:46 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2012.07.12 16:17:45 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012.07.12 16:17:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012.07.12 16:17:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012.07.12 16:11:46 | 000,001,006 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3635487587-749428666-3091529855-1000UA.job [2012.07.12 16:11:46 | 000,000,954 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3635487587-749428666-3091529855-1000Core.job [2012.07.12 16:09:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.07.12 16:08:53 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.12 16:07:37 | 000,018,602 | ---- | C] () -- C:\Windows\SysNative\results.xml [2012.07.12 16:06:05 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2012.07.12 16:05:50 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2012.07.12 15:48:49 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2012.07.12 15:48:49 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref [2012.07.12 15:47:04 | 000,001,437 | ---- | C] () -- C:\Users\whoisX\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012.07.12 15:45:00 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\smart6.lnk [2012.07.12 15:44:45 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\ET6.lnk [2012.07.12 15:43:23 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2012.07.12 15:43:23 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2012.07.12 15:43:22 | 000,031,272 | ---- | C] () -- C:\Windows\SysNative\AppleChargerSrv.exe [2012.07.12 15:43:22 | 000,021,104 | ---- | C] () -- C:\Windows\SysNative\drivers\AppleCharger.sys [2012.07.12 15:41:11 | 000,074,344 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2012.07.12 15:39:55 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa [2012.07.12 15:39:55 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.07.12 15:39:55 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin [2012.07.12 15:39:55 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll [2012.07.12 15:38:40 | 000,001,424 | ---- | C] () -- C:\Users\whoisX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk [2012.07.12 15:37:26 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012.07.12 15:36:31 | 000,001,409 | ---- | C] () -- C:\Users\whoisX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.07.12 15:36:29 | 000,001,443 | ---- | C] () -- C:\Users\whoisX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.07.12 15:35:42 | 000,000,290 | ---- | C] () -- C:\Users\whoisX\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2012.07.12 15:35:42 | 000,000,272 | ---- | C] () -- C:\Users\whoisX\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2012.07.12 15:33:47 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.07.12 15:33:45 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.07.12 15:32:04 | 2082,295,807 | -HS- | C] () -- C:\hiberfil.sys [2012.07.12 14:10:57 | 000,001,772 | ---- | C] () -- C:\Users\whoisX\Desktop\Spotify.lnk [2012.07.12 14:10:57 | 000,001,758 | ---- | C] () -- C:\Users\whoisX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2012.07.12 11:41:02 | 524,692,282 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.07.12 02:48:21 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.03.19 16:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.19 16:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.19 16:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.19 15:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll ========== LOP Check ========== [2012.07.12 16:18:15 | 000,000,000 | ---D | M] -- C:\Users\whoisX\AppData\Roaming\AVG2012 [2012.07.13 15:47:47 | 000,000,000 | ---D | M] -- C:\Users\whoisX\AppData\Roaming\Blitware [2012.07.12 16:25:05 | 000,000,000 | ---D | M] -- C:\Users\whoisX\AppData\Roaming\Origin [2012.07.12 15:38:40 | 000,000,000 | ---D | M] -- C:\Users\whoisX\AppData\Roaming\Splashtop [2012.07.14 16:15:50 | 000,000,000 | ---D | M] -- C:\Users\whoisX\AppData\Roaming\Spotify [2012.07.13 04:24:25 | 000,000,000 | ---D | M] -- C:\Users\whoisX\AppData\Roaming\SystemRequirementsLab [2012.07.13 15:52:08 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job [2009.07.14 07:08:49 | 000,014,254 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Endret 14. juli 2012 av lando calrissian Lenke til kommentar
