WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


HD constantly polled

2 posters

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled24th December 2012, 11:28 am

more_horiz
I don't think we have used hijack this yet, but I downloaded it and ran a scan, this is the log it came up with as best I can tell.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:24:09 AM, on 12/24/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
E:\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\Jason\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunesHelper.exe"
O4 - HKCU\..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7428 bytes

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled25th December 2012, 9:16 am

more_horiz
HijackThis is way out of our league now. We have ten times better tools.

Farbar Recovery Scan Tool x64

Download Farbar Recovery Scan Tool and save it to a flash drive.


Please make sure to get the 64-bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
    HD constantly polled - Page 2 Frst2
    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled25th December 2012, 11:13 am

more_horiz
Thanks and Merry Christmas!

Just as a note, I had to type in "e:\frst64.exe" in order to get the program to run. No big deal, but may be hard for someone to figure out in the future. Also, the only reason I downloaded hijack this was because your last set of instructions called for a log from it...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2012 01
Ran by SYSTEM at 25-12-2012 11:02:13
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10038304 2010-01-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe [953744 2011-02-17] (Razer USA Ltd)
HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] "E:\iTunesHelper.exe" [x]
HKU\Jason\...\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14749544 2012-03-23] (GARMIN Corp.)
HKU\Mcx1-JASON-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Startup: C:\Users\Jason\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)

==================== Drivers (Whitelisted) =====================

1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-14] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-04] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
3 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-12-01] (DT Soft Ltd)
3 libusb0; C:\Windows\System32\Drivers\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-04-30] ()
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
3 rspSanity; C:\Windows\System32\DRIVERS\rspSanity64.sys [31328 2012-10-29] (Resplendence Software Projects Sp.)
3 RzSynapse; C:\Windows\System32\Drivers\RzSynapse.sys [126464 2010-12-16] (Razer USA Ltd)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-25 02:25 - 2012-12-25 02:25 - 00000000 ____D C:\FRST
2012-12-24 03:24 - 2012-12-24 03:24 - 00007429 ____A C:\Users\Jason\Desktop\hijackthis.log
2012-12-24 03:23 - 2012-12-24 03:23 - 00388608 ____N (Trend Micro Inc.) C:\Users\Jason\Desktop\HijackThis.exe
2012-12-24 02:56 - 2012-12-24 02:56 - 00003205 ____A C:\Users\Jason\Desktop\Sophos Virus Removal Tool.lnk
2012-12-24 02:56 - 2012-12-24 02:56 - 00000000 ____D C:\Users\All Users\Sophos
2012-12-24 02:56 - 2012-12-24 02:56 - 00000000 ____D C:\Program Files (x86)\Sophos
2012-12-24 02:54 - 2012-12-24 02:53 - 82075768 ____N (Sophos Limited) C:\Users\Jason\Desktop\Sophos Virus Removal Tool.exe
2012-12-22 21:51 - 2012-12-22 21:51 - 00000843 ____A C:\Users\Jason\Desktop\AdwCleaner[S2].txt
2012-12-22 21:43 - 2012-12-22 21:43 - 00000843 ____A C:\AdwCleaner[S2].txt
2012-12-22 21:40 - 2012-12-22 21:40 - 00000671 ____A C:\Users\Jason\Desktop\JRT.txt
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\Windows\ERUNT
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\JRT
2012-12-22 20:59 - 2012-12-22 20:59 - 00496081 ____A (Oleg N. Scherbakov) C:\Users\Jason\Desktop\JRT.exe
2012-12-22 01:44 - 2012-12-22 01:44 - 00070741 ____A C:\ComboFix.txt
2012-12-22 01:29 - 2012-12-22 01:32 - 00000185 ____A C:\Users\Jason\Desktop\combo3.txt
2012-12-21 07:13 - 2012-12-21 07:13 - 00001363 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-12-21 06:46 - 2012-12-21 07:13 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-21 06:46 - 2012-12-21 06:46 - 00000000 ____D C:\Program Files\iPod
2012-12-21 06:45 - 2012-12-21 07:13 - 00000000 ____D C:\Program Files\iTunes
2012-12-21 04:17 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-21 04:17 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-21 04:17 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-21 04:17 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-21 04:10 - 2012-12-22 01:40 - 00001110 ____A C:\Windows\PFRO.log
2012-12-20 16:22 - 2012-12-20 16:22 - 00004840 ____A C:\Users\Jason\Desktop\SystemLook.txt
2012-12-20 16:20 - 2012-12-20 16:20 - 00165376 ____N C:\Users\Jason\Desktop\SystemLook_x64.exe
2012-12-19 23:43 - 2012-12-22 21:47 - 00003753 ____A C:\Users\Jason\Desktop\FSS.txt
2012-12-19 23:43 - 2012-12-19 23:42 - 00697869 ____N (Farbar) C:\Users\Jason\Desktop\FSS.exe
2012-12-19 12:35 - 2012-12-19 12:35 - 00001209 ____A C:\Users\Jason\Documents\Sanity check.txt
2012-12-19 12:33 - 2012-12-19 12:33 - 00004801 ____A C:\Users\Jason\AppData\Local\Temp28.html
2012-12-19 12:27 - 2012-12-19 12:30 - 00001293 ____A C:\Users\Jason\AppData\Local\Temp1.html
2012-12-19 12:27 - 2012-12-19 12:27 - 00000821 ____A C:\Users\Jason\Desktop\SanityCheck.lnk
2012-12-19 12:27 - 2012-12-19 12:27 - 00000000 ____D C:\Program Files\SanityCheck
2012-12-19 12:27 - 2012-10-29 00:20 - 00031328 ____A (Resplendence Software Projects Sp.) C:\Windows\System32\Drivers\rspSanity64.sys
2012-12-18 22:09 - 2012-12-18 22:08 - 00708960 ____N (Kaspersky Lab) C:\Users\Jason\Desktop\GetSystemInfo.exe
2012-12-18 12:39 - 2012-12-25 02:50 - 00002390 ____A C:\Windows\setupact.log
2012-12-18 12:39 - 2012-12-18 12:39 - 00000000 ____A C:\Windows\setuperr.log
2012-12-18 11:38 - 2012-12-18 11:38 - 02322184 ____A (ESET) C:\Users\Jason\Downloads\esetsmartinstaller_enu.exe
2012-12-18 11:34 - 2012-12-18 11:34 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-12-18 11:34 - 2012-12-18 11:34 - 00000000 ____D C:\Program Files\CCleaner
2012-12-18 11:05 - 2012-12-18 11:06 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Jason\Desktop\tdsskiller.exe
2012-12-18 10:11 - 2012-12-22 01:44 - 00000000 ___AD C:\Qoobox
2012-12-18 10:11 - 2012-12-18 10:16 - 00000000 ____D C:\Windows\erdnt
2012-12-18 10:11 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-12-18 10:11 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-12-18 10:11 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-12-18 10:11 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-12-18 10:11 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-12-18 10:11 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-12-18 10:11 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-12-18 10:11 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-12-18 10:09 - 2012-12-18 10:09 - 05012571 ____R (Swearware) C:\Users\Jason\Desktop\ComboFix.exe
2012-12-18 07:19 - 2010-11-30 17:27 - 00083784 ____A (AVG Technologies) C:\Windows\System32\rdboot64.exe
2012-12-18 06:39 - 2012-12-18 06:39 - 00003954 ____A C:\AdwCleaner[S1].txt
2012-12-18 06:34 - 2012-12-18 06:38 - 00065404 ____A C:\Users\Jason\Downloads\Extras.Txt
2012-12-18 06:34 - 2012-12-18 06:34 - 00218146 ____A C:\Users\Jason\Downloads\OTL.Txt
2012-12-18 06:24 - 2012-12-18 06:24 - 00602112 ____A (OldTimer Tools) C:\Users\Jason\Downloads\OTL.com
2012-12-18 05:42 - 2012-12-18 05:42 - 00000628 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-18 05:40 - 2012-12-18 06:50 - 00007604 ____A C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
2012-12-18 05:32 - 2012-12-18 05:35 - 00006779 ____A C:\Users\Jason\Documents\Uninstall STAR WARS The Old Republic.log
2012-12-15 07:27 - 2012-12-15 07:27 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Garmin
2012-12-15 07:27 - 2012-12-15 07:27 - 00000000 ____D C:\Users\Jason\AppData\Local\Garmin
2012-12-15 07:25 - 2012-12-15 07:25 - 00000000 ____D C:\Users\All Users\Ant
2012-12-15 07:22 - 2012-12-15 07:22 - 09542584 ____A (Igor Pavlov) C:\Users\Jason\Downloads\ANTAgent_233.exe
2012-12-15 07:22 - 2012-12-15 07:22 - 00000000 ____D C:\Program Files (x86)\Garmin
2012-12-12 11:46 - 2012-12-12 11:46 - 00069060 ____A C:\Users\Jason\Downloads\bmnlcjabgnpnenekpadlanbbkooimhnj_9856.crx
2012-12-12 07:36 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-12 07:36 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-12 07:36 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-12 07:36 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-12 07:36 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-12 07:36 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-12 07:36 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-12 07:36 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-12 07:36 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-12 07:36 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-12 07:36 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-12 07:36 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-12 07:36 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-12 07:36 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-12 07:36 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-12 07:36 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-12 07:36 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-12 07:36 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-12 07:36 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-12 07:36 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-12 07:36 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-12 07:36 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-12 07:36 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-12 07:36 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-12 07:36 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-12 07:36 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-12 07:36 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-12 07:36 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-12 07:36 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-12 07:36 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-12 07:36 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-12 07:36 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-11 20:03 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-11 20:03 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-11 20:03 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-11 20:03 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-11 20:03 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-11 20:03 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-11 20:03 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-11 20:03 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-11 20:03 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-11 20:03 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-11 20:03 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-11 20:03 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-11 20:03 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-11 20:03 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-11 20:03 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-11 20:03 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-11 20:03 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-11 20:03 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-11 20:03 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-11 11:31 - 2012-12-11 11:31 - 00000000 ____D C:\Users\Jason\AppData\Roaming\AVG2013
2012-12-11 11:17 - 2012-12-11 11:17 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-12-11 11:17 - 2012-12-11 11:17 - 00000000 ____D C:\Users\Jason\AppData\Roaming\TuneUp Software
2012-12-11 11:17 - 2012-12-11 11:17 - 00000000 ____D C:\Users\All Users\AVG2013
2012-12-11 11:15 - 2012-12-11 13:20 - 00000000 ____D C:\Users\Jason\AppData\Local\Avg2013
2012-12-11 11:15 - 2012-12-11 11:15 - 00000000 ____D C:\Users\Jason\AppData\Local\MFAData
2012-12-04 22:21 - 2012-12-04 22:21 - 00000000 ____D C:\Users\Jason\AppData\Local\Logitech® Webcam Software
2012-12-04 22:12 - 2012-12-04 22:13 - 00000000 ____D C:\Program Files (x86)\Logitech
2012-12-04 22:12 - 2012-12-04 22:12 - 00001624 ____A C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2012-12-04 22:12 - 2012-12-04 22:12 - 00000000 ____D C:\Users\All Users\Logitech
2012-12-03 09:55 - 2012-12-03 09:55 - 00071037 ____A C:\Users\Jason\Downloads\lica.mp4_.torrent
2012-12-03 09:54 - 2012-12-03 09:54 - 00019155 ____A C:\Users\Jason\Downloads\web.torrent
2012-12-03 09:54 - 2012-12-03 09:54 - 00013543 ____A C:\Users\Jason\Downloads\HD 720p.torrent
2012-12-03 09:51 - 2012-12-03 09:51 - 00002306 ____A C:\Users\Jason\Downloads\LC.mp4_.torrent
2012-12-03 09:50 - 2012-12-03 09:50 - 00027509 ____A C:\Users\Jason\Downloads\2p2.mp4_.torrent
2012-12-03 09:50 - 2012-12-03 09:50 - 00017866 ____A C:\Users\Jason\Downloads\la.mp4.torrent
2012-12-03 09:32 - 2012-12-03 09:32 - 00011681 ____A C:\Users\Jason\Downloads\DVDRip.XviD.torrent
2012-12-02 08:23 - 2012-12-02 08:23 - 00015364 ____A C:\Users\Jason\Downloads\[kat.ph]the.bourne.legacy.2012.dvdrip.xvid.neutrino.silvertorrent.torrent
2012-12-01 08:27 - 2012-12-01 08:27 - 00000000 ____D C:\Users\Jason\AppData\Local\NBGI
2012-12-01 08:15 - 2012-12-01 08:15 - 00000000 ____D C:\Windows\SysWOW64\xlive
2012-12-01 08:15 - 2012-12-01 08:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-12-01 08:15 - 2008-10-14 22:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2012-12-01 08:15 - 2008-10-14 22:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2012-12-01 08:15 - 2008-10-14 22:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2012-12-01 08:15 - 2008-10-14 22:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2012-12-01 08:14 - 2008-10-14 22:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2012-12-01 08:14 - 2008-10-14 22:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2012-12-01 08:03 - 2012-12-01 08:03 - 00000655 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-12-01 05:45 - 2012-12-01 05:45 - 00001169 ____A C:\Users\Jason\Downloads\[kat.ph]jim.butcher.dresden.files.14.cold.days.epub.mobi.torrent
2012-12-01 05:42 - 2012-12-01 05:42 - 00020195 ____A C:\Users\Jason\Downloads\[kat.ph]dark.souls.prepare.to.die.edition.flt.torrent
2012-11-27 07:59 - 2012-11-27 08:06 - 00173324 ____A C:\Windows\hpoins46.dat
2012-11-27 07:59 - 2010-01-30 05:17 - 00000532 ____N C:\Windows\hpomdl46.dat
2012-11-25 19:00 - 2012-11-25 19:00 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-11-25 05:18 - 2012-11-27 08:01 - 00000000 ____D C:\Program Files (x86)\HP
2012-11-25 05:18 - 2012-11-25 05:18 - 00000000 ____D C:\Program Files\HP
2012-11-25 05:18 - 2009-04-16 04:47 - 00136704 ____A (Hewlett-Packard Company) C:\Windows\System32\hpf3l70w.dll
2012-11-25 05:17 - 2012-11-27 08:06 - 00003200 ____A C:\Users\All Users\hpzinstall.log
2012-11-25 05:17 - 2012-11-25 05:17 - 00000000 ____D C:\Users\All Users\HP
2012-11-25 05:17 - 2009-04-16 03:53 - 00642360 ____A (Hewlett-Packard) C:\Windows\System32\hpzids40.dll
2012-11-25 05:17 - 2009-03-31 22:21 - 00881664 ____A (Hewlett-Packard) C:\Windows\System32\hposwia_d02d.dll
2012-11-25 05:17 - 2009-03-31 22:21 - 00749056 ____A (Hewlett-Packard Co.) C:\Windows\System32\hpost_d02d.dll
2012-11-25 05:17 - 2009-03-31 22:21 - 00516096 ____A (Hewlett-Packard Co.) C:\Windows\System32\hposc_d02a.dll
2012-11-25 05:17 - 2008-10-28 16:27 - 00551424 ____A (Hewlett-Packard) C:\Windows\System32\hppldcoi.dll

==================== One Month Modified Files and Folders =======

2012-12-25 02:55 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-25 02:55 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-25 02:54 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-25 02:52 - 2011-03-04 13:58 - 01213354 ____A C:\Windows\WindowsUpdate.log
2012-12-25 02:50 - 2012-12-18 12:39 - 00002390 ____A C:\Windows\setupact.log
2012-12-25 02:50 - 2012-11-23 03:25 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-12-25 02:50 - 2009-07-13 21:08 - 00032634 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-25 02:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-25 02:25 - 2012-12-25 02:25 - 00000000 ____D C:\FRST
2012-12-25 02:18 - 2011-03-08 04:59 - 00000000 ____D C:\Users\All Users\MFAData
2012-12-24 03:24 - 2012-12-24 03:24 - 00007429 ____A C:\Users\Jason\Desktop\hijackthis.log
2012-12-24 03:23 - 2012-12-24 03:23 - 00388608 ____N (Trend Micro Inc.) C:\Users\Jason\Desktop\HijackThis.exe
2012-12-24 02:56 - 2012-12-24 02:56 - 00003205 ____A C:\Users\Jason\Desktop\Sophos Virus Removal Tool.lnk
2012-12-24 02:56 - 2012-12-24 02:56 - 00000000 ____D C:\Users\All Users\Sophos
2012-12-24 02:56 - 2012-12-24 02:56 - 00000000 ____D C:\Program Files (x86)\Sophos
2012-12-24 02:53 - 2012-12-24 02:54 - 82075768 ____N (Sophos Limited) C:\Users\Jason\Desktop\Sophos Virus Removal Tool.exe
2012-12-22 21:51 - 2012-12-22 21:51 - 00000843 ____A C:\Users\Jason\Desktop\AdwCleaner[S2].txt
2012-12-22 21:47 - 2012-12-19 23:43 - 00003753 ____A C:\Users\Jason\Desktop\FSS.txt
2012-12-22 21:43 - 2012-12-22 21:43 - 00000843 ____A C:\AdwCleaner[S2].txt
2012-12-22 21:40 - 2012-12-22 21:40 - 00000671 ____A C:\Users\Jason\Desktop\JRT.txt
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\Windows\ERUNT
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\JRT
2012-12-22 20:59 - 2012-12-22 20:59 - 00496081 ____A (Oleg N. Scherbakov) C:\Users\Jason\Desktop\JRT.exe
2012-12-22 20:53 - 2011-03-04 11:18 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3976937805-115465362-3826958485-1001UA.job
2012-12-22 18:53 - 2011-03-04 11:18 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3976937805-115465362-3826958485-1001Core.job
2012-12-22 02:03 - 2012-02-17 12:42 - 00022368 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\AFD.SYS
2012-12-22 02:03 - 2009-07-13 16:10 - 00022368 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\WS2IFSL.SYS
2012-12-22 01:44 - 2012-12-22 01:44 - 00070741 ____A C:\ComboFix.txt
2012-12-22 01:44 - 2012-12-18 10:11 - 00000000 ___AD C:\Qoobox
2012-12-22 01:44 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2012-12-22 01:43 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-12-22 01:40 - 2012-12-21 04:10 - 00001110 ____A C:\Windows\PFRO.log
2012-12-22 01:32 - 2012-12-22 01:29 - 00000185 ____A C:\Users\Jason\Desktop\combo3.txt
2012-12-22 01:31 - 2011-03-04 11:18 - 00000000 ____D C:\Users\Jason\AppData\Local\Apps\2.0
2012-12-21 07:13 - 2012-12-21 07:13 - 00001363 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-12-21 07:13 - 2012-12-21 06:46 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-21 07:13 - 2012-12-21 06:45 - 00000000 ____D C:\Program Files\iTunes
2012-12-21 06:46 - 2012-12-21 06:46 - 00000000 ____D C:\Program Files\iPod
2012-12-21 04:22 - 2009-07-13 20:45 - 00277152 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-20 16:22 - 2012-12-20 16:22 - 00004840 ____A C:\Users\Jason\Desktop\SystemLook.txt
2012-12-20 16:20 - 2012-12-20 16:20 - 00165376 ____N C:\Users\Jason\Desktop\SystemLook_x64.exe
2012-12-19 23:42 - 2012-12-19 23:43 - 00697869 ____N (Farbar) C:\Users\Jason\Desktop\FSS.exe
2012-12-19 12:35 - 2012-12-19 12:35 - 00001209 ____A C:\Users\Jason\Documents\Sanity check.txt
2012-12-19 12:33 - 2012-12-19 12:33 - 00004801 ____A C:\Users\Jason\AppData\Local\Temp28.html
2012-12-19 12:30 - 2012-12-19 12:27 - 00001293 ____A C:\Users\Jason\AppData\Local\Temp1.html
2012-12-19 12:27 - 2012-12-19 12:27 - 00000821 ____A C:\Users\Jason\Desktop\SanityCheck.lnk
2012-12-19 12:27 - 2012-12-19 12:27 - 00000000 ____D C:\Program Files\SanityCheck
2012-12-18 22:08 - 2012-12-18 22:09 - 00708960 ____N (Kaspersky Lab) C:\Users\Jason\Desktop\GetSystemInfo.exe
2012-12-18 13:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-12-18 12:39 - 2012-12-18 12:39 - 00000000 ____A C:\Windows\setuperr.log
2012-12-18 11:38 - 2012-12-18 11:38 - 02322184 ____A (ESET) C:\Users\Jason\Downloads\esetsmartinstaller_enu.exe
2012-12-18 11:36 - 2011-12-11 13:52 - 00000000 ____D C:\Users\Jason\AppData\Roaming\DAEMON Tools Lite
2012-12-18 11:36 - 2011-03-20 17:36 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Azureus
2012-12-18 11:36 - 2011-03-04 13:49 - 00000000 ____D C:\Windows\Panther
2012-12-18 11:34 - 2012-12-18 11:34 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-12-18 11:34 - 2012-12-18 11:34 - 00000000 ____D C:\Program Files\CCleaner
2012-12-18 11:06 - 2012-12-18 11:05 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Jason\Desktop\tdsskiller.exe
2012-12-18 10:17 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-12-18 10:16 - 2012-12-18 10:11 - 00000000 ____D C:\Windows\erdnt
2012-12-18 10:09 - 2012-12-18 10:09 - 05012571 ____R (Swearware) C:\Users\Jason\Desktop\ComboFix.exe
2012-12-18 07:19 - 2011-03-03 22:00 - 00000000 ____D C:\users\Jason
2012-12-18 06:50 - 2012-12-18 05:40 - 00007604 ____A C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
2012-12-18 06:39 - 2012-12-18 06:39 - 00003954 ____A C:\AdwCleaner[S1].txt
2012-12-18 06:38 - 2012-12-18 06:34 - 00065404 ____A C:\Users\Jason\Downloads\Extras.Txt
2012-12-18 06:34 - 2012-12-18 06:34 - 00218146 ____A C:\Users\Jason\Downloads\OTL.Txt
2012-12-18 06:24 - 2012-12-18 06:24 - 00602112 ____A (OldTimer Tools) C:\Users\Jason\Downloads\OTL.com
2012-12-18 06:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration
2012-12-18 05:52 - 2012-11-23 03:29 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Skype
2012-12-18 05:42 - 2012-12-18 05:42 - 00000628 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-18 05:35 - 2012-12-18 05:32 - 00006779 ____A C:\Users\Jason\Documents\Uninstall STAR WARS The Old Republic.log
2012-12-18 05:27 - 2011-03-27 05:40 - 00000000 ____D C:\Windows\Minidump
2012-12-16 09:11 - 2012-12-21 04:17 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-16 06:45 - 2012-12-21 04:17 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-16 06:13 - 2012-12-21 04:17 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-16 06:13 - 2012-12-21 04:17 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-15 07:27 - 2012-12-15 07:27 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Garmin
2012-12-15 07:27 - 2012-12-15 07:27 - 00000000 ____D C:\Users\Jason\AppData\Local\Garmin
2012-12-15 07:25 - 2012-12-15 07:25 - 00000000 ____D C:\Users\All Users\Ant
2012-12-15 07:22 - 2012-12-15 07:22 - 09542584 ____A (Igor Pavlov) C:\Users\Jason\Downloads\ANTAgent_233.exe
2012-12-15 07:22 - 2012-12-15 07:22 - 00000000 ____D C:\Program Files (x86)\Garmin
2012-12-12 11:46 - 2012-12-12 11:46 - 00069060 ____A C:\Users\Jason\Downloads\bmnlcjabgnpnenekpadlanbbkooimhnj_9856.crx
2012-12-12 10:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-12 07:37 - 2011-03-04 13:02 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-11 13:20 - 2012-12-11 11:15 - 00000000 ____D C:\Users\Jason\AppData\Local\Avg2013
2012-12-11 11:31 - 2012-12-11 11:31 - 00000000 ____D C:\Users\Jason\AppData\Roaming\AVG2013
2012-12-11 11:31 - 2011-03-08 05:01 - 00000000 ____D C:\Program Files (x86)\AVG
2012-12-11 11:17 - 2012-12-11 11:17 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-12-11 11:17 - 2012-12-11 11:17 - 00000000 ____D C:\Users\Jason\AppData\Roaming\TuneUp Software
2012-12-11 11:17 - 2012-12-11 11:17 - 00000000 ____D C:\Users\All Users\AVG2013
2012-12-11 11:17 - 2012-05-17 17:17 - 00000000 ____D C:\$AVG
2012-12-11 11:15 - 2012-12-11 11:15 - 00000000 ____D C:\Users\Jason\AppData\Local\MFAData
2012-12-04 22:21 - 2012-12-04 22:21 - 00000000 ____D C:\Users\Jason\AppData\Local\Logitech® Webcam Software
2012-12-04 22:13 - 2012-12-04 22:12 - 00000000 ____D C:\Program Files (x86)\Logitech
2012-12-04 22:13 - 2012-11-23 03:25 - 00019411 ____A C:\Windows\System32\lvcoinst.log
2012-12-04 22:13 - 2012-11-23 03:25 - 00000000 ____D C:\Program Files\Common Files\logishrd
2012-12-04 22:12 - 2012-12-04 22:12 - 00001624 ____A C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2012-12-04 22:12 - 2012-12-04 22:12 - 00000000 ____D C:\Users\All Users\Logitech
2012-12-03 09:55 - 2012-12-03 09:55 - 00071037 ____A C:\Users\Jason\Downloads\lica.mp4_.torrent
2012-12-03 09:54 - 2012-12-03 09:54 - 00019155 ____A C:\Users\Jason\Downloads\wc.torrent
2012-12-03 09:54 - 2012-12-03 09:54 - 00013543 ____A C:\Users\Jason\Downloads\HD 720p.torrent
2012-12-03 09:51 - 2012-12-03 09:51 - 00002306 ____A C:\Users\Jason\Downloads\lc.mp4_.torrent
2012-12-03 09:50 - 2012-12-03 09:50 - 00027509 ____A C:\Users\Jason\Downloads\2P2.mp4_.torrent
2012-12-03 09:50 - 2012-12-03 09:50 - 00017866 ____A C:\Users\Jason\Downloads\la.mp4.torrent
2012-12-03 09:32 - 2012-12-03 09:32 - 00011681 ____A C:\Users\Jason\Downloads\DVDRip.XviD.torrent
2012-12-02 08:23 - 2012-12-02 08:23 - 00015364 ____A C:\Users\Jason\Downloads\[kat.ph]the.bourne.legacy.2012.dvdrip.xvid.neutrino.silvertorrent.torrent
2012-12-01 08:27 - 2012-12-01 08:27 - 00000000 ____D C:\Users\Jason\AppData\Local\NBGI
2012-12-01 08:15 - 2012-12-01 08:15 - 00000000 ____D C:\Windows\SysWOW64\xlive
2012-12-01 08:15 - 2012-12-01 08:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-12-01 08:15 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-12-01 08:05 - 2011-12-11 13:52 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-12-01 08:03 - 2012-12-01 08:03 - 00000655 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-12-01 08:03 - 2011-12-11 13:54 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-12-01 05:45 - 2012-12-01 05:45 - 00001169 ____A C:\Users\Jason\Downloads\[kat.ph]jim.butcher.dresden.files.14.cold.days.epub.mobi.torrent
2012-12-01 05:42 - 2012-12-01 05:42 - 00020195 ____A C:\Users\Jason\Downloads\[kat.ph]dark.souls.prepare.to.die.edition.flt.torrent
2012-11-29 06:01 - 2011-09-15 15:07 - 00000000 ____D C:\Users\Jason\AppData\Roaming\vlc
2012-11-27 08:06 - 2012-11-27 07:59 - 00173324 ____A C:\Windows\hpoins46.dat
2012-11-27 08:06 - 2012-11-25 05:17 - 00003200 ____A C:\Users\All Users\hpzinstall.log
2012-11-27 08:01 - 2012-11-25 05:18 - 00000000 ____D C:\Program Files (x86)\HP
2012-11-25 19:00 - 2012-11-25 19:00 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-11-25 05:18 - 2012-11-25 05:18 - 00000000 ____D C:\Program Files\HP
2012-11-25 05:17 - 2012-11-25 05:17 - 00000000 ____D C:\Users\All Users\HP
2012-11-25 00:14 - 2012-11-23 03:25 - 00000000 ____D C:\Users\All Users\LogiShrd

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-12 07:36:33
Restore point made on: 2012-12-18 06:27:11
Restore point made on: 2012-12-18 07:18:54
Restore point made on: 2012-12-21 04:05:31
Restore point made on: 2012-12-21 04:17:14
Restore point made on: 2012-12-24 02:56:11

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6135.12 MB
Available physical RAM: 5409.14 MB
Total Pagefile: 6133.27 MB
Available Pagefile: 5396.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:111.79 GB) (Free:68.35 GB) NTFS
2 Drive e: (New Volume) (Fixed) (Total:931.41 GB) (Free:350.42 GB) NTFS
3 Drive f: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
4 Drive g: () (Removable) (Total:0.24 GB) (Free:0.04 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 1024 KB
Disk 1 Online 111 GB 0 B
Disk 2 Online 244 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E New Volume NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 111 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 111 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 244 MB 49 KB

==================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 244 MB Healthy

=========================================================

Last Boot: 2012-12-14 16:06

==================== End Of Log =============================

Farbar Recovery Scan Tool (x64) Version: 23-12-2012 01
Ran by SYSTEM at 2012-12-25 11:08:29
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-12-18 10:16] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled26th December 2012, 7:47 pm

more_horiz
FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2012-12-19 12:33 - 2012-12-19 12:33 - 00004801 ____A C:\Users\Jason\AppData\Local\Temp28.html
2012-12-19 12:27 - 2012-12-19 12:30 - 00001293 ____A C:\Users\Jason\AppData\Local\Temp1.html
2012-12-12 11:46 - 2012-12-12 11:46 - 00069060 ____A C:\Users\Jason\Downloads\bmnlcjabgnpnenekpadlanbbkooimhnj_9856.crx
2012-12-03 09:55 - 2012-12-03 09:55 - 00071037 ____A C:\Users\Jason\Downloads\lica.mp4_.torrent
2012-12-03 09:54 - 2012-12-03 09:54 - 00019155 ____A C:\Users\Jason\Downloads\web.torrent
2012-12-03 09:54 - 2012-12-03 09:54 - 00013543 ____A C:\Users\Jason\Downloads\HD 720p.torrent
2012-12-03 09:51 - 2012-12-03 09:51 - 00002306 ____A C:\Users\Jason\Downloads\LC.mp4_.torrent
2012-12-03 09:50 - 2012-12-03 09:50 - 00027509 ____A C:\Users\Jason\Downloads\2p2.mp4_.torrent
2012-12-03 09:50 - 2012-12-03 09:50 - 00017866 ____A C:\Users\Jason\Downloads\la.mp4.torrent
2012-12-03 09:32 - 2012-12-03 09:32 - 00011681 ____A C:\Users\Jason\Downloads\DVDRip.XviD.torrent
2012-12-02 08:23 - 2012-12-02 08:23 - 00015364 ____A C:\Users\Jason\Downloads\[kat.ph]the.bourne.legacy.2012.dvdrip.xvid.neutrino.silvertorrent.torrent
2012-12-01 05:45 - 2012-12-01 05:45 - 00001169 ____A C:\Users\Jason\Downloads\[kat.ph]jim.butcher.dresden.files.14.cold.days.epub.mobi.torrent
2012-12-01 05:42 - 2012-12-01 05:42 - 00020195 ____A C:\Users\Jason\Downloads\[kat.ph]dark.souls.prepare.to.die.edition.flt.torrent
end


NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled26th December 2012, 9:02 pm

more_horiz
Ran the fix, rebooted computer normally, but it still won't connect to the internet. Networking is still stuck on "identifying network" and still gives the error "windows could not automatically detect this network's proxy settings"

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2012 01
Ran by SYSTEM at 2012-12-26 20:45:45 Run:1
Running from G:\

==============================================

C:\Users\Jason\AppData\Local\Temp28.html moved successfully.
C:\Users\Jason\AppData\Local\Temp1.html moved successfully.
C:\Users\Jason\Downloads\bmnlcjabgnpnenekpadlanbbkooimhnj_9856.crx moved successfully.
C:\Users\Jason\Downloads\lica.mp4_.torrent moved successfully.
C:\Users\Jason\Downloads\web.torrent moved successfully.
C:\Users\Jason\Downloads\HD 720p.torrent moved successfully.
C:\Users\Jason\Downloads\LC.mp4_.torrent moved successfully.
C:\Users\Jason\Downloads\2p2.mp4_.torrent moved successfully.
C:\Users\Jason\Downloads\la.mp4.torrent moved successfully.
C:\Users\Jason\Downloads\DVDRip.XviD.torrent moved successfully.
C:\Users\Jason\Downloads\[kat.ph]the.bourne.legacy.2012.dvdrip.xvid.neutrino.silvertorrent.torrent moved successfully.
C:\Users\Jason\Downloads\[kat.ph]jim.butcher.dresden.files.14.cold.days.epub.mobi.torrent moved successfully.
C:\Users\Jason\Downloads\[kat.ph]dark.souls.prepare.to.die.edition.flt.torrent moved successfully.

==== End of Fixlog ====

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled26th December 2012, 9:11 pm

more_horiz
Just as a note, the last time that networking worked was after each time we did the combofix thing, but it didn't seem to last after I rebooted.

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled27th December 2012, 6:26 pm

more_horiz
Okay, let's do the following...

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Restore point made on: 2012-12-12 07:36:33
end


NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled27th December 2012, 8:04 pm

more_horiz
Still no networking... Here is log.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2012 01
Ran by SYSTEM at 2012-12-27 20:00:36 Run:2
Running from G:\

==============================================


==== End of Fixlog ====

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled28th December 2012, 5:26 pm

more_horiz
Please go to Start > Accessories > System Tools > System Restore.

Please use the earliest Restore Point you have and restore the system.

It should be this one: Restore point made on: 2012-12-12 07:36:33

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled28th December 2012, 7:30 pm

more_horiz
That restore point was not there. The earliest one I had was 12/12/2012 3:36:21 PM.

It seems like everything is working fine now. I can get on the internet and the hard drive isn't constantly running! It seems to be accessed quite a bit, but at least I can open things that are saved on it.

You win?!

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled28th December 2012, 9:09 pm

more_horiz
Well I guess I spoke too soon. iTunes updated and the hard drive is back to constantly running.

Trying to uninstall iTunes now... That hard drive is so bogged down that the uninstall program has been running for about 15 minutes now.

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled29th December 2012, 9:04 pm

more_horiz
Did we ever try out a hard drive test?

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled29th December 2012, 9:28 pm

more_horiz
I'm not sure, but I don't think so. I'm thinking of formating that drive to see if that will do it. It's a storage drive for the most part anyway. The OS runs off if the main SSD drive.

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled29th December 2012, 9:46 pm

more_horiz
This hard drive that is giving trouble is a SSD drive, or your main drive is a SSD drive?

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled30th December 2012, 5:14 am

more_horiz
Main drive is SSD and seems fine. It's the secondary drive that has the issue.

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled30th December 2012, 10:30 pm

more_horiz
I'm curious about something...

Make sure the Indexing service is disabled...

http://www.addictivetips.com/windows-tips/disable-search-indexing-in-windows-7/

Let me know if this helps resolve it or not...

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled31st December 2012, 10:36 am

more_horiz
Made the change, but still same problem. It seems to be the worst right after reboot. The hard drive light stays on constantly for about 20 minutes, and then it will just flicker constantly. Accessing or transferring files on that drive is very slow and commands are delayed.

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled1st January 2013, 12:06 am

more_horiz
  • Open up Task Manager by right clicking on the Task Bar
  • Select the Processes tab
  • Select the View menu item, then select the Select columns menu item
  • Select I/O Reads and I/O Other, then click OK to accept those changes
  • Select the "Show processes for all users" button in the lower left of the window
  • Resize the Task Manager window so you can see all the columns
  • Double click on the I/O Reads column header (to sort by that column)
  • Look for values that are excessively high in the I/O Reads or I/O Other.
  • Let us know the Image name for the processes that are causing this.

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled1st January 2013, 9:00 am

more_horiz
The highest I/O Reads is "avgrsa.exe" with 2,910,104

The two with the highest I/O Other are "avgidsagent.exe *32 with 38,593,481
and "wmpnetwk.exe" with 14,587,182

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled1st January 2013, 9:19 am

more_horiz
As I figured. :\ AVG Antivirus is not being nice to your computer. I got to thinking this morning, while working on my non-online job that it could be AVG or some other crazy antivirus like Trend Micro...

Ready to get a new antivirus? Probably one of the only ways to dwindle down hard drive usage.

It usually has to do with a virus infecting the computer, or an antivirus that always works overtime. AVG is one of the antivirus programs that work overtime. Goofy

wmpnetwk.exe is normal for it to have a lot of reads, as that is Windows Media Player networking service. If you have other music players like iTunes (which I saw you use in your process log) or Spotify, they will also read a lot too.

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled1st January 2013, 10:59 am

more_horiz
It's just weird that it started messing with that drive all of a sudden. I have used AVG for years with no apparent issues.

I did delete about 99% of the files that I was storing on that drive and it seems to be working a lot better now. I don't know why that would make a difference because it was only about 60% full.

I also uninstalled iTunes. I guess I'll look for another free antivirus and uninstall AVG.

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled1st January 2013, 1:10 pm

more_horiz
If AVG is constantly scanning that drive (especially if it's fragmented), it will take a long time depending on the settings in AVG and also how much is on the drive.

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled1st January 2013, 1:12 pm

more_horiz
Yeah. I uninstalled AVG and installed avast. Seems to be working pretty good now.

Thanks again for all of your help. I guess we'll see how it goes now Smile...

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled1st January 2013, 3:41 pm

more_horiz
Okie dokie. Smile...

descriptionHD constantly polled - Page 2 EmptyRe: HD constantly polled

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum