Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help, I'm infected

Started by AlI821, Apr 11 2012 11:40 AM

This topic is locked

25 replies to this topic

#1 AlI821

Regular Member

Honorary Members
65 posts

Posted 11 April 2012 - 11:40 AM

My computer has many adds showing up as well as working very slowly. Freezes alot too.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.11.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Shazia Begum :: SHAZIABEGUM-PC [administrator]

Protection: Enabled

11/04/2012 17:27:41
mbam-log-2012-04-11 (17-27-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201838
Time elapsed: 1 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Shazia Begum at 17:37:17 on 2012-04-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4008.1822 [GMT 1:00]
.
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Program Files (x86)\IdeaCom\IDCMgr\IdcSrv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\CtrlPanel.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter.exe
C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\MicroNEXT\Common\RaUI.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Windows\SysWOW64\CtrlPanel.exe
C:\Program Files (x86)\IdeaCom\IDCMgr\IdcMgr.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Freedom Scientific\JAWS\13.0\fsATProxy.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\BYOND\bin\byond.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\BYOND\bin\dreamseeker.exe
C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Shazia Begum\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [WCtrlPanel] C:\Windows\SysWOW64\CtrlPanel.exe
mRun: [IdeaCom Calibration] C:\Program Files (x86)\IdeaCom\IDCMgr\StartUT.exe calibration_check
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\SHAZIA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICRON~1.LNK - C:\Program Files (x86)\MicroNEXT\Common\RaUI.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Shazia Begum\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{108CD5B1-ED89-4621-938D-F8460005E142} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4FCA798A-112F-40E2-8BCC-02391F1CB669} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B887273F-390E-48B5-AC65-A19E4D9A682A} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{B887273F-390E-48B5-AC65-A19E4D9A682A} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D9DA8EA3-8033-4A15-9A19-E500C47C0069} : NameServer = 8.26.56.26,156.154.70.22
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun-x64: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [WCtrlPanel] C:\Windows\SysWOW64\CtrlPanel.exe
mRun-x64: [IdeaCom Calibration] C:\Program Files (x86)\IdeaCom\IDCMgr\StartUT.exe calibration_check
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-2-1 23208]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Users\SHAZIA~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Users\SHAZIA~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-2-1 3064624]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 CtrlPanel;CtrlPanel;C:\Windows\SysWOW64\CtrlPanel.exe [2011-9-29 229376]
R2 Freedom Scientific Kernel Manager;Freedom Scientific Kernel Manager;\??\C:\Windows\system32\fsKMgr.dll --> C:\Windows\system32\fsKMgr.dll [?]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-30 36456]
R2 IdcSrv;IDCSRV Service;C:\Program Files (x86)\IdeaCom\IDCMgr\IdcSrv.exe [2011-9-29 252928]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-7-9 244624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-9 654408]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter.exe [2012-1-29 75040]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter64.exe [2012-1-29 210720]
R2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-29 2656280]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 fsvidmir_service;fsvidmir_service;C:\Windows\system32\DRIVERS\fsvidmir.sys --> C:\Windows\system32\DRIVERS\fsvidmir.sys [?]
R3 IdcFltr;HID Touch Screen Driver;C:\Windows\system32\DRIVERS\idcfltr.sys --> C:\Windows\system32\DRIVERS\idcfltr.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
R3 PQAWRwa;PQAWRwa;C:\Windows\SysWOW64\PQAWDrv.sys [2011-9-29 12384]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-2-1 63880]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 253600]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-4-2 173424]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 JTVNCProxy_13.0;JTVNCProxy_13.0;C:\Program Files\Freedom Scientific\JAWS\13.0\JTVNCProxy.exe [2011-12-8 19736]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-5-25 21504]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PowerBrl;powerBraille System Driver;\??\C:\Windows\system32\Drivers\powerbrl.sys --> C:\Windows\system32\Drivers\powerbrl.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-04-11 16:00:28 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\SUPERAntiSpyware.com
2012-04-11 16:00:28 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-04-11 11:22:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-04-11 11:22:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-04-11 11:22:59 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-04-11 11:22:40 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-11 11:22:40 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-11 11:22:40 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-11 11:19:03 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 11:19:03 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 11:19:03 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 11:19:03 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 11:19:03 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 11:19:03 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 11:19:03 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-09 19:48:13 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{4FFDF3F7-2D4D-4767-8675-14D96AFDD80C}
2012-04-09 12:17:01 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-04-09 11:08:54 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\VS Revo Group
2012-04-09 10:33:13 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Comodo
2012-04-09 10:32:32 -------- d-----w- C:\ProgramData\CPA_VA
2012-04-09 10:31:52 -------- d--h--w- C:\VritualRoot
2012-04-09 10:24:23 -------- d-----w- C:\ProgramData\Comodo
2012-04-09 10:24:21 -------- d-----w- C:\Program Files (x86)\Comodo
2012-04-09 10:24:10 -------- d-----w- C:\Program Files\COMODO
2012-04-08 15:29:47 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\NokiaAccount
2012-04-08 15:29:09 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Nokia
2012-04-08 15:28:38 -------- d-----w- C:\ProgramData\Nokia
2012-04-08 15:28:05 -------- d-----w- C:\Program Files (x86)\PC Connectivity Solution
2012-04-08 15:27:14 -------- d-----w- C:\ProgramData\NokiaInstallerCache
2012-04-08 15:27:14 -------- d-----w- C:\Program Files (x86)\Nokia
2012-04-08 10:52:55 238764 ----a-w- C:\ProgramData\1333882074.bdinstall.bin
2012-04-08 10:48:16 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\QuickScan
2012-04-07 12:45:51 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{BE715F02-8A00-4E2F-97EB-3F04096AF159}
2012-04-07 11:19:31 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{2694F568-7F9F-4B6A-A496-D9F94F2BF159}
2012-04-06 10:20:49 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E993DC25-C93B-4BB9-8366-626753F1FEA6}\mpengine.dll
2012-04-06 10:17:52 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{58A282AA-AB37-4B94-AB8A-AAA5B8B40CF9}
2012-04-05 17:34:26 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Mozilla
2012-04-05 13:15:39 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{56BD76DB-AEA9-4E18-9850-B7BC82DE2A1D}
2012-04-05 11:37:09 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-03 18:28:04 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\DVDVideoSoftIEHelpers
2012-04-03 18:27:29 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
2012-04-03 18:27:28 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\DVDVideoSoft
2012-04-03 18:27:28 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
2012-04-03 11:32:22 -------- d-----w- C:\avast! sandbox
2012-04-03 11:25:02 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{29BDD252-050C-4915-835F-8690DDD8F58E}
2012-04-02 15:31:55 169 ----a-w- C:\Delete.bat
2012-03-31 17:43:29 -------- d--h--w- C:\ProgramData\Common Files
2012-03-31 17:42:57 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\AVG2012
2012-03-28 20:07:59 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{E6E15007-6F5D-4346-AD71-7144E66FD6B6}
2012-03-28 20:07:43 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{2FBB44F9-A32D-4D5E-BA50-7E69F27FD450}
2012-03-27 15:14:54 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{76ED64E8-70B9-4032-AF1C-634BEE85D4FE}
2012-03-26 19:33:34 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{7E112A59-C17C-4387-BF16-A799BE8C0AAA}
2012-03-25 20:03:46 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{B28AFA12-E40F-4221-B545-C6760EA81B81}
2012-03-25 20:03:33 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{E6CB7EBF-190A-4399-B758-BDF8D812CEAF}
2012-03-22 20:51:45 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{5036C2B0-B9AD-466A-943E-D81A896E67D8}
2012-03-22 20:51:32 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{F6E84D56-9D30-43BC-A589-76AE20AC1AA0}
2012-03-21 20:18:30 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{4379F2AE-7E07-4429-BC6E-B30675D2359D}
2012-03-21 20:18:17 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{E9C12646-E7CB-481A-96D4-05BE58463C16}
2012-03-20 20:45:31 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{F574575C-4C25-47EC-A919-7F93A960823A}
2012-03-20 20:45:15 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{85303857-8010-4504-8733-30FCB772FD8C}
2012-03-17 15:13:56 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{D9B2574C-CC5C-41FE-89C8-E2FE454DF871}
2012-03-17 15:13:42 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{F14FFBA6-9F84-4A3E-A9DC-5BED11093B0F}
2012-03-16 19:48:19 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{B3DE9EB4-69DB-491A-B7D7-23A6F07BC893}
2012-03-16 19:48:03 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{1FB8295A-DFF5-4FB4-9D57-F10F6F08C31B}
2012-03-15 17:37:05 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{B7DA6A82-BA29-4D64-ABE3-313B5FDA850A}
2012-03-15 17:36:45 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{F6331EED-3093-4104-8605-ADA111CD6806}
2012-03-14 20:41:25 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{8CE61F0E-6505-417E-9BFE-FEE49C483BD4}
2012-03-14 12:36:41 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 12:36:34 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 12:36:34 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 12:29:09 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 12:29:09 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 12:29:09 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 12:29:00 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 12:29:00 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 12:29:00 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 12:29:00 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-12 21:04:27 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{49D1D077-03DD-46D2-A84B-D25AF5BB7C40}
2012-03-12 21:04:08 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{BB2B426B-8677-42E9-9170-4D85B722E237}
.
==================== Find3M ====================
.
2012-04-07 10:50:54 73 ----a-w- C:\Windows\SysWow64\ssprs.dll
2012-04-07 10:50:54 205 ----a-w- C:\Windows\SysWow64\c4t9jah.dll
2012-04-05 11:37:09 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 14:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-18 15:16:15 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-11 20:13:42 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2012-03-11 20:13:42 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2012-03-11 20:13:40 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2012-03-11 20:13:22 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
2012-03-11 20:13:20 301224 ----a-w- C:\Windows\SysWow64\guard32.dll
2012-03-11 20:13:18 389840 ----a-w- C:\Windows\System32\guard64.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-14 18:55:04 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 18:55:02 5886232 ----a-w- C:\Windows\System32\GfxUI.exe
2012-02-14 18:55:02 511768 ----a-w- C:\Windows\System32\igfxsrvc.exe
2012-02-14 18:55:02 440600 ----a-w- C:\Windows\System32\igfxpers.exe
2012-02-14 18:55:02 398616 ----a-w- C:\Windows\System32\hkcmd.exe
2012-02-14 18:55:02 250136 ----a-w- C:\Windows\System32\igfxext.exe
2012-02-14 18:55:02 184600 ----a-w- C:\Windows\System32\difx64.exe
2012-02-14 18:55:02 170264 ----a-w- C:\Windows\System32\igfxtray.exe
2012-02-14 18:53:26 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2653.dll
2012-02-14 18:47:40 8086528 ----a-w- C:\Windows\System32\igdumd64.dll
2012-02-14 18:47:38 14692224 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-02-14 18:47:06 963912 ----a-w- C:\Windows\SysWow64\igkrng600.bin
2012-02-14 18:47:06 963912 ----a-w- C:\Windows\System32\igkrng600.bin
2012-02-14 18:47:06 79360 ----a-w- C:\Windows\System32\igdde64.dll
2012-02-14 18:47:06 261208 ----a-w- C:\Windows\SysWow64\igfcg600m.bin
2012-02-14 18:47:06 261208 ----a-w- C:\Windows\System32\igfcg600m.bin
2012-02-14 18:44:54 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-02-14 18:44:24 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll
2012-02-14 18:42:58 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-02-14 18:35:26 7794688 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-02-14 18:07:18 18125312 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-02-14 17:59:56 13209600 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-02-14 17:56:42 110592 ----a-w- C:\Windows\System32\hccutils.dll
2012-02-14 17:56:34 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-02-14 17:56:34 430080 ----a-w- C:\Windows\System32\igfxdev.dll
2012-02-14 17:56:34 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-02-14 17:56:06 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-02-14 17:56:04 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-02-14 17:56:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll
2012-02-14 17:55:06 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-02-14 17:54:36 321024 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-02-14 17:53:08 524800 ----a-w- C:\Windows\System32\iglhsip64.dll
2012-02-14 17:53:08 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2012-02-14 17:53:08 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-02-14 17:53:08 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-02-14 17:53:08 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-02-14 17:53:08 213504 ----a-w- C:\Windows\System32\iglhcp64.dll
2012-02-14 17:53:08 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2012-02-14 17:53:08 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2012-02-14 11:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-01-29 20:02:25 1025 ----a-w- C:\Windows\SysWow64\clauth2.dll
2012-01-29 20:02:25 1025 ----a-w- C:\Windows\SysWow64\clauth1.dll
2012-01-29 16:46:41 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-01-29 16:46:41 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-01-29 16:17:41 1024 ----a-w- C:\Windows\SysWow64\f7ewx7r.dll
2012-01-19 08:23:58 339320 ----a-w- C:\Windows\SysWow64\HMIPCore.dll
.
============= FINISH: 17:37:48.12 ===============

.

Windows 8 Professional 64-bit • Avast Free Antivirus (latest) • MBAM On-Demand (latest) • Comodo Firewall • Google Chrome • CCleaner

#2 Maniac

Forum Deity

Experts
17,450 posts

Gender:Male
Location:Bulgaria, EU

Posted 12 April 2012 - 06:36 AM

Hello AlI821! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

You have missed Attach.txt .

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#3 AlI821

Regular Member

Honorary Members
65 posts

Posted 12 April 2012 - 01:15 PM

Sorry about that. Here is the attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 29/01/2012 14:11:20
System Uptime: 12/04/2012 17:13:46 (2 hours ago)
.
Motherboard: Acer | | Aspire Z1801
Processor: Intel® Pentium® CPU G620 @ 2.60GHz | CPU 1 | 2600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 394.679 GiB free.
D: is FIXED (NTFS) - 455 GiB total, 454.298 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP50: 07/04/2012 11:47:06 - avast! Internet Security Setup
RP51: 07/04/2012 11:53:50 - avast! Internet Security Setup
RP53: 07/04/2012 19:10:30 - Windows Defender Checkpoint
RP54: 09/04/2012 11:25:33 - Device Driver Package Install: COMODO Network Service
RP55: 09/04/2012 13:02:19 - Restore Operation
RP56: 09/04/2012 13:18:01 - Device Driver Package Install: COMODO Network Service
RP57: 10/04/2012 13:45:18 - Comodo working fine. Clean PC.
RP58: 11/04/2012 12:18:05 - Windows Update
.
==== Installed Programs ======================
.
??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
??????? Windows Live Mesh ActiveX ???
???????? ?????????? Windows Live
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)
?????????? Windows Live
??????????? ?? Windows Live
Acer eRecovery Management
Acer Games
Acer PowerSaver
Acer Registration
Acer ScreenSaver
Acer Updater
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????
Adobe Reader X (10.1.3) MUI
Agatha Christie - Death on the Nile
µTorrent
Bejeweled 2 Deluxe
Build Your Own Net Dream (remove only)
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
clear.fi
clear.fi Client
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Control ActiveX del Windows Live Mesh per a connexions remotes
Control ActiveX Windows Live Mesh pentru conexiuni la distan?a
Controle ActiveX do Windows Live Mesh para Conexões Remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
Crazy Chicken Kart 2
CtrlPanel
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
eBay Worldwide
Emsisoft Anti-Malware
FATE
Final Drive: Nitro
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
Fotogalerija Windows Live
Free YouTube Download version 3.1.22.319
Freedom Scientific Ocr
Freedom Scientific OmniPage
Freedom Scientific Synthesizer Eloquence
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galeria fotogràfica del Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Google Chrome
Hotkey Utility
IdeaCom Touch Screen 3.3.0000.26
Identity Card
Insaniquarium Deluxe
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Java Auto Updater
Java™ 6 Update 31
Jewel Match 3
Jewel Quest Solitaire
John Deere Drive Green
Junk Mail filter update
K-Lite Codec Pack 8.2.0 (Basic)
Kobo
Kontrola Windows Live Mesh ActiveX za daljinske veze
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
MicroNEXT MicroNEXT USB Wireless
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery of Mortlake Mansion
MyWinLocker 4
MyWinLocker Suite
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
Penguins!
Plants vs. Zombies - Game of the Year
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Bowler
Pošta Windows Live
Raccolta foto di Windows Live
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
S?????? f?t???af??? t?? Windows Live
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Sentinel System Driver Installer 7.5.0
Shredder
Slingo Deluxe
SopCast 3.4.8
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
Torchlight
TouchSettings
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Urruneko konexioetarako Windows Live Mesh ActiveX kontrola
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
Veetle TV
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
Wedding Dash
Welcome Center
WildTangent Games App (Acer Games)
Windows Live
Windows Live ???
Windows Live ????
Windows Live Argazki Galeria
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz
Windows Live Mesh ActiveX control for remote connections
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
12/04/2012 17:14:04, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nmfmfx zvijcv
11/04/2012 13:29:05, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
11/04/2012 13:29:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/04/2012 13:29:04, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/04/2012 13:29:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/04/2012 13:28:35, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/04/2012 13:28:35, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
11/04/2012 13:27:57, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: zvijcv
09/04/2012 13:27:57, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
09/04/2012 13:27:57, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/04/2012 13:18:39, Error: bowser [8003] - The master browser has received a server announcement from the computer L-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B887273F-390E-48B5-AC65-A19E4D9A682A}. The master browser is stopping or an election is being forced.
09/04/2012 13:17:56, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
09/04/2012 11:16:35, Error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).
09/04/2012 11:16:23, Error: Service Control Manager [7034] - The BitDefender Desktop Update Service service terminated unexpectedly. It has done this 1 time(s).
08/04/2012 17:11:56, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Fax service to connect.
08/04/2012 17:11:56, Error: Service Control Manager [7000] - The Fax service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
08/04/2012 16:28:09, Error: Service Control Manager [7030] - The ServiceLayer service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
08/04/2012 15:55:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
08/04/2012 15:55:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
08/04/2012 15:54:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
08/04/2012 15:54:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
08/04/2012 15:53:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
08/04/2012 15:53:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
08/04/2012 15:52:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
08/04/2012 15:42:32, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
07/04/2012 11:49:34, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
07/04/2012 11:49:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
07/04/2012 11:49:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
07/04/2012 11:49:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
07/04/2012 11:49:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
07/04/2012 11:49:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
07/04/2012 11:49:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
07/04/2012 11:49:15, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
07/04/2012 11:49:12, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
07/04/2012 11:49:12, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
07/04/2012 11:49:12, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
07/04/2012 11:49:12, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
07/04/2012 11:49:12, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
07/04/2012 11:49:12, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
07/04/2012 11:49:12, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
07/04/2012 11:49:12, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
07/04/2012 11:49:12, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
07/04/2012 11:49:12, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
06/04/2012 15:45:44, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
06/04/2012 14:28:50, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx SASDIFSV SASKUTIL
06/04/2012 11:22:16, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
05/04/2012 16:59:00, Error: Service Control Manager [7034] - The bnserv4 service terminated unexpectedly. It has done this 1 time(s).
05/04/2012 16:21:04, Error: Service Control Manager [7030] - The bnserv4 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

Windows 8 Professional 64-bit • Avast Free Antivirus (latest) • MBAM On-Demand (latest) • Comodo Firewall • Google Chrome • CCleaner

#4 Maniac

Forum Deity

Experts
17,450 posts

Gender:Male
Location:Bulgaria, EU

Posted 12 April 2012 - 03:25 PM

Step 1

Please uninstall µTorrent, because of our rules:
http://forums.malwar...showtopic=97700

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#5 AlI821

Regular Member

Honorary Members
65 posts

Posted 12 April 2012 - 03:43 PM

Sorry about that. Utorrent has been uninstalled.

Here is the Combofix log. it has quarantined some files:

ComboFix 12-04-12.03 - Shazia Begum 12/04/2012 21:34:40.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4008.2235 [GMT 1:00]
Running from: c:\users\Shazia Begum\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\programutil.dat
c:\windows\SSCE5432.DLL
c:\windows\SysWow64\c4t9jah.dll
c:\windows\SysWow64\ssprs.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-12 20:38 . 2012-04-12 20:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-11 16:00 . 2012-04-11 16:00 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\SUPERAntiSpyware.com
2012-04-11 16:00 . 2012-04-11 16:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-11 11:22 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-11 11:22 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-11 11:22 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-11 11:22 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 11:22 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 11:22 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 11:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 11:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 11:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 11:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 11:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 11:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 11:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 12:17 . 2012-04-09 12:17 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-04-09 11:08 . 2012-04-09 11:08 -------- d-----w- c:\users\Shazia Begum\AppData\Local\VS Revo Group
2012-04-09 10:33 . 2012-04-09 15:12 -------- d-----w- c:\users\Shazia Begum\AppData\Local\Comodo
2012-04-09 10:32 . 2012-04-09 12:28 -------- d-----w- c:\programdata\CPA_VA
2012-04-09 10:31 . 2012-04-09 10:31 -------- d-----w- C:\VritualRoot
2012-04-09 10:24 . 2012-04-09 12:18 -------- d-----w- c:\programdata\Comodo
2012-04-09 10:24 . 2012-04-09 12:26 -------- d-----w- c:\program files (x86)\Comodo
2012-04-09 10:24 . 2012-04-09 12:28 -------- d-----w- c:\program files\COMODO
2012-04-08 15:29 . 2012-04-08 15:29 -------- d-----w- c:\users\Shazia Begum\AppData\Local\Nokia
2012-04-08 15:29 . 2012-04-08 15:29 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\Nokia
2012-04-08 15:29 . 2012-04-08 15:29 -------- d-----w- c:\programdata\PC Suite
2012-04-08 15:29 . 2012-04-08 16:08 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\PC Suite
2012-04-08 15:28 . 2012-04-08 15:28 -------- d-----w- c:\programdata\Nokia
2012-04-08 15:28 . 2012-04-09 12:08 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2012-04-08 15:27 . 2012-04-09 12:08 -------- d-----w- c:\program files (x86)\Nokia
2012-04-08 15:16 . 2012-04-08 15:16 -------- d-----w- c:\programdata\HP
2012-04-08 10:52 . 2012-04-08 10:52 238764 ----a-w- c:\programdata\1333882074.bdinstall.bin
2012-04-08 10:48 . 2012-04-08 10:48 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\QuickScan
2012-04-07 10:54 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-06 10:20 . 2012-03-20 02:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E993DC25-C93B-4BB9-8366-626753F1FEA6}\mpengine.dll
2012-04-05 17:34 . 2012-04-05 17:34 -------- d-----w- c:\users\Shazia Begum\AppData\Local\Mozilla
2012-04-05 11:37 . 2012-04-05 11:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-03 18:27 . 2012-04-09 12:08 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-04-03 18:27 . 2012-04-03 18:28 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\DVDVideoSoft
2012-04-03 18:27 . 2012-04-03 18:27 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-04-03 18:22 . 2012-04-03 18:22 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\Nero
2012-04-03 11:32 . 2012-04-06 10:22 -------- d-----w- C:\avast! sandbox
2012-04-02 15:31 . 2012-04-02 15:32 169 ----a-w- C:\Delete.bat
2012-04-02 15:29 . 2012-04-02 15:29 -------- d-----w- c:\windows\Sun
2012-03-31 17:43 . 2012-03-31 17:43 -------- d--h--w- c:\programdata\Common Files
2012-03-31 17:42 . 2012-03-31 17:42 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\AVG2012
2012-03-18 15:16 . 2012-03-18 15:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-18 15:16 . 2012-03-18 15:16 -------- d-----w- c:\program files (x86)\Java
2012-03-14 12:36 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 12:36 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 12:36 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 12:29 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 12:29 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 12:29 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 12:29 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 12:29 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 12:29 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 12:29 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 11:37 . 2011-07-09 08:17 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 14:56 . 2012-01-29 16:48 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-18 15:16 . 2012-02-01 19:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-11 20:13 . 2012-03-11 20:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 20:13 . 2012-03-11 20:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 20:13 . 2012-03-11 20:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 20:13 . 2012-03-11 20:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 20:13 . 2012-03-11 20:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-11 20:13 . 2012-03-11 20:13 389840 ----a-w- c:\windows\system32\guard64.dll
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 18:57 . 2012-02-19 18:57 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-14 18:55 . 2012-02-14 18:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 18:55 . 2012-02-14 18:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe
2012-02-14 18:55 . 2012-02-14 18:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-02-14 18:55 . 2012-02-14 18:55 440600 ----a-w- c:\windows\system32\igfxpers.exe
2012-02-14 18:55 . 2012-02-14 18:55 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-02-14 18:55 . 2012-02-14 18:55 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-02-14 18:55 . 2012-02-14 18:55 184600 ----a-w- c:\windows\system32\difx64.exe
2012-02-14 18:55 . 2012-02-14 18:55 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-02-14 18:53 . 2012-02-14 18:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2653.dll
2012-02-14 18:47 . 2012-02-14 18:47 8086528 ----a-w- c:\windows\system32\igdumd64.dll
2012-02-14 18:47 . 2012-02-14 18:47 14692224 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-02-14 18:47 . 2012-02-14 18:47 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-02-14 18:47 . 2012-02-14 18:47 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-02-14 18:47 . 2012-02-14 18:47 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-02-14 18:44 . 2011-07-09 07:44 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-02-14 18:44 . 2012-02-14 18:44 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-02-14 18:42 . 2011-07-09 07:44 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-02-14 18:35 . 2012-02-14 18:35 7794688 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-02-14 18:07 . 2012-02-14 18:07 18125312 ----a-w- c:\windows\system32\ig4icd64.dll
2012-02-14 17:59 . 2012-02-14 17:59 13209600 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-02-14 17:57 . 2012-02-14 17:57 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-02-14 17:57 . 2012-02-14 17:57 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-02-14 17:57 . 2012-02-14 17:57 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-02-14 17:57 . 2012-02-14 17:57 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-02-14 17:57 . 2012-02-14 17:57 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-02-14 17:57 . 2012-02-14 17:57 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-02-14 17:57 . 2012-02-14 17:57 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-02-14 17:57 . 2012-02-14 17:57 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-02-14 17:57 . 2012-02-14 17:57 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-02-14 17:57 . 2012-02-14 17:57 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-02-14 17:57 . 2012-02-14 17:57 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-02-14 17:57 . 2012-02-14 17:57 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-02-14 17:57 . 2012-02-14 17:57 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-02-14 17:57 . 2012-02-14 17:57 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-02-14 17:57 . 2012-02-14 17:57 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-02-14 17:57 . 2011-07-09 07:44 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-02-14 17:56 . 2011-07-09 07:44 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-02-14 17:56 . 2012-02-14 17:56 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-02-14 17:56 . 2012-02-14 17:56 430080 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-14 17:56 . 2012-02-14 17:56 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-02-14 17:56 . 2012-02-14 17:56 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-02-14 17:56 . 2012-02-14 17:56 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-02-14 17:56 . 2011-07-09 07:44 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-02-14 17:55 . 2012-02-14 17:55 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-02-14 17:54 . 2012-02-14 17:54 321024 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-02-14 17:53 . 2012-02-14 17:53 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-02-14 17:53 . 2012-02-14 17:53 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-02-14 17:53 . 2012-02-14 17:53 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-02-14 17:53 . 2012-02-14 17:53 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-02-14 17:53 . 2012-02-14 17:53 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-02-14 17:53 . 2012-02-14 17:53 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-02-14 17:53 . 2012-02-14 17:53 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-02-14 17:53 . 2012-02-14 17:53 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-02-14 11:09 . 2012-02-14 11:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 18:27 . 2012-02-03 18:27 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-01-29 16:46 . 2011-05-20 18:13 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-01-29 16:46 . 2011-05-20 18:13 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-01-19 08:23 . 2012-02-04 15:09 339320 ----a-w- c:\windows\SysWow64\HMIPCore.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-05-11 136488]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2011-09-23 165160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"WCtrlPanel"="c:\windows\SysWOW64\CtrlPanel.exe" [2011-05-20 229376]
"IdeaCom Calibration"="c:\program files (x86)\IdeaCom\IDCMgr\StartUT.exe" [2010-03-18 270848]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-13 177448]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-06-10 627304]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Shazia Begum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MicroNEXT Wireless Utility.lnk - c:\program files (x86)\MicroNEXT\Common\RaUI.exe [2012-1-29 1828128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 nmfmfx;nmfmfx; [x]
R0 zvijcv;zvijcv; [x]
R1 SASDIFSV;SASDIFSV;c:\users\SHAZIA~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\SHAZIA~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-02 63880]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 JTVNCProxy_13.0;JTVNCProxy_13.0;c:\program files\Freedom Scientific\JAWS\13.0\JTVNCProxy.exe [2011-12-08 19736]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-12-20 29184]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PowerBrl;powerBraille System Driver;c:\windows\system32\Drivers\powerbrl.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-04-10 3064624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 CtrlPanel;CtrlPanel;c:\windows\SysWOW64\CtrlPanel.exe [2011-05-20 229376]
S2 Freedom Scientific Kernel Manager;Freedom Scientific Kernel Manager;c:\windows\system32\fsKMgr.dll [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 IdcSrv;IDCSRV Service;c:\program files (x86)\IdeaCom\IDCMgr\IdcSrv.exe [2011-01-06 252928]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\MicroNEXT\Common\RalinkRegistryWriter64.exe [2008-09-05 210720]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 fsvidmir_service;fsvidmir_service;c:\windows\system32\DRIVERS\fsvidmir.sys [x]
S3 IdcFltr;HID Touch Screen Driver;c:\windows\system32\DRIVERS\idcfltr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 PQAWRwa;PQAWRwa;c:\windows\SysWOW64\PQAWDrv.sys [2008-03-01 12384]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 11:37]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781961419-1968162369-1216944339-1000Core.job
- c:\users\Shazia Begum\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 14:37]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781961419-1968162369-1216944339-1000UA.job
- c:\users\Shazia Begum\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 14:37]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchORB"="c:\program files (x86)\TouchSettings\TouchPortalOBR.exe" [2010-05-06 153416]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"Acer PowerSaver"="c:\program files\Acer\Acer PowerSaver\PowerSaverTray.exe" [2011-09-06 545680]
"JAWS"="c:\program files\Freedom Scientific\JAWS\13.0\jfw.exe" [2011-12-08 6834968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Shazia Begum\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B887273F-390E-48B5-AC65-A19E4D9A682A}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D9DA8EA3-8033-4A15-9A19-E500C47C0069}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\MicroNEXT\Common\RalinkRegistryWriter.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2012-04-12 21:42:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-12 20:42
.
Pre-Run: 423,631,888,384 bytes free
Post-Run: 423,711,965,184 bytes free
.
- - End Of File - - 1BB7CCF3B817CEC13A5806C85187D623

Windows 8 Professional 64-bit • Avast Free Antivirus (latest) • MBAM On-Demand (latest) • Comodo Firewall • Google Chrome • CCleaner

#6 Maniac

Forum Deity

Experts
17,450 posts

Gender:Male
Location:Bulgaria, EU

Posted 12 April 2012 - 04:02 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::
nmfmfx
zvijcv

File::
c:\windows\SysWow64\aswBoot.exe
C:\Delete.bat

Folder::
c:\users\Shazia Begum\AppData\Roaming\QuickScan
C:\avast! sandbox
c:\users\Shazia Begum\AppData\Roaming\AVG2012

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#7 AlI821

Regular Member

Honorary Members
65 posts

Posted 12 April 2012 - 04:20 PM

Here is the Combofix log you requested. Many thanks.

ComboFix 12-04-12.03 - Shazia Begum 12/04/2012 22:11:28.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4008.2684 [GMT 1:00]
Running from: c:\users\Shazia Begum\Desktop\ComboFix.exe
Command switches used :: c:\users\Shazia Begum\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\Delete.bat"
"c:\windows\SysWow64\aswBoot.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\avast! sandbox
c:\avast! sandbox\S-1-5-21-781961419-1968162369-1216944339-1000\sfzone\C\Windows\Rescache\rc0003\rescache.hit
C:\Delete.bat
c:\users\Shazia Begum\AppData\Roaming\AVG2012
c:\users\Shazia Begum\AppData\Roaming\AVG2012\cfgall\userawacs.cfg
c:\users\Shazia Begum\AppData\Roaming\AVG2012\cfgall\usergui.cfg
c:\users\Shazia Begum\AppData\Roaming\QuickScan
c:\windows\SysWow64\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NMFMFX
-------\Legacy_ZVIJCV
-------\Service_nmfmfx
-------\Service_zvijcv
.
.
((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-11 16:00 . 2012-04-11 16:00 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\SUPERAntiSpyware.com
2012-04-11 16:00 . 2012-04-11 16:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-11 11:22 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-11 11:22 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-11 11:22 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-11 11:22 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 11:22 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 11:22 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 11:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 11:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 11:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 11:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 11:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 11:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 11:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 12:17 . 2012-04-09 12:17 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-04-09 11:08 . 2012-04-09 11:08 -------- d-----w- c:\users\Shazia Begum\AppData\Local\VS Revo Group
2012-04-09 10:33 . 2012-04-09 15:12 -------- d-----w- c:\users\Shazia Begum\AppData\Local\Comodo
2012-04-09 10:32 . 2012-04-09 12:28 -------- d-----w- c:\programdata\CPA_VA
2012-04-09 10:31 . 2012-04-09 10:31 -------- d-----w- C:\VritualRoot
2012-04-09 10:24 . 2012-04-09 12:18 -------- d-----w- c:\programdata\Comodo
2012-04-09 10:24 . 2012-04-09 12:26 -------- d-----w- c:\program files (x86)\Comodo
2012-04-09 10:24 . 2012-04-09 12:28 -------- d-----w- c:\program files\COMODO
2012-04-08 15:29 . 2012-04-08 15:29 -------- d-----w- c:\users\Shazia Begum\AppData\Local\Nokia
2012-04-08 15:29 . 2012-04-08 15:29 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\Nokia
2012-04-08 15:29 . 2012-04-08 15:29 -------- d-----w- c:\programdata\PC Suite
2012-04-08 15:29 . 2012-04-08 16:08 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\PC Suite
2012-04-08 15:28 . 2012-04-08 15:28 -------- d-----w- c:\programdata\Nokia
2012-04-08 15:28 . 2012-04-09 12:08 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2012-04-08 15:27 . 2012-04-09 12:08 -------- d-----w- c:\program files (x86)\Nokia
2012-04-08 15:16 . 2012-04-08 15:16 -------- d-----w- c:\programdata\HP
2012-04-08 10:52 . 2012-04-08 10:52 238764 ----a-w- c:\programdata\1333882074.bdinstall.bin
2012-04-06 10:20 . 2012-03-20 02:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E993DC25-C93B-4BB9-8366-626753F1FEA6}\mpengine.dll
2012-04-05 17:34 . 2012-04-05 17:34 -------- d-----w- c:\users\Shazia Begum\AppData\Local\Mozilla
2012-04-05 11:37 . 2012-04-05 11:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-03 18:27 . 2012-04-09 12:08 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-04-03 18:27 . 2012-04-03 18:28 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\DVDVideoSoft
2012-04-03 18:27 . 2012-04-03 18:27 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-04-03 18:22 . 2012-04-03 18:22 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\Nero
2012-04-02 15:29 . 2012-04-02 15:29 -------- d-----w- c:\windows\Sun
2012-03-31 17:43 . 2012-03-31 17:43 -------- d--h--w- c:\programdata\Common Files
2012-03-18 15:16 . 2012-03-18 15:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-18 15:16 . 2012-03-18 15:16 -------- d-----w- c:\program files (x86)\Java
2012-03-14 12:36 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 12:36 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 12:36 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 12:29 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 12:29 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 12:29 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 12:29 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 12:29 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 12:29 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 12:29 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 11:37 . 2011-07-09 08:17 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 14:56 . 2012-01-29 16:48 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-18 15:16 . 2012-02-01 19:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-11 20:13 . 2012-03-11 20:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 20:13 . 2012-03-11 20:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 20:13 . 2012-03-11 20:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 20:13 . 2012-03-11 20:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 20:13 . 2012-03-11 20:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-11 20:13 . 2012-03-11 20:13 389840 ----a-w- c:\windows\system32\guard64.dll
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 18:57 . 2012-02-19 18:57 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-14 18:55 . 2012-02-14 18:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 18:55 . 2012-02-14 18:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe
2012-02-14 18:55 . 2012-02-14 18:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-02-14 18:55 . 2012-02-14 18:55 440600 ----a-w- c:\windows\system32\igfxpers.exe
2012-02-14 18:55 . 2012-02-14 18:55 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-02-14 18:55 . 2012-02-14 18:55 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-02-14 18:55 . 2012-02-14 18:55 184600 ----a-w- c:\windows\system32\difx64.exe
2012-02-14 18:55 . 2012-02-14 18:55 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-02-14 18:53 . 2012-02-14 18:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2653.dll
2012-02-14 18:47 . 2012-02-14 18:47 8086528 ----a-w- c:\windows\system32\igdumd64.dll
2012-02-14 18:47 . 2012-02-14 18:47 14692224 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-02-14 18:47 . 2012-02-14 18:47 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-02-14 18:47 . 2012-02-14 18:47 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-02-14 18:47 . 2012-02-14 18:47 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-02-14 18:44 . 2011-07-09 07:44 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-02-14 18:44 . 2012-02-14 18:44 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-02-14 18:42 . 2011-07-09 07:44 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-02-14 18:35 . 2012-02-14 18:35 7794688 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-02-14 18:07 . 2012-02-14 18:07 18125312 ----a-w- c:\windows\system32\ig4icd64.dll
2012-02-14 17:59 . 2012-02-14 17:59 13209600 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-02-14 17:57 . 2012-02-14 17:57 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-02-14 17:57 . 2012-02-14 17:57 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-02-14 17:57 . 2012-02-14 17:57 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-02-14 17:57 . 2012-02-14 17:57 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-02-14 17:57 . 2012-02-14 17:57 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-02-14 17:57 . 2012-02-14 17:57 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-02-14 17:57 . 2012-02-14 17:57 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-02-14 17:57 . 2012-02-14 17:57 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-02-14 17:57 . 2012-02-14 17:57 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-02-14 17:57 . 2012-02-14 17:57 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-02-14 17:57 . 2012-02-14 17:57 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-02-14 17:57 . 2012-02-14 17:57 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-02-14 17:57 . 2012-02-14 17:57 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-02-14 17:57 . 2012-02-14 17:57 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-02-14 17:57 . 2012-02-14 17:57 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-02-14 17:57 . 2012-02-14 17:57 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-02-14 17:57 . 2011-07-09 07:44 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-02-14 17:56 . 2011-07-09 07:44 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-02-14 17:56 . 2012-02-14 17:56 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-02-14 17:56 . 2012-02-14 17:56 430080 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-14 17:56 . 2012-02-14 17:56 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-02-14 17:56 . 2012-02-14 17:56 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-02-14 17:56 . 2012-02-14 17:56 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-02-14 17:56 . 2011-07-09 07:44 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-02-14 17:55 . 2012-02-14 17:55 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-02-14 17:54 . 2012-02-14 17:54 321024 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-02-14 17:53 . 2012-02-14 17:53 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-02-14 17:53 . 2012-02-14 17:53 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-02-14 17:53 . 2012-02-14 17:53 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-02-14 17:53 . 2012-02-14 17:53 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-02-14 17:53 . 2012-02-14 17:53 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-02-14 17:53 . 2012-02-14 17:53 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-02-14 17:53 . 2012-02-14 17:53 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-02-14 17:53 . 2012-02-14 17:53 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-02-14 11:09 . 2012-02-14 11:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 18:27 . 2012-02-03 18:27 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-01-29 16:46 . 2011-05-20 18:13 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-01-29 16:46 . 2011-05-20 18:13 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-01-19 08:23 . 2012-02-04 15:09 339320 ----a-w- c:\windows\SysWow64\HMIPCore.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-12_20.39.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-04-12 20:52 56938 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-12 20:52 44956 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-29 14:12 . 2012-04-12 20:52 14508 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-781961419-1968162369-1216944339-1000_UserData.bin
- 2011-09-29 06:54 . 2012-04-12 16:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-29 06:54 . 2012-04-12 20:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-29 06:54 . 2012-04-12 16:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-29 06:54 . 2012-04-12 20:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-12 16:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-12 20:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-12 20:39 . 2012-04-12 20:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-12 21:16 . 2012-04-12 21:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-12 20:39 . 2012-04-12 20:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-12 21:16 . 2012-04-12 21:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-12 16:20 630928 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-12 20:54 630928 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-12 20:54 111052 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-12 16:20 111052 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-12 20:38 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-12 21:16 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-29 19:59 . 2012-04-12 20:51 2000000 c:\windows\system32\HJSMEM\HJSMEM1.DAT
- 2012-01-29 19:59 . 2012-04-12 20:40 2000000 c:\windows\system32\HJSMEM\HJSMEM1.DAT
+ 2012-01-29 14:53 . 2012-04-12 21:16 10254820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-781961419-1968162369-1216944339-1000-12288.dat
- 2012-01-29 14:53 . 2012-04-12 20:38 10254820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-781961419-1968162369-1216944339-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-05-11 136488]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2011-09-23 165160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"WCtrlPanel"="c:\windows\SysWOW64\CtrlPanel.exe" [2011-05-20 229376]
"IdeaCom Calibration"="c:\program files (x86)\IdeaCom\IDCMgr\StartUT.exe" [2010-03-18 270848]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-13 177448]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-06-10 627304]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Shazia Begum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MicroNEXT Wireless Utility.lnk - c:\program files (x86)\MicroNEXT\Common\RaUI.exe [2012-1-29 1828128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SASDIFSV;SASDIFSV;c:\users\SHAZIA~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\SHAZIA~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-02 63880]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 JTVNCProxy_13.0;JTVNCProxy_13.0;c:\program files\Freedom Scientific\JAWS\13.0\JTVNCProxy.exe [2011-12-08 19736]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-12-20 29184]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PowerBrl;powerBraille System Driver;c:\windows\system32\Drivers\powerbrl.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-04-10 3064624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 CtrlPanel;CtrlPanel;c:\windows\SysWOW64\CtrlPanel.exe [2011-05-20 229376]
S2 Freedom Scientific Kernel Manager;Freedom Scientific Kernel Manager;c:\windows\system32\fsKMgr.dll [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 IdcSrv;IDCSRV Service;c:\program files (x86)\IdeaCom\IDCMgr\IdcSrv.exe [2011-01-06 252928]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\MicroNEXT\Common\RalinkRegistryWriter64.exe [2008-09-05 210720]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 fsvidmir_service;fsvidmir_service;c:\windows\system32\DRIVERS\fsvidmir.sys [x]
S3 IdcFltr;HID Touch Screen Driver;c:\windows\system32\DRIVERS\idcfltr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 PQAWRwa;PQAWRwa;c:\windows\SysWOW64\PQAWDrv.sys [2008-03-01 12384]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 11:37]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781961419-1968162369-1216944339-1000Core.job
- c:\users\Shazia Begum\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 14:37]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781961419-1968162369-1216944339-1000UA.job
- c:\users\Shazia Begum\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 14:37]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchORB"="c:\program files (x86)\TouchSettings\TouchPortalOBR.exe" [2010-05-06 153416]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"Acer PowerSaver"="c:\program files\Acer\Acer PowerSaver\PowerSaverTray.exe" [2011-09-06 545680]
"JAWS"="c:\program files\Freedom Scientific\JAWS\13.0\jfw.exe" [2011-12-08 6834968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
"combofix"="c:\combofix\CF19837.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Shazia Begum\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B887273F-390E-48B5-AC65-A19E4D9A682A}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D9DA8EA3-8033-4A15-9A19-E500C47C0069}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\MicroNEXT\Common\RalinkRegistryWriter.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2012-04-12 22:19:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-12 21:19
ComboFix2.txt 2012-04-12 20:42
.
Pre-Run: 423,793,246,208 bytes free
Post-Run: 423,531,528,192 bytes free
.
- - End Of File - - 909571141D20C942261B0CFB081FBBAB

Windows 8 Professional 64-bit • Avast Free Antivirus (latest) • MBAM On-Demand (latest) • Comodo Firewall • Google Chrome • CCleaner

#8 AlI821

Regular Member

Honorary Members
65 posts

Posted 12 April 2012 - 04:33 PM

Just did another scan with malwarebytes. The computer is still getting some adds but has gone faster before the malware process. Though, it is not as fast as before I got the malware.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.12.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Shazia Begum :: SHAZIABEGUM-PC [administrator]

Protection: Disabled

12/04/2012 22:21:40
mbam-log-2012-04-12 (22-21-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203543
Time elapsed: 1 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Windows 8 Professional 64-bit • Avast Free Antivirus (latest) • MBAM On-Demand (latest) • Comodo Firewall • Google Chrome • CCleaner

#9 Maniac

Forum Deity

Experts
17,450 posts

Gender:Male
Location:Bulgaria, EU

Posted 12 April 2012 - 04:36 PM

Please compress C:\Qoobox folder:
http://windows.micro...files-zip-files

Upload it for example in www.4shared.com and send me via PM the download link.

Next:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#10 AlI821

Regular Member

Honorary Members
65 posts

Posted 12 April 2012 - 04:58 PM

I've sent you the folder you requested via PM. Tomorrow I will run the ESET scan and give you the log. Thanks for the help.

Windows 8 Professional 64-bit • Avast Free Antivirus (latest) • MBAM On-Demand (latest) • Comodo Firewall • Google Chrome • CCleaner

#11 AlI821

Regular Member

Honorary Members
65 posts

Posted 13 April 2012 - 06:36 AM

Here is the ESET log. It found nothing. I'm still getting random adds and programs are still taking ages to load.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9b6a79c961480144a70784f8bea0ed10
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-12 09:54:25
# local_time=2012-04-12 10:54:25 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3073 16777213 80 71 19371 9953051 0 0
# compatibility_mode=5893 16776574 100 94 293436 86732087 0 0
# compatibility_mode=8192 67108863 100 0 125 125 0 0
# scanned=33765
# found=0
# cleaned=0
# scan_time=628
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9b6a79c961480144a70784f8bea0ed10
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-13 11:34:44
# local_time=2012-04-13 12:34:44 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3073 16777213 80 71 66326 10000006 0 0
# compatibility_mode=5893 16776574 100 94 340391 86779042 0 0
# compatibility_mode=8192 67108863 100 0 47080 47080 0 0
# scanned=123584
# found=0
# cleaned=0
# scan_time=2892

Windows 8 Professional 64-bit • Avast Free Antivirus (latest) • MBAM On-Demand (latest) • Comodo Firewall • Google Chrome • CCleaner

#12 Maniac

Forum Deity

Experts
17,450 posts

Gender:Male
Location:Bulgaria, EU

Posted 13 April 2012 - 08:50 AM

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#13 AlI821

Regular Member

Honorary Members
65 posts

Posted 13 April 2012 - 08:53 AM

14:50:57.0252 2132 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
14:50:57.0601 2132 ============================================================
14:50:57.0601 2132 Current date / time: 2012/04/13 14:50:57.0601
14:50:57.0601 2132 SystemInfo:
14:50:57.0601 2132
14:50:57.0602 2132 OS Version: 6.1.7601 ServicePack: 1.0
14:50:57.0602 2132 Product type: Workstation
14:50:57.0602 2132 ComputerName: SHAZIABEGUM-PC
14:50:57.0602 2132 UserName: Shazia Begum
14:50:57.0602 2132 Windows directory: C:\Windows
14:50:57.0602 2132 System windows directory: C:\Windows
14:50:57.0602 2132 Running under WOW64
14:50:57.0602 2132 Processor architecture: Intel x64
14:50:57.0602 2132 Number of processors: 2
14:50:57.0602 2132 Page size: 0x1000
14:50:57.0602 2132 Boot type: Normal boot
14:50:57.0602 2132 ============================================================
14:51:01.0250 2132 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:51:01.0263 2132 \Device\Harddisk0\DR0:
14:51:01.0263 2132 MBR used
14:51:01.0263 2132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2AF8800, BlocksNum 0x32000
14:51:01.0263 2132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B2A800, BlocksNum 0x38DEC800
14:51:01.0263 2132 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3B917000, BlocksNum 0x38DEF5B0
14:51:01.0845 2132 Initialize success
14:51:01.0845 2132 ============================================================
14:51:20.0453 5160 ============================================================
14:51:20.0453 5160 Scan started
14:51:20.0453 5160 Mode: Manual; SigCheck;
14:51:20.0453 5160 ============================================================
14:51:23.0075 5160 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:51:23.0370 5160 1394ohci - ok
14:51:23.0510 5160 a2acc (922ab7cc2c12c38dc2c4074af893d5fb) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
14:51:23.0607 5160 a2acc - ok
14:51:23.0969 5160 a2AntiMalware (38c6605939e0bfe3768d2759d9e3208c) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
14:51:24.0038 5160 a2AntiMalware - ok
14:51:24.0205 5160 A2DDA (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
14:51:24.0273 5160 A2DDA - ok
14:51:24.0787 5160 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:51:24.0804 5160 ACPI - ok
14:51:24.0841 5160 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:51:25.0344 5160 AcpiPmi - ok
14:51:25.0825 5160 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:51:25.0836 5160 AdobeARMservice - ok
14:51:26.0196 5160 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:51:26.0210 5160 AdobeFlashPlayerUpdateSvc - ok
14:51:26.0519 5160 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:51:26.0539 5160 adp94xx - ok
14:51:26.0626 5160 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:51:26.0643 5160 adpahci - ok
14:51:26.0813 5160 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:51:26.0828 5160 adpu320 - ok
14:51:26.0890 5160 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:51:28.0418 5160 AeLookupSvc - ok
14:51:28.0692 5160 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:51:28.0822 5160 AFD - ok
14:51:28.0914 5160 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:51:28.0926 5160 agp440 - ok
14:51:29.0026 5160 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:51:29.0106 5160 ALG - ok
14:51:29.0166 5160 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:51:29.0179 5160 aliide - ok
14:51:29.0209 5160 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:51:29.0222 5160 amdide - ok
14:51:29.0471 5160 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:51:29.0649 5160 AmdK8 - ok
14:51:29.0753 5160 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:51:29.0824 5160 AmdPPM - ok
14:51:29.0896 5160 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:51:29.0909 5160 amdsata - ok
14:51:30.0040 5160 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:51:30.0055 5160 amdsbs - ok
14:51:30.0196 5160 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:51:30.0209 5160 amdxata - ok
14:51:30.0332 5160 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:51:30.0726 5160 AppID - ok
14:51:30.0867 5160 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:51:30.0915 5160 AppIDSvc - ok
14:51:31.0050 5160 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:51:31.0114 5160 Appinfo - ok
14:51:31.0290 5160 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:51:31.0309 5160 arc - ok
14:51:31.0353 5160 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:51:31.0368 5160 arcsas - ok
14:51:31.0439 5160 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:51:31.0518 5160 AsyncMac - ok
14:51:31.0552 5160 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:51:31.0566 5160 atapi - ok
14:51:31.0663 5160 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:51:31.0742 5160 AudioEndpointBuilder - ok
14:51:31.0758 5160 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:51:31.0805 5160 AudioSrv - ok
14:51:31.0914 5160 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:51:32.0061 5160 AxInstSV - ok
14:51:32.0134 5160 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:51:32.0189 5160 b06bdrv - ok
14:51:32.0342 5160 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:51:32.0390 5160 b57nd60a - ok
14:51:32.0526 5160 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:51:32.0597 5160 BDESVC - ok
14:51:32.0721 5160 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:51:32.0791 5160 Beep - ok
14:51:33.0036 5160 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:51:33.0093 5160 BFE - ok
14:51:33.0198 5160 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:51:33.0331 5160 BITS - ok
14:51:33.0422 5160 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
14:51:33.0469 5160 blbdrive - ok
14:51:33.0497 5160 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:51:33.0628 5160 bowser - ok
14:51:33.0655 5160 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:51:33.0691 5160 BrFiltLo - ok
14:51:33.0707 5160 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:51:33.0731 5160 BrFiltUp - ok
14:51:33.0869 5160 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:51:33.0934 5160 BridgeMP - ok
14:51:34.0004 5160 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:51:34.0070 5160 Browser - ok
14:51:34.0139 5160 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:51:34.0207 5160 Brserid - ok
14:51:34.0262 5160 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:51:34.0305 5160 BrSerWdm - ok
14:51:34.0338 5160 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:51:34.0381 5160 BrUsbMdm - ok
14:51:34.0408 5160 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:51:34.0553 5160 BrUsbSer - ok
14:51:34.0742 5160 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:51:34.0928 5160 BTHMODEM - ok
14:51:35.0047 5160 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:51:35.0101 5160 bthserv - ok
14:51:35.0236 5160 catchme - ok
14:51:35.0295 5160 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:51:35.0386 5160 cdfs - ok
14:51:35.0485 5160 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:51:35.0555 5160 cdrom - ok
14:51:35.0709 5160 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:51:35.0777 5160 CertPropSvc - ok
14:51:35.0796 5160 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:51:35.0823 5160 circlass - ok
14:51:35.0849 5160 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:51:35.0868 5160 CLFS - ok
14:51:36.0102 5160 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:51:36.0119 5160 clr_optimization_v2.0.50727_32 - ok
14:51:36.0171 5160 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:51:36.0183 5160 clr_optimization_v2.0.50727_64 - ok
14:51:36.0406 5160 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:51:36.0425 5160 clr_optimization_v4.0.30319_32 - ok
14:51:36.0526 5160 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:51:36.0546 5160 clr_optimization_v4.0.30319_64 - ok
14:51:36.0694 5160 clwvd (e13a438f9e51dd034730678e33b73290) C:\Windows\system32\DRIVERS\clwvd.sys
14:51:36.0707 5160 clwvd - ok
14:51:36.0785 5160 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:51:36.0886 5160 CmBatt - ok
14:51:37.0242 5160 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
14:51:37.0311 5160 cmdAgent - ok
14:51:37.0504 5160 cmderd (7eac5e62f0b93262984d450e0d497b61) C:\Windows\system32\DRIVERS\cmderd.sys
14:51:37.0526 5160 cmderd - ok
14:51:37.0574 5160 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
14:51:37.0644 5160 cmdGuard - ok
14:51:37.0723 5160 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
14:51:37.0737 5160 cmdHlp - ok
14:51:37.0795 5160 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:51:37.0812 5160 cmdide - ok
14:51:37.0877 5160 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:51:37.0956 5160 CNG - ok
14:51:38.0007 5160 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:51:38.0019 5160 Compbatt - ok
14:51:38.0062 5160 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:51:38.0121 5160 CompositeBus - ok
14:51:38.0138 5160 COMSysApp - ok
14:51:38.0383 5160 cphs (df3e8c2c443d3618260dff5705ce2df5) C:\Windows\SysWow64\IntelCpHeciSvc.exe
14:51:38.0488 5160 cphs - ok
14:51:38.0505 5160 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:51:38.0518 5160 crcdisk - ok
14:51:38.0585 5160 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:51:38.0642 5160 CryptSvc - ok
14:51:38.0887 5160 CtrlPanel (2d368a9d6e333999b5473369e9ab31a6) C:\Windows\SysWOW64\CtrlPanel.exe
14:51:38.0928 5160 CtrlPanel ( UnsignedFile.Multi.Generic ) - warning
14:51:38.0928 5160 CtrlPanel - detected UnsignedFile.Multi.Generic (1)
14:51:39.0012 5160 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:51:39.0139 5160 DcomLaunch - ok
14:51:39.0264 5160 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:51:39.0317 5160 defragsvc - ok
14:51:39.0359 5160 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:51:39.0422 5160 DfsC - ok
14:51:39.0543 5160 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:51:39.0591 5160 Dhcp - ok
14:51:39.0655 5160 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:51:39.0742 5160 discache - ok
14:51:40.0173 5160 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:51:40.0187 5160 Disk - ok
14:51:40.0313 5160 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:51:40.0526 5160 Dnscache - ok
14:51:40.0549 5160 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:51:40.0658 5160 dot3svc - ok
14:51:40.0707 5160 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:51:40.0789 5160 DPS - ok
14:51:41.0627 5160 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:51:41.0690 5160 drmkaud - ok
14:51:42.0031 5160 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:51:42.0106 5160 DXGKrnl - ok
14:51:42.0205 5160 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:51:42.0328 5160 EapHost - ok
14:51:42.0660 5160 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:51:42.0790 5160 ebdrv - ok
14:51:42.0977 5160 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:51:43.0086 5160 EFS - ok
14:51:43.0313 5160 EgisTec Ticket Service (18dd872dd46acb24e106dc2c9c270466) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
14:51:43.0383 5160 EgisTec Ticket Service - ok
14:51:43.0546 5160 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:51:43.0676 5160 ehRecvr - ok
14:51:43.0682 5160 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:51:43.0705 5160 ehSched - ok
14:51:44.0020 5160 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:51:44.0045 5160 elxstor - ok
14:51:44.0059 5160 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:51:44.0085 5160 ErrDev - ok
14:51:44.0124 5160 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:51:44.0183 5160 EventSystem - ok
14:51:44.0199 5160 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:51:44.0235 5160 exfat - ok
14:51:44.0250 5160 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:51:44.0324 5160 fastfat - ok
14:51:44.0425 5160 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:51:44.0493 5160 Fax - ok
14:51:44.0527 5160 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:51:44.0588 5160 fdc - ok
14:51:44.0645 5160 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:51:44.0756 5160 fdPHost - ok
14:51:44.0810 5160 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:51:44.0845 5160 FDResPub - ok
14:51:44.0895 5160 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:51:44.0909 5160 FileInfo - ok
14:51:44.0928 5160 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:51:45.0031 5160 Filetrace - ok
14:51:45.0086 5160 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:51:45.0100 5160 flpydisk - ok
14:51:45.0213 5160 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:51:45.0230 5160 FltMgr - ok
14:51:45.0301 5160 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:51:45.0387 5160 FontCache - ok
14:51:45.0506 5160 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:51:45.0568 5160 FontCache3.0.0.0 - ok
14:51:45.0680 5160 Freedom Scientific Kernel Manager (575d36a0b7fa467367af92d10d04f4b5) C:\Windows\system32\fsKMgr.dll
14:51:45.0691 5160 Freedom Scientific Kernel Manager - ok
14:51:45.0741 5160 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:51:45.0753 5160 FsDepends - ok
14:51:45.0867 5160 fsvidmir_service (4c93b7ce0df37059517f3c75ae59daae) C:\Windows\system32\DRIVERS\fsvidmir.sys
14:51:45.0877 5160 fsvidmir_service - ok
14:51:45.0907 5160 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:51:45.0920 5160 Fs_Rec - ok
14:51:46.0026 5160 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:51:46.0045 5160 fvevol - ok
14:51:46.0121 5160 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:51:46.0134 5160 gagp30kx - ok
14:51:46.0297 5160 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:51:46.0308 5160 GamesAppService - ok
14:51:46.0515 5160 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:51:46.0557 5160 gpsvc - ok
14:51:46.0597 5160 GREGService (c9b2d1d3f86fd3673ef847def73b6f9e) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
14:51:46.0607 5160 GREGService - ok
14:51:46.0643 5160 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:51:46.0739 5160 hcw85cir - ok
14:51:46.0918 5160 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:51:46.0952 5160 HdAudAddService - ok
14:51:47.0019 5160 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:51:47.0074 5160 HDAudBus - ok
14:51:47.0110 5160 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:51:47.0158 5160 HidBatt - ok
14:51:47.0181 5160 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:51:47.0217 5160 HidBth - ok
14:51:47.0237 5160 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:51:47.0259 5160 HidIr - ok
14:51:47.0315 5160 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:51:47.0361 5160 hidserv - ok
14:51:47.0427 5160 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:51:47.0442 5160 HidUsb - ok
14:51:47.0503 5160 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:51:47.0613 5160 hkmsvc - ok
14:51:47.0674 5160 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:51:47.0754 5160 HomeGroupListener - ok
14:51:47.0791 5160 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:51:47.0839 5160 HomeGroupProvider - ok
14:51:47.0938 5160 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:51:47.0952 5160 HpSAMD - ok
14:51:48.0018 5160 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:51:48.0074 5160 HTTP - ok
14:51:48.0123 5160 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:51:48.0134 5160 hwpolicy - ok
14:51:48.0220 5160 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:51:48.0235 5160 i8042prt - ok
14:51:48.0393 5160 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:51:48.0413 5160 iaStorV - ok
14:51:48.0568 5160 IdcFltr (83c749c7d723cfc852b7430044affd4f) C:\Windows\system32\DRIVERS\idcfltr.sys
14:51:48.0639 5160 IdcFltr - ok
14:51:48.0857 5160 IdcSrv (c9811ea9d8e6e2b6cb76a435ad8ac4f8) C:\Program Files (x86)\IdeaCom\IDCMgr\IdcSrv.exe
14:51:48.0875 5160 IdcSrv ( UnsignedFile.Multi.Generic ) - warning
14:51:48.0875 5160 IdcSrv - detected UnsignedFile.Multi.Generic (1)
14:51:49.0045 5160 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:51:49.0083 5160 idsvc - ok
14:51:49.0908 5160 igfx (276ee9cdab16c50e1df0e4cefa882f5f) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:51:50.0384 5160 igfx - ok
14:51:50.0558 5160 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:51:50.0574 5160 iirsp - ok
14:51:50.0633 5160 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:51:50.0702 5160 IKEEXT - ok
14:51:50.0802 5160 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
14:51:50.0818 5160 inspect - ok
14:51:51.0003 5160 IntcAzAudAddService (0b21b66574e5478fa10cca2d36694c2d) C:\Windows\system32\drivers\RTKVHD64.sys
14:51:51.0117 5160 IntcAzAudAddService - ok
14:51:51.0174 5160 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:51:51.0187 5160 intelide - ok
14:51:51.0230 5160 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:51:51.0272 5160 intelppm - ok
14:51:51.0293 5160 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:51:51.0343 5160 IPBusEnum - ok
14:51:51.0376 5160 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:51:51.0418 5160 IpFilterDriver - ok
14:51:51.0506 5160 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:51:51.0565 5160 iphlpsvc - ok
14:51:51.0591 5160 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:51:51.0633 5160 IPMIDRV - ok
14:51:51.0658 5160 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:51:51.0696 5160 IPNAT - ok
14:51:51.0740 5160 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:51:51.0770 5160 IRENUM - ok
14:51:51.0806 5160 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:51:51.0824 5160 isapnp - ok
14:51:51.0873 5160 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:51:51.0892 5160 iScsiPrt - ok
14:51:52.0098 5160 JTVNCProxy_13.0 (2ce0c9a1dfec2e57151983815d6e5c25) C:\Program Files\Freedom Scientific\JAWS\13.0\JTVNCProxy.exe
14:51:52.0108 5160 JTVNCProxy_13.0 - ok
14:51:52.0126 5160 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:51:52.0139 5160 kbdclass - ok
14:51:52.0193 5160 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:51:52.0228 5160 kbdhid - ok
14:51:52.0288 5160 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:51:52.0331 5160 KeyIso - ok
14:51:52.0353 5160 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:51:52.0369 5160 KSecDD - ok
14:51:52.0400 5160 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:51:52.0418 5160 KSecPkg - ok
14:51:52.0435 5160 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:51:52.0496 5160 ksthunk - ok
14:51:52.0552 5160 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:51:52.0603 5160 KtmRm - ok
14:51:52.0687 5160 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:51:52.0737 5160 LanmanServer - ok
14:51:52.0822 5160 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:51:52.0879 5160 LanmanWorkstation - ok
14:51:52.0979 5160 libusb0 (acec35f181075b20a5ef4a71958b13df) C:\Windows\system32\drivers\libusb0.sys
14:51:53.0075 5160 libusb0 - ok
14:51:53.0243 5160 Live Updater Service (b705c7097f9a0ec941d02dce7c7d426c) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
14:51:53.0259 5160 Live Updater Service - ok
14:51:53.0542 5160 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:51:53.0613 5160 lltdio - ok
14:51:53.0663 5160 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:51:53.0710 5160 lltdsvc - ok
14:51:53.0735 5160 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:51:53.0771 5160 lmhosts - ok
14:51:54.0006 5160 LMS (e7859ba062db5e23c6dd34ad66b09f50) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:51:54.0021 5160 LMS - ok
14:51:54.0203 5160 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:51:54.0216 5160 LSI_FC - ok
14:51:54.0258 5160 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:51:54.0272 5160 LSI_SAS - ok
14:51:54.0310 5160 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:51:54.0322 5160 LSI_SAS2 - ok
14:51:54.0451 5160 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:51:54.0465 5160 LSI_SCSI - ok
14:51:54.0525 5160 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:51:54.0630 5160 luafv - ok
14:51:54.0700 5160 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
14:51:54.0742 5160 MBAMProtector - ok
14:51:54.0926 5160 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:51:54.0945 5160 MBAMService - ok
14:51:54.0985 5160 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:51:55.0001 5160 Mcx2Svc - ok
14:51:55.0046 5160 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:51:55.0060 5160 megasas - ok
14:51:55.0147 5160 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:51:55.0165 5160 MegaSR - ok
14:51:55.0295 5160 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
14:51:55.0306 5160 MEIx64 - ok
14:51:55.0509 5160 Microsoft SharePoint Workspace Audit Service - ok
14:51:55.0554 5160 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:51:55.0624 5160 MMCSS - ok
14:51:55.0665 5160 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:51:55.0719 5160 Modem - ok
14:51:55.0758 5160 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:51:55.0823 5160 monitor - ok
14:51:55.0869 5160 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:51:55.0883 5160 mouclass - ok
14:51:55.0956 5160 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:51:55.0984 5160 mouhid - ok
14:51:56.0016 5160 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:51:56.0029 5160 mountmgr - ok
14:51:56.0051 5160 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:51:56.0067 5160 mpio - ok
14:51:56.0091 5160 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:51:56.0128 5160 mpsdrv - ok
14:51:56.0239 5160 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:51:56.0308 5160 MpsSvc - ok
14:51:56.0325 5160 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:51:56.0369 5160 MRxDAV - ok
14:51:56.0414 5160 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:51:56.0515 5160 mrxsmb - ok
14:51:56.0587 5160 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:51:56.0619 5160 mrxsmb10 - ok
14:51:56.0636 5160 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:51:56.0654 5160 mrxsmb20 - ok
14:51:56.0699 5160 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:51:56.0713 5160 msahci - ok
14:51:56.0741 5160 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:51:56.0756 5160 msdsm - ok
14:51:56.0792 5160 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:51:56.0824 5160 MSDTC - ok
14:51:56.0869 5160 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:51:56.0907 5160 Msfs - ok
14:51:56.0921 5160 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:51:57.0005 5160 mshidkmdf - ok
14:51:57.0033 5160 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:51:57.0048 5160 msisadrv - ok
14:51:57.0105 5160 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:51:57.0175 5160 MSiSCSI - ok
14:51:57.0182 5160 msiserver - ok
14:51:57.0285 5160 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:51:57.0354 5160 MSKSSRV - ok
14:51:57.0404 5160 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:51:57.0454 5160 MSPCLOCK - ok
14:51:57.0499 5160 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:51:57.0572 5160 MSPQM - ok
14:51:57.0672 5160 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:51:57.0697 5160 MsRPC - ok
14:51:57.0734 5160 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:51:57.0746 5160 mssmbios - ok
14:51:57.0813 5160 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:51:57.0867 5160 MSTEE - ok
14:51:57.0908 5160 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:51:57.0937 5160 MTConfig - ok
14:51:57.0972 5160 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:51:57.0985 5160 Mup - ok
14:51:58.0043 5160 mwlPSDFilter (c009123b206c56854f4e88596035231d) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
14:51:58.0055 5160 mwlPSDFilter - ok
14:51:58.0110 5160 mwlPSDNServ (bf3739eeb9f008b1debac115089a53f8) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
14:51:58.0121 5160 mwlPSDNServ - ok
14:51:58.0145 5160 mwlPSDVDisk (38dd143d95e7a01b86f219dda9c28779) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
14:51:58.0158 5160 mwlPSDVDisk - ok
14:51:58.0231 5160 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:51:58.0292 5160 napagent - ok
14:51:58.0392 5160 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:51:58.0450 5160 NativeWifiP - ok
14:51:58.0650 5160 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
14:51:58.0666 5160 NAUpdate - ok
14:51:58.0797 5160 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:51:58.0826 5160 NDIS - ok
14:51:58.0871 5160 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:51:58.0948 5160 NdisCap - ok
14:51:59.0001 5160 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:51:59.0037 5160 NdisTapi - ok
14:51:59.0096 5160 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:51:59.0142 5160 Ndisuio - ok
14:51:59.0157 5160 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:51:59.0213 5160 NdisWan - ok
14:51:59.0231 5160 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:51:59.0263 5160 NDProxy - ok
14:51:59.0311 5160 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:51:59.0367 5160 NetBIOS - ok
14:51:59.0421 5160 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:51:59.0499 5160 NetBT - ok
14:51:59.0577 5160 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:51:59.0590 5160 Netlogon - ok
14:51:59.0694 5160 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:51:59.0755 5160 Netman - ok
14:51:59.0820 5160 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:51:59.0913 5160 netprofm - ok
14:52:00.0139 5160 netr28ux (eed1fbde98cf5f6d5c0c5b27ab1f68ec) C:\Windows\system32\DRIVERS\netr28ux.sys
14:52:00.0266 5160 netr28ux - ok
14:52:01.0172 5160 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:52:01.0300 5160 NetTcpPortSharing - ok
14:52:01.0611 5160 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:52:01.0674 5160 nfrd960 - ok
14:52:01.0875 5160 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:52:01.0935 5160 NlaSvc - ok
14:52:02.0014 5160 nmwcdnsux64 (9573223e205907247ae6d948e3453770) C:\Windows\system32\drivers\nmwcdnsux64.sys
14:52:02.0090 5160 nmwcdnsux64 - ok
14:52:02.0109 5160 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:52:02.0145 5160 Npfs - ok
14:52:02.0228 5160 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:52:02.0299 5160 nsi - ok
14:52:02.0319 5160 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:52:02.0385 5160 nsiproxy - ok
14:52:02.0462 5160 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:52:02.0502 5160 Ntfs - ok
14:52:02.0517 5160 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:52:02.0550 5160 Null - ok
14:52:02.0632 5160 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:52:02.0646 5160 nvraid - ok
14:52:02.0716 5160 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:52:02.0732 5160 nvstor - ok
14:52:02.0842 5160 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:52:02.0856 5160 nv_agp - ok
14:52:02.0895 5160 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:52:02.0986 5160 ohci1394 - ok
14:52:03.0246 5160 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:52:03.0318 5160 ose - ok
14:52:03.0954 5160 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:52:04.0054 5160 osppsvc - ok
14:52:04.0332 5160 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:52:04.0391 5160 p2pimsvc - ok
14:52:04.0472 5160 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:52:04.0491 5160 p2psvc - ok
14:52:04.0562 5160 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:52:04.0578 5160 Parport - ok
14:52:04.0603 5160 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:52:04.0616 5160 partmgr - ok
14:52:04.0677 5160 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:52:04.0728 5160 PcaSvc - ok
14:52:04.0757 5160 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:52:04.0773 5160 pci - ok
14:52:04.0797 5160 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:52:04.0809 5160 pciide - ok
14:52:04.0861 5160 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:52:04.0876 5160 pcmcia - ok
14:52:04.0952 5160 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:52:04.0966 5160 pcw - ok
14:52:05.0011 5160 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:52:05.0114 5160 PEAUTH - ok
14:52:05.0259 5160 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:52:05.0383 5160 PerfHost - ok
14:52:05.0588 5160 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:52:05.0677 5160 pla - ok
14:52:05.0787 5160 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:52:05.0872 5160 PlugPlay - ok
14:52:05.0892 5160 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:52:05.0922 5160 PNRPAutoReg - ok
14:52:05.0977 5160 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:52:05.0992 5160 PNRPsvc - ok
14:52:06.0112 5160 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:52:06.0172 5160 PolicyAgent - ok
14:52:06.0227 5160 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:52:06.0283 5160 Power - ok
14:52:06.0474 5160 PowerBrl (c6b37e8e347bf175027ec0ba0daf06b9) C:\Windows\system32\Drivers\powerbrl.sys
14:52:06.0485 5160 PowerBrl - ok
14:52:06.0558 5160 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:52:06.0609 5160 PptpMiniport - ok
14:52:06.0876 5160 PQAWRwa (3191d910590f6210089498f536cfc25f) C:\Windows\SysWOW64\PQAWDrv.sys
14:52:06.0903 5160 PQAWRwa ( UnsignedFile.Multi.Generic ) - warning
14:52:06.0903 5160 PQAWRwa - detected UnsignedFile.Multi.Generic (1)
14:52:06.0914 5160 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:52:06.0945 5160 Processor - ok
14:52:07.0010 5160 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:52:07.0056 5160 ProfSvc - ok
14:52:07.0087 5160 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:07.0100 5160 ProtectedStorage - ok
14:52:07.0188 5160 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:52:07.0221 5160 Psched - ok
14:52:07.0289 5160 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:52:07.0345 5160 ql2300 - ok
14:52:07.0367 5160 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:52:07.0430 5160 ql40xx - ok
14:52:07.0478 5160 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:52:07.0501 5160 QWAVE - ok
14:52:07.0522 5160 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:52:07.0557 5160 QWAVEdrv - ok
14:52:07.0674 5160 RalinkRegistryWriter (81bebbffe45855b7faf204c517fbeef1) C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter.exe
14:52:07.0685 5160 RalinkRegistryWriter - ok
14:52:07.0703 5160 RalinkRegistryWriter64 (0878786c69b92e2a239b94f96f2aa963) C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter64.exe
14:52:07.0714 5160 RalinkRegistryWriter64 - ok
14:52:07.0740 5160 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:52:07.0808 5160 RasAcd - ok
14:52:07.0897 5160 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:52:07.0929 5160 RasAgileVpn - ok
14:52:07.0966 5160 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:52:08.0042 5160 RasAuto - ok
14:52:08.0090 5160 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:52:08.0145 5160 Rasl2tp - ok
14:52:08.0179 5160 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:52:08.0234 5160 RasMan - ok
14:52:08.0253 5160 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:52:08.0305 5160 RasPppoe - ok
14:52:08.0336 5160 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:52:08.0415 5160 RasSstp - ok
14:52:08.0442 5160 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:52:08.0500 5160 rdbss - ok
14:52:08.0515 5160 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:52:08.0540 5160 rdpbus - ok
14:52:08.0555 5160 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:52:08.0627 5160 RDPCDD - ok
14:52:08.0691 5160 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:52:08.0738 5160 RDPENCDD - ok
14:52:08.0772 5160 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:52:08.0817 5160 RDPREFMP - ok
14:52:08.0865 5160 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:52:08.0913 5160 RDPWD - ok
14:52:08.0977 5160 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:52:08.0991 5160 rdyboost - ok
14:52:09.0049 5160 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:52:09.0124 5160 RemoteAccess - ok
14:52:09.0161 5160 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:52:09.0226 5160 RemoteRegistry - ok
14:52:09.0258 5160 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:52:09.0347 5160 RpcEptMapper - ok
14:52:09.0402 5160 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:52:09.0431 5160 RpcLocator - ok
14:52:09.0444 5160 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:52:09.0484 5160 RpcSs - ok
14:52:09.0578 5160 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:52:09.0612 5160 rspndr - ok
14:52:09.0688 5160 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:52:09.0706 5160 RTL8167 - ok
14:52:09.0766 5160 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:09.0778 5160 SamSs - ok
14:52:10.0155 5160 SASDIFSV - ok
14:52:10.0211 5160 SASKUTIL - ok
14:52:10.0323 5160 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:52:10.0359 5160 sbp2port - ok
14:52:10.0430 5160 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:52:10.0466 5160 SCardSvr - ok
14:52:10.0487 5160 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:52:10.0543 5160 scfilter - ok
14:52:10.0662 5160 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:52:10.0731 5160 Schedule - ok
14:52:10.0753 5160 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:52:10.0811 5160 SCPolicySvc - ok
14:52:10.0828 5160 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:52:10.0923 5160 SDRSVC - ok
14:52:10.0960 5160 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:52:11.0004 5160 secdrv - ok
14:52:11.0030 5160 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:52:11.0083 5160 seclogon - ok
14:52:11.0097 5160 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:52:11.0183 5160 SENS - ok
14:52:11.0206 5160 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:52:11.0293 5160 SensrSvc - ok
14:52:11.0359 5160 Sentinel64 (255476b54c82a89416efdf09fd62f107) C:\Windows\System32\Drivers\Sentinel64.sys
14:52:11.0373 5160 Sentinel64 - ok
14:52:11.0426 5160 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:52:11.0457 5160 Serenum - ok
14:52:11.0491 5160 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:52:11.0529 5160 Serial - ok
14:52:11.0603 5160 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:52:11.0617 5160 sermouse - ok
14:52:11.0651 5160 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:52:11.0718 5160 SessionEnv - ok
14:52:11.0750 5160 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:52:11.0783 5160 sffdisk - ok
14:52:11.0803 5160 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:52:11.0862 5160 sffp_mmc - ok
14:52:11.0930 5160 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:52:11.0995 5160 sffp_sd - ok
14:52:12.0104 5160 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:52:12.0155 5160 sfloppy - ok
14:52:12.0197 5160 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:52:12.0264 5160 SharedAccess - ok
14:52:12.0305 5160 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:52:12.0379 5160 ShellHWDetection - ok
14:52:12.0410 5160 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:52:12.0433 5160 SiSRaid2 - ok
14:52:12.0453 5160 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:52:12.0487 5160 SiSRaid4 - ok
14:52:12.0515 5160 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:52:12.0585 5160 Smb - ok
14:52:12.0626 5160 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:52:12.0699 5160 SNMPTRAP - ok
14:52:12.0729 5160 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:52:12.0769 5160 spldr - ok
14:52:12.0792 5160 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:52:12.0849 5160 Spooler - ok
14:52:12.0956 5160 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:52:13.0089 5160 sppsvc - ok
14:52:13.0110 5160 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:52:13.0207 5160 sppuinotify - ok
14:52:13.0254 5160 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:52:13.0328 5160 srv - ok
14:52:13.0361 5160 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:52:13.0444 5160 srv2 - ok
14:52:13.0463 5160 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:52:13.0480 5160 srvnet - ok
14:52:13.0511 5160 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:52:13.0580 5160 SSDPSRV - ok
14:52:13.0642 5160 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:52:13.0683 5160 SstpSvc - ok
14:52:13.0762 5160 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:52:13.0778 5160 stexstor - ok
14:52:14.0039 5160 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:52:14.0065 5160 stisvc - ok
14:52:14.0116 5160 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:52:14.0128 5160 swenum - ok
14:52:14.0148 5160 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:52:14.0288 5160 swprv - ok
14:52:14.0333 5160 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:52:14.0390 5160 SysMain - ok
14:52:14.0417 5160 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:52:14.0452 5160 TabletInputService - ok
14:52:14.0489 5160 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:52:14.0543 5160 TapiSrv - ok
14:52:14.0570 5160 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:52:14.0604 5160 TBS - ok
14:52:14.0732 5160 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:52:14.0793 5160 Tcpip - ok
14:52:14.0842 5160 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:52:14.0877 5160 TCPIP6 - ok
14:52:14.0986 5160 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:52:15.0032 5160 tcpipreg - ok
14:52:15.0095 5160 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:52:15.0108 5160 TDPIPE - ok
14:52:15.0168 5160 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:52:15.0207 5160 TDTCP - ok
14:52:15.0264 5160 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:52:15.0298 5160 tdx - ok
14:52:15.0324 5160 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:52:15.0339 5160 TermDD - ok
14:52:15.0389 5160 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:52:15.0445 5160 TermService - ok
14:52:15.0479 5160 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:52:15.0497 5160 Themes - ok
14:52:15.0531 5160 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:52:15.0567 5160 THREADORDER - ok
14:52:15.0612 5160 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:52:15.0668 5160 TrkWks - ok
14:52:15.0796 5160 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:52:15.0848 5160 TrustedInstaller - ok
14:52:15.0927 5160 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:52:15.0978 5160 tssecsrv - ok
14:52:16.0041 5160 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:52:16.0072 5160 TsUsbFlt - ok
14:52:16.0128 5160 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:52:16.0153 5160 TsUsbGD - ok
14:52:16.0312 5160 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:52:16.0428 5160 tunnel - ok
14:52:16.0453 5160 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:52:16.0466 5160 uagp35 - ok
14:52:16.0507 5160 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:52:16.0563 5160 udfs - ok
14:52:16.0628 5160 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:52:16.0648 5160 UI0Detect - ok
14:52:16.0690 5160 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:52:16.0708 5160 uliagpkx - ok
14:52:16.0768 5160 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:52:16.0806 5160 umbus - ok
14:52:16.0841 5160 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:52:16.0899 5160 UmPass - ok
14:52:17.0962 5160 UNS (e91f8afbd7fb96c94b266579d6bfa77a) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:52:18.0009 5160 UNS - ok
14:52:18.0446 5160 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:52:18.0512 5160 upnphost - ok
14:52:18.0888 5160 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:52:18.0939 5160 usbccgp - ok
14:52:19.0022 5160 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:52:19.0039 5160 usbcir - ok
14:52:19.0064 5160 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:52:19.0096 5160 usbehci - ok
14:52:19.0303 5160 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:52:19.0414 5160 usbhub - ok
14:52:19.0531 5160 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:52:19.0575 5160 usbohci - ok
14:52:19.0643 5160 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:52:19.0675 5160 usbprint - ok
14:52:19.0791 5160 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:52:19.0807 5160 usbscan - ok
14:52:19.0843 5160 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:52:19.0893 5160 USBSTOR - ok
14:52:19.0981 5160 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:52:20.0017 5160 usbuhci - ok
14:52:20.0131 5160 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
14:52:20.0148 5160 usbvideo - ok
14:52:20.0224 5160 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:52:20.0286 5160 UxSms - ok
14:52:20.0354 5160 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:20.0366 5160 VaultSvc - ok
14:52:20.0434 5160 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:52:20.0448 5160 vdrvroot - ok
14:52:20.0627 5160 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:52:20.0677 5160 vds - ok
14:52:20.0730 5160 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:52:20.0745 5160 vga - ok
14:52:20.0780 5160 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:52:20.0837 5160 VgaSave - ok
14:52:20.0924 5160 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:52:20.0940 5160 vhdmp - ok
14:52:20.0965 5160 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:52:20.0978 5160 viaide - ok
14:52:21.0005 5160 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:52:21.0018 5160 volmgr - ok
14:52:21.0084 5160 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:52:21.0101 5160 volmgrx - ok
14:52:21.0211 5160 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:52:21.0231 5160 volsnap - ok
14:52:21.0435 5160 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:52:21.0450 5160 vsmraid - ok
14:52:22.0151 5160 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:52:22.0325 5160 VSS - ok
14:52:22.0731 5160 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:52:22.0769 5160 vwifibus - ok
14:52:22.0797 5160 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:52:22.0836 5160 vwififlt - ok
14:52:22.0914 5160 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:52:22.0931 5160 vwifimp - ok
14:52:23.0020 5160 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:52:23.0108 5160 W32Time - ok
14:52:23.0128 5160 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:52:23.0203 5160 WacomPen - ok
14:52:23.0274 5160 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:52:23.0342 5160 WANARP - ok
14:52:23.0362 5160 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:52:23.0395 5160 Wanarpv6 - ok
14:52:23.0515 5160 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:52:23.0551 5160 WatAdminSvc - ok
14:52:23.0632 5160 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:52:23.0712 5160 wbengine - ok
14:52:23.0810 5160 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:52:23.0836 5160 WbioSrvc - ok
14:52:23.0854 5160 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:52:23.0913 5160 wcncsvc - ok
14:52:23.0929 5160 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:52:24.0004 5160 WcsPlugInService - ok
14:52:24.0080 5160 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:52:24.0094 5160 Wd - ok
14:52:24.0217 5160 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:52:24.0241 5160 Wdf01000 - ok
14:52:24.0265 5160 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:52:24.0342 5160 WdiServiceHost - ok
14:52:24.0347 5160 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:52:24.0369 5160 WdiSystemHost - ok
14:52:24.0390 5160 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:52:24.0503 5160 WebClient - ok
14:52:24.0552 5160 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:52:24.0592 5160 Wecsvc - ok
14:52:24.0609 5160 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:52:24.0644 5160 wercplsupport - ok
14:52:24.0687 5160 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:52:24.0729 5160 WerSvc - ok
14:52:24.0849 5160 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:52:24.0882 5160 WfpLwf - ok
14:52:24.0908 5160 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:52:24.0920 5160 WIMMount - ok
14:52:24.0999 5160 WinDefend - ok
14:52:25.0006 5160 WinHttpAutoProxySvc - ok
14:52:25.0105 5160 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:52:25.0155 5160 Winmgmt - ok
14:52:25.0316 5160 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:52:25.0380 5160 WinRM - ok
14:52:25.0534 5160 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:52:25.0551 5160 WinUsb - ok
14:52:25.0612 5160 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:52:25.0683 5160 Wlansvc - ok
14:52:25.0895 5160 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:52:25.0907 5160 wlcrasvc - ok
14:52:26.0243 5160 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:52:26.0295 5160 wlidsvc - ok
14:52:26.0484 5160 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:52:26.0564 5160 WmiAcpi - ok
14:52:26.0718 5160 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:52:26.0778 5160 wmiApSrv - ok
14:52:26.0915 5160 WMPNetworkSvc - ok
14:52:26.0977 5160 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:52:27.0014 5160 WPCSvc - ok
14:52:27.0038 5160 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:52:27.0085 5160 WPDBusEnum - ok
14:52:27.0198 5160 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:52:27.0251 5160 ws2ifsl - ok
14:52:27.0286 5160 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:52:27.0330 5160 wscsvc - ok
14:52:27.0338 5160 WSearch - ok
14:52:28.0040 5160 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:52:28.0164 5160 wuauserv - ok
14:52:28.0562 5160 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:52:28.0608 5160 WudfPf - ok
14:52:28.0620 5160 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:52:28.0677 5160 WUDFRd - ok
14:52:28.0724 5160 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:52:28.0757 5160 wudfsvc - ok
14:52:28.0812 5160 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:52:28.0857 5160 WwanSvc - ok
14:52:29.0048 5160 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:52:29.0142 5160 \Device\Harddisk0\DR0 - ok
14:52:29.0145 5160 Boot (0x1200) (6c29d0304f608a862d981236945ca2a6) \Device\Harddisk0\DR0\Partition0
14:52:29.0146 5160 \Device\Harddisk0\DR0\Partition0 - ok
14:52:29.0174 5160 Boot (0x1200) (b8de73dd3ab05971da83d44cc7a6392c) \Device\Harddisk0\DR0\Partition1
14:52:29.0176 5160 \Device\Harddisk0\DR0\Partition1 - ok
14:52:29.0215 5160 Boot (0x1200) (7cae826f03fe553e82ac8fa17b109f35) \Device\Harddisk0\DR0\Partition2
14:52:29.0217 5160 \Device\Harddisk0\DR0\Partition2 - ok
14:52:29.0219 5160 ============================================================
14:52:29.0219 5160 Scan finished
14:52:29.0219 5160 ============================================================
14:52:29.0228 5720 Detected object count: 3
14:52:29.0228 5720 Actual detected object count: 3
14:52:43.0586 5720 CtrlPanel ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:43.0587 5720 CtrlPanel ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:43.0587 5720 IdcSrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:43.0587 5720 IdcSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:43.0588 5720 PQAWRwa ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:43.0588 5720 PQAWRwa ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:48.0078 5484 Deinitialize success

Windows 8 Professional 64-bit • Avast Free Antivirus (latest) • MBAM On-Demand (latest) • Comodo Firewall • Google Chrome • CCleaner

#14 AlI821

Regular Member

Honorary Members
65 posts

Posted 13 April 2012 - 08:54 AM

I'm still getting the adds and the computer is still slow.

Windows 8 Professional 64-bit • Avast Free Antivirus (latest) • MBAM On-Demand (latest) • Comodo Firewall • Google Chrome • CCleaner

#15 Maniac

Forum Deity

Experts
17,450 posts

Gender:Male
Location:Bulgaria, EU

Posted 13 April 2012 - 09:08 AM

These ads come from a browser or something else?

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#16 AlI821

Regular Member

Honorary Members
65 posts

Posted 13 April 2012 - 09:25 AM

These adds come from both Internet Explorer and Google Chrome. The computer is running very slowly and now I have experienced some BSODs.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-13 15:22:43
-----------------------------
15:22:43.968 OS Version: Windows x64 6.1.7601 Service Pack 1
15:22:43.968 Number of processors: 2 586 0x2A07
15:22:43.969 ComputerName: SHAZIABEGUM-PC UserName: Shazia Begum
15:22:45.257 Initialize success
15:22:50.934 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:22:50.936 Disk 0 Vendor: WDC_WD10EADX-22TDHB0 77.04D77 Size: 953869MB BusType: 11
15:22:50.949 Disk 0 MBR read successfully
15:22:50.951 Disk 0 MBR scan
15:22:50.953 Disk 0 Windows 7 default MBR code
15:22:50.957 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 22000 MB offset 2048
15:22:50.975 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 45058048
15:22:50.978 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 465881 MB offset 45262848
15:22:50.993 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 465886 MB offset 999387136
15:22:50.997 Disk 0 scanning C:\Windows\system32\drivers
15:22:54.540 Service scanning
15:23:04.255 Modules scanning
15:23:04.261 Disk 0 trace - called modules:
15:23:04.282 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:23:04.287 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cc1060]
15:23:04.290 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa800471c0c0]
15:23:04.294 5 ACPI.sys[fffff88000f227a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800468a680]
15:23:04.299 Scan finished successfully
15:24:38.143 Disk 0 MBR has been saved successfully to "C:\Users\Shazia Begum\Desktop\MBR.dat"
15:24:38.149 The log file has been saved successfully to "C:\Users\Shazia Begum\Desktop\aswMBR.txt"

Windows 8 Professional 64-bit • Avast Free Antivirus (latest) • MBAM On-Demand (latest) • Comodo Firewall • Google Chrome • CCleaner

#17 Maniac

Forum Deity

Experts
17,450 posts

Gender:Male
Location:Bulgaria, EU

Posted 13 April 2012 - 09:39 AM

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#18 AlI821

Regular Member

Honorary Members
65 posts

Posted 13 April 2012 - 10:12 AM

Popups have gone but still comp is very slow.

MiniToolBox by Farbar Version: 18-01-2012
Ran by Shazia Begum (administrator) on 13-04-2012 at 16:10:58
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

802.11 USB Wireless LAN Card = Wireless Network Connection 6 (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 7 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : ShaziaBegum-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #3
Physical Address. . . . . . . . . : 00-A1-B0-02-31-62
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 802.11 USB Wireless LAN Card #4
Physical Address. . . . . . . . . : 00-A1-B0-02-31-63
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a459:ee6f:57ca:9579%18(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 13 April 2012 12:50:49
Lease Expires . . . . . . . . . . : 20 April 2012 12:53:21
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 469803440
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-15-C4-1A-F8-0F-41-2F-CE-FA
DNS Servers . . . . . . . . . . . : 8.26.56.26
156.154.70.22
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : F8-0F-41-2F-CE-FA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B887273F-390E-48B5-AC65-A19E4D9A682A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:18fa:dca:3f57:ff99(Preferred)
Link-local IPv6 Address . . . . . : fe80::18fa:dca:3f57:ff99%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: google.com
Addresses: 173.194.70.113
173.194.70.100
173.194.70.139
173.194.70.101
173.194.70.102
173.194.70.138

Pinging google.com [209.85.148.113] with 32 bytes of data:
Reply from 209.85.148.113: bytes=32 time=31ms TTL=50
Reply from 209.85.148.113: bytes=32 time=32ms TTL=50

Ping statistics for 209.85.148.113:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 32ms, Average = 31ms
Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=213ms TTL=48
Reply from 72.30.38.140: bytes=32 time=206ms TTL=48

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 206ms, Maximum = 213ms, Average = 209ms
Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
21...00 a1 b0 02 31 62 ......Microsoft Virtual WiFi Miniport Adapter #3
18...00 a1 b0 02 31 63 ......802.11 USB Wireless LAN Card #4
11...f8 0f 41 2f ce fa ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
412...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.102 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.102 281
192.168.0.102 255.255.255.255 On-link 192.168.0.102 281
192.168.0.255 255.255.255.255 On-link 192.168.0.102 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.102 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.102 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:5ef5:79fb:18fa:dca:3f57:ff99/128
On-link
18 281 fe80::/64 On-link
15 306 fe80::/64 On-link
15 306 fe80::18fa:dca:3f57:ff99/128
On-link
18 281 fe80::a459:ee6f:57ca:9579/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
18 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/13/2012 00:38:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: dreamseeker.exe, version: 1.0.0.1, time stamp: 0x4e8ba0cc
Faulting module name: igdumd32.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f3aab9f
Exception code: 0xc0000005
Fault offset: 0x04d33bdb
Faulting process id: 0x83c
Faulting application start time: 0xdreamseeker.exe0
Faulting application path: dreamseeker.exe1
Faulting module path: dreamseeker.exe2
Report Id: dreamseeker.exe3

Error: (04/13/2012 00:35:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/13/2012 11:42:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 10:16:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 09:51:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 09:39:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 05:14:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2012 03:12:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: dreamseeker.exe, version: 1.0.0.1, time stamp: 0x4e8ba0cc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00000000
Faulting process id: 0xbf4
Faulting application start time: 0xdreamseeker.exe0
Faulting application path: dreamseeker.exe1
Faulting module path: dreamseeker.exe2
Report Id: dreamseeker.exe3

Error: (04/11/2012 01:28:33 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/11/2012 01:28:33 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (04/13/2012 11:41:14 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (04/12/2012 10:16:44 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (04/12/2012 10:16:39 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (04/12/2012 10:15:51 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/12/2012 10:15:47 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/12/2012 10:15:19 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/12/2012 10:15:19 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/12/2012 10:13:11 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/12/2012 09:50:30 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
nmfmfx
SASDIFSV
SASKUTIL
zvijcv

Error: (04/12/2012 09:39:37 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
nmfmfx
SASDIFSV
SASKUTIL
zvijcv

Microsoft Office Sessions:
=========================
Error: (04/13/2012 00:38:16 PM) (Source: Application Error)(User: )
Description: dreamseeker.exe1.0.0.14e8ba0ccigdumd32.dll_unloaded0.0.0.04f3aab9fc000000504d33bdb83c01cd1969251b1d75C:\Program Files (x86)\BYOND\bin\dreamseeker.exeigdumd32.dll289a91a6-855d-11e1-9569-f80f412fcefa

Error: (04/13/2012 00:35:32 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (04/13/2012 11:42:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 10:16:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 09:51:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 09:39:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 05:14:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2012 03:12:39 PM) (Source: Application Error)(User: )
Description: dreamseeker.exe1.0.0.14e8ba0ccunknown0.0.0.0000000000000000000000000bf401cd17ed23574b29C:\Program Files (x86)\BYOND\bin\dreamseeker.exeunknown6515aca3-83e0-11e1-9f99-f80f412fcefa

Error: (04/11/2012 01:28:33 PM) (Source: Windows Search Service)(User: )
Description: Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/11/2012 01:28:33 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

=========================== Installed Programs ============================

??? ActiveX ?? Windows Live Mesh ???? ??????? ??????? (Version: 15.4.5722.2)
???? ??? Windows Live (Version: 15.4.3502.0922)
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ??????? (Version: 15.4.5722.2)
???? Windows Live (Version: 15.4.3502.0922)
?????? ??????? ?? Windows Live (Version: 15.4.3502.0922)
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ??????????? (Version: 15.4.5722.2)
??????? Windows Live Mesh ActiveX ??? (Version: 15.4.5722.2)
???????? ?????????? Windows Live (Version: 15.4.3502.0922)
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???) (Version: 15.4.5722.2)
?????????? Windows Live (Version: 15.4.3502.0922)
??????????? ?? Windows Live (Version: 15.4.3502.0922)
Acer eRecovery Management (Version: 5.00.3502)
Acer Games (Version: 1.0.2.5)
Acer PowerSaver (Version: 1.00.3502)
Acer Registration (Version: 1.04.3503)
Acer ScreenSaver (Version: 1.1.0609.2011)
Acer Updater (Version: 1.02.3500)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (Version: 15.4.5722.2)
ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ?????? (Version: 15.4.5722.2)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.228)
Adobe Reader X (10.1.3) MUI (Version: 10.1.3)
Agatha Christie - Death on the Nile (Version: 2.2.0.98)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Build Your Own Net Dream (remove only)
CCleaner (Version: 3.16)
Chuzzle Deluxe (Version: 2.2.0.95)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
clear.fi (Version: 1.0.1517_36458)
clear.fi (Version: 1.0.1720.15)
clear.fi (Version: 9.0.7713)
clear.fi Client (Version: 1.00.3500)
COMODO Internet Security (Version: 5.10.31649.2253)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (Version: 15.4.5722.2)
Control ActiveX de Windows Live Mesh para conexiones remotas (Version: 15.4.5722.2)
Control ActiveX del Windows Live Mesh per a connexions remotes (Version: 15.4.5722.2)
Control ActiveX Windows Live Mesh pentru conexiuni la distan?a (Version: 15.4.5722.2)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (Version: 15.4.5722.2)
Crazy Chicken Kart 2 (Version: 2.2.0.97)
CtrlPanel (Version: 1.00.0521)
CyberLink YouCam (Version: 4.0.2123)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
eBay Worldwide (Version: 2.2.0409)
Emsisoft Anti-Malware (Version: 6.0)
ESET Online Scanner v3
FATE (Version: 2.2.0.97)
Final Drive: Nitro (Version: 2.2.0.95)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych (Version: 15.4.5722.2)
Fotogalerija Windows Live (Version: 15.4.3502.0922)
Free YouTube Download version 3.1.22.319 (Version: 3.1.22.319)
Freedom Scientific Braille (Version: 11.0.641.1)
Freedom Scientific Document Server (Version: 11.0.641.1)
Freedom Scientific Elevation (Version: 11.0.641.1)
Freedom Scientific FSReader 2.0 (Version: 2.0.1051.0)
Freedom Scientific JAWS 13.0 (Version: 13.0.638.400)
Freedom Scientific Ocr (Version: 12.0.073.0)
Freedom Scientific OmniPage (Version: 11.0.000.0)
Freedom Scientific Synth (Version: 13.0.638.400)
Freedom Scientific Synthesizer Eloquence (Version: 6.1.004)
Freedom Scientific Talking Installer 13.0 (Version: 13.0.638.400)
Freedom Scientific Utilities (Version: 11.0.303.1)
Freedom Scientific Video Intercept (Version: 11.0.641.1)
Freedom Scientific WOW64 Proxy (Version: 11.0.641.1)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galeria fotografii uslugi Windows Live (Version: 15.4.3502.0922)
Galeria fotogràfica del Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Galerie foto Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Google Chrome (Version: 18.0.1025.152)
Hotkey Utility (Version: 2.05.3503)
IdeaCom Touch Screen 3.3.0000.26 (Version: 3.3.0000.26)
Identity Card (Version: 1.00.3501)
Insaniquarium Deluxe (Version: 2.2.0.97)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2279)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Jewel Match 3 (Version: 2.2.0.97)
Jewel Quest Solitaire (Version: 2.2.0.95)
John Deere Drive Green (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 8.2.0 (Basic) (Version: 8.2.0)
Kobo (Version: 2.1.6)
Kontrola Windows Live Mesh ActiveX za daljinske veze (Version: 15.4.5722.2)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (Version: 15.4.5722.2)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
MicroNEXT MicroNEXT USB Wireless (Version: 1.0.9.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.6106.5001)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery of Mortlake Mansion (Version: 2.2.0.98)
MyWinLocker (Version: 4.0.14.25)
MyWinLocker 4 (Version: 4.0.14.25)
MyWinLocker Suite (Version: 4.0.14.15)
Nero Control Center 10 (Version: 10.2.11100.1.1)
Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000)
Nero Core Components 10 (Version: 2.0.18100.8.8)
Nero DiscSpeed 10 (Version: 6.2.10500.2.100)
Nero DiscSpeed 10 Help (CHM) (Version: 10.5.10000)
Nero Express 10 (Version: 10.2.12000.21.100)
Nero Express 10 Help (CHM) (Version: 10.5.10200)
Nero Multimedia Suite 10 Essentials (Version: 10.5.10300)
Nero StartSmart 10 (Version: 10.2.11600.14.100)
Nero StartSmart 10 Help (CHM) (Version: 10.5.10000)
Nero Update (Version: 1.0.0018)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení (Version: 15.4.5722.2)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (Version: 15.4.5722.2)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
Poczta uslugi Windows Live (Version: 15.4.3502.0922)
Podstawowe programy Windows Live (Version: 15.4.3502.0922)
Polar Bowler (Version: 2.2.0.97)
Pošta Windows Live (Version: 15.4.3502.0922)
Raccolta foto di Windows Live (Version: 15.4.3502.0922)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek Ethernet Controller Driver (Version: 7.37.1229.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6278)
RealUpgrade 1.1 (Version: 1.1.0)
S?????? f?t???af??? t?? Windows Live (Version: 15.4.3502.0922)
Sentinel System Driver Installer 7.5.0 (Version: 7.5.0)
Shredder (Version: 2.0.8.9)
Slingo Deluxe (Version: 2.2.0.95)
SopCast 3.4.8 (Version: 3.4.8)
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se?? (Version: 15.4.5722.2)
Torchlight (Version: 2.2.0.97)
TouchSettings (Version: 1.00.0006)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Urruneko konexioetarako Windows Live Mesh ActiveX kontrola (Version: 15.4.5722.2)
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi (Version: 15.4.5722.2)
Veetle TV (Version: 0.9.19)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.97)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Wedding Dash (Version: 2.2.0.95)
Welcome Center (Version: 1.02.3503)
WildTangent Games App (Acer Games) (Version: 4.0.5.14)
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Argazki Galeria (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Fotótár (Version: 15.4.3502.0922)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live Fotogalleri (Version: 15.4.3502.0922)
Windows Live Fotogaléria (Version: 15.4.3502.0922)
Windows Live Fotograf Galerisi (Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (Version: 15.4.3502.0922)
Windows Live Galerija fotografija (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (Version: 15.4.5722.2)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (Version: 15.4.5722.2)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (Version: 15.4.5722.2)
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz (Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Temel Parçalar (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Liven asennustyökalu (Version: 15.4.3502.0922)
Windows Liven sähköposti (Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922)
WinRAR 4.10 (64-bit) (Version: 4.10.0)
Zuma Deluxe (Version: 2.2.0.95)

========================= Devices: ================================

Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 4008.04 MB
Available physical RAM: 2441.37 MB
Total Pagefile: 8014.26 MB
Available Pagefile: 5918.09 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.22 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:454.96 GB) (Free:394.19 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:454.97 GB) (Free:454.3 GB) NTFS

========================= Users: ========================================

User accounts for \\SHAZIABEGUM-PC

Administrator Guest Shazia Begum

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

Windows 8 Professional 64-bit • Avast Free Antivirus (latest) • MBAM On-Demand (latest) • Comodo Firewall • Google Chrome • CCleaner

#19 Maniac

Forum Deity

Experts
17,450 posts

Gender:Male
Location:Bulgaria, EU

Posted 13 April 2012 - 11:32 AM

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and post it in your next reply.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#20 AlI821

Regular Member

Honorary Members
65 posts

Posted 13 April 2012 - 01:08 PM

It has found no threats however, I am still experiencing some BSODs as well as the computer is still slow. Takes 8 mins to boot up when it normally takes around 20 secs. Takes 5 min to shut down too when it should down in like 30 secs. Only bought this PC 3 months ago.

Windows 8 Professional 64-bit • Avast Free Antivirus (latest) • MBAM On-Demand (latest) • Comodo Firewall • Google Chrome • CCleaner