mobile999 Skrevet 14. juli 2012 Del Skrevet 14. juli 2012 (endret) Se om du finner C:\_OTL\Extras.txt og post innholdet i den. Endret 14. juli 2012 av mobile999 Lenke til kommentar
lando calrissian Skrevet 14. juli 2012 Forfatter Del Skrevet 14. juli 2012 OTL Extras logfile created on: 14.07.2012 16:18:37 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\whoisX\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy 7,92 Gb Total Physical Memory | 5,91 Gb Available Physical Memory | 74,68% Memory free 15,84 Gb Paging File | 13,63 Gb Available in Paging File | 86,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 63,60 Gb Free Space | 53,38% Space Free | Partition Type: NTFS Drive D: | 149,05 Gb Total Space | 145,17 Gb Free Space | 97,40% Space Free | Partition Type: NTFS Drive E: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: GAMINGRIG | User Name: whoisX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{014FC711-0F10-47C1-B56E-28E78B1B2BEE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{07E15771-354B-4616-BA8D-388F7B34C49A}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{12A74162-EEFF-4828-BA5B-2058E1660792}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{41CAA43E-F4F3-45B4-AD79-A0C053B0AC62}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{4AEFC0D2-6217-43A7-B967-17D091383BB3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{6E523FA3-7CF7-4256-949C-4544DB9E471B}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{84BE365A-74F1-47C1-B689-DF6B8E2509B3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{92288215-9ECE-4629-BD90-DA1783FD3F18}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{A2501AFB-52FD-4D67-9CBB-E512AD799D7C}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{A4CA2B9D-73A1-4E60-84CC-EC4A76AEAEEF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{B1212BA9-6503-43E9-9FDC-02C287A96ACF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{BB1D08B6-51CE-4F86-9A4A-39D8B70FDD85}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BD0A6EEB-9040-4692-8960-084BA5097109}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{CA6F743A-1B0A-4CC6-BE42-E056799592C5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{CAFB4464-A85D-4EB5-A9CA-47995B6EB535}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{CE7CD4F9-45D1-4E91-9E48-5910C5356D1D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{D8FE2016-FF72-4381-8BDD-846719EEDB17}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "TCP Query User{11D716AB-1DA5-4604-94D6-7E6398E58977}C:\users\whoisx\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\whoisx\appdata\roaming\spotify\spotify.exe | "TCP Query User{477AB7AD-8ECC-4DDC-A9C1-9DD49EF1EFBD}C:\users\whoisx\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\whoisx\appdata\roaming\spotify\spotify.exe | "TCP Query User{98894921-AC82-4EC3-9093-BE57B5F481D7}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "TCP Query User{F793E915-C022-40FE-93FC-627B2DB0D245}C:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "UDP Query User{2A3E36EE-51CA-42FF-9E5E-123D1170071C}C:\users\whoisx\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\whoisx\appdata\roaming\spotify\spotify.exe | "UDP Query User{768844E0-1076-497D-92A6-1AAF5FE40B1A}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "UDP Query User{8620A703-D63B-4D29-B4C0-B2DDCB6CEFA7}C:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "UDP Query User{BAEEB70C-2643-401E-9D14-99F31FD69D68}C:\users\whoisx\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\whoisx\appdata\roaming\spotify\spotify.