Sign in to follow this  
Followers 0
Alikhan

Help, I'm infected

26 posts in this topic

My computer has many adds showing up as well as working very slowly. Freezes alot too.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.11.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Shazia Begum :: SHAZIABEGUM-PC [administrator]

Protection: Enabled

11/04/2012 17:27:41

mbam-log-2012-04-11 (17-27-41).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 201838

Time elapsed: 1 minute(s), 57 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Shazia Begum at 17:37:17 on 2012-04-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4008.1822 [GMT 1:00]

.

AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

C:\Program Files (x86)\IdeaCom\IDCMgr\IdcSrv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\SysWOW64\CtrlPanel.exe

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter.exe

C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter64.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\MicroNEXT\Common\RaUI.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe

C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Windows\SysWOW64\CtrlPanel.exe

C:\Program Files (x86)\IdeaCom\IDCMgr\IdcMgr.exe

C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe

C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files\Freedom Scientific\JAWS\13.0\fsATProxy.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\BYOND\bin\byond.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\BYOND\bin\dreamseeker.exe

C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\splwow64.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\sysWow64\SearchProtocolHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uDefault_Page_URL = hxxp://acer.msn.com

mDefault_Page_URL = hxxp://acer.msn.com

mStart Page = hxxp://acer.msn.com

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [Google Update] "C:\Users\Shazia Begum\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"

mRun: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun: [WCtrlPanel] C:\Windows\SysWOW64\CtrlPanel.exe

mRun: [ideaCom Calibration] C:\Program Files (x86)\IdeaCom\IDCMgr\StartUT.exe calibration_check

mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"

mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

StartupFolder: C:\Users\SHAZIA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICRON~1.LNK - C:\Program Files (x86)\MicroNEXT\Common\RaUI.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - C:\Users\Shazia Begum\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{108CD5B1-ED89-4621-938D-F8460005E142} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{4FCA798A-112F-40E2-8BCC-02391F1CB669} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{B887273F-390E-48B5-AC65-A19E4D9A682A} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{B887273F-390E-48B5-AC65-A19E4D9A682A} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{D9DA8EA3-8033-4A15-9A19-E500C47C0069} : NameServer = 8.26.56.26,156.154.70.22

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"

mRun-x64: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

mRun-x64: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun-x64: [WCtrlPanel] C:\Windows\SysWOW64\CtrlPanel.exe

mRun-x64: [ideaCom Calibration] C:\Program Files (x86)\IdeaCom\IDCMgr\StartUT.exe calibration_check

mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"

mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-2-1 23208]

R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Users\SHAZIA~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Users\SHAZIA~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-2-1 3064624]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 CtrlPanel;CtrlPanel;C:\Windows\SysWOW64\CtrlPanel.exe [2011-9-29 229376]

R2 Freedom Scientific Kernel Manager;Freedom Scientific Kernel Manager;\??\C:\Windows\system32\fsKMgr.dll --> C:\Windows\system32\fsKMgr.dll [?]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-30 36456]

R2 IdcSrv;IDCSRV Service;C:\Program Files (x86)\IdeaCom\IDCMgr\IdcSrv.exe [2011-9-29 252928]

R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-7-9 244624]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-9 654408]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]

R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter.exe [2012-1-29 75040]

R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter64.exe [2012-1-29 210720]

R2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-29 2656280]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 fsvidmir_service;fsvidmir_service;C:\Windows\system32\DRIVERS\fsvidmir.sys --> C:\Windows\system32\DRIVERS\fsvidmir.sys [?]

R3 IdcFltr;HID Touch Screen Driver;C:\Windows\system32\DRIVERS\idcfltr.sys --> C:\Windows\system32\DRIVERS\idcfltr.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]

R3 PQAWRwa;PQAWRwa;C:\Windows\SysWOW64\PQAWDrv.sys [2011-9-29 12384]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-2-1 63880]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 253600]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]

S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-4-2 173424]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 JTVNCProxy_13.0;JTVNCProxy_13.0;C:\Program Files\Freedom Scientific\JAWS\13.0\JTVNCProxy.exe [2011-12-8 19736]

S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-5-25 21504]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PowerBrl;powerBraille System Driver;\??\C:\Windows\system32\Drivers\powerbrl.sys --> C:\Windows\system32\Drivers\powerbrl.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2012-04-11 16:00:28 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\SUPERAntiSpyware.com

2012-04-11 16:00:28 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-04-11 11:22:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2012-04-11 11:22:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

2012-04-11 11:22:59 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-04-11 11:22:40 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-11 11:22:40 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-11 11:22:40 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-11 11:19:03 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-11 11:19:03 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-11 11:19:03 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-11 11:19:03 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-11 11:19:03 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-11 11:19:03 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-11 11:19:03 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-09 19:48:13 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{4FFDF3F7-2D4D-4767-8675-14D96AFDD80C}

2012-04-09 12:17:01 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll

2012-04-09 11:08:54 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\VS Revo Group

2012-04-09 10:33:13 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Comodo

2012-04-09 10:32:32 -------- d-----w- C:\ProgramData\CPA_VA

2012-04-09 10:31:52 -------- d--h--w- C:\VritualRoot

2012-04-09 10:24:23 -------- d-----w- C:\ProgramData\Comodo

2012-04-09 10:24:21 -------- d-----w- C:\Program Files (x86)\Comodo

2012-04-09 10:24:10 -------- d-----w- C:\Program Files\COMODO

2012-04-08 15:29:47 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\NokiaAccount

2012-04-08 15:29:09 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Nokia

2012-04-08 15:28:38 -------- d-----w- C:\ProgramData\Nokia

2012-04-08 15:28:05 -------- d-----w- C:\Program Files (x86)\PC Connectivity Solution

2012-04-08 15:27:14 -------- d-----w- C:\ProgramData\NokiaInstallerCache

2012-04-08 15:27:14 -------- d-----w- C:\Program Files (x86)\Nokia

2012-04-08 10:52:55 238764 ----a-w- C:\ProgramData\1333882074.bdinstall.bin

2012-04-08 10:48:16 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\QuickScan

2012-04-07 12:45:51 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{BE715F02-8A00-4E2F-97EB-3F04096AF159}

2012-04-07 11:19:31 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{2694F568-7F9F-4B6A-A496-D9F94F2BF159}

2012-04-06 10:20:49 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E993DC25-C93B-4BB9-8366-626753F1FEA6}\mpengine.dll

2012-04-06 10:17:52 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{58A282AA-AB37-4B94-AB8A-AAA5B8B40CF9}

2012-04-05 17:34:26 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\Mozilla

2012-04-05 13:15:39 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{56BD76DB-AEA9-4E18-9850-B7BC82DE2A1D}

2012-04-05 11:37:09 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-03 18:28:04 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\DVDVideoSoftIEHelpers

2012-04-03 18:27:29 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft

2012-04-03 18:27:28 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\DVDVideoSoft

2012-04-03 18:27:28 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft

2012-04-03 11:32:22 -------- d-----w- C:\avast! sandbox

2012-04-03 11:25:02 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{29BDD252-050C-4915-835F-8690DDD8F58E}

2012-04-02 15:31:55 169 ----a-w- C:\Delete.bat

2012-03-31 17:43:29 -------- d--h--w- C:\ProgramData\Common Files

2012-03-31 17:42:57 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\AVG2012

2012-03-28 20:07:59 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{E6E15007-6F5D-4346-AD71-7144E66FD6B6}

2012-03-28 20:07:43 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{2FBB44F9-A32D-4D5E-BA50-7E69F27FD450}

2012-03-27 15:14:54 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{76ED64E8-70B9-4032-AF1C-634BEE85D4FE}

2012-03-26 19:33:34 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{7E112A59-C17C-4387-BF16-A799BE8C0AAA}

2012-03-25 20:03:46 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{B28AFA12-E40F-4221-B545-C6760EA81B81}

2012-03-25 20:03:33 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{E6CB7EBF-190A-4399-B758-BDF8D812CEAF}

2012-03-22 20:51:45 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{5036C2B0-B9AD-466A-943E-D81A896E67D8}

2012-03-22 20:51:32 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{F6E84D56-9D30-43BC-A589-76AE20AC1AA0}

2012-03-21 20:18:30 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{4379F2AE-7E07-4429-BC6E-B30675D2359D}

2012-03-21 20:18:17 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{E9C12646-E7CB-481A-96D4-05BE58463C16}

2012-03-20 20:45:31 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{F574575C-4C25-47EC-A919-7F93A960823A}

2012-03-20 20:45:15 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{85303857-8010-4504-8733-30FCB772FD8C}

2012-03-17 15:13:56 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{D9B2574C-CC5C-41FE-89C8-E2FE454DF871}

2012-03-17 15:13:42 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{F14FFBA6-9F84-4A3E-A9DC-5BED11093B0F}

2012-03-16 19:48:19 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{B3DE9EB4-69DB-491A-B7D7-23A6F07BC893}

2012-03-16 19:48:03 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{1FB8295A-DFF5-4FB4-9D57-F10F6F08C31B}

2012-03-15 17:37:05 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{B7DA6A82-BA29-4D64-ABE3-313B5FDA850A}

2012-03-15 17:36:45 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{F6331EED-3093-4104-8605-ADA111CD6806}

2012-03-14 20:41:25 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{8CE61F0E-6505-417E-9BFE-FEE49C483BD4}

2012-03-14 12:36:41 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-14 12:36:34 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-14 12:36:34 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-14 12:29:09 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 12:29:09 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-14 12:29:09 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-14 12:29:00 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 12:29:00 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-14 12:29:00 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-14 12:29:00 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-12 21:04:27 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{49D1D077-03DD-46D2-A84B-D25AF5BB7C40}

2012-03-12 21:04:08 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{BB2B426B-8677-42E9-9170-4D85B722E237}

.

==================== Find3M ====================

.

2012-04-07 10:50:54 73 ----a-w- C:\Windows\SysWow64\ssprs.dll

2012-04-07 10:50:54 205 ----a-w- C:\Windows\SysWow64\c4t9jah.dll

2012-04-05 11:37:09 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-04 14:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-18 15:16:15 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-03-11 20:13:42 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys

2012-03-11 20:13:42 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2012-03-11 20:13:40 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2012-03-11 20:13:22 41200 ----a-w- C:\Windows\System32\cmdcsr.dll

2012-03-11 20:13:20 301224 ----a-w- C:\Windows\SysWow64\guard32.dll

2012-03-11 20:13:18 389840 ----a-w- C:\Windows\System32\guard64.dll

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-14 18:55:04 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe

2012-02-14 18:55:02 5886232 ----a-w- C:\Windows\System32\GfxUI.exe

2012-02-14 18:55:02 511768 ----a-w- C:\Windows\System32\igfxsrvc.exe

2012-02-14 18:55:02 440600 ----a-w- C:\Windows\System32\igfxpers.exe

2012-02-14 18:55:02 398616 ----a-w- C:\Windows\System32\hkcmd.exe

2012-02-14 18:55:02 250136 ----a-w- C:\Windows\System32\igfxext.exe

2012-02-14 18:55:02 184600 ----a-w- C:\Windows\System32\difx64.exe

2012-02-14 18:55:02 170264 ----a-w- C:\Windows\System32\igfxtray.exe

2012-02-14 18:53:26 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2653.dll

2012-02-14 18:47:40 8086528 ----a-w- C:\Windows\System32\igdumd64.dll

2012-02-14 18:47:38 14692224 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys

2012-02-14 18:47:06 963912 ----a-w- C:\Windows\SysWow64\igkrng600.bin

2012-02-14 18:47:06 963912 ----a-w- C:\Windows\System32\igkrng600.bin

2012-02-14 18:47:06 79360 ----a-w- C:\Windows\System32\igdde64.dll

2012-02-14 18:47:06 261208 ----a-w- C:\Windows\SysWow64\igfcg600m.bin

2012-02-14 18:47:06 261208 ----a-w- C:\Windows\System32\igfcg600m.bin

2012-02-14 18:44:54 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll

2012-02-14 18:44:24 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll

2012-02-14 18:42:58 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll

2012-02-14 18:35:26 7794688 ----a-w- C:\Windows\SysWow64\igd10umd32.dll

2012-02-14 18:07:18 18125312 ----a-w- C:\Windows\System32\ig4icd64.dll

2012-02-14 17:59:56 13209600 ----a-w- C:\Windows\SysWow64\ig4icd32.dll

2012-02-14 17:56:42 110592 ----a-w- C:\Windows\System32\hccutils.dll

2012-02-14 17:56:34 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll

2012-02-14 17:56:34 430080 ----a-w- C:\Windows\System32\igfxdev.dll

2012-02-14 17:56:34 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll

2012-02-14 17:56:06 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc

2012-02-14 17:56:04 142336 ----a-w- C:\Windows\System32\igfxdo.dll

2012-02-14 17:56:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll

2012-02-14 17:55:06 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll

2012-02-14 17:54:36 321024 ----a-w- C:\Windows\SysWow64\igfxdv32.dll

2012-02-14 17:53:08 524800 ----a-w- C:\Windows\System32\iglhsip64.dll

2012-02-14 17:53:08 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll

2012-02-14 17:53:08 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll

2012-02-14 17:53:08 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll

2012-02-14 17:53:08 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll

2012-02-14 17:53:08 213504 ----a-w- C:\Windows\System32\iglhcp64.dll

2012-02-14 17:53:08 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll

2012-02-14 17:53:08 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll

2012-02-14 11:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-01-29 20:02:25 1025 ----a-w- C:\Windows\SysWow64\clauth2.dll

2012-01-29 20:02:25 1025 ----a-w- C:\Windows\SysWow64\clauth1.dll

2012-01-29 16:46:41 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-01-29 16:46:41 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-01-29 16:17:41 1024 ----a-w- C:\Windows\SysWow64\f7ewx7r.dll

2012-01-19 08:23:58 339320 ----a-w- C:\Windows\SysWow64\HMIPCore.dll

.

============= FINISH: 17:37:48.12 ===============

.

Share this post


Link to post
Share on other sites

Hello AlI821! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

You have missed Attach.txt .

Share this post


Link to post
Share on other sites

Sorry about that. Here is the attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 29/01/2012 14:11:20

System Uptime: 12/04/2012 17:13:46 (2 hours ago)

.

Motherboard: Acer | | Aspire Z1801

Processor: Intel® Pentium® CPU G620 @ 2.60GHz | CPU 1 | 2600/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 455 GiB total, 394.679 GiB free.

D: is FIXED (NTFS) - 455 GiB total, 454.298 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP50: 07/04/2012 11:47:06 - avast! Internet Security Setup

RP51: 07/04/2012 11:53:50 - avast! Internet Security Setup

RP53: 07/04/2012 19:10:30 - Windows Defender Checkpoint

RP54: 09/04/2012 11:25:33 - Device Driver Package Install: COMODO Network Service

RP55: 09/04/2012 13:02:19 - Restore Operation

RP56: 09/04/2012 13:18:01 - Device Driver Package Install: COMODO Network Service

RP57: 10/04/2012 13:45:18 - Comodo working fine. Clean PC.

RP58: 11/04/2012 12:18:05 - Windows Update

.

==== Installed Programs ======================

.

??? ActiveX ?? Windows Live Mesh ???? ??????? ???????

???? ??? Windows Live

???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????

???? Windows Live

????? Windows Live

?????? ??????? ?? Windows Live

??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????

??????? Windows Live Mesh ActiveX ???

???????? ?????????? Windows Live

????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)

?????????? Windows Live

??????????? ?? Windows Live

Acer eRecovery Management

Acer Games

Acer PowerSaver

Acer Registration

Acer ScreenSaver

Acer Updater

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh

ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????

Adobe Reader X (10.1.3) MUI

Agatha Christie - Death on the Nile

µTorrent

Bejeweled 2 Deluxe

Build Your Own Net Dream (remove only)

Chuzzle Deluxe

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

clear.fi

clear.fi Client

Contrôle ActiveX Windows Live Mesh pour connexions à distance

Control ActiveX de Windows Live Mesh para conexiones remotas

Control ActiveX del Windows Live Mesh per a connexions remotes

Control ActiveX Windows Live Mesh pentru conexiuni la distan?a

Controle ActiveX do Windows Live Mesh para Conexões Remotas

Controlo ActiveX do Windows Live Mesh para Ligações Remotas

Crazy Chicken Kart 2

CtrlPanel

CyberLink YouCam

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

eBay Worldwide

Emsisoft Anti-Malware

FATE

Final Drive: Nitro

Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych

Fotogalerija Windows Live

Free YouTube Download version 3.1.22.319

Freedom Scientific Ocr

Freedom Scientific OmniPage

Freedom Scientific Synthesizer Eloquence

Galeria de Fotografias do Windows Live

Galeria fotografii uslugi Windows Live

Galeria fotogràfica del Windows Live

Galerie de photos Windows Live

Galerie foto Windows Live

Galería fotográfica de Windows Live

Google Chrome

Hotkey Utility

IdeaCom Touch Screen 3.3.0000.26

Identity Card

Insaniquarium Deluxe

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Java Auto Updater

Java 6 Update 31

Jewel Match 3

Jewel Quest Solitaire

John Deere Drive Green

Junk Mail filter update

K-Lite Codec Pack 8.2.0 (Basic)

Kobo

Kontrola Windows Live Mesh ActiveX za daljinske veze

Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave

Malwarebytes Anti-Malware version 1.61.0.1400

Mesh Runtime

MicroNEXT MicroNEXT USB Wireless

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery of Mortlake Mansion

MyWinLocker 4

MyWinLocker Suite

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Express 10

Nero Express 10 Help (CHM)

Nero Multimedia Suite 10 Essentials

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení

Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia

Penguins!

Plants vs. Zombies - Game of the Year

Poczta uslugi Windows Live

Podstawowe programy Windows Live

Polar Bowler

Pošta Windows Live

Raccolta foto di Windows Live

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1

S?????? f?t???af??? t?? Windows Live

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Sentinel System Driver Installer 7.5.0

Shredder

Slingo Deluxe

SopCast 3.4.8

St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??

Torchlight

TouchSettings

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update Installer for WildTangent Games App

Urruneko konexioetarako Windows Live Mesh ActiveX kontrola

Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi

Veetle TV

Virtual Villagers 4 - The Tree of Life

Visual Studio 2008 x64 Redistributables

Wedding Dash

Welcome Center

WildTangent Games App (Acer Games)

Windows Live

Windows Live ???

Windows Live ????

Windows Live Argazki Galeria

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotótár

Windows Live Fotogalerie

Windows Live Fotogalleri

Windows Live Fotogaléria

Windows Live Fotograf Galerisi

Windows Live Galeria de Fotos

Windows Live Galerija fotografija

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger

Windows Live Mesh ActiveX-objekt til fjernforbindelser

Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz

Windows Live Mesh ActiveX control for remote connections

Windows Live Meshin etäyhteyksien ActiveX-komponentti

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Temel Parçalar

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Liven asennustyökalu

Windows Liven sähköposti

Windows Liven valokuvavalikoima

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

12/04/2012 17:14:04, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nmfmfx zvijcv

11/04/2012 13:29:05, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

11/04/2012 13:29:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

11/04/2012 13:29:04, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/04/2012 13:29:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/04/2012 13:28:35, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

11/04/2012 13:28:35, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

11/04/2012 13:27:57, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: zvijcv

09/04/2012 13:27:57, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

09/04/2012 13:27:57, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09/04/2012 13:18:39, Error: bowser [8003] - The master browser has received a server announcement from the computer L-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B887273F-390E-48B5-AC65-A19E4D9A682A}. The master browser is stopping or an election is being forced.

09/04/2012 13:17:56, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

09/04/2012 11:16:35, Error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).

09/04/2012 11:16:23, Error: Service Control Manager [7034] - The BitDefender Desktop Update Service service terminated unexpectedly. It has done this 1 time(s).

08/04/2012 17:11:56, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Fax service to connect.

08/04/2012 17:11:56, Error: Service Control Manager [7000] - The Fax service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

08/04/2012 16:28:09, Error: Service Control Manager [7030] - The ServiceLayer service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

08/04/2012 15:55:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

08/04/2012 15:55:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

08/04/2012 15:54:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

08/04/2012 15:54:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.

08/04/2012 15:53:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

08/04/2012 15:53:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

08/04/2012 15:52:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.

08/04/2012 15:42:32, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

07/04/2012 11:49:34, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

07/04/2012 11:49:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

07/04/2012 11:49:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

07/04/2012 11:49:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

07/04/2012 11:49:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

07/04/2012 11:49:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

07/04/2012 11:49:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

07/04/2012 11:49:15, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

07/04/2012 11:49:12, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

07/04/2012 11:49:12, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

07/04/2012 11:49:12, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

07/04/2012 11:49:12, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

07/04/2012 11:49:12, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

07/04/2012 11:49:12, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

07/04/2012 11:49:12, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

07/04/2012 11:49:12, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

07/04/2012 11:49:12, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

07/04/2012 11:49:12, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

06/04/2012 15:45:44, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL

06/04/2012 14:28:50, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx SASDIFSV SASKUTIL

06/04/2012 11:22:16, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf

05/04/2012 16:59:00, Error: Service Control Manager [7034] - The bnserv4 service terminated unexpectedly. It has done this 1 time(s).

05/04/2012 16:21:04, Error: Service Control Manager [7030] - The bnserv4 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Step 1

Please uninstall µTorrent, because of our rules:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

Sorry about that. Utorrent has been uninstalled.

Here is the Combofix log. it has quarantined some files:

ComboFix 12-04-12.03 - Shazia Begum 12/04/2012 21:34:40.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4008.2235 [GMT 1:00]

Running from: c:\users\Shazia Begum\Desktop\ComboFix.exe

AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}

FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\programutil.dat

c:\windows\SSCE5432.DLL

c:\windows\SysWow64\c4t9jah.dll

c:\windows\SysWow64\ssprs.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))

.

.

2012-04-12 20:38 . 2012-04-12 20:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-11 16:00 . 2012-04-11 16:00 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\SUPERAntiSpyware.com

2012-04-11 16:00 . 2012-04-11 16:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-04-11 11:22 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-04-11 11:22 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-04-11 11:22 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll

2012-04-11 11:22 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 11:22 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-11 11:22 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-11 11:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-11 11:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-11 11:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-11 11:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-11 11:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-11 11:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-11 11:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-09 12:17 . 2012-04-09 12:17 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2012-04-09 11:08 . 2012-04-09 11:08 -------- d-----w- c:\users\Shazia Begum\AppData\Local\VS Revo Group

2012-04-09 10:33 . 2012-04-09 15:12 -------- d-----w- c:\users\Shazia Begum\AppData\Local\Comodo

2012-04-09 10:32 . 2012-04-09 12:28 -------- d-----w- c:\programdata\CPA_VA

2012-04-09 10:31 . 2012-04-09 10:31 -------- d-----w- C:\VritualRoot

2012-04-09 10:24 . 2012-04-09 12:18 -------- d-----w- c:\programdata\Comodo

2012-04-09 10:24 . 2012-04-09 12:26 -------- d-----w- c:\program files (x86)\Comodo

2012-04-09 10:24 . 2012-04-09 12:28 -------- d-----w- c:\program files\COMODO

2012-04-08 15:29 . 2012-04-08 15:29 -------- d-----w- c:\users\Shazia Begum\AppData\Local\Nokia

2012-04-08 15:29 . 2012-04-08 15:29 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\Nokia

2012-04-08 15:29 . 2012-04-08 15:29 -------- d-----w- c:\programdata\PC Suite

2012-04-08 15:29 . 2012-04-08 16:08 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\PC Suite

2012-04-08 15:28 . 2012-04-08 15:28 -------- d-----w- c:\programdata\Nokia

2012-04-08 15:28 . 2012-04-09 12:08 -------- d-----w- c:\program files (x86)\PC Connectivity Solution

2012-04-08 15:27 . 2012-04-09 12:08 -------- d-----w- c:\program files (x86)\Nokia

2012-04-08 15:16 . 2012-04-08 15:16 -------- d-----w- c:\programdata\HP

2012-04-08 10:52 . 2012-04-08 10:52 238764 ----a-w- c:\programdata\1333882074.bdinstall.bin

2012-04-08 10:48 . 2012-04-08 10:48 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\QuickScan

2012-04-07 10:54 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-04-06 10:20 . 2012-03-20 02:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E993DC25-C93B-4BB9-8366-626753F1FEA6}\mpengine.dll

2012-04-05 17:34 . 2012-04-05 17:34 -------- d-----w- c:\users\Shazia Begum\AppData\Local\Mozilla

2012-04-05 11:37 . 2012-04-05 11:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-03 18:27 . 2012-04-09 12:08 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft

2012-04-03 18:27 . 2012-04-03 18:28 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\DVDVideoSoft

2012-04-03 18:27 . 2012-04-03 18:27 -------- d-----w- c:\program files (x86)\DVDVideoSoft

2012-04-03 18:22 . 2012-04-03 18:22 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\Nero

2012-04-03 11:32 . 2012-04-06 10:22 -------- d-----w- C:\avast! sandbox

2012-04-02 15:31 . 2012-04-02 15:32 169 ----a-w- C:\Delete.bat

2012-04-02 15:29 . 2012-04-02 15:29 -------- d-----w- c:\windows\Sun

2012-03-31 17:43 . 2012-03-31 17:43 -------- d--h--w- c:\programdata\Common Files

2012-03-31 17:42 . 2012-03-31 17:42 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\AVG2012

2012-03-18 15:16 . 2012-03-18 15:16 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-03-18 15:16 . 2012-03-18 15:16 -------- d-----w- c:\program files (x86)\Java

2012-03-14 12:36 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 12:36 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 12:36 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 12:29 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 12:29 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 12:29 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 12:29 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 12:29 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 12:29 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 12:29 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-05 11:37 . 2011-07-09 08:17 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-04 14:56 . 2012-01-29 16:48 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-18 15:16 . 2012-02-01 19:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-11 20:13 . 2012-03-11 20:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2012-03-11 20:13 . 2012-03-11 20:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2012-03-11 20:13 . 2012-03-11 20:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys

2012-03-11 20:13 . 2012-03-11 20:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll

2012-03-11 20:13 . 2012-03-11 20:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll

2012-03-11 20:13 . 2012-03-11 20:13 389840 ----a-w- c:\windows\system32\guard64.dll

2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-19 18:57 . 2012-02-19 18:57 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-02-14 18:55 . 2012-02-14 18:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe

2012-02-14 18:55 . 2012-02-14 18:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe

2012-02-14 18:55 . 2012-02-14 18:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe

2012-02-14 18:55 . 2012-02-14 18:55 440600 ----a-w- c:\windows\system32\igfxpers.exe

2012-02-14 18:55 . 2012-02-14 18:55 398616 ----a-w- c:\windows\system32\hkcmd.exe

2012-02-14 18:55 . 2012-02-14 18:55 250136 ----a-w- c:\windows\system32\igfxext.exe

2012-02-14 18:55 . 2012-02-14 18:55 184600 ----a-w- c:\windows\system32\difx64.exe

2012-02-14 18:55 . 2012-02-14 18:55 170264 ----a-w- c:\windows\system32\igfxtray.exe

2012-02-14 18:53 . 2012-02-14 18:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2653.dll

2012-02-14 18:47 . 2012-02-14 18:47 8086528 ----a-w- c:\windows\system32\igdumd64.dll

2012-02-14 18:47 . 2012-02-14 18:47 14692224 ----a-w- c:\windows\system32\drivers\igdkmd64.sys

2012-02-14 18:47 . 2012-02-14 18:47 963912 ----a-w- c:\windows\system32\igkrng600.bin

2012-02-14 18:47 . 2012-02-14 18:47 79360 ----a-w- c:\windows\system32\igdde64.dll

2012-02-14 18:47 . 2012-02-14 18:47 261208 ----a-w- c:\windows\system32\igfcg600m.bin

2012-02-14 18:44 . 2011-07-09 07:44 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll

2012-02-14 18:44 . 2012-02-14 18:44 58880 ----a-w- c:\windows\SysWow64\igdde32.dll

2012-02-14 18:42 . 2011-07-09 07:44 9605632 ----a-w- c:\windows\system32\igd10umd64.dll

2012-02-14 18:35 . 2012-02-14 18:35 7794688 ----a-w- c:\windows\SysWow64\igd10umd32.dll

2012-02-14 18:07 . 2012-02-14 18:07 18125312 ----a-w- c:\windows\system32\ig4icd64.dll

2012-02-14 17:59 . 2012-02-14 17:59 13209600 ----a-w- c:\windows\SysWow64\ig4icd32.dll

2012-02-14 17:57 . 2012-02-14 17:57 439808 ----a-w- c:\windows\system32\igfxresn.lrc

2012-02-14 17:57 . 2012-02-14 17:57 439296 ----a-w- c:\windows\system32\igfxrrom.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrsky.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrsve.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrslv.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437248 ----a-w- c:\windows\system32\igfxrtha.lrc

2012-02-14 17:57 . 2012-02-14 17:57 439296 ----a-w- c:\windows\system32\igfxrrus.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrptg.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrplk.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrita.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrptb.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrnor.lrc

2012-02-14 17:57 . 2012-02-14 17:57 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc

2012-02-14 17:57 . 2012-02-14 17:57 430592 ----a-w- c:\windows\system32\igfxrkor.lrc

2012-02-14 17:57 . 2012-02-14 17:57 440320 ----a-w- c:\windows\system32\igfxrell.lrc

2012-02-14 17:57 . 2012-02-14 17:57 439808 ----a-w- c:\windows\system32\igfxrfra.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrhun.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrfin.lrc

2012-02-14 17:57 . 2012-02-14 17:57 435712 ----a-w- c:\windows\system32\igfxrheb.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrnld.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437248 ----a-w- c:\windows\system32\igfxrdan.lrc

2012-02-14 17:57 . 2012-02-14 17:57 429056 ----a-w- c:\windows\system32\igfxrcht.lrc

2012-02-14 17:57 . 2012-02-14 17:57 428544 ----a-w- c:\windows\system32\igfxrchs.lrc

2012-02-14 17:57 . 2012-02-14 17:57 435712 ----a-w- c:\windows\system32\igfxrara.lrc

2012-02-14 17:57 . 2012-02-14 17:57 126976 ----a-w- c:\windows\system32\igfxcpl.cpl

2012-02-14 17:57 . 2012-02-14 17:57 386048 ----a-w- c:\windows\system32\igfxpph.dll

2012-02-14 17:57 . 2012-02-14 17:57 410624 ----a-w- c:\windows\system32\igfxTMM.dll

2012-02-14 17:57 . 2012-02-14 17:57 28672 ----a-w- c:\windows\system32\igfxexps.dll

2012-02-14 17:57 . 2011-07-09 07:44 63488 ----a-w- c:\windows\system32\igfxsrvc.dll

2012-02-14 17:56 . 2011-07-09 07:44 110592 ----a-w- c:\windows\system32\hccutils.dll

2012-02-14 17:56 . 2012-02-14 17:56 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll

2012-02-14 17:56 . 2012-02-14 17:56 430080 ----a-w- c:\windows\system32\igfxdev.dll

2012-02-14 17:56 . 2012-02-14 17:56 172032 ----a-w- c:\windows\system32\gfxSrvc.dll

2012-02-14 17:56 . 2012-02-14 17:56 286208 ----a-w- c:\windows\system32\igfxrenu.lrc

2012-02-14 17:56 . 2012-02-14 17:56 142336 ----a-w- c:\windows\system32\igfxdo.dll

2012-02-14 17:56 . 2011-07-09 07:44 9007616 ----a-w- c:\windows\system32\igfxress.dll

2012-02-14 17:55 . 2012-02-14 17:55 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll

2012-02-14 17:54 . 2012-02-14 17:54 321024 ----a-w- c:\windows\SysWow64\igfxdv32.dll

2012-02-14 17:53 . 2012-02-14 17:53 524800 ----a-w- c:\windows\system32\iglhsip64.dll

2012-02-14 17:53 . 2012-02-14 17:53 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll

2012-02-14 17:53 . 2012-02-14 17:53 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll

2012-02-14 17:53 . 2012-02-14 17:53 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll

2012-02-14 17:53 . 2012-02-14 17:53 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll

2012-02-14 17:53 . 2012-02-14 17:53 213504 ----a-w- c:\windows\system32\iglhcp64.dll

2012-02-14 17:53 . 2012-02-14 17:53 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll

2012-02-14 17:53 . 2012-02-14 17:53 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll

2012-02-14 11:09 . 2012-02-14 11:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-03 18:27 . 2012-02-03 18:27 93200 ----a-w- c:\windows\system32\drivers\inspect.sys

2012-01-29 16:46 . 2011-05-20 18:13 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-01-29 16:46 . 2011-05-20 18:13 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-01-19 08:23 . 2012-02-04 15:09 339320 ----a-w- c:\windows\SysWow64\HMIPCore.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-05-11 136488]

"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2011-09-23 165160]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]

"WCtrlPanel"="c:\windows\SysWOW64\CtrlPanel.exe" [2011-05-20 229376]

"IdeaCom Calibration"="c:\program files (x86)\IdeaCom\IDCMgr\StartUT.exe" [2010-03-18 270848]

"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-13 177448]

"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-06-10 627304]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]

.

c:\users\Shazia Begum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

MicroNEXT Wireless Utility.lnk - c:\program files (x86)\MicroNEXT\Common\RaUI.exe [2012-1-29 1828128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R0 nmfmfx;nmfmfx; [x]

R0 zvijcv;zvijcv; [x]

R1 SASDIFSV;SASDIFSV;c:\users\SHAZIA~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]

R1 SASKUTIL;SASKUTIL;c:\users\SHAZIA~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]

R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-02 63880]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]

R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 JTVNCProxy_13.0;JTVNCProxy_13.0;c:\program files\Freedom Scientific\JAWS\13.0\JTVNCProxy.exe [2011-12-08 19736]

R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-12-20 29184]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 PowerBrl;powerBraille System Driver;c:\windows\system32\Drivers\powerbrl.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]

S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-04-10 3064624]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 CtrlPanel;CtrlPanel;c:\windows\SysWOW64\CtrlPanel.exe [2011-05-20 229376]

S2 Freedom Scientific Kernel Manager;Freedom Scientific Kernel Manager;c:\windows\system32\fsKMgr.dll [x]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]

S2 IdcSrv;IDCSRV Service;c:\program files (x86)\IdeaCom\IDCMgr\IdcSrv.exe [2011-01-06 252928]

S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\MicroNEXT\Common\RalinkRegistryWriter64.exe [2008-09-05 210720]

S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 fsvidmir_service;fsvidmir_service;c:\windows\system32\DRIVERS\fsvidmir.sys [x]

S3 IdcFltr;HID Touch Screen Driver;c:\windows\system32\DRIVERS\idcfltr.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]

S3 PQAWRwa;PQAWRwa;c:\windows\SysWOW64\PQAWDrv.sys [2008-03-01 12384]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 11:37]

.

2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781961419-1968162369-1216944339-1000Core.job

- c:\users\Shazia Begum\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 14:37]

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781961419-1968162369-1216944339-1000UA.job

- c:\users\Shazia Begum\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 14:37]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TouchORB"="c:\program files (x86)\TouchSettings\TouchPortalOBR.exe" [2010-05-06 153416]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]

"Acer PowerSaver"="c:\program files\Acer\Acer PowerSaver\PowerSaverTray.exe" [2011-09-06 545680]

"JAWS"="c:\program files\Freedom Scientific\JAWS\13.0\jfw.exe" [2011-12-08 6834968]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Shazia Begum\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{B887273F-390E-48B5-AC65-A19E4D9A682A}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{D9DA8EA3-8033-4A15-9A19-E500C47C0069}: NameServer = 8.26.56.26,156.154.70.22

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\MicroNEXT\Common\RalinkRegistryWriter.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe

c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

.

**************************************************************************

.

Completion time: 2012-04-12 21:42:48 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-12 20:42

.

Pre-Run: 423,631,888,384 bytes free

Post-Run: 423,711,965,184 bytes free

.

- - End Of File - - 1BB7CCF3B817CEC13A5806C85187D623

Share this post


Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::
nmfmfx
zvijcv

File::
c:\windows\SysWow64\aswBoot.exe
C:\Delete.bat

Folder::
c:\users\Shazia Begum\AppData\Roaming\QuickScan
C:\avast! sandbox
c:\users\Shazia Begum\AppData\Roaming\AVG2012

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Share this post


Link to post
Share on other sites

Here is the Combofix log you requested. Many thanks.

ComboFix 12-04-12.03 - Shazia Begum 12/04/2012 22:11:28.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4008.2684 [GMT 1:00]

Running from: c:\users\Shazia Begum\Desktop\ComboFix.exe

Command switches used :: c:\users\Shazia Begum\Desktop\CFScript.txt

AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}

FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"C:\Delete.bat"

"c:\windows\SysWow64\aswBoot.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\avast! sandbox

c:\avast! sandbox\S-1-5-21-781961419-1968162369-1216944339-1000\sfzone\C\Windows\Rescache\rc0003\rescache.hit

C:\Delete.bat

c:\users\Shazia Begum\AppData\Roaming\AVG2012

c:\users\Shazia Begum\AppData\Roaming\AVG2012\cfgall\userawacs.cfg

c:\users\Shazia Begum\AppData\Roaming\AVG2012\cfgall\usergui.cfg

c:\users\Shazia Begum\AppData\Roaming\QuickScan

c:\windows\SysWow64\aswBoot.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NMFMFX

-------\Legacy_ZVIJCV

-------\Service_nmfmfx

-------\Service_zvijcv

.

.

((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))

.

.

2012-04-11 16:00 . 2012-04-11 16:00 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\SUPERAntiSpyware.com

2012-04-11 16:00 . 2012-04-11 16:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-04-11 11:22 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-04-11 11:22 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-04-11 11:22 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll

2012-04-11 11:22 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 11:22 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-11 11:22 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-11 11:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-11 11:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-11 11:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-11 11:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-11 11:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-11 11:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-11 11:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-09 12:17 . 2012-04-09 12:17 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2012-04-09 11:08 . 2012-04-09 11:08 -------- d-----w- c:\users\Shazia Begum\AppData\Local\VS Revo Group

2012-04-09 10:33 . 2012-04-09 15:12 -------- d-----w- c:\users\Shazia Begum\AppData\Local\Comodo

2012-04-09 10:32 . 2012-04-09 12:28 -------- d-----w- c:\programdata\CPA_VA

2012-04-09 10:31 . 2012-04-09 10:31 -------- d-----w- C:\VritualRoot

2012-04-09 10:24 . 2012-04-09 12:18 -------- d-----w- c:\programdata\Comodo

2012-04-09 10:24 . 2012-04-09 12:26 -------- d-----w- c:\program files (x86)\Comodo

2012-04-09 10:24 . 2012-04-09 12:28 -------- d-----w- c:\program files\COMODO

2012-04-08 15:29 . 2012-04-08 15:29 -------- d-----w- c:\users\Shazia Begum\AppData\Local\Nokia

2012-04-08 15:29 . 2012-04-08 15:29 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\Nokia

2012-04-08 15:29 . 2012-04-08 15:29 -------- d-----w- c:\programdata\PC Suite

2012-04-08 15:29 . 2012-04-08 16:08 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\PC Suite

2012-04-08 15:28 . 2012-04-08 15:28 -------- d-----w- c:\programdata\Nokia

2012-04-08 15:28 . 2012-04-09 12:08 -------- d-----w- c:\program files (x86)\PC Connectivity Solution

2012-04-08 15:27 . 2012-04-09 12:08 -------- d-----w- c:\program files (x86)\Nokia

2012-04-08 15:16 . 2012-04-08 15:16 -------- d-----w- c:\programdata\HP

2012-04-08 10:52 . 2012-04-08 10:52 238764 ----a-w- c:\programdata\1333882074.bdinstall.bin

2012-04-06 10:20 . 2012-03-20 02:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E993DC25-C93B-4BB9-8366-626753F1FEA6}\mpengine.dll

2012-04-05 17:34 . 2012-04-05 17:34 -------- d-----w- c:\users\Shazia Begum\AppData\Local\Mozilla

2012-04-05 11:37 . 2012-04-05 11:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-03 18:27 . 2012-04-09 12:08 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft

2012-04-03 18:27 . 2012-04-03 18:28 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\DVDVideoSoft

2012-04-03 18:27 . 2012-04-03 18:27 -------- d-----w- c:\program files (x86)\DVDVideoSoft

2012-04-03 18:22 . 2012-04-03 18:22 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\Nero

2012-04-02 15:29 . 2012-04-02 15:29 -------- d-----w- c:\windows\Sun

2012-03-31 17:43 . 2012-03-31 17:43 -------- d--h--w- c:\programdata\Common Files

2012-03-18 15:16 . 2012-03-18 15:16 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-03-18 15:16 . 2012-03-18 15:16 -------- d-----w- c:\program files (x86)\Java

2012-03-14 12:36 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 12:36 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 12:36 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 12:29 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 12:29 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 12:29 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 12:29 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 12:29 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 12:29 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 12:29 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-05 11:37 . 2011-07-09 08:17 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-04 14:56 . 2012-01-29 16:48 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-18 15:16 . 2012-02-01 19:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-11 20:13 . 2012-03-11 20:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2012-03-11 20:13 . 2012-03-11 20:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2012-03-11 20:13 . 2012-03-11 20:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys

2012-03-11 20:13 . 2012-03-11 20:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll

2012-03-11 20:13 . 2012-03-11 20:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll

2012-03-11 20:13 . 2012-03-11 20:13 389840 ----a-w- c:\windows\system32\guard64.dll

2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-19 18:57 . 2012-02-19 18:57 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-02-14 18:55 . 2012-02-14 18:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe

2012-02-14 18:55 . 2012-02-14 18:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe

2012-02-14 18:55 . 2012-02-14 18:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe

2012-02-14 18:55 . 2012-02-14 18:55 440600 ----a-w- c:\windows\system32\igfxpers.exe

2012-02-14 18:55 . 2012-02-14 18:55 398616 ----a-w- c:\windows\system32\hkcmd.exe

2012-02-14 18:55 . 2012-02-14 18:55 250136 ----a-w- c:\windows\system32\igfxext.exe

2012-02-14 18:55 . 2012-02-14 18:55 184600 ----a-w- c:\windows\system32\difx64.exe

2012-02-14 18:55 . 2012-02-14 18:55 170264 ----a-w- c:\windows\system32\igfxtray.exe

2012-02-14 18:53 . 2012-02-14 18:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2653.dll

2012-02-14 18:47 . 2012-02-14 18:47 8086528 ----a-w- c:\windows\system32\igdumd64.dll

2012-02-14 18:47 . 2012-02-14 18:47 14692224 ----a-w- c:\windows\system32\drivers\igdkmd64.sys

2012-02-14 18:47 . 2012-02-14 18:47 963912 ----a-w- c:\windows\system32\igkrng600.bin

2012-02-14 18:47 . 2012-02-14 18:47 79360 ----a-w- c:\windows\system32\igdde64.dll

2012-02-14 18:47 . 2012-02-14 18:47 261208 ----a-w- c:\windows\system32\igfcg600m.bin

2012-02-14 18:44 . 2011-07-09 07:44 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll

2012-02-14 18:44 . 2012-02-14 18:44 58880 ----a-w- c:\windows\SysWow64\igdde32.dll

2012-02-14 18:42 . 2011-07-09 07:44 9605632 ----a-w- c:\windows\system32\igd10umd64.dll

2012-02-14 18:35 . 2012-02-14 18:35 7794688 ----a-w- c:\windows\SysWow64\igd10umd32.dll

2012-02-14 18:07 . 2012-02-14 18:07 18125312 ----a-w- c:\windows\system32\ig4icd64.dll

2012-02-14 17:59 . 2012-02-14 17:59 13209600 ----a-w- c:\windows\SysWow64\ig4icd32.dll

2012-02-14 17:57 . 2012-02-14 17:57 439808 ----a-w- c:\windows\system32\igfxresn.lrc

2012-02-14 17:57 . 2012-02-14 17:57 439296 ----a-w- c:\windows\system32\igfxrrom.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrsky.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrsve.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrslv.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437248 ----a-w- c:\windows\system32\igfxrtha.lrc

2012-02-14 17:57 . 2012-02-14 17:57 439296 ----a-w- c:\windows\system32\igfxrrus.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrptg.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrplk.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrita.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrptb.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437760 ----a-w- c:\windows\system32\igfxrnor.lrc

2012-02-14 17:57 . 2012-02-14 17:57 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc

2012-02-14 17:57 . 2012-02-14 17:57 430592 ----a-w- c:\windows\system32\igfxrkor.lrc

2012-02-14 17:57 . 2012-02-14 17:57 440320 ----a-w- c:\windows\system32\igfxrell.lrc

2012-02-14 17:57 . 2012-02-14 17:57 439808 ----a-w- c:\windows\system32\igfxrfra.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrhun.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrfin.lrc

2012-02-14 17:57 . 2012-02-14 17:57 435712 ----a-w- c:\windows\system32\igfxrheb.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438784 ----a-w- c:\windows\system32\igfxrnld.lrc

2012-02-14 17:57 . 2012-02-14 17:57 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc

2012-02-14 17:57 . 2012-02-14 17:57 437248 ----a-w- c:\windows\system32\igfxrdan.lrc

2012-02-14 17:57 . 2012-02-14 17:57 429056 ----a-w- c:\windows\system32\igfxrcht.lrc

2012-02-14 17:57 . 2012-02-14 17:57 428544 ----a-w- c:\windows\system32\igfxrchs.lrc

2012-02-14 17:57 . 2012-02-14 17:57 435712 ----a-w- c:\windows\system32\igfxrara.lrc

2012-02-14 17:57 . 2012-02-14 17:57 126976 ----a-w- c:\windows\system32\igfxcpl.cpl

2012-02-14 17:57 . 2012-02-14 17:57 386048 ----a-w- c:\windows\system32\igfxpph.dll

2012-02-14 17:57 . 2012-02-14 17:57 410624 ----a-w- c:\windows\system32\igfxTMM.dll

2012-02-14 17:57 . 2012-02-14 17:57 28672 ----a-w- c:\windows\system32\igfxexps.dll

2012-02-14 17:57 . 2011-07-09 07:44 63488 ----a-w- c:\windows\system32\igfxsrvc.dll

2012-02-14 17:56 . 2011-07-09 07:44 110592 ----a-w- c:\windows\system32\hccutils.dll

2012-02-14 17:56 . 2012-02-14 17:56 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll

2012-02-14 17:56 . 2012-02-14 17:56 430080 ----a-w- c:\windows\system32\igfxdev.dll

2012-02-14 17:56 . 2012-02-14 17:56 172032 ----a-w- c:\windows\system32\gfxSrvc.dll

2012-02-14 17:56 . 2012-02-14 17:56 286208 ----a-w- c:\windows\system32\igfxrenu.lrc

2012-02-14 17:56 . 2012-02-14 17:56 142336 ----a-w- c:\windows\system32\igfxdo.dll

2012-02-14 17:56 . 2011-07-09 07:44 9007616 ----a-w- c:\windows\system32\igfxress.dll

2012-02-14 17:55 . 2012-02-14 17:55 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll

2012-02-14 17:54 . 2012-02-14 17:54 321024 ----a-w- c:\windows\SysWow64\igfxdv32.dll

2012-02-14 17:53 . 2012-02-14 17:53 524800 ----a-w- c:\windows\system32\iglhsip64.dll

2012-02-14 17:53 . 2012-02-14 17:53 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll

2012-02-14 17:53 . 2012-02-14 17:53 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll

2012-02-14 17:53 . 2012-02-14 17:53 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll

2012-02-14 17:53 . 2012-02-14 17:53 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll

2012-02-14 17:53 . 2012-02-14 17:53 213504 ----a-w- c:\windows\system32\iglhcp64.dll

2012-02-14 17:53 . 2012-02-14 17:53 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll

2012-02-14 17:53 . 2012-02-14 17:53 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll

2012-02-14 11:09 . 2012-02-14 11:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-03 18:27 . 2012-02-03 18:27 93200 ----a-w- c:\windows\system32\drivers\inspect.sys

2012-01-29 16:46 . 2011-05-20 18:13 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-01-29 16:46 . 2011-05-20 18:13 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-01-19 08:23 . 2012-02-04 15:09 339320 ----a-w- c:\windows\SysWow64\HMIPCore.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-12_20.39.59 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-21 03:09 . 2012-04-12 20:52 56938 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-04-12 20:52 44956 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-01-29 14:12 . 2012-04-12 20:52 14508 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-781961419-1968162369-1216944339-1000_UserData.bin

- 2011-09-29 06:54 . 2012-04-12 16:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-09-29 06:54 . 2012-04-12 20:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-09-29 06:54 . 2012-04-12 16:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-09-29 06:54 . 2012-04-12 20:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-04-12 16:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-12 20:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-04-12 20:39 . 2012-04-12 20:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-12 21:16 . 2012-04-12 21:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-04-12 20:39 . 2012-04-12 20:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-04-12 21:16 . 2012-04-12 21:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 02:36 . 2012-04-12 16:20 630928 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-04-12 20:54 630928 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-04-12 20:54 111052 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-04-12 16:20 111052 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-04-12 20:38 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-04-12 21:16 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-01-29 19:59 . 2012-04-12 20:51 2000000 c:\windows\system32\HJSMEM\HJSMEM1.DAT

- 2012-01-29 19:59 . 2012-04-12 20:40 2000000 c:\windows\system32\HJSMEM\HJSMEM1.DAT

+ 2012-01-29 14:53 . 2012-04-12 21:16 10254820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-781961419-1968162369-1216944339-1000-12288.dat

- 2012-01-29 14:53 . 2012-04-12 20:38 10254820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-781961419-1968162369-1216944339-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-05-11 136488]

"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2011-09-23 165160]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]

"WCtrlPanel"="c:\windows\SysWOW64\CtrlPanel.exe" [2011-05-20 229376]

"IdeaCom Calibration"="c:\program files (x86)\IdeaCom\IDCMgr\StartUT.exe" [2010-03-18 270848]

"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-13 177448]

"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-06-10 627304]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]

.

c:\users\Shazia Begum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

MicroNEXT Wireless Utility.lnk - c:\program files (x86)\MicroNEXT\Common\RaUI.exe [2012-1-29 1828128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 SASDIFSV;SASDIFSV;c:\users\SHAZIA~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]

R1 SASKUTIL;SASKUTIL;c:\users\SHAZIA~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-02 63880]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]

R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 JTVNCProxy_13.0;JTVNCProxy_13.0;c:\program files\Freedom Scientific\JAWS\13.0\JTVNCProxy.exe [2011-12-08 19736]

R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-12-20 29184]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 PowerBrl;powerBraille System Driver;c:\windows\system32\Drivers\powerbrl.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]

S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-04-10 3064624]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 CtrlPanel;CtrlPanel;c:\windows\SysWOW64\CtrlPanel.exe [2011-05-20 229376]

S2 Freedom Scientific Kernel Manager;Freedom Scientific Kernel Manager;c:\windows\system32\fsKMgr.dll [x]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]

S2 IdcSrv;IDCSRV Service;c:\program files (x86)\IdeaCom\IDCMgr\IdcSrv.exe [2011-01-06 252928]

S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\MicroNEXT\Common\RalinkRegistryWriter64.exe [2008-09-05 210720]

S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 fsvidmir_service;fsvidmir_service;c:\windows\system32\DRIVERS\fsvidmir.sys [x]

S3 IdcFltr;HID Touch Screen Driver;c:\windows\system32\DRIVERS\idcfltr.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]

S3 PQAWRwa;PQAWRwa;c:\windows\SysWOW64\PQAWDrv.sys [2008-03-01 12384]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 11:37]

.

2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781961419-1968162369-1216944339-1000Core.job

- c:\users\Shazia Begum\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 14:37]

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781961419-1968162369-1216944339-1000UA.job

- c:\users\Shazia Begum\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 14:37]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TouchORB"="c:\program files (x86)\TouchSettings\TouchPortalOBR.exe" [2010-05-06 153416]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]

"Acer PowerSaver"="c:\program files\Acer\Acer PowerSaver\PowerSaverTray.exe" [2011-09-06 545680]

"JAWS"="c:\program files\Freedom Scientific\JAWS\13.0\jfw.exe" [2011-12-08 6834968]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]

"combofix"="c:\combofix\CF19837.3XE" [2010-11-21 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Shazia Begum\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{B887273F-390E-48B5-AC65-A19E4D9A682A}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{D9DA8EA3-8033-4A15-9A19-E500C47C0069}: NameServer = 8.26.56.26,156.154.70.22

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\MicroNEXT\Common\RalinkRegistryWriter.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

.

**************************************************************************

.

Completion time: 2012-04-12 22:19:50 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-12 21:19

ComboFix2.txt 2012-04-12 20:42

.

Pre-Run: 423,793,246,208 bytes free

Post-Run: 423,531,528,192 bytes free

.

- - End Of File - - 909571141D20C942261B0CFB081FBBAB

Share this post


Link to post
Share on other sites

Just did another scan with malwarebytes. The computer is still getting some adds but has gone faster before the malware process. Though, it is not as fast as before I got the malware.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.12.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Shazia Begum :: SHAZIABEGUM-PC [administrator]

Protection: Disabled

12/04/2012 22:21:40

mbam-log-2012-04-12 (22-21-40).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 203543

Time elapsed: 1 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Please compress C:\Qoobox folder:

http://windows.microsoft.com/en-US/windows7/Compress-and-uncompress-files-zip-files

Upload it for example in www.4shared.com and send me via PM the download link.

Next:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

I've sent you the folder you requested via PM. Tomorrow I will run the ESET scan and give you the log. Thanks for the help.

Share this post


Link to post
Share on other sites

Here is the ESET log. It found nothing. I'm still getting random adds and programs are still taking ages to load.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=9b6a79c961480144a70784f8bea0ed10

# end=stopped

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-12 09:54:25

# local_time=2012-04-12 10:54:25 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=3073 16777213 80 71 19371 9953051 0 0

# compatibility_mode=5893 16776574 100 94 293436 86732087 0 0

# compatibility_mode=8192 67108863 100 0 125 125 0 0

# scanned=33765

# found=0

# cleaned=0

# scan_time=628

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=9b6a79c961480144a70784f8bea0ed10

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-13 11:34:44

# local_time=2012-04-13 12:34:44 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=3073 16777213 80 71 66326 10000006 0 0

# compatibility_mode=5893 16776574 100 94 340391 86779042 0 0

# compatibility_mode=8192 67108863 100 0 47080 47080 0 0

# scanned=123584

# found=0

# cleaned=0

# scan_time=2892

Share this post


Link to post
Share on other sites

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Share this post


Link to post
Share on other sites

14:50:57.0252 2132 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

14:50:57.0601 2132 ============================================================

14:50:57.0601 2132 Current date / time: 2012/04/13 14:50:57.0601

14:50:57.0601 2132 SystemInfo:

14:50:57.0601 2132

14:50:57.0602 2132 OS Version: 6.1.7601 ServicePack: 1.0

14:50:57.0602 2132 Product type: Workstation

14:50:57.0602 2132 ComputerName: SHAZIABEGUM-PC

14:50:57.0602 2132 UserName: Shazia Begum

14:50:57.0602 2132 Windows directory: C:\Windows

14:50:57.0602 2132 System windows directory: C:\Windows

14:50:57.0602 2132 Running under WOW64

14:50:57.0602 2132 Processor architecture: Intel x64

14:50:57.0602 2132 Number of processors: 2

14:50:57.0602 2132 Page size: 0x1000

14:50:57.0602 2132 Boot type: Normal boot

14:50:57.0602 2132 ============================================================

14:51:01.0250 2132 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:51:01.0263 2132 \Device\Harddisk0\DR0:

14:51:01.0263 2132 MBR used

14:51:01.0263 2132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2AF8800, BlocksNum 0x32000

14:51:01.0263 2132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B2A800, BlocksNum 0x38DEC800

14:51:01.0263 2132 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3B917000, BlocksNum 0x38DEF5B0

14:51:01.0845 2132 Initialize success

14:51:01.0845 2132 ============================================================

14:51:20.0453 5160 ============================================================

14:51:20.0453 5160 Scan started

14:51:20.0453 5160 Mode: Manual; SigCheck;

14:51:20.0453 5160 ============================================================

14:51:23.0075 5160 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

14:51:23.0370 5160 1394ohci - ok

14:51:23.0510 5160 a2acc (922ab7cc2c12c38dc2c4074af893d5fb) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys

14:51:23.0607 5160 a2acc - ok

14:51:23.0969 5160 a2AntiMalware (38c6605939e0bfe3768d2759d9e3208c) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

14:51:24.0038 5160 a2AntiMalware - ok

14:51:24.0205 5160 A2DDA (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys

14:51:24.0273 5160 A2DDA - ok

14:51:24.0787 5160 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

14:51:24.0804 5160 ACPI - ok

14:51:24.0841 5160 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

14:51:25.0344 5160 AcpiPmi - ok

14:51:25.0825 5160 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

14:51:25.0836 5160 AdobeARMservice - ok

14:51:26.0196 5160 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

14:51:26.0210 5160 AdobeFlashPlayerUpdateSvc - ok

14:51:26.0519 5160 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

14:51:26.0539 5160 adp94xx - ok

14:51:26.0626 5160 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

14:51:26.0643 5160 adpahci - ok

14:51:26.0813 5160 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

14:51:26.0828 5160 adpu320 - ok

14:51:26.0890 5160 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

14:51:28.0418 5160 AeLookupSvc - ok

14:51:28.0692 5160 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

14:51:28.0822 5160 AFD - ok

14:51:28.0914 5160 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

14:51:28.0926 5160 agp440 - ok

14:51:29.0026 5160 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

14:51:29.0106 5160 ALG - ok

14:51:29.0166 5160 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

14:51:29.0179 5160 aliide - ok

14:51:29.0209 5160 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

14:51:29.0222 5160 amdide - ok

14:51:29.0471 5160 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

14:51:29.0649 5160 AmdK8 - ok

14:51:29.0753 5160 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

14:51:29.0824 5160 AmdPPM - ok

14:51:29.0896 5160 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

14:51:29.0909 5160 amdsata - ok

14:51:30.0040 5160 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

14:51:30.0055 5160 amdsbs - ok

14:51:30.0196 5160 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

14:51:30.0209 5160 amdxata - ok

14:51:30.0332 5160 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

14:51:30.0726 5160 AppID - ok

14:51:30.0867 5160 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

14:51:30.0915 5160 AppIDSvc - ok

14:51:31.0050 5160 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

14:51:31.0114 5160 Appinfo - ok

14:51:31.0290 5160 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

14:51:31.0309 5160 arc - ok

14:51:31.0353 5160 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

14:51:31.0368 5160 arcsas - ok

14:51:31.0439 5160 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

14:51:31.0518 5160 AsyncMac - ok

14:51:31.0552 5160 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

14:51:31.0566 5160 atapi - ok

14:51:31.0663 5160 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

14:51:31.0742 5160 AudioEndpointBuilder - ok

14:51:31.0758 5160 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

14:51:31.0805 5160 AudioSrv - ok

14:51:31.0914 5160 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

14:51:32.0061 5160 AxInstSV - ok

14:51:32.0134 5160 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

14:51:32.0189 5160 b06bdrv - ok

14:51:32.0342 5160 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

14:51:32.0390 5160 b57nd60a - ok

14:51:32.0526 5160 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

14:51:32.0597 5160 BDESVC - ok

14:51:32.0721 5160 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

14:51:32.0791 5160 Beep - ok

14:51:33.0036 5160 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

14:51:33.0093 5160 BFE - ok

14:51:33.0198 5160 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

14:51:33.0331 5160 BITS - ok

14:51:33.0422 5160 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

14:51:33.0469 5160 blbdrive - ok

14:51:33.0497 5160 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

14:51:33.0628 5160 bowser - ok

14:51:33.0655 5160 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

14:51:33.0691 5160 BrFiltLo - ok

14:51:33.0707 5160 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

14:51:33.0731 5160 BrFiltUp - ok

14:51:33.0869 5160 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

14:51:33.0934 5160 BridgeMP - ok

14:51:34.0004 5160 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

14:51:34.0070 5160 Browser - ok

14:51:34.0139 5160 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

14:51:34.0207 5160 Brserid - ok

14:51:34.0262 5160 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

14:51:34.0305 5160 BrSerWdm - ok

14:51:34.0338 5160 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:51:34.0381 5160 BrUsbMdm - ok

14:51:34.0408 5160 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

14:51:34.0553 5160 BrUsbSer - ok

14:51:34.0742 5160 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

14:51:34.0928 5160 BTHMODEM - ok

14:51:35.0047 5160 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

14:51:35.0101 5160 bthserv - ok

14:51:35.0236 5160 catchme - ok

14:51:35.0295 5160 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

14:51:35.0386 5160 cdfs - ok

14:51:35.0485 5160 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

14:51:35.0555 5160 cdrom - ok

14:51:35.0709 5160 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

14:51:35.0777 5160 CertPropSvc - ok

14:51:35.0796 5160 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

14:51:35.0823 5160 circlass - ok

14:51:35.0849 5160 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

14:51:35.0868 5160 CLFS - ok

14:51:36.0102 5160 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:51:36.0119 5160 clr_optimization_v2.0.50727_32 - ok

14:51:36.0171 5160 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

14:51:36.0183 5160 clr_optimization_v2.0.50727_64 - ok

14:51:36.0406 5160 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:51:36.0425 5160 clr_optimization_v4.0.30319_32 - ok

14:51:36.0526 5160 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:51:36.0546 5160 clr_optimization_v4.0.30319_64 - ok

14:51:36.0694 5160 clwvd (e13a438f9e51dd034730678e33b73290) C:\Windows\system32\DRIVERS\clwvd.sys

14:51:36.0707 5160 clwvd - ok

14:51:36.0785 5160 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

14:51:36.0886 5160 CmBatt - ok

14:51:37.0242 5160 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

14:51:37.0311 5160 cmdAgent - ok

14:51:37.0504 5160 cmderd (7eac5e62f0b93262984d450e0d497b61) C:\Windows\system32\DRIVERS\cmderd.sys

14:51:37.0526 5160 cmderd - ok

14:51:37.0574 5160 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys

14:51:37.0644 5160 cmdGuard - ok

14:51:37.0723 5160 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys

14:51:37.0737 5160 cmdHlp - ok

14:51:37.0795 5160 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

14:51:37.0812 5160 cmdide - ok

14:51:37.0877 5160 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

14:51:37.0956 5160 CNG - ok

14:51:38.0007 5160 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

14:51:38.0019 5160 Compbatt - ok

14:51:38.0062 5160 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

14:51:38.0121 5160 CompositeBus - ok

14:51:38.0138 5160 COMSysApp - ok

14:51:38.0383 5160 cphs (df3e8c2c443d3618260dff5705ce2df5) C:\Windows\SysWow64\IntelCpHeciSvc.exe

14:51:38.0488 5160 cphs - ok

14:51:38.0505 5160 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

14:51:38.0518 5160 crcdisk - ok

14:51:38.0585 5160 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

14:51:38.0642 5160 CryptSvc - ok

14:51:38.0887 5160 CtrlPanel (2d368a9d6e333999b5473369e9ab31a6) C:\Windows\SysWOW64\CtrlPanel.exe

14:51:38.0928 5160 CtrlPanel ( UnsignedFile.Multi.Generic ) - warning

14:51:38.0928 5160 CtrlPanel - detected UnsignedFile.Multi.Generic (1)

14:51:39.0012 5160 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

14:51:39.0139 5160 DcomLaunch - ok

14:51:39.0264 5160 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

14:51:39.0317 5160 defragsvc - ok

14:51:39.0359 5160 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

14:51:39.0422 5160 DfsC - ok

14:51:39.0543 5160 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

14:51:39.0591 5160 Dhcp - ok

14:51:39.0655 5160 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

14:51:39.0742 5160 discache - ok

14:51:40.0173 5160 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

14:51:40.0187 5160 Disk - ok

14:51:40.0313 5160 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

14:51:40.0526 5160 Dnscache - ok

14:51:40.0549 5160 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

14:51:40.0658 5160 dot3svc - ok

14:51:40.0707 5160 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

14:51:40.0789 5160 DPS - ok

14:51:41.0627 5160 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

14:51:41.0690 5160 drmkaud - ok

14:51:42.0031 5160 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

14:51:42.0106 5160 DXGKrnl - ok

14:51:42.0205 5160 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

14:51:42.0328 5160 EapHost - ok

14:51:42.0660 5160 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

14:51:42.0790 5160 ebdrv - ok

14:51:42.0977 5160 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

14:51:43.0086 5160 EFS - ok

14:51:43.0313 5160 EgisTec Ticket Service (18dd872dd46acb24e106dc2c9c270466) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

14:51:43.0383 5160 EgisTec Ticket Service - ok

14:51:43.0546 5160 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

14:51:43.0676 5160 ehRecvr - ok

14:51:43.0682 5160 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

14:51:43.0705 5160 ehSched - ok

14:51:44.0020 5160 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

14:51:44.0045 5160 elxstor - ok

14:51:44.0059 5160 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

14:51:44.0085 5160 ErrDev - ok

14:51:44.0124 5160 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

14:51:44.0183 5160 EventSystem - ok

14:51:44.0199 5160 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

14:51:44.0235 5160 exfat - ok

14:51:44.0250 5160 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

14:51:44.0324 5160 fastfat - ok

14:51:44.0425 5160 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

14:51:44.0493 5160 Fax - ok

14:51:44.0527 5160 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

14:51:44.0588 5160 fdc - ok

14:51:44.0645 5160 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

14:51:44.0756 5160 fdPHost - ok

14:51:44.0810 5160 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

14:51:44.0845 5160 FDResPub - ok

14:51:44.0895 5160 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

14:51:44.0909 5160 FileInfo - ok

14:51:44.0928 5160 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

14:51:45.0031 5160 Filetrace - ok

14:51:45.0086 5160 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

14:51:45.0100 5160 flpydisk - ok

14:51:45.0213 5160 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

14:51:45.0230 5160 FltMgr - ok

14:51:45.0301 5160 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

14:51:45.0387 5160 FontCache - ok

14:51:45.0506 5160 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

14:51:45.0568 5160 FontCache3.0.0.0 - ok

14:51:45.0680 5160 Freedom Scientific Kernel Manager (575d36a0b7fa467367af92d10d04f4b5) C:\Windows\system32\fsKMgr.dll

14:51:45.0691 5160 Freedom Scientific Kernel Manager - ok

14:51:45.0741 5160 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

14:51:45.0753 5160 FsDepends - ok

14:51:45.0867 5160 fsvidmir_service (4c93b7ce0df37059517f3c75ae59daae) C:\Windows\system32\DRIVERS\fsvidmir.sys

14:51:45.0877 5160 fsvidmir_service - ok

14:51:45.0907 5160 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

14:51:45.0920 5160 Fs_Rec - ok

14:51:46.0026 5160 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

14:51:46.0045 5160 fvevol - ok

14:51:46.0121 5160 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

14:51:46.0134 5160 gagp30kx - ok

14:51:46.0297 5160 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

14:51:46.0308 5160 GamesAppService - ok

14:51:46.0515 5160 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

14:51:46.0557 5160 gpsvc - ok

14:51:46.0597 5160 GREGService (c9b2d1d3f86fd3673ef847def73b6f9e) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

14:51:46.0607 5160 GREGService - ok

14:51:46.0643 5160 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

14:51:46.0739 5160 hcw85cir - ok

14:51:46.0918 5160 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

14:51:46.0952 5160 HdAudAddService - ok

14:51:47.0019 5160 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

14:51:47.0074 5160 HDAudBus - ok

14:51:47.0110 5160 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

14:51:47.0158 5160 HidBatt - ok

14:51:47.0181 5160 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

14:51:47.0217 5160 HidBth - ok

14:51:47.0237 5160 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

14:51:47.0259 5160 HidIr - ok

14:51:47.0315 5160 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

14:51:47.0361 5160 hidserv - ok

14:51:47.0427 5160 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

14:51:47.0442 5160 HidUsb - ok

14:51:47.0503 5160 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

14:51:47.0613 5160 hkmsvc - ok

14:51:47.0674 5160 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

14:51:47.0754 5160 HomeGroupListener - ok

14:51:47.0791 5160 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

14:51:47.0839 5160 HomeGroupProvider - ok

14:51:47.0938 5160 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

14:51:47.0952 5160 HpSAMD - ok

14:51:48.0018 5160 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

14:51:48.0074 5160 HTTP - ok

14:51:48.0123 5160 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

14:51:48.0134 5160 hwpolicy - ok

14:51:48.0220 5160 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

14:51:48.0235 5160 i8042prt - ok

14:51:48.0393 5160 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

14:51:48.0413 5160 iaStorV - ok

14:51:48.0568 5160 IdcFltr (83c749c7d723cfc852b7430044affd4f) C:\Windows\system32\DRIVERS\idcfltr.sys

14:51:48.0639 5160 IdcFltr - ok

14:51:48.0857 5160 IdcSrv (c9811ea9d8e6e2b6cb76a435ad8ac4f8) C:\Program Files (x86)\IdeaCom\IDCMgr\IdcSrv.exe

14:51:48.0875 5160 IdcSrv ( UnsignedFile.Multi.Generic ) - warning

14:51:48.0875 5160 IdcSrv - detected UnsignedFile.Multi.Generic (1)

14:51:49.0045 5160 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

14:51:49.0083 5160 idsvc - ok

14:51:49.0908 5160 igfx (276ee9cdab16c50e1df0e4cefa882f5f) C:\Windows\system32\DRIVERS\igdkmd64.sys

14:51:50.0384 5160 igfx - ok

14:51:50.0558 5160 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

14:51:50.0574 5160 iirsp - ok

14:51:50.0633 5160 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

14:51:50.0702 5160 IKEEXT - ok

14:51:50.0802 5160 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys

14:51:50.0818 5160 inspect - ok

14:51:51.0003 5160 IntcAzAudAddService (0b21b66574e5478fa10cca2d36694c2d) C:\Windows\system32\drivers\RTKVHD64.sys

14:51:51.0117 5160 IntcAzAudAddService - ok

14:51:51.0174 5160 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

14:51:51.0187 5160 intelide - ok

14:51:51.0230 5160 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

14:51:51.0272 5160 intelppm - ok

14:51:51.0293 5160 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

14:51:51.0343 5160 IPBusEnum - ok

14:51:51.0376 5160 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:51:51.0418 5160 IpFilterDriver - ok

14:51:51.0506 5160 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

14:51:51.0565 5160 iphlpsvc - ok

14:51:51.0591 5160 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

14:51:51.0633 5160 IPMIDRV - ok

14:51:51.0658 5160 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

14:51:51.0696 5160 IPNAT - ok

14:51:51.0740 5160 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

14:51:51.0770 5160 IRENUM - ok

14:51:51.0806 5160 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

14:51:51.0824 5160 isapnp - ok

14:51:51.0873 5160 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

14:51:51.0892 5160 iScsiPrt - ok

14:51:52.0098 5160 JTVNCProxy_13.0 (2ce0c9a1dfec2e57151983815d6e5c25) C:\Program Files\Freedom Scientific\JAWS\13.0\JTVNCProxy.exe

14:51:52.0108 5160 JTVNCProxy_13.0 - ok

14:51:52.0126 5160 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

14:51:52.0139 5160 kbdclass - ok

14:51:52.0193 5160 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

14:51:52.0228 5160 kbdhid - ok

14:51:52.0288 5160 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:51:52.0331 5160 KeyIso - ok

14:51:52.0353 5160 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

14:51:52.0369 5160 KSecDD - ok

14:51:52.0400 5160 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

14:51:52.0418 5160 KSecPkg - ok

14:51:52.0435 5160 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

14:51:52.0496 5160 ksthunk - ok

14:51:52.0552 5160 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

14:51:52.0603 5160 KtmRm - ok

14:51:52.0687 5160 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

14:51:52.0737 5160 LanmanServer - ok

14:51:52.0822 5160 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

14:51:52.0879 5160 LanmanWorkstation - ok

14:51:52.0979 5160 libusb0 (acec35f181075b20a5ef4a71958b13df) C:\Windows\system32\drivers\libusb0.sys

14:51:53.0075 5160 libusb0 - ok

14:51:53.0243 5160 Live Updater Service (b705c7097f9a0ec941d02dce7c7d426c) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

14:51:53.0259 5160 Live Updater Service - ok

14:51:53.0542 5160 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

14:51:53.0613 5160 lltdio - ok

14:51:53.0663 5160 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

14:51:53.0710 5160 lltdsvc - ok

14:51:53.0735 5160 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

14:51:53.0771 5160 lmhosts - ok

14:51:54.0006 5160 LMS (e7859ba062db5e23c6dd34ad66b09f50) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

14:51:54.0021 5160 LMS - ok

14:51:54.0203 5160 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

14:51:54.0216 5160 LSI_FC - ok

14:51:54.0258 5160 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

14:51:54.0272 5160 LSI_SAS - ok

14:51:54.0310 5160 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

14:51:54.0322 5160 LSI_SAS2 - ok

14:51:54.0451 5160 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

14:51:54.0465 5160 LSI_SCSI - ok

14:51:54.0525 5160 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

14:51:54.0630 5160 luafv - ok

14:51:54.0700 5160 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

14:51:54.0742 5160 MBAMProtector - ok

14:51:54.0926 5160 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

14:51:54.0945 5160 MBAMService - ok

14:51:54.0985 5160 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

14:51:55.0001 5160 Mcx2Svc - ok

14:51:55.0046 5160 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

14:51:55.0060 5160 megasas - ok

14:51:55.0147 5160 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

14:51:55.0165 5160 MegaSR - ok

14:51:55.0295 5160 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

14:51:55.0306 5160 MEIx64 - ok

14:51:55.0509 5160 Microsoft SharePoint Workspace Audit Service - ok

14:51:55.0554 5160 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

14:51:55.0624 5160 MMCSS - ok

14:51:55.0665 5160 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

14:51:55.0719 5160 Modem - ok

14:51:55.0758 5160 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

14:51:55.0823 5160 monitor - ok

14:51:55.0869 5160 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

14:51:55.0883 5160 mouclass - ok

14:51:55.0956 5160 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

14:51:55.0984 5160 mouhid - ok

14:51:56.0016 5160 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

14:51:56.0029 5160 mountmgr - ok

14:51:56.0051 5160 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

14:51:56.0067 5160 mpio - ok

14:51:56.0091 5160 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

14:51:56.0128 5160 mpsdrv - ok

14:51:56.0239 5160 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

14:51:56.0308 5160 MpsSvc - ok

14:51:56.0325 5160 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

14:51:56.0369 5160 MRxDAV - ok

14:51:56.0414 5160 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:51:56.0515 5160 mrxsmb - ok

14:51:56.0587 5160 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:51:56.0619 5160 mrxsmb10 - ok

14:51:56.0636 5160 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:51:56.0654 5160 mrxsmb20 - ok

14:51:56.0699 5160 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

14:51:56.0713 5160 msahci - ok

14:51:56.0741 5160 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

14:51:56.0756 5160 msdsm - ok

14:51:56.0792 5160 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

14:51:56.0824 5160 MSDTC - ok

14:51:56.0869 5160 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

14:51:56.0907 5160 Msfs - ok

14:51:56.0921 5160 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

14:51:57.0005 5160 mshidkmdf - ok

14:51:57.0033 5160 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

14:51:57.0048 5160 msisadrv - ok

14:51:57.0105 5160 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

14:51:57.0175 5160 MSiSCSI - ok

14:51:57.0182 5160 msiserver - ok

14:51:57.0285 5160 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

14:51:57.0354 5160 MSKSSRV - ok

14:51:57.0404 5160 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

14:51:57.0454 5160 MSPCLOCK - ok

14:51:57.0499 5160 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

14:51:57.0572 5160 MSPQM - ok

14:51:57.0672 5160 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

14:51:57.0697 5160 MsRPC - ok

14:51:57.0734 5160 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

14:51:57.0746 5160 mssmbios - ok

14:51:57.0813 5160 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

14:51:57.0867 5160 MSTEE - ok

14:51:57.0908 5160 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

14:51:57.0937 5160 MTConfig - ok

14:51:57.0972 5160 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

14:51:57.0985 5160 Mup - ok

14:51:58.0043 5160 mwlPSDFilter (c009123b206c56854f4e88596035231d) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

14:51:58.0055 5160 mwlPSDFilter - ok

14:51:58.0110 5160 mwlPSDNServ (bf3739eeb9f008b1debac115089a53f8) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

14:51:58.0121 5160 mwlPSDNServ - ok

14:51:58.0145 5160 mwlPSDVDisk (38dd143d95e7a01b86f219dda9c28779) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

14:51:58.0158 5160 mwlPSDVDisk - ok

14:51:58.0231 5160 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

14:51:58.0292 5160 napagent - ok

14:51:58.0392 5160 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

14:51:58.0450 5160 NativeWifiP - ok

14:51:58.0650 5160 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe

14:51:58.0666 5160 NAUpdate - ok

14:51:58.0797 5160 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

14:51:58.0826 5160 NDIS - ok

14:51:58.0871 5160 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

14:51:58.0948 5160 NdisCap - ok

14:51:59.0001 5160 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

14:51:59.0037 5160 NdisTapi - ok

14:51:59.0096 5160 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

14:51:59.0142 5160 Ndisuio - ok

14:51:59.0157 5160 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

14:51:59.0213 5160 NdisWan - ok

14:51:59.0231 5160 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

14:51:59.0263 5160 NDProxy - ok

14:51:59.0311 5160 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

14:51:59.0367 5160 NetBIOS - ok

14:51:59.0421 5160 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

14:51:59.0499 5160 NetBT - ok

14:51:59.0577 5160 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:51:59.0590 5160 Netlogon - ok

14:51:59.0694 5160 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

14:51:59.0755 5160 Netman - ok

14:51:59.0820 5160 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

14:51:59.0913 5160 netprofm - ok

14:52:00.0139 5160 netr28ux (eed1fbde98cf5f6d5c0c5b27ab1f68ec) C:\Windows\system32\DRIVERS\netr28ux.sys

14:52:00.0266 5160 netr28ux - ok

14:52:01.0172 5160 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:52:01.0300 5160 NetTcpPortSharing - ok

14:52:01.0611 5160 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

14:52:01.0674 5160 nfrd960 - ok

14:52:01.0875 5160 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

14:52:01.0935 5160 NlaSvc - ok

14:52:02.0014 5160 nmwcdnsux64 (9573223e205907247ae6d948e3453770) C:\Windows\system32\drivers\nmwcdnsux64.sys

14:52:02.0090 5160 nmwcdnsux64 - ok

14:52:02.0109 5160 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

14:52:02.0145 5160 Npfs - ok

14:52:02.0228 5160 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

14:52:02.0299 5160 nsi - ok

14:52:02.0319 5160 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

14:52:02.0385 5160 nsiproxy - ok

14:52:02.0462 5160 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

14:52:02.0502 5160 Ntfs - ok

14:52:02.0517 5160 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

14:52:02.0550 5160 Null - ok

14:52:02.0632 5160 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

14:52:02.0646 5160 nvraid - ok

14:52:02.0716 5160 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

14:52:02.0732 5160 nvstor - ok

14:52:02.0842 5160 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

14:52:02.0856 5160 nv_agp - ok

14:52:02.0895 5160 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

14:52:02.0986 5160 ohci1394 - ok

14:52:03.0246 5160 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:52:03.0318 5160 ose - ok

14:52:03.0954 5160 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

14:52:04.0054 5160 osppsvc - ok

14:52:04.0332 5160 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

14:52:04.0391 5160 p2pimsvc - ok

14:52:04.0472 5160 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

14:52:04.0491 5160 p2psvc - ok

14:52:04.0562 5160 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

14:52:04.0578 5160 Parport - ok

14:52:04.0603 5160 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

14:52:04.0616 5160 partmgr - ok

14:52:04.0677 5160 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

14:52:04.0728 5160 PcaSvc - ok

14:52:04.0757 5160 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

14:52:04.0773 5160 pci - ok

14:52:04.0797 5160 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

14:52:04.0809 5160 pciide - ok

14:52:04.0861 5160 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

14:52:04.0876 5160 pcmcia - ok

14:52:04.0952 5160 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

14:52:04.0966 5160 pcw - ok

14:52:05.0011 5160 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

14:52:05.0114 5160 PEAUTH - ok

14:52:05.0259 5160 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

14:52:05.0383 5160 PerfHost - ok

14:52:05.0588 5160 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

14:52:05.0677 5160 pla - ok

14:52:05.0787 5160 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

14:52:05.0872 5160 PlugPlay - ok

14:52:05.0892 5160 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

14:52:05.0922 5160 PNRPAutoReg - ok

14:52:05.0977 5160 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

14:52:05.0992 5160 PNRPsvc - ok

14:52:06.0112 5160 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

14:52:06.0172 5160 PolicyAgent - ok

14:52:06.0227 5160 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

14:52:06.0283 5160 Power - ok

14:52:06.0474 5160 PowerBrl (c6b37e8e347bf175027ec0ba0daf06b9) C:\Windows\system32\Drivers\powerbrl.sys

14:52:06.0485 5160 PowerBrl - ok

14:52:06.0558 5160 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

14:52:06.0609 5160 PptpMiniport - ok

14:52:06.0876 5160 PQAWRwa (3191d910590f6210089498f536cfc25f) C:\Windows\SysWOW64\PQAWDrv.sys

14:52:06.0903 5160 PQAWRwa ( UnsignedFile.Multi.Generic ) - warning

14:52:06.0903 5160 PQAWRwa - detected UnsignedFile.Multi.Generic (1)

14:52:06.0914 5160 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

14:52:06.0945 5160 Processor - ok

14:52:07.0010 5160 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

14:52:07.0056 5160 ProfSvc - ok

14:52:07.0087 5160 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:52:07.0100 5160 ProtectedStorage - ok

14:52:07.0188 5160 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

14:52:07.0221 5160 Psched - ok

14:52:07.0289 5160 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

14:52:07.0345 5160 ql2300 - ok

14:52:07.0367 5160 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

14:52:07.0430 5160 ql40xx - ok

14:52:07.0478 5160 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

14:52:07.0501 5160 QWAVE - ok

14:52:07.0522 5160 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

14:52:07.0557 5160 QWAVEdrv - ok

14:52:07.0674 5160 RalinkRegistryWriter (81bebbffe45855b7faf204c517fbeef1) C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter.exe

14:52:07.0685 5160 RalinkRegistryWriter - ok

14:52:07.0703 5160 RalinkRegistryWriter64 (0878786c69b92e2a239b94f96f2aa963) C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter64.exe

14:52:07.0714 5160 RalinkRegistryWriter64 - ok

14:52:07.0740 5160 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

14:52:07.0808 5160 RasAcd - ok

14:52:07.0897 5160 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

14:52:07.0929 5160 RasAgileVpn - ok

14:52:07.0966 5160 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

14:52:08.0042 5160 RasAuto - ok

14:52:08.0090 5160 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:52:08.0145 5160 Rasl2tp - ok

14:52:08.0179 5160 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

14:52:08.0234 5160 RasMan - ok

14:52:08.0253 5160 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

14:52:08.0305 5160 RasPppoe - ok

14:52:08.0336 5160 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

14:52:08.0415 5160 RasSstp - ok

14:52:08.0442 5160 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

14:52:08.0500 5160 rdbss - ok

14:52:08.0515 5160 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

14:52:08.0540 5160 rdpbus - ok

14:52:08.0555 5160 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:52:08.0627 5160 RDPCDD - ok

14:52:08.0691 5160 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

14:52:08.0738 5160 RDPENCDD - ok

14:52:08.0772 5160 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

14:52:08.0817 5160 RDPREFMP - ok

14:52:08.0865 5160 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

14:52:08.0913 5160 RDPWD - ok

14:52:08.0977 5160 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

14:52:08.0991 5160 rdyboost - ok

14:52:09.0049 5160 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

14:52:09.0124 5160 RemoteAccess - ok

14:52:09.0161 5160 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

14:52:09.0226 5160 RemoteRegistry - ok

14:52:09.0258 5160 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

14:52:09.0347 5160 RpcEptMapper - ok

14:52:09.0402 5160 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

14:52:09.0431 5160 RpcLocator - ok

14:52:09.0444 5160 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

14:52:09.0484 5160 RpcSs - ok

14:52:09.0578 5160 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

14:52:09.0612 5160 rspndr - ok

14:52:09.0688 5160 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys

14:52:09.0706 5160 RTL8167 - ok

14:52:09.0766 5160 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:52:09.0778 5160 SamSs - ok

14:52:10.0155 5160 SASDIFSV - ok

14:52:10.0211 5160 SASKUTIL - ok

14:52:10.0323 5160 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

14:52:10.0359 5160 sbp2port - ok

14:52:10.0430 5160 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

14:52:10.0466 5160 SCardSvr - ok

14:52:10.0487 5160 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

14:52:10.0543 5160 scfilter - ok

14:52:10.0662 5160 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

14:52:10.0731 5160 Schedule - ok

14:52:10.0753 5160 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

14:52:10.0811 5160 SCPolicySvc - ok

14:52:10.0828 5160 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

14:52:10.0923 5160 SDRSVC - ok

14:52:10.0960 5160 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

14:52:11.0004 5160 secdrv - ok

14:52:11.0030 5160 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

14:52:11.0083 5160 seclogon - ok

14:52:11.0097 5160 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

14:52:11.0183 5160 SENS - ok

14:52:11.0206 5160 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

14:52:11.0293 5160 SensrSvc - ok

14:52:11.0359 5160 Sentinel64 (255476b54c82a89416efdf09fd62f107) C:\Windows\System32\Drivers\Sentinel64.sys

14:52:11.0373 5160 Sentinel64 - ok

14:52:11.0426 5160 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

14:52:11.0457 5160 Serenum - ok

14:52:11.0491 5160 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

14:52:11.0529 5160 Serial - ok

14:52:11.0603 5160 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

14:52:11.0617 5160 sermouse - ok

14:52:11.0651 5160 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

14:52:11.0718 5160 SessionEnv - ok

14:52:11.0750 5160 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

14:52:11.0783 5160 sffdisk - ok

14:52:11.0803 5160 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

14:52:11.0862 5160 sffp_mmc - ok

14:52:11.0930 5160 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

14:52:11.0995 5160 sffp_sd - ok

14:52:12.0104 5160 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

14:52:12.0155 5160 sfloppy - ok

14:52:12.0197 5160 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

14:52:12.0264 5160 SharedAccess - ok

14:52:12.0305 5160 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

14:52:12.0379 5160 ShellHWDetection - ok

14:52:12.0410 5160 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

14:52:12.0433 5160 SiSRaid2 - ok

14:52:12.0453 5160 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

14:52:12.0487 5160 SiSRaid4 - ok

14:52:12.0515 5160 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

14:52:12.0585 5160 Smb - ok

14:52:12.0626 5160 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

14:52:12.0699 5160 SNMPTRAP - ok

14:52:12.0729 5160 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

14:52:12.0769 5160 spldr - ok

14:52:12.0792 5160 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

14:52:12.0849 5160 Spooler - ok

14:52:12.0956 5160 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

14:52:13.0089 5160 sppsvc - ok

14:52:13.0110 5160 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

14:52:13.0207 5160 sppuinotify - ok

14:52:13.0254 5160 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

14:52:13.0328 5160 srv - ok

14:52:13.0361 5160 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

14:52:13.0444 5160 srv2 - ok

14:52:13.0463 5160 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

14:52:13.0480 5160 srvnet - ok

14:52:13.0511 5160 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

14:52:13.0580 5160 SSDPSRV - ok

14:52:13.0642 5160 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

14:52:13.0683 5160 SstpSvc - ok

14:52:13.0762 5160 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

14:52:13.0778 5160 stexstor - ok

14:52:14.0039 5160 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

14:52:14.0065 5160 stisvc - ok

14:52:14.0116 5160 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

14:52:14.0128 5160 swenum - ok

14:52:14.0148 5160 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

14:52:14.0288 5160 swprv - ok

14:52:14.0333 5160 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

14:52:14.0390 5160 SysMain - ok

14:52:14.0417 5160 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

14:52:14.0452 5160 TabletInputService - ok

14:52:14.0489 5160 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

14:52:14.0543 5160 TapiSrv - ok

14:52:14.0570 5160 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

14:52:14.0604 5160 TBS - ok

14:52:14.0732 5160 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

14:52:14.0793 5160 Tcpip - ok

14:52:14.0842 5160 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

14:52:14.0877 5160 TCPIP6 - ok

14:52:14.0986 5160 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

14:52:15.0032 5160 tcpipreg - ok

14:52:15.0095 5160 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

14:52:15.0108 5160 TDPIPE - ok

14:52:15.0168 5160 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

14:52:15.0207 5160 TDTCP - ok

14:52:15.0264 5160 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

14:52:15.0298 5160 tdx - ok

14:52:15.0324 5160 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

14:52:15.0339 5160 TermDD - ok

14:52:15.0389 5160 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

14:52:15.0445 5160 TermService - ok

14:52:15.0479 5160 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

14:52:15.0497 5160 Themes - ok

14:52:15.0531 5160 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

14:52:15.0567 5160 THREADORDER - ok

14:52:15.0612 5160 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

14:52:15.0668 5160 TrkWks - ok

14:52:15.0796 5160 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

14:52:15.0848 5160 TrustedInstaller - ok

14:52:15.0927 5160 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:52:15.0978 5160 tssecsrv - ok

14:52:16.0041 5160 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

14:52:16.0072 5160 TsUsbFlt - ok

14:52:16.0128 5160 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

14:52:16.0153 5160 TsUsbGD - ok

14:52:16.0312 5160 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

14:52:16.0428 5160 tunnel - ok

14:52:16.0453 5160 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

14:52:16.0466 5160 uagp35 - ok

14:52:16.0507 5160 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

14:52:16.0563 5160 udfs - ok

14:52:16.0628 5160 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

14:52:16.0648 5160 UI0Detect - ok

14:52:16.0690 5160 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

14:52:16.0708 5160 uliagpkx - ok

14:52:16.0768 5160 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

14:52:16.0806 5160 umbus - ok

14:52:16.0841 5160 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

14:52:16.0899 5160 UmPass - ok

14:52:17.0962 5160 UNS (e91f8afbd7fb96c94b266579d6bfa77a) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

14:52:18.0009 5160 UNS - ok

14:52:18.0446 5160 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

14:52:18.0512 5160 upnphost - ok

14:52:18.0888 5160 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

14:52:18.0939 5160 usbccgp - ok

14:52:19.0022 5160 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

14:52:19.0039 5160 usbcir - ok

14:52:19.0064 5160 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

14:52:19.0096 5160 usbehci - ok

14:52:19.0303 5160 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

14:52:19.0414 5160 usbhub - ok

14:52:19.0531 5160 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

14:52:19.0575 5160 usbohci - ok

14:52:19.0643 5160 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

14:52:19.0675 5160 usbprint - ok

14:52:19.0791 5160 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

14:52:19.0807 5160 usbscan - ok

14:52:19.0843 5160 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:52:19.0893 5160 USBSTOR - ok

14:52:19.0981 5160 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

14:52:20.0017 5160 usbuhci - ok

14:52:20.0131 5160 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

14:52:20.0148 5160 usbvideo - ok

14:52:20.0224 5160 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

14:52:20.0286 5160 UxSms - ok

14:52:20.0354 5160 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:52:20.0366 5160 VaultSvc - ok

14:52:20.0434 5160 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

14:52:20.0448 5160 vdrvroot - ok

14:52:20.0627 5160 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

14:52:20.0677 5160 vds - ok

14:52:20.0730 5160 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

14:52:20.0745 5160 vga - ok

14:52:20.0780 5160 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

14:52:20.0837 5160 VgaSave - ok

14:52:20.0924 5160 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

14:52:20.0940 5160 vhdmp - ok

14:52:20.0965 5160 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

14:52:20.0978 5160 viaide - ok

14:52:21.0005 5160 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

14:52:21.0018 5160 volmgr - ok

14:52:21.0084 5160 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

14:52:21.0101 5160 volmgrx - ok

14:52:21.0211 5160 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

14:52:21.0231 5160 volsnap - ok

14:52:21.0435 5160 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

14:52:21.0450 5160 vsmraid - ok

14:52:22.0151 5160 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

14:52:22.0325 5160 VSS - ok

14:52:22.0731 5160 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

14:52:22.0769 5160 vwifibus - ok

14:52:22.0797 5160 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

14:52:22.0836 5160 vwififlt - ok

14:52:22.0914 5160 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

14:52:22.0931 5160 vwifimp - ok

14:52:23.0020 5160 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

14:52:23.0108 5160 W32Time - ok

14:52:23.0128 5160 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

14:52:23.0203 5160 WacomPen - ok

14:52:23.0274 5160 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

14:52:23.0342 5160 WANARP - ok

14:52:23.0362 5160 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

14:52:23.0395 5160 Wanarpv6 - ok

14:52:23.0515 5160 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

14:52:23.0551 5160 WatAdminSvc - ok

14:52:23.0632 5160 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

14:52:23.0712 5160 wbengine - ok

14:52:23.0810 5160 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

14:52:23.0836 5160 WbioSrvc - ok

14:52:23.0854 5160 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

14:52:23.0913 5160 wcncsvc - ok

14:52:23.0929 5160 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

14:52:24.0004 5160 WcsPlugInService - ok

14:52:24.0080 5160 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

14:52:24.0094 5160 Wd - ok

14:52:24.0217 5160 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

14:52:24.0241 5160 Wdf01000 - ok

14:52:24.0265 5160 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

14:52:24.0342 5160 WdiServiceHost - ok

14:52:24.0347 5160 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

14:52:24.0369 5160 WdiSystemHost - ok

14:52:24.0390 5160 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

14:52:24.0503 5160 WebClient - ok

14:52:24.0552 5160 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

14:52:24.0592 5160 Wecsvc - ok

14:52:24.0609 5160 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

14:52:24.0644 5160 wercplsupport - ok

14:52:24.0687 5160 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

14:52:24.0729 5160 WerSvc - ok

14:52:24.0849 5160 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

14:52:24.0882 5160 WfpLwf - ok

14:52:24.0908 5160 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

14:52:24.0920 5160 WIMMount - ok

14:52:24.0999 5160 WinDefend - ok

14:52:25.0006 5160 WinHttpAutoProxySvc - ok

14:52:25.0105 5160 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

14:52:25.0155 5160 Winmgmt - ok

14:52:25.0316 5160 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

14:52:25.0380 5160 WinRM - ok

14:52:25.0534 5160 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

14:52:25.0551 5160 WinUsb - ok

14:52:25.0612 5160 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

14:52:25.0683 5160 Wlansvc - ok

14:52:25.0895 5160 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

14:52:25.0907 5160 wlcrasvc - ok

14:52:26.0243 5160 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

14:52:26.0295 5160 wlidsvc - ok

14:52:26.0484 5160 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

14:52:26.0564 5160 WmiAcpi - ok

14:52:26.0718 5160 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

14:52:26.0778 5160 wmiApSrv - ok

14:52:26.0915 5160 WMPNetworkSvc - ok

14:52:26.0977 5160 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

14:52:27.0014 5160 WPCSvc - ok

14:52:27.0038 5160 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

14:52:27.0085 5160 WPDBusEnum - ok

14:52:27.0198 5160 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

14:52:27.0251 5160 ws2ifsl - ok

14:52:27.0286 5160 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

14:52:27.0330 5160 wscsvc - ok

14:52:27.0338 5160 WSearch - ok

14:52:28.0040 5160 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

14:52:28.0164 5160 wuauserv - ok

14:52:28.0562 5160 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

14:52:28.0608 5160 WudfPf - ok

14:52:28.0620 5160 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:52:28.0677 5160 WUDFRd - ok

14:52:28.0724 5160 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

14:52:28.0757 5160 wudfsvc - ok

14:52:28.0812 5160 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

14:52:28.0857 5160 WwanSvc - ok

14:52:29.0048 5160 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

14:52:29.0142 5160 \Device\Harddisk0\DR0 - ok

14:52:29.0145 5160 Boot (0x1200) (6c29d0304f608a862d981236945ca2a6) \Device\Harddisk0\DR0\Partition0

14:52:29.0146 5160 \Device\Harddisk0\DR0\Partition0 - ok

14:52:29.0174 5160 Boot (0x1200) (b8de73dd3ab05971da83d44cc7a6392c) \Device\Harddisk0\DR0\Partition1

14:52:29.0176 5160 \Device\Harddisk0\DR0\Partition1 - ok

14:52:29.0215 5160 Boot (0x1200) (7cae826f03fe553e82ac8fa17b109f35) \Device\Harddisk0\DR0\Partition2

14:52:29.0217 5160 \Device\Harddisk0\DR0\Partition2 - ok

14:52:29.0219 5160 ============================================================

14:52:29.0219 5160 Scan finished

14:52:29.0219 5160 ============================================================

14:52:29.0228 5720 Detected object count: 3

14:52:29.0228 5720 Actual detected object count: 3

14:52:43.0586 5720 CtrlPanel ( UnsignedFile.Multi.Generic ) - skipped by user

14:52:43.0587 5720 CtrlPanel ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:52:43.0587 5720 IdcSrv ( UnsignedFile.Multi.Generic ) - skipped by user

14:52:43.0587 5720 IdcSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:52:43.0588 5720 PQAWRwa ( UnsignedFile.Multi.Generic ) - skipped by user

14:52:43.0588 5720 PQAWRwa ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:52:48.0078 5484 Deinitialize success

Share this post


Link to post
Share on other sites

I'm still getting the adds and the computer is still slow.

Share this post


Link to post
Share on other sites

These ads come from a browser or something else?

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Share this post


Link to post
Share on other sites

These adds come from both Internet Explorer and Google Chrome. The computer is running very slowly and now I have experienced some BSODs.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-13 15:22:43

-----------------------------

15:22:43.968 OS Version: Windows x64 6.1.7601 Service Pack 1

15:22:43.968 Number of processors: 2 586 0x2A07

15:22:43.969 ComputerName: SHAZIABEGUM-PC UserName: Shazia Begum

15:22:45.257 Initialize success

15:22:50.934 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

15:22:50.936 Disk 0 Vendor: WDC_WD10EADX-22TDHB0 77.04D77 Size: 953869MB BusType: 11

15:22:50.949 Disk 0 MBR read successfully

15:22:50.951 Disk 0 MBR scan

15:22:50.953 Disk 0 Windows 7 default MBR code

15:22:50.957 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 22000 MB offset 2048

15:22:50.975 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 45058048

15:22:50.978 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 465881 MB offset 45262848

15:22:50.993 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 465886 MB offset 999387136

15:22:50.997 Disk 0 scanning C:\Windows\system32\drivers

15:22:54.540 Service scanning

15:23:04.255 Modules scanning

15:23:04.261 Disk 0 trace - called modules:

15:23:04.282 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

15:23:04.287 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cc1060]

15:23:04.290 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa800471c0c0]

15:23:04.294 5 ACPI.sys[fffff88000f227a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800468a680]

15:23:04.299 Scan finished successfully

15:24:38.143 Disk 0 MBR has been saved successfully to "C:\Users\Shazia Begum\Desktop\MBR.dat"

15:24:38.149 The log file has been saved successfully to "C:\Users\Shazia Begum\Desktop\aswMBR.txt"

Share this post


Link to post
Share on other sites

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Share this post


Link to post
Share on other sites

Popups have gone but still comp is very slow.

MiniToolBox by Farbar Version: 18-01-2012

Ran by Shazia Begum (administrator) on 13-04-2012 at 16:10:58

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

802.11 USB Wireless LAN Card = Wireless Network Connection 6 (Connected)

Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)

Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 7 (Media disconnected)

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

reset

set global

popd

# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : ShaziaBegum-PC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 7:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #3

Physical Address. . . . . . . . . : 00-A1-B0-02-31-62

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 6:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : 802.11 USB Wireless LAN Card #4

Physical Address. . . . . . . . . : 00-A1-B0-02-31-63

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::a459:ee6f:57ca:9579%18(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.0.102(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : 13 April 2012 12:50:49

Lease Expires . . . . . . . . . . : 20 April 2012 12:53:21

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DHCPv6 IAID . . . . . . . . . . . : 469803440

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-15-C4-1A-F8-0F-41-2F-CE-FA

DNS Servers . . . . . . . . . . . : 8.26.56.26

156.154.70.22

NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : F8-0F-41-2F-CE-FA

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B887273F-390E-48B5-AC65-A19E4D9A682A}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:18fa:dca:3f57:ff99(Preferred)

Link-local IPv6 Address . . . . . : fe80::18fa:dca:3f57:ff99%15(Preferred)

Default Gateway . . . . . . . . . : ::

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: ns1.recursive.dns.com

Address: 8.26.56.26

Name: google.com

Addresses: 173.194.70.113

173.194.70.100

173.194.70.139

173.194.70.101

173.194.70.102

173.194.70.138

Pinging google.com [209.85.148.113] with 32 bytes of data:

Reply from 209.85.148.113: bytes=32 time=31ms TTL=50

Reply from 209.85.148.113: bytes=32 time=32ms TTL=50

Ping statistics for 209.85.148.113:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 31ms, Maximum = 32ms, Average = 31ms

Server: ns1.recursive.dns.com

Address: 8.26.56.26

Name: yahoo.com

Addresses: 209.191.122.70

72.30.38.140

98.139.183.24

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=213ms TTL=48

Reply from 72.30.38.140: bytes=32 time=206ms TTL=48

Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 206ms, Maximum = 213ms, Average = 209ms

Server: ns1.recursive.dns.com

Address: 8.26.56.26

Name: bleepingcomputer.com

Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

21...00 a1 b0 02 31 62 ......Microsoft Virtual WiFi Miniport Adapter #3

18...00 a1 b0 02 31 63 ......802.11 USB Wireless LAN Card #4

11...f8 0f 41 2f ce fa ......Realtek PCIe GBE Family Controller

1...........................Software Loopback Interface 1

412...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.102 25

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.0.0 255.255.255.0 On-link 192.168.0.102 281

192.168.0.102 255.255.255.255 On-link 192.168.0.102 281

192.168.0.255 255.255.255.255 On-link 192.168.0.102 281

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.0.102 281

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.0.102 281

===========================================================================

Persistent Routes:

None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

15 58 ::/0 On-link

1 306 ::1/128 On-link

15 58 2001::/32 On-link

15 306 2001:0:5ef5:79fb:18fa:dca:3f57:ff99/128

On-link

18 281 fe80::/64 On-link

15 306 fe80::/64 On-link

15 306 fe80::18fa:dca:3f57:ff99/128

On-link

18 281 fe80::a459:ee6f:57ca:9579/128

On-link

1 306 ff00::/8 On-link

15 306 ff00::/8 On-link

18 281 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)

x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:

==================

Error: (04/13/2012 00:38:16 PM) (Source: Application Error) (User: )

Description: Faulting application name: dreamseeker.exe, version: 1.0.0.1, time stamp: 0x4e8ba0cc

Faulting module name: igdumd32.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f3aab9f

Exception code: 0xc0000005

Fault offset: 0x04d33bdb

Faulting process id: 0x83c

Faulting application start time: 0xdreamseeker.exe0

Faulting application path: dreamseeker.exe1

Faulting module path: dreamseeker.exe2

Report Id: dreamseeker.exe3

Error: (04/13/2012 00:35:32 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/13/2012 11:42:52 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 10:16:58 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 09:51:19 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 09:39:56 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 05:14:29 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2012 03:12:39 PM) (Source: Application Error) (User: )

Description: Faulting application name: dreamseeker.exe, version: 1.0.0.1, time stamp: 0x4e8ba0cc

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0x00000000

Fault offset: 0x00000000

Faulting process id: 0xbf4

Faulting application start time: 0xdreamseeker.exe0

Faulting application path: dreamseeker.exe1

Faulting module path: dreamseeker.exe2

Report Id: dreamseeker.exe3

Error: (04/11/2012 01:28:33 PM) (Source: Windows Search Service) (User: )

Description: The index cannot be initialized.

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/11/2012 01:28:33 PM) (Source: Windows Search Service) (User: )

Description: The application cannot be initialized.

Context: Windows Application

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

System errors:

=============

Error: (04/13/2012 11:41:14 AM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

SASDIFSV

SASKUTIL

Error: (04/12/2012 10:16:44 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

SASDIFSV

SASKUTIL

Error: (04/12/2012 10:16:39 PM) (Source: Service Control Manager) (User: )

Description: The Windows Defender service terminated with the following error:

%%126

Error: (04/12/2012 10:15:51 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/12/2012 10:15:47 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/12/2012 10:15:19 PM) (Source: Application Popup) (User: )

Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/12/2012 10:15:19 PM) (Source: Application Popup) (User: )

Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/12/2012 10:13:11 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/12/2012 09:50:30 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

nmfmfx

SASDIFSV

SASKUTIL

zvijcv

Error: (04/12/2012 09:39:37 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

nmfmfx

SASDIFSV

SASKUTIL

zvijcv

Microsoft Office Sessions:

=========================

Error: (04/13/2012 00:38:16 PM) (Source: Application Error)(User: )

Description: dreamseeker.exe1.0.0.14e8ba0ccigdumd32.dll_unloaded0.0.0.04f3aab9fc000000504d33bdb83c01cd1969251b1d75C:\Program Files (x86)\BYOND\bin\dreamseeker.exeigdumd32.dll289a91a6-855d-11e1-9569-f80f412fcefa

Error: (04/13/2012 00:35:32 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (04/13/2012 11:42:52 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 10:16:58 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 09:51:19 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 09:39:56 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 05:14:29 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2012 03:12:39 PM) (Source: Application Error)(User: )

Description: dreamseeker.exe1.0.0.14e8ba0ccunknown0.0.0.0000000000000000000000000bf401cd17ed23574b29C:\Program Files (x86)\BYOND\bin\dreamseeker.exeunknown6515aca3-83e0-11e1-9f99-f80f412fcefa

Error: (04/11/2012 01:28:33 PM) (Source: Windows Search Service)(User: )

Description: Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/11/2012 01:28:33 PM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

=========================== Installed Programs ============================

??? ActiveX ?? Windows Live Mesh ???? ??????? ??????? (Version: 15.4.5722.2)

???? ??? Windows Live (Version: 15.4.3502.0922)

???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ??????? (Version: 15.4.5722.2)

???? Windows Live (Version: 15.4.3502.0922)

?????? ??????? ?? Windows Live (Version: 15.4.3502.0922)

??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ??????????? (Version: 15.4.5722.2)

??????? Windows Live Mesh ActiveX ??? (Version: 15.4.5722.2)

???????? ?????????? Windows Live (Version: 15.4.3502.0922)

????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???) (Version: 15.4.5722.2)

?????????? Windows Live (Version: 15.4.3502.0922)

??????????? ?? Windows Live (Version: 15.4.3502.0922)

Acer eRecovery Management (Version: 5.00.3502)

Acer Games (Version: 1.0.2.5)

Acer PowerSaver (Version: 1.00.3502)

Acer Registration (Version: 1.04.3503)

Acer ScreenSaver (Version: 1.1.0609.2011)

Acer Updater (Version: 1.02.3500)

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (Version: 15.4.5722.2)

ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ?????? (Version: 15.4.5722.2)

Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.228)

Adobe Reader X (10.1.3) MUI (Version: 10.1.3)

Agatha Christie - Death on the Nile (Version: 2.2.0.98)

Bejeweled 2 Deluxe (Version: 2.2.0.95)

Build Your Own Net Dream (remove only)

CCleaner (Version: 3.16)

Chuzzle Deluxe (Version: 2.2.0.95)

Cisco EAP-FAST Module (Version: 2.1.6)

Cisco LEAP Module (Version: 1.0.12)

Cisco PEAP Module (Version: 1.0.13)

clear.fi (Version: 1.0.1517_36458)

clear.fi (Version: 1.0.1720.15)

clear.fi (Version: 9.0.7713)

clear.fi Client (Version: 1.00.3500)

COMODO Internet Security (Version: 5.10.31649.2253)

Contrôle ActiveX Windows Live Mesh pour connexions à distance (Version: 15.4.5722.2)

Control ActiveX de Windows Live Mesh para conexiones remotas (Version: 15.4.5722.2)

Control ActiveX del Windows Live Mesh per a connexions remotes (Version: 15.4.5722.2)

Control ActiveX Windows Live Mesh pentru conexiuni la distan?a (Version: 15.4.5722.2)

Controle ActiveX do Windows Live Mesh para Conexões Remotas (Version: 15.4.5722.2)

Controlo ActiveX do Windows Live Mesh para Ligações Remotas (Version: 15.4.5722.2)

Crazy Chicken Kart 2 (Version: 2.2.0.97)

CtrlPanel (Version: 1.00.0521)

CyberLink YouCam (Version: 4.0.2123)

D3DX10 (Version: 15.4.2368.0902)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

eBay Worldwide (Version: 2.2.0409)

Emsisoft Anti-Malware (Version: 6.0)

ESET Online Scanner v3

FATE (Version: 2.2.0.97)

Final Drive: Nitro (Version: 2.2.0.95)

Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych (Version: 15.4.5722.2)

Fotogalerija Windows Live (Version: 15.4.3502.0922)

Free YouTube Download version 3.1.22.319 (Version: 3.1.22.319)

Freedom Scientific Braille (Version: 11.0.641.1)

Freedom Scientific Document Server (Version: 11.0.641.1)

Freedom Scientific Elevation (Version: 11.0.641.1)

Freedom Scientific FSReader 2.0 (Version: 2.0.1051.0)

Freedom Scientific JAWS 13.0 (Version: 13.0.638.400)

Freedom Scientific Ocr (Version: 12.0.073.0)

Freedom Scientific OmniPage (Version: 11.0.000.0)

Freedom Scientific Synth (Version: 13.0.638.400)

Freedom Scientific Synthesizer Eloquence (Version: 6.1.004)

Freedom Scientific Talking Installer 13.0 (Version: 13.0.638.400)

Freedom Scientific Utilities (Version: 11.0.303.1)

Freedom Scientific Video Intercept (Version: 11.0.641.1)

Freedom Scientific WOW64 Proxy (Version: 11.0.641.1)

Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)

Galeria fotografii uslugi Windows Live (Version: 15.4.3502.0922)

Galeria fotogràfica del Windows Live (Version: 15.4.3502.0922)

Galerie de photos Windows Live (Version: 15.4.3502.0922)

Galerie foto Windows Live (Version: 15.4.3502.0922)

Galería fotográfica de Windows Live (Version: 15.4.3502.0922)

Google Chrome (Version: 18.0.1025.152)

Hotkey Utility (Version: 2.05.3503)

IdeaCom Touch Screen 3.3.0000.26 (Version: 3.3.0000.26)

Identity Card (Version: 1.00.3501)

Insaniquarium Deluxe (Version: 2.2.0.97)

Intel® Control Center (Version: 1.2.1.1007)

Intel® Management Engine Components (Version: 7.0.0.1144)

Intel® Processor Graphics (Version: 8.15.10.2279)

Java Auto Updater (Version: 2.0.7.1)

Java 6 Update 31 (Version: 6.0.310)

Jewel Match 3 (Version: 2.2.0.97)

Jewel Quest Solitaire (Version: 2.2.0.95)

John Deere Drive Green (Version: 2.2.0.95)

Junk Mail filter update (Version: 15.4.3502.0922)

K-Lite Codec Pack 8.2.0 (Basic) (Version: 8.2.0)

Kobo (Version: 2.1.6)

Kontrola Windows Live Mesh ActiveX za daljinske veze (Version: 15.4.5722.2)

Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (Version: 15.4.5722.2)

Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)

Mesh Runtime (Version: 15.4.5722.2)

MicroNEXT MicroNEXT USB Wireless (Version: 1.0.9.0)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Outlook Connector (Version: 14.0.6106.5001)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)

Microsoft Silverlight (Version: 4.1.10111.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

MSVCRT (Version: 15.4.2862.0708)

MSVCRT_amd64 (Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Mystery of Mortlake Mansion (Version: 2.2.0.98)

MyWinLocker (Version: 4.0.14.25)

MyWinLocker 4 (Version: 4.0.14.25)

MyWinLocker Suite (Version: 4.0.14.15)

Nero Control Center 10 (Version: 10.2.11100.1.1)

Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000)

Nero Core Components 10 (Version: 2.0.18100.8.8)

Nero DiscSpeed 10 (Version: 6.2.10500.2.100)

Nero DiscSpeed 10 Help (CHM) (Version: 10.5.10000)

Nero Express 10 (Version: 10.2.12000.21.100)

Nero Express 10 Help (CHM) (Version: 10.5.10200)

Nero Multimedia Suite 10 Essentials (Version: 10.5.10300)

Nero StartSmart 10 (Version: 10.2.11600.14.100)

Nero StartSmart 10 Help (CHM) (Version: 10.5.10000)

Nero Update (Version: 1.0.0018)

Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení (Version: 15.4.5722.2)

Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (Version: 15.4.5722.2)

Penguins! (Version: 2.2.0.95)

Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)

Poczta uslugi Windows Live (Version: 15.4.3502.0922)

Podstawowe programy Windows Live (Version: 15.4.3502.0922)

Polar Bowler (Version: 2.2.0.97)

Pošta Windows Live (Version: 15.4.3502.0922)

Raccolta foto di Windows Live (Version: 15.4.3502.0922)

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)

RealPlayer

Realtek Ethernet Controller Driver (Version: 7.37.1229.2010)

Realtek High Definition Audio Driver (Version: 6.0.1.6278)

RealUpgrade 1.1 (Version: 1.1.0)

S?????? f?t???af??? t?? Windows Live (Version: 15.4.3502.0922)

Sentinel System Driver Installer 7.5.0 (Version: 7.5.0)

Shredder (Version: 2.0.8.9)

Slingo Deluxe (Version: 2.2.0.95)

SopCast 3.4.8 (Version: 3.4.8)

St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se?? (Version: 15.4.5722.2)

Torchlight (Version: 2.2.0.97)

TouchSettings (Version: 1.00.0006)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update Installer for WildTangent Games App

Urruneko konexioetarako Windows Live Mesh ActiveX kontrola (Version: 15.4.5722.2)

Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi (Version: 15.4.5722.2)

Veetle TV (Version: 0.9.19)

Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.97)

Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)

Wedding Dash (Version: 2.2.0.95)

Welcome Center (Version: 1.02.3503)

WildTangent Games App (Acer Games) (Version: 4.0.5.14)

Windows Live ??? (Version: 15.4.3502.0922)

Windows Live ???? (Version: 15.4.3502.0922)

Windows Live Argazki Galeria (Version: 15.4.3502.0922)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3538.0513)

Windows Live Fotótár (Version: 15.4.3502.0922)

Windows Live Fotogalerie (Version: 15.4.3502.0922)

Windows Live Fotogalleri (Version: 15.4.3502.0922)

Windows Live Fotogaléria (Version: 15.4.3502.0922)

Windows Live Fotograf Galerisi (Version: 15.4.3502.0922)

Windows Live Galeria de Fotos (Version: 15.4.3502.0922)

Windows Live Galerija fotografija (Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3538.0513)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (Version: 15.4.5722.2)

Windows Live Mesh (Version: 15.4.3502.0922)

Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (Version: 15.4.5722.2)

Windows Live Mesh ActiveX-objekt til fjernforbindelser (Version: 15.4.5722.2)

Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz (Version: 15.4.5722.2)

Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)

Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)

Windows Live Meshin etäyhteyksien ActiveX-komponentti (Version: 15.4.5722.2)

Windows Live Messenger (Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live Temel Parçalar (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

Windows Liven asennustyökalu (Version: 15.4.3502.0922)

Windows Liven sähköposti (Version: 15.4.3502.0922)

Windows Liven valokuvavalikoima (Version: 15.4.3502.0922)

WinRAR 4.10 (64-bit) (Version: 4.10.0)

Zuma Deluxe (Version: 2.2.0.95)

========================= Devices: ================================

Name: SASDIFSV

Description: SASDIFSV

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: SASDIFSV

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SASKUTIL

Description: SASKUTIL

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: SASKUTIL

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

========================= Memory info: ===================================

Percentage of memory in use: 39%

Total physical RAM: 4008.04 MB

Available physical RAM: 2441.37 MB

Total Pagefile: 8014.26 MB

Available Pagefile: 5918.09 MB

Total Virtual: 4095.88 MB

Available Virtual: 3962.22 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:454.96 GB) (Free:394.19 GB) NTFS

2 Drive d: (Data) (Fixed) (Total:454.97 GB) (Free:454.3 GB) NTFS

========================= Users: ========================================

User accounts for \\SHAZIABEGUM-PC

Administrator Guest Shazia Begum

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

Share this post


Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Share this post


Link to post
Share on other sites

It has found no threats however, I am still experiencing some BSODs as well as the computer is still slow. Takes 8 mins to boot up when it normally takes around 20 secs. Takes 5 min to shut down too when it should down in like 30 secs. Only bought this PC 3 months ago.

Share this post


Link to post
Share on other sites

You sure, it wasn't like this until Malwarebytes deleted 190 infections of an Fake AV. I don't have the log anymore.

Share this post


Link to post
Share on other sites

Recent checks did show that there is no trace even of active malware.

Share this post


Link to post
Share on other sites

Okay, then. I guess it won't be malware then. Thanks for the help. It was much appreciated.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.