emil915

cannot remove pup.optional.BrowseFox.A

20 posts in this topic

Hi,

 

i'm infected with pup.Optional.BrowseFox.A

tried AdwCleaner and Malwarebytes,

but it keeps coming back a few minutes after i remove it.

 

Pls. help.

 

Find the Log for DDS attached.

attach.txt

dds.txt

Share this post


Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Share this post


Link to post
Share on other sites

Hi Marius,

Thank you for your Help.

Please find the Log from  Gmer rootkit

 

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-10-17 18:55:43
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465.76GB
Running: o94oqqkc.exe; Driver: C:\Users\ANJU\AppData\Local\Temp\kwldrpog.sys
 
 
---- Registry - GMER 2.1 ----
 
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                                                                            2
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                                                                           2
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                                                                    1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                                                                     aswFsBlk
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                                                                           FSFilter Activity Monitor
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                                                                 FltMgr?
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                                                                     avast! mini-filter driver (aswFsBlk)
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                                                             3
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                                                                       
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                                                                       aswFsBlk Instance
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                                                                     
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                            388400
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                               0
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                                                                 
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                                                                           2
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                                                                          2
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                                                                   1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                                                                      \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                                                                    aswMonFlt
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                                                                          FSFilter Anti-Virus
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                                                                FltMgr?
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                                                                    avast! mini-filter driver (aswMonFlt)
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                                                                      
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                                                                      aswMonFlt Instance
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                                                                   
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                          320700
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                             0
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                                                                
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                                                                         \SystemRoot\System32\Drivers\aswrdr2.sys
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                                                              1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                                                             1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                                                                      1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                                                                       aswRdr
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                                                             PNP_TDI
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                                                                   tcpip?
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                                                                       avast! WFP Redirect driver
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                                                                        
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                     
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                     nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                                                                   
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                                                             1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                                                                            0
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                                                                     1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                                                                      aswRvrt
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                                                                      avast! Revert
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                                                                       
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                                                                           273
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                                                                           2834545
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                                                                            \Device\Harddisk0\Partition3\Windows
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                                                                      1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                                                                  
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                                                              2
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                                                             1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                                                                      1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                                                                       aswSnx
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                                                             FSFilter Virtualization
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                                                                   FltMgr?
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                                                                       avast! virtualization driver (aswSnx)
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                                                               2
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                                                                         
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                                                                         aswSnx Instance
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                                                                         
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                                                                137600
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                                                                   0
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                                                                        
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                                                                          \DosDevices\C:\Program Files\AVAST Software\Avast
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                                                             \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                                                                   
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                                                               1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                                                              1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                                                                       1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                                                                        aswSP
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                                                                        avast! Self Protection
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                                                                         
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                                                             1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                                                                           \DosDevices\C:\Program Files\AVAST Software\Avast
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                                                              \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                                                                      \DosDevices\C:\Program Files
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                                                                            \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen                                                                         1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                                                                    
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                                                              1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                                                             1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                                                                      1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                                                                       avast! Network Shield Support
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                                                             PNP_TDI
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                                                                   tcpip?
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                                                                       avast! Network Shield TDI driver
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                                                               11
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                                                                   
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                                                              1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                                                             3
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                                                                      1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                                                                       aswVmm
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                                                                       avast! VM Monitor
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                                                                        
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                                                                   
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                                                                    32
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                                                                   2
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                                                                            1
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                                                               "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                                                             avast! Antivirus
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                                                                   ShellSvcGroup
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                                                                         aswMonFlt?RpcSS?
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                                                                   1
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                                                              LocalSystem
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                                                                          1
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                                                             Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                                                                         
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46ad6f769                                                                     
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46ad6f769@6ca7803f0ffc                                                        0xC1 0xA9 0x7C 0x49 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46ad6f769@10f9ee058c65                                                        0x6F 0x79 0xCC 0xCD ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46ad6f769@f48e09309c45                                                        0xEC 0xE6 0x46 0xD6 ...
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                                                                2
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                                                               2
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                                                                        1
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                                                                         aswFsBlk
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                                                               FSFilter Activity Monitor
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                                                                     FltMgr?
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                                                                         avast! mini-filter driver (aswFsBlk)
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                                                                 3
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                                                                   
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                                                                           aswFsBlk Instance
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)                                                 
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                388400
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                   0
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                                                               2
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                                                              2
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                                                                       1
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                                                                          \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                                                                        aswMonFlt
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                                                              FSFilter Anti-Virus
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                                                                    FltMgr?
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                                                                        avast! mini-filter driver (aswMonFlt)
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                                                                  
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                                                                          aswMonFlt Instance
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)                                               
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                              320700
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                 0
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                                                             \SystemRoot\System32\Drivers\aswrdr2.sys
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                                                                  1
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                                                                 1
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                                                                          1
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                                                                           aswRdr
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                                                                 PNP_TDI
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                                                                       tcpip?
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                                                                           avast! WFP Redirect driver
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                                                                    
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                         
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                         nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg   HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                                                                 1
Reg   HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                                                                0
Reg   HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                                                                         1
Reg   HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                                                                          aswRvrt
Reg   HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description                                                                                          avast! Revert
Reg   HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                                                                   
Reg   HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                                                               273
Reg   HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                                                               2834545
Reg   HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                                                                \Device\Harddisk0\Partition3\Windows
Reg   HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                                                                          1
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                                                                  2
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                                                                 1
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                                                                          1
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                                                                           aswSnx
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                                                                 FSFilter Virtualization
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                                                                       FltMgr?
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                                                                           avast! virtualization driver (aswSnx)
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag                                                                                                   2
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                                                                     
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                                                             aswSnx Instance
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)                                                     
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                                                                    137600
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                                                                       0
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                                                                    
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                                                              \DosDevices\C:\Program Files\AVAST Software\Avast
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                                                                 \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                                                                   1
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                                                                  1
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                                                                           1
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                                                                            aswSP
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                                                                            avast! Self Protection
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                                                                     
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                                                                 1
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                                                               \DosDevices\C:\Program Files\AVAST Software\Avast
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                                                                  \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                                                                          \DosDevices\C:\Program Files
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                                                                \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen                                                                             1
Reg   HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                                                                  1
Reg   HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                                                                 1
Reg   HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                                                                          1
Reg   HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                                                                           avast! Network Shield Support
Reg   HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                                                                 PNP_TDI
Reg   HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                                                                       tcpip?
Reg   HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                                                                           avast! Network Shield TDI driver
Reg   HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                                                                   11
Reg   HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                                                                  1
Reg   HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                                                                 3
Reg   HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                                                                          1
Reg   HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                                                                           aswVmm
Reg   HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                                                                           avast! VM Monitor
Reg   HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                                                                    
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                                                                        32
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                                                                       2
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                                                                1
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                                                                   "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                                                                 avast! Antivirus
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                                                                       ShellSvcGroup
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                                                             aswMonFlt?RpcSS?
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                                                                       1
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                                                                  LocalSystem
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                                                              1
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                                                                 Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46ad6f769 (not active ControlSet)                                                 
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46ad6f769@6ca7803f0ffc                                                            0xC1 0xA9 0x7C 0x49 ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46ad6f769@10f9ee058c65                                                            0x6F 0x79 0xCC 0xCD ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46ad6f769@f48e09309c45                                                            0xEC 0xE6 0x46 0xD6 ...
Reg   HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40966F84-4AD1-63BE-00B5-BDB4A610243D}                                 
Reg   HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40966F84-4AD1-63BE-00B5-BDB4A610243D}@oafjempfdjlbclhgpnjnfjboegdnag  0x6A 0x61 0x6D 0x6F ...
Reg   HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40966F84-4AD1-63BE-00B5-BDB4A610243D}@naljolbllikbjeiafggjohiioggp    0x6A 0x61 0x6D 0x6F ...
Reg   HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40966F84-4AD1-63BE-00B5-BDB4A610243D}@oajicaooaelehglmgfcepfdnonkgmo  0x64 0x61 0x6D 0x6F ...
 
---- Disk sectors - GMER 2.1 ----
 
Disk  \Device\Harddisk0\DR0                                                                                                                           unknown MBR code
 
---- EOF - GMER 2.1 ----

Share this post


Link to post
Share on other sites

ShortcutCleaner

 

Please download this file to your desktop and run it: http://www.bleepingcomputer.com/download/shortcut-cleaner/

It will open up a log when finished - please post that up here.

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please post the contents of that log in your next reply.

Share this post


Link to post
Share on other sites

log from sc Cleaner

 

Shortcut Cleaner 1.2.5 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 
Windows Version: Windows 7 Home Premium 
Program started at: 10/17/2013 07:39:34 PM.
 
Scanning for registry hijacks:
 
 * No issues found in the Registry.
 
Searching for Hijacked Shortcuts:
 
Searching C:\Users\ANJU\AppData\Roaming\Microsoft\Windows\Start Menu\
 
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
 
Searching C:\Users\ANJU\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
 
Searching C:\Users\Public\Desktop\
 
Searching C:\Users\ANJU\Desktop
 
 
0 bad shortcuts found.
 
Program finished at: 10/17/2013 07:39:39 PM
Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)

Share this post


Link to post
Share on other sites

Log from TDSS-Killer

 

19:46:22.0628 5832  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:46:24.0629 5832  ============================================================
19:46:24.0629 5832  Current date / time: 2013/10/17 19:46:24.0629
19:46:24.0629 5832  SystemInfo:
19:46:24.0629 5832  
19:46:24.0629 5832  OS Version: 6.1.7600 ServicePack: 0.0
19:46:24.0629 5832  Product type: Workstation
19:46:24.0630 5832  ComputerName: ANJU-PC
19:46:24.0630 5832  UserName: ANJU
19:46:24.0630 5832  Windows directory: C:\Windows
19:46:24.0630 5832  System windows directory: C:\Windows
19:46:24.0630 5832  Running under WOW64
19:46:24.0630 5832  Processor architecture: Intel x64
19:46:24.0630 5832  Number of processors: 4
19:46:24.0630 5832  Page size: 0x1000
19:46:24.0630 5832  Boot type: Normal boot
19:46:24.0630 5832  ============================================================
19:46:26.0407 5832  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:46:26.0421 5832  ============================================================
19:46:26.0421 5832  \Device\Harddisk0\DR0:
19:46:26.0421 5832  MBR partitions:
19:46:26.0421 5832  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
19:46:26.0421 5832  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x1DDB8000
19:46:26.0470 5832  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1FBEB000, BlocksNum 0x124F8000
19:46:26.0504 5832  ============================================================
19:46:26.0542 5832  C: <-> \Device\Harddisk0\DR0\Partition2
19:46:26.0610 5832  D: <-> \Device\Harddisk0\DR0\Partition3
19:46:26.0610 5832  ============================================================
19:46:26.0611 5832  Initialize success
19:46:26.0611 5832  ============================================================
19:46:30.0309 5436  ============================================================
19:46:30.0309 5436  Scan started
19:46:30.0309 5436  Mode: Manual; 
19:46:30.0309 5436  ============================================================
19:46:32.0439 5436  ================ Scan system memory ========================
19:46:32.0439 5436  System memory - ok
19:46:32.0440 5436  ================ Scan services =============================
19:46:32.0613 5436  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
19:46:32.0618 5436  1394ohci - ok
19:46:33.0038 5436  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
19:46:33.0044 5436  ACPI - ok
19:46:33.0067 5436  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
19:46:33.0069 5436  AcpiPmi - ok
19:46:33.0196 5436  [ 3109B16A0939BA11696EEB04F345D099 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:46:33.0200 5436  AdobeFlashPlayerUpdateSvc - ok
19:46:33.0262 5436  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:46:33.0271 5436  adp94xx - ok
19:46:33.0323 5436  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:46:33.0330 5436  adpahci - ok
19:46:33.0354 5436  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:46:33.0358 5436  adpu320 - ok
19:46:33.0394 5436  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:46:33.0396 5436  AeLookupSvc - ok
19:46:33.0466 5436  [ 6EF20DDF3172E97D69F596FB90602F29 ] AFD             C:\Windows\system32\drivers\afd.sys
19:46:33.0475 5436  AFD - ok
19:46:33.0520 5436  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
19:46:33.0522 5436  agp440 - ok
19:46:33.0560 5436  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:46:33.0562 5436  ALG - ok
19:46:33.0599 5436  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
19:46:33.0601 5436  aliide - ok
19:46:33.0630 5436  [ 893D2125996BB8B92054D743D75FDC09 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:46:33.0634 5436  AMD External Events Utility - ok
19:46:33.0657 5436  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
19:46:33.0659 5436  amdide - ok
19:46:33.0700 5436  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:46:33.0702 5436  AmdK8 - ok
19:46:33.0928 5436  [ 6AA57C2C6B586CAC8910A142928A79C7 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:46:34.0107 5436  amdkmdag - ok
19:46:34.0158 5436  [ 2705B5AF991EFF9396109FBE63635FC9 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:46:34.0182 5436  amdkmdap - ok
19:46:34.0209 5436  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:46:34.0211 5436  AmdPPM - ok
19:46:34.0246 5436  [ 7A4B413614C055935567CF88A9734D38 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
19:46:34.0249 5436  amdsata - ok
19:46:34.0289 5436  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:46:34.0293 5436  amdsbs - ok
19:46:34.0310 5436  [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
19:46:34.0312 5436  amdxata - ok
19:46:34.0339 5436  [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
19:46:34.0340 5436  AmUStor - ok
19:46:34.0375 5436  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
19:46:34.0377 5436  AppID - ok
19:46:34.0400 5436  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:46:34.0402 5436  AppIDSvc - ok
19:46:34.0423 5436  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
19:46:34.0426 5436  Appinfo - ok
19:46:34.0452 5436  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:46:34.0455 5436  arc - ok
19:46:34.0479 5436  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:46:34.0481 5436  arcsas - ok
19:46:34.0594 5436  [ FA558B04F900EF9801534D20F24FF2BF ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:46:34.0596 5436  aspnet_state - ok
19:46:34.0670 5436  [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
19:46:34.0672 5436  aswFsBlk - ok
19:46:34.0746 5436  [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
19:46:34.0749 5436  aswMonFlt - ok
19:46:34.0780 5436  [ 8F90459AFB7FD4557D935CE639EF6110 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
19:46:34.0783 5436  aswRdr - ok
19:46:34.0849 5436  [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
19:46:34.0852 5436  aswRvrt - ok
19:46:34.0938 5436  [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
19:46:34.0983 5436  aswSnx - ok
19:46:35.0053 5436  [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
19:46:35.0062 5436  aswSP - ok
19:46:35.0198 5436  [ D62C10D1829C65115111C160EA956260 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
19:46:35.0201 5436  aswTdi - ok
19:46:35.0259 5436  [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
19:46:35.0263 5436  aswVmm - ok
19:46:35.0311 5436  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:46:35.0312 5436  AsyncMac - ok
19:46:35.0377 5436  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
19:46:35.0379 5436  atapi - ok
19:46:35.0440 5436  [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
19:46:35.0475 5436  athr - ok
19:46:35.0527 5436  [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
19:46:35.0530 5436  AtiHdmiService - ok
19:46:35.0643 5436  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:46:35.0656 5436  AudioEndpointBuilder - ok
19:46:35.0671 5436  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:46:35.0677 5436  AudioSrv - ok
19:46:35.0806 5436  [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:46:35.0808 5436  avast! Antivirus - ok
19:46:35.0919 5436  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:46:35.0923 5436  AxInstSV - ok
19:46:35.0973 5436  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:46:35.0985 5436  b06bdrv - ok
19:46:36.0048 5436  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:46:36.0055 5436  b57nd60a - ok
19:46:36.0327 5436  [ 2D659B569A76CDB83B815675A80D7096 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
19:46:36.0417 5436  BCM43XX - ok
19:46:36.0476 5436  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:46:36.0479 5436  BDESVC - ok
19:46:36.0511 5436  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:46:36.0515 5436  Beep - ok
19:46:36.0587 5436  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
19:46:36.0601 5436  BFE - ok
19:46:36.0641 5436  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
19:46:36.0663 5436  BITS - ok
19:46:36.0713 5436  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:46:36.0715 5436  blbdrive - ok
19:46:36.0808 5436  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:46:36.0817 5436  Bonjour Service - ok
19:46:36.0859 5436  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:46:36.0861 5436  bowser - ok
19:46:36.0895 5436  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:46:36.0897 5436  BrFiltLo - ok
19:46:36.0908 5436  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:46:36.0910 5436  BrFiltUp - ok
19:46:36.0942 5436  [ 94FBC06F294D58D02361918418F996E3 ] Browser         C:\Windows\System32\browser.dll
19:46:36.0945 5436  Browser - ok
19:46:36.0972 5436  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:46:36.0978 5436  Brserid - ok
19:46:37.0001 5436  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:46:37.0003 5436  BrSerWdm - ok
19:46:37.0033 5436  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:46:37.0035 5436  BrUsbMdm - ok
19:46:37.0044 5436  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:46:37.0046 5436  BrUsbSer - ok
19:46:37.0100 5436  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
19:46:37.0102 5436  BthEnum - ok
19:46:37.0124 5436  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:46:37.0126 5436  BTHMODEM - ok
19:46:37.0145 5436  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:46:37.0148 5436  BthPan - ok
19:46:37.0174 5436  [ A51FA9D0E85D5ADABEF72E67F386309C ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
19:46:37.0183 5436  BTHPORT - ok
19:46:37.0252 5436  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:46:37.0255 5436  bthserv - ok
19:46:37.0278 5436  [ F740B9A16B2C06700F2130E19986BF3B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
19:46:37.0281 5436  BTHUSB - ok
19:46:37.0329 5436  [ 73A1C54749FE4F0019241E36C796AB86 ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
19:46:37.0337 5436  btwampfl - ok
19:46:37.0358 5436  [ 1872074ED0A3FB22E3F1E3197B984BFA ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
19:46:37.0360 5436  btwaudio - ok
19:46:37.0388 5436  [ 691CF076C33AB1C3A5B2FD5450300733 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
19:46:37.0392 5436  btwavdt - ok
19:46:37.0452 5436  [ 4E6AC6475EF653BDFFDA67A74B9591D8 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
19:46:37.0474 5436  btwdins - ok
19:46:37.0502 5436  [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
19:46:37.0504 5436  btwl2cap - ok
19:46:37.0520 5436  [ C9273B20DEC8CE38DBCE5D29DE63C907 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
19:46:37.0521 5436  btwrchid - ok
19:46:37.0559 5436  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:46:37.0561 5436  cdfs - ok
19:46:37.0628 5436  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:46:37.0632 5436  cdrom - ok
19:46:37.0674 5436  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:46:37.0677 5436  CertPropSvc - ok
19:46:37.0698 5436  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:46:37.0701 5436  circlass - ok
19:46:37.0722 5436  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:46:37.0729 5436  CLFS - ok
19:46:37.0779 5436  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:46:37.0782 5436  clr_optimization_v2.0.50727_32 - ok
19:46:37.0813 5436  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:46:37.0816 5436  clr_optimization_v2.0.50727_64 - ok
19:46:37.0927 5436  [ F53E15A89675B7489FABE74F2091568E ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:46:37.0931 5436  clr_optimization_v4.0.30319_32 - ok
19:46:37.0945 5436  [ 101D397632B9007DF13E9A957EA68E04 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:46:37.0947 5436  clr_optimization_v4.0.30319_64 - ok
19:46:37.0997 5436  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:46:37.0998 5436  CmBatt - ok
19:46:38.0039 5436  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
19:46:38.0041 5436  cmdide - ok
19:46:38.0451 5436  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:46:38.0460 5436  CNG - ok
19:46:38.0471 5436  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:46:38.0474 5436  Compbatt - ok
19:46:38.0491 5436  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:46:38.0492 5436  CompositeBus - ok
19:46:38.0498 5436  COMSysApp - ok
19:46:38.0503 5436  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:46:38.0505 5436  crcdisk - ok
19:46:38.0531 5436  [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:46:38.0534 5436  CryptSvc - ok
19:46:38.0590 5436  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:46:38.0602 5436  DcomLaunch - ok
19:46:38.0620 5436  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:46:38.0625 5436  defragsvc - ok
19:46:38.0667 5436  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:46:38.0670 5436  DfsC - ok
19:46:38.0718 5436  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:46:38.0725 5436  Dhcp - ok
19:46:38.0773 5436  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:46:38.0775 5436  discache - ok
19:46:38.0802 5436  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:46:38.0804 5436  Disk - ok
19:46:38.0842 5436  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:46:38.0847 5436  Dnscache - ok
19:46:38.0903 5436  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
19:46:38.0908 5436  dot3svc - ok
19:46:38.0936 5436  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
19:46:38.0940 5436  DPS - ok
19:46:38.0980 5436  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:46:38.0981 5436  drmkaud - ok
19:46:39.0059 5436  [ 9CF46FDF163E06B83D03FF929EF2296C ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
19:46:39.0064 5436  DsiWMIService - ok
19:46:39.0474 5436  [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:46:39.0489 5436  DXGKrnl - ok
19:46:39.0524 5436  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:46:39.0527 5436  EapHost - ok
19:46:39.0627 5436  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:46:39.0709 5436  ebdrv - ok
19:46:39.0742 5436  [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS             C:\Windows\System32\lsass.exe
19:46:39.0746 5436  EFS - ok
19:46:39.0823 5436  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:46:39.0830 5436  ehRecvr - ok
19:46:39.0861 5436  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:46:39.0932 5436  ehSched - ok
19:46:39.0995 5436  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:46:40.0006 5436  elxstor - ok
19:46:40.0093 5436  [ EB78FBD1C3DB8223EEB364D485627EF1 ] ePowerSvc       C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
19:46:40.0101 5436  ePowerSvc - ok
19:46:40.0125 5436  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
19:46:40.0126 5436  ErrDev - ok
19:46:40.0191 5436  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:46:40.0199 5436  EventSystem - ok
19:46:40.0290 5436  [ 334C907536E815E56CD13108A6D5FB9D ] ewusbmbb        C:\Windows\system32\DRIVERS\ewusbwwan.sys
19:46:40.0299 5436  ewusbmbb - ok
19:46:40.0332 5436  [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
19:46:40.0334 5436  ew_hwusbdev - ok
19:46:40.0398 5436  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:46:40.0403 5436  exfat - ok
19:46:40.0438 5436  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:46:40.0442 5436  fastfat - ok
19:46:40.0533 5436  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
19:46:40.0550 5436  Fax - ok
19:46:40.0575 5436  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:46:40.0577 5436  fdc - ok
19:46:40.0598 5436  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:46:40.0601 5436  fdPHost - ok
19:46:40.0611 5436  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:46:40.0614 5436  FDResPub - ok
19:46:40.0650 5436  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:46:40.0652 5436  FileInfo - ok
19:46:40.0681 5436  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:46:40.0683 5436  Filetrace - ok
19:46:40.0695 5436  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:46:40.0697 5436  flpydisk - ok
19:46:40.0707 5436  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:46:40.0712 5436  FltMgr - ok
19:46:40.0761 5436  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache       C:\Windows\system32\FntCache.dll
19:46:40.0797 5436  FontCache - ok
19:46:40.0850 5436  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:46:40.0853 5436  FontCache3.0.0.0 - ok
19:46:41.0052 5436  [ AA7DBB7B955DAB8438B1E222057692A7 ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
19:46:41.0054 5436  Freemake Improver - ok
19:46:41.0168 5436  [ CE0494485C1A7A5E8E9E6FD4F11E6D6F ] FreemakeVideoCapture C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
19:46:41.0169 5436  FreemakeVideoCapture - ok
19:46:41.0200 5436  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:46:41.0203 5436  FsDepends - ok
19:46:41.0232 5436  [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:46:41.0234 5436  Fs_Rec - ok
19:46:41.0289 5436  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:46:41.0294 5436  fvevol - ok
19:46:41.0329 5436  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:46:41.0333 5436  gagp30kx - ok
19:46:41.0372 5436  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
19:46:41.0388 5436  gpsvc - ok
19:46:41.0438 5436  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
19:46:41.0439 5436  GREGService - ok
19:46:41.0569 5436  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:46:41.0572 5436  gupdate - ok
19:46:41.0589 5436  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:46:41.0591 5436  gupdatem - ok
19:46:41.0634 5436  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:46:41.0636 5436  gusvc - ok
19:46:41.0668 5436  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:46:41.0671 5436  hcw85cir - ok
19:46:41.0707 5436  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:46:41.0714 5436  HdAudAddService - ok
19:46:41.0741 5436  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:46:41.0744 5436  HDAudBus - ok
19:46:41.0778 5436  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
19:46:41.0780 5436  HECIx64 - ok
19:46:41.0805 5436  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:46:41.0807 5436  HidBatt - ok
19:46:41.0825 5436  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:46:41.0828 5436  HidBth - ok
19:46:41.0859 5436  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:46:41.0862 5436  HidIr - ok
19:46:41.0908 5436  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:46:41.0911 5436  hidserv - ok
19:46:41.0949 5436  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:46:41.0951 5436  HidUsb - ok
19:46:41.0968 5436  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:46:41.0973 5436  hkmsvc - ok
19:46:42.0014 5436  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:46:42.0020 5436  HomeGroupListener - ok
19:46:42.0073 5436  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:46:42.0080 5436  HomeGroupProvider - ok
19:46:42.0128 5436  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
19:46:42.0131 5436  HpSAMD - ok
19:46:42.0200 5436  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:46:42.0216 5436  HTTP - ok
19:46:42.0259 5436  [ 1642C62F1FD5E1FF44608283994A7BB8 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
19:46:42.0261 5436  huawei_enumerator - ok
19:46:42.0298 5436  [ 04D1DE1E8ACE40CA396502C90524E945 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:46:42.0302 5436  hwdatacard - ok
19:46:42.0336 5436  HWDeviceService64.exe - ok
19:46:42.0362 5436  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:46:42.0363 5436  hwpolicy - ok
19:46:42.0386 5436  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:46:42.0389 5436  i8042prt - ok
19:46:42.0403 5436  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:46:42.0409 5436  iaStor - ok
19:46:42.0461 5436  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:46:42.0462 5436  IAStorDataMgrSvc - ok
19:46:42.0500 5436  [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
19:46:42.0506 5436  iaStorV - ok
19:46:42.0573 5436  [ 38106C7BD34EAE89D2769AC0BA2E846B ] Idea Net Setter. RunOuc C:\Program Files (x86)\Idea Net Setter\UpdateDog\ouc.exe
19:46:42.0576 5436  Idea Net Setter. RunOuc - ok
19:46:42.0631 5436  [ 2A63036283B36B3B68CDC6F85A7D53ED ] IDMWFP          C:\Windows\system32\DRIVERS\idmwfp.sys
19:46:42.0635 5436  IDMWFP - ok
19:46:42.0685 5436  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:46:42.0692 5436  idsvc - ok
19:46:42.0737 5436  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:46:42.0739 5436  iirsp - ok
19:46:42.0790 5436  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
19:46:42.0807 5436  IKEEXT - ok
19:46:42.0852 5436  [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
19:46:42.0855 5436  Impcd - ok
19:46:42.0956 5436  [ CB5FD9B681AD43B560490B5283DDC1C1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:46:43.0012 5436  IntcAzAudAddService - ok
19:46:43.0031 5436  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
19:46:43.0033 5436  intelide - ok
19:46:43.0245 5436  [ B744E1375CD1DB3EB7B89781B8C93D9F ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
19:46:43.0452 5436  intelkmd - ok
19:46:43.0503 5436  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:46:43.0505 5436  intelppm - ok
19:46:43.0531 5436  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:46:43.0537 5436  IPBusEnum - ok
19:46:43.0555 5436  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:46:43.0558 5436  IpFilterDriver - ok
19:46:43.0607 5436  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:46:43.0618 5436  iphlpsvc - ok
19:46:43.0640 5436  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:46:43.0642 5436  IPMIDRV - ok
19:46:43.0669 5436  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:46:43.0672 5436  IPNAT - ok
19:46:43.0710 5436  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:46:43.0712 5436  IRENUM - ok
19:46:43.0731 5436  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
19:46:43.0733 5436  isapnp - ok
19:46:43.0754 5436  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:46:43.0759 5436  iScsiPrt - ok
19:46:43.0804 5436  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:46:43.0807 5436  kbdclass - ok
19:46:43.0840 5436  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:46:43.0842 5436  kbdhid - ok
19:46:43.0864 5436  [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso          C:\Windows\system32\lsass.exe
19:46:43.0889 5436  KeyIso - ok
19:46:43.0895 5436  [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:46:43.0898 5436  KSecDD - ok
19:46:43.0905 5436  [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:46:43.0909 5436  KSecPkg - ok
19:46:43.0933 5436  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:46:43.0935 5436  ksthunk - ok
19:46:43.0967 5436  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:46:43.0976 5436  KtmRm - ok
19:46:44.0011 5436  [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
19:46:44.0014 5436  L1C - ok
19:46:44.0078 5436  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:46:44.0088 5436  LanmanServer - ok
19:46:44.0119 5436  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:46:44.0128 5436  LanmanWorkstation - ok
19:46:44.0157 5436  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:46:44.0159 5436  lltdio - ok
19:46:44.0179 5436  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:46:44.0188 5436  lltdsvc - ok
19:46:44.0225 5436  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:46:44.0229 5436  lmhosts - ok
19:46:44.0296 5436  [ 23D990150D56B670A62B21B9ABDD45EE ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:46:44.0300 5436  LMS - ok
19:46:44.0341 5436  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:46:44.0344 5436  LSI_FC - ok
19:46:44.0368 5436  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:46:44.0371 5436  LSI_SAS - ok
19:46:44.0390 5436  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:46:44.0393 5436  LSI_SAS2 - ok
19:46:44.0400 5436  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:46:44.0403 5436  LSI_SCSI - ok
19:46:44.0436 5436  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:46:44.0439 5436  luafv - ok
19:46:44.0493 5436  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
19:46:44.0495 5436  MBAMProtector - ok
19:46:44.0548 5436  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:46:44.0553 5436  MBAMScheduler - ok
19:46:44.0579 5436  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:46:44.0585 5436  MBAMService - ok
19:46:44.0637 5436  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:46:44.0643 5436  Mcx2Svc - ok
19:46:44.0674 5436  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:46:44.0676 5436  megasas - ok
19:46:44.0723 5436  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:46:44.0727 5436  MegaSR - ok
19:46:45.0197 5436  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:46:45.0199 5436  Microsoft Office Groove Audit Service - ok
19:46:45.0250 5436  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:46:45.0255 5436  MMCSS - ok
19:46:45.0272 5436  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:46:45.0274 5436  Modem - ok
19:46:45.0303 5436  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:46:45.0304 5436  monitor - ok
19:46:45.0324 5436  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:46:45.0326 5436  mouclass - ok
19:46:45.0352 5436  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:46:45.0354 5436  mouhid - ok
19:46:45.0369 5436  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:46:45.0372 5436  mountmgr - ok
19:46:45.0446 5436  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:46:45.0449 5436  MozillaMaintenance - ok
19:46:45.0484 5436  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
19:46:45.0488 5436  mpio - ok
19:46:45.0505 5436  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:46:45.0508 5436  mpsdrv - ok
19:46:45.0549 5436  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:46:45.0569 5436  MpsSvc - ok
19:46:45.0587 5436  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:46:45.0591 5436  MRxDAV - ok
19:46:45.0608 5436  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:46:45.0611 5436  mrxsmb - ok
19:46:45.0635 5436  [ A8C2D7673C8A010569390C826A0EFAF4 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:46:45.0640 5436  mrxsmb10 - ok
19:46:45.0651 5436  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:46:45.0654 5436  mrxsmb20 - ok
19:46:45.0682 5436  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
19:46:45.0684 5436  msahci - ok
19:46:45.0708 5436  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
19:46:45.0712 5436  msdsm - ok
19:46:45.0755 5436  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:46:45.0760 5436  MSDTC - ok
19:46:45.0791 5436  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:46:45.0793 5436  Msfs - ok
19:46:45.0811 5436  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:46:45.0812 5436  mshidkmdf - ok
19:46:45.0817 5436  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
19:46:45.0819 5436  msisadrv - ok
19:46:45.0845 5436  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:46:45.0849 5436  MSiSCSI - ok
19:46:45.0854 5436  msiserver - ok
19:46:45.0894 5436  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:46:45.0937 5436  MSKSSRV - ok
19:46:45.0960 5436  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:46:45.0962 5436  MSPCLOCK - ok
19:46:45.0975 5436  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:46:45.0977 5436  MSPQM - ok
19:46:45.0998 5436  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:46:46.0004 5436  MsRPC - ok
19:46:46.0011 5436  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:46:46.0012 5436  mssmbios - ok
19:46:46.0031 5436  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:46:46.0033 5436  MSTEE - ok
19:46:46.0050 5436  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:46:46.0051 5436  MTConfig - ok
19:46:46.0057 5436  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:46:46.0059 5436  Mup - ok
19:46:46.0083 5436  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
19:46:46.0085 5436  mwlPSDFilter - ok
19:46:46.0094 5436  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
19:46:46.0096 5436  mwlPSDNServ - ok
19:46:46.0108 5436  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
19:46:46.0110 5436  mwlPSDVDisk - ok
19:46:46.0162 5436  [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService      C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
19:46:46.0167 5436  MWLService - ok
19:46:46.0238 5436  MySQL - ok
19:46:46.0273 5436  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
19:46:46.0285 5436  napagent - ok
19:46:46.0327 5436  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:46:46.0332 5436  NativeWifiP - ok
19:46:46.0360 5436  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:46:46.0372 5436  NDIS - ok
19:46:46.0397 5436  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:46:46.0399 5436  NdisCap - ok
19:46:46.0412 5436  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:46:46.0413 5436  NdisTapi - ok
19:46:46.0418 5436  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:46:46.0420 5436  Ndisuio - ok
19:46:46.0425 5436  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:46:46.0428 5436  NdisWan - ok
19:46:46.0433 5436  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:46:46.0434 5436  NDProxy - ok
19:46:46.0438 5436  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:46:46.0440 5436  NetBIOS - ok
19:46:46.0453 5436  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:46:46.0457 5436  NetBT - ok
19:46:46.0474 5436  [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon        C:\Windows\system32\lsass.exe
19:46:46.0477 5436  Netlogon - ok
19:46:46.0505 5436  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:46:46.0512 5436  Netman - ok
19:46:46.0554 5436  [ 7E9228C814C0D0B551AF9A114B7E0B16 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:46:46.0558 5436  NetMsmqActivator - ok
19:46:46.0565 5436  [ 7E9228C814C0D0B551AF9A114B7E0B16 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:46:46.0567 5436  NetPipeActivator - ok
19:46:46.0580 5436  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:46:46.0590 5436  netprofm - ok
19:46:46.0599 5436  [ 7E9228C814C0D0B551AF9A114B7E0B16 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:46:46.0602 5436  NetTcpActivator - ok
19:46:46.0607 5436  [ 7E9228C814C0D0B551AF9A114B7E0B16 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:46:46.0610 5436  NetTcpPortSharing - ok
19:46:46.0632 5436  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:46:46.0634 5436  nfrd960 - ok
19:46:46.0667 5436  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:46:46.0673 5436  NlaSvc - ok
19:46:46.0713 5436  [ 351533ACC2A069B94E80BBFC177E8FDF ] npf             C:\Windows\system32\drivers\npf.sys
19:46:46.0715 5436  npf - ok
19:46:46.0734 5436  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:46:46.0736 5436  Npfs - ok
19:46:46.0740 5436  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:46:46.0744 5436  nsi - ok
19:46:46.0748 5436  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:46:46.0750 5436  nsiproxy - ok
19:46:46.0783 5436  [ 356698A13C4630D5B31C37378D469196 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:46:46.0803 5436  Ntfs - ok
19:46:46.0853 5436  [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
19:46:46.0856 5436  NTI IScheduleSvc - ok
19:46:46.0882 5436  [ 710263B44C1D1AEE07525A53401FBE48 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
19:46:46.0884 5436  NTIDrvr - ok
19:46:46.0915 5436  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:46:46.0916 5436  Null - ok
19:46:46.0948 5436  [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
19:46:46.0952 5436  nvraid - ok
19:46:46.0973 5436  [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
19:46:46.0978 5436  nvstor - ok
19:46:47.0020 5436  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
19:46:47.0023 5436  nv_agp - ok
19:46:47.0091 5436  [ BA7DAC1B8A86D9402C3E04E1FCAA600D ] ODDPwrSvc       C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
19:46:47.0094 5436  ODDPwrSvc - ok
19:46:47.0158 5436  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:46:47.0166 5436  odserv - ok
19:46:47.0186 5436  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
19:46:47.0189 5436  ohci1394 - ok
19:46:47.0225 5436  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:46:47.0227 5436  ose - ok
19:46:47.0268 5436  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:46:47.0277 5436  p2pimsvc - ok
19:46:47.0321 5436  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:46:47.0331 5436  p2psvc - ok
19:46:47.0361 5436  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:46:47.0364 5436  Parport - ok
19:46:47.0384 5436  [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:46:47.0387 5436  partmgr - ok
19:46:47.0400 5436  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:46:47.0407 5436  PcaSvc - ok
19:46:47.0414 5436  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
19:46:47.0418 5436  pci - ok
19:46:47.0431 5436  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
19:46:47.0433 5436  pciide - ok
19:46:47.0457 5436  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:46:47.0461 5436  pcmcia - ok
19:46:47.0464 5436  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:46:47.0467 5436  pcw - ok
19:46:47.0496 5436  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:46:47.0502 5436  PEAUTH - ok
19:46:47.0593 5436  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:46:47.0597 5436  PerfHost - ok
19:46:47.0661 5436  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
19:46:47.0705 5436  pla - ok
19:46:47.0759 5436  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:46:47.0769 5436  PlugPlay - ok
19:46:47.0788 5436  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:46:47.0793 5436  PNRPAutoReg - ok
19:46:47.0812 5436  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:46:47.0819 5436  PNRPsvc - ok
19:46:47.0853 5436  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:46:47.0862 5436  PolicyAgent - ok
19:46:47.0923 5436  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:46:47.0930 5436  Power - ok
19:46:47.0969 5436  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:46:47.0972 5436  PptpMiniport - ok
19:46:48.0002 5436  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:46:48.0004 5436  Processor - ok
19:46:48.0033 5436  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll
19:46:48.0040 5436  ProfSvc - ok
19:46:48.0052 5436  [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
19:46:48.0056 5436  ProtectedStorage - ok
19:46:48.0084 5436  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:46:48.0088 5436  Psched - ok
19:46:48.0179 5436  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:46:48.0225 5436  ql2300 - ok
19:46:48.0245 5436  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:46:48.0247 5436  ql40xx - ok
19:46:48.0287 5436  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:46:48.0295 5436  QWAVE - ok
19:46:48.0322 5436  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:46:48.0324 5436  QWAVEdrv - ok
19:46:48.0341 5436  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:46:48.0343 5436  RasAcd - ok
19:46:48.0388 5436  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:46:48.0390 5436  RasAgileVpn - ok
19:46:48.0426 5436  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:46:48.0432 5436  RasAuto - ok
19:46:48.0455 5436  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:46:48.0459 5436  Rasl2tp - ok
19:46:48.0495 5436  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
19:46:48.0504 5436  RasMan - ok
19:46:48.0510 5436  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:46:48.0512 5436  RasPppoe - ok
19:46:48.0518 5436  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:46:48.0521 5436  RasSstp - ok
19:46:48.0530 5436  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:46:48.0534 5436  rdbss - ok
19:46:48.0542 5436  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:46:48.0544 5436  rdpbus - ok
19:46:48.0575 5436  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:46:48.0577 5436  RDPCDD - ok
19:46:48.0594 5436  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:46:48.0595 5436  RDPENCDD - ok
19:46:48.0603 5436  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:46:48.0604 5436  RDPREFMP - ok
19:46:48.0621 5436  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:46:48.0625 5436  RDPWD - ok
19:46:48.0654 5436  [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:46:48.0658 5436  rdyboost - ok
19:46:48.0697 5436  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:46:48.0700 5436  RemoteAccess - ok
19:46:48.0759 5436  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:46:48.0766 5436  RemoteRegistry - ok
19:46:48.0809 5436  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:46:48.0813 5436  RFCOMM - ok
19:46:48.0879 5436  [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo       C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
19:46:48.0882 5436  RichVideo - ok
19:46:48.0898 5436  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:46:48.0904 5436  RpcEptMapper - ok
19:46:48.0933 5436  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:46:48.0937 5436  RpcLocator - ok
19:46:48.0967 5436  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
19:46:48.0975 5436  RpcSs - ok
19:46:49.0022 5436  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:46:49.0024 5436  rspndr - ok
19:46:49.0070 5436  [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A ] RS_Service      C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
19:46:49.0074 5436  RS_Service - ok
19:46:49.0085 5436  [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs           C:\Windows\system32\lsass.exe
19:46:49.0089 5436  SamSs - ok
19:46:49.0110 5436  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
19:46:49.0113 5436  sbp2port - ok
19:46:49.0148 5436  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:46:49.0156 5436  SCardSvr - ok
19:46:49.0182 5436  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:46:49.0184 5436  scfilter - ok
19:46:49.0257 5436  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
19:46:49.0291 5436  Schedule - ok
19:46:49.0319 5436  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:46:49.0321 5436  SCPolicySvc - ok
19:46:49.0347 5436  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:46:49.0356 5436  SDRSVC - ok
19:46:49.0421 5436  [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:46:49.0425 5436  SeaPort - ok
19:46:49.0455 5436  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:46:49.0457 5436  secdrv - ok
19:46:49.0480 5436  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
19:46:49.0485 5436  seclogon - ok
19:46:49.0503 5436  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:46:49.0509 5436  SENS - ok
19:46:49.0525 5436  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:46:49.0531 5436  SensrSvc - ok
19:46:49.0543 5436  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:46:49.0545 5436  Serenum - ok
19:46:49.0561 5436  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:46:49.0564 5436  Serial - ok
19:46:49.0610 5436  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:46:49.0612 5436  sermouse - ok
19:46:49.0649 5436  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
19:46:49.0655 5436  SessionEnv - ok
19:46:49.0676 5436  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
19:46:49.0679 5436  sffdisk - ok
19:46:49.0693 5436  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:46:49.0696 5436  sffp_mmc - ok
19:46:49.0707 5436  [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
19:46:49.0709 5436  sffp_sd - ok
19:46:49.0721 5436  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:46:49.0723 5436  sfloppy - ok
19:46:49.0756 5436  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:46:49.0764 5436  SharedAccess - ok
19:46:49.0812 5436  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:46:49.0821 5436  ShellHWDetection - ok
19:46:49.0852 5436  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:46:49.0854 5436  SiSRaid2 - ok
19:46:49.0873 5436  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:46:49.0904 5436  SiSRaid4 - ok
19:46:50.0115 5436  [ EB17DF573B4423DF0B3B2EE3B268A6DE ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:46:50.0195 5436  Skype C2C Service - ok
19:46:50.0288 5436  [ CA058CB8320CF9E3F978D729E55C82CF ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:46:50.0292 5436  SkypeUpdate - ok
19:46:50.0331 5436  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:46:50.0336 5436  Smb - ok