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012 "{6B9CE44B-52D0-4B2F-BDFA-56FF4977A790}" = AVG 2012 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2012 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "WinRAR archiver" = WinRAR 4.20 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1" = Driver Robot "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B11.0824.1 "{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}" = Splashtop Connect IE "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0823.1 "{45D49CA7-D7D8-4659-B35A-EBD98C30AF28}" = Splashtop Connect for Firefox "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0 "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4 "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel "{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1 "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Battlelog Web Plugins" = Battlelog Web Plugins "ESN Sonar-0.70.4" = ESN Sonar "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0823.1 "InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Origin" = Origin "PunkBusterSvc" = PunkBuster Services ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.07.2012 09:47:47 | Computer Name = gamingrig | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Driver Robot\2.5.4.2\_imagingft.pyd". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 13.07.2012 09:49:35 | Computer Name = gamingrig | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error - 13.07.2012 09:49:35 | Computer Name = gamingrig | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error - 13.07.2012 09:53:54 | Computer Name = gamingrig | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error - 13.07.2012 09:53:54 | Computer Name = gamingrig | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error - 13.07.2012 09:57:13 | Computer Name = gamingrig | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error - 13.07.2012 09:57:13 | Computer Name = gamingrig | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error - 14.07.2012 10:09:22 | Computer Name = gamingrig | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error - 14.07.2012 10:09:22 | Computer Name = gamingrig | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error - 14.07.2012 10:15:41 | Computer Name = gamingrig | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error - 14.07.2012 10:15:41 | Computer Name = gamingrig | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. [ System Events ] Error - 13.07.2012 09:14:55 | Computer Name = gamingrig | Source = EventLog | ID = 6008 Description = The previous system shutdown at 15:13:25 on ?13.?07.?2012 was unexpected. Error - 13.07.2012 09:14:57 | Computer Name = gamingrig | Source = BugCheck | ID = 1001 Description = Error - 13.07.2012 09:43:27 | Computer Name = gamingrig | Source = EventLog | ID = 6008 Description = The previous system shutdown at 15:33:45 on ?13.?07.?2012 was unexpected. Error - 13.07.2012 09:43:27 | Computer Name = GAMINGRIG | Source = BugCheck | ID = 1001 Description = Error - 13.07.2012 09:52:07 | Computer Name = gamingrig | Source = EventLog | ID = 6008 Description = The previous system shutdown at 15:51:12 on ?13.?07.?2012 was unexpected. Error - 13.07.2012 09:52:07 | Computer Name = GAMINGRIG | Source = BugCheck | ID = 1001 Description = Error - 14.07.2012 10:04:16 | Computer Name = gamingrig | Source = EventLog | ID = 6008 Description = The previous system shutdown at 16:03:03 on ?14.?07.?2012 was unexpected. Error - 14.07.2012 10:04:17 | Computer Name = gamingrig | Source = BugCheck | ID = 1001 Description = Error - 14.07.2012 10:10:46 | Computer Name = gamingrig | Source = EventLog | ID = 6008 Description = The previous system shutdown at 16:09:06 on ?14.?07.?2012 was unexpected. Error - 14.07.2012 10:10:46 | Computer Name = GAMINGRIG | Source = BugCheck | ID = 1001 Description = < End of report > Lenke til kommentar
mobile999 Skrevet 14. juli 2012 Del Skrevet 14. juli 2012 Last ned: AVG Removal Tool Microsoft Security Essentials Avinstaller AVG via kontrollpanel. Restart maskinen og kjør AVG Removal Tool. Restart maskinen og installer MSE. Lenke til kommentar
lando calrissian Skrevet 15. juli 2012 Forfatter Del Skrevet 15. juli 2012 (endret) Ok takk. Pcen har stått på siden igårkveld uten en eneste bluescreen, men med en gang jeg installerte, og begynte å opptatere MSE kom det en. Det kan virker nesten som de kommer oftest rett etter jeg har restartet masinen. Endret 15. juli 2012 av lando calrissian Lenke til kommentar
mobile999 Skrevet 15. juli 2012 Del Skrevet 15. juli 2012 Trykk Windows+R tasten for å hente opp "Kjør" vinduet, skriv inn msconfig og trykk OK. Klikk Diagnostic startup (på General fanen). Klikk deretter Services fanen, klikk Enable all, huk av for Hide all Microsoft services, klikk Disable all. Fjern haken for Hide all Microsoft services igjen og sjekk det er huket av for alle Microsoft tjenester. Klikk Startup fanen og huk av for Microsoft Security Client hvis du har denne. Klikk OK og restart maskinen for å teste om den nå oppfører seg pent. Lenke til kommentar
lando calrissian Skrevet 15. juli 2012 Forfatter Del Skrevet 15. juli 2012 (endret) Jeg gjor som du sa, og lenge virket det som det hjalp, men etter 20 min surfing kom det en ny bluescreen. Kan det være noe galt med ssd`en kanskje? Endret 15. juli 2012 av lando calrissian Lenke til kommentar
mobile999 Skrevet 15. juli 2012 Del Skrevet 15. juli 2012 (endret) Kan det være noe galt med ssd`en kanskje? Tror ikke det. Jeg skulle gjerne hatt minidump'en fra siste bluescreen. Hva er nøyaktig merke og modell på hovedkortet og minnet du har installert? Endret 15. juli 2012 av mobile999 Lenke til kommentar
lando calrissian Skrevet 15. juli 2012 Forfatter Del Skrevet 15. juli 2012 Hovedkort: http://www.komplett....aspx?sku=645915 Ram: http://cdon.no/elekt...10_8gb-17819116 Og her har du minidump`en: 071512-9734-01.rar Lenke til kommentar
mobile999 Skrevet 15. juli 2012 Del Skrevet 15. juli 2012 Er det en 300GB ssd du har installert? Har du andre minnebrikker som du kan teste i pc'en? (Selv om du har kjørt memtest.) Lenke til kommentar
lando calrissian Skrevet 15. juli 2012 Forfatter Del Skrevet 15. juli 2012 (endret) Beklager var litt kjapp med rammen. Jeg har disse to: http://cdon.no/elektronikk/corsair_8gb_(kit)_ddr3_1600mhz%252fcl9%252fvengeance-14929240 Har ikke noe andre brikker liggende, men jeg kan jo prøve å teste med en og en i. Nei det er en Samsung SSD 830 Series 128GB Det merkelige er at det har blitt mindre bluscreens, og det blir lenger og lenger mellom dem etter hver gang. Endret 15. juli 2012 av lando calrissian Lenke til kommentar
mobile999 Skrevet 15. juli 2012 Del Skrevet 15. juli 2012 Har ikke noe andre brikker liggende, men jeg kan jo prøve å teste med en og en i. Det kan du gjøre. Evt. så kan du ta ut ssd'en og installere Windows på den andre disken for å teste om det gjør noe forskjell. Ikke bruk programmer som Driver Robot. Kan være feilkilde. Installerer du fra en ekte Windows installasjons cd? Lenke til kommentar
lando calrissian Skrevet 15. juli 2012 Forfatter Del Skrevet 15. juli 2012 Ja ok får prøve det. Nei er nok piratwin installert fra usb. Hvis orginalwindows kan løse problemet kjøper jeg det imorgen, men har en følelse det er rammen som er problemet. Lenke til kommentar
mobile999 Skrevet 15. juli 2012 Del Skrevet 15. juli 2012 men har en følelse det er rammen som er problemet. Minidumpene tyder også på dette. Det er alltid lurt å kjøpe minne som står på Memory Support listen til hovedkortet. Alt som ikke er ekte (program-)vare er dessverre også mulig feilkilde. Du trenger likevel ikke kjøpe Windows for å teste. Dersom du har tilgang på et ekte installasjonsmedia kan du installere Windows 7 uten produktnøkkel og ha full funksjonalitet i 30 dager. Når perioden er over så er det mulig du får tilbud om å kjøpe lisensen billig, men jeg husker ikke detaljene. Last ned Windows Lenke til kommentar
lando calrissian Skrevet 19. juli 2012 Forfatter Del Skrevet 19. juli 2012 (endret) Hei igjen. Jeg har ikke hatt en eneste bluescreen siden forrige innlegg. Jeg har ikke gjort noe med maskinen heller. Ikke opptatert en eneste driver eller noe. Merkelig at maskinen har gått fra 10-15 forskjellige bluescreen om dagen til ingen. Akkurat som den har helbredet seg selv. Endret 19. juli 2012 av lando calrissian Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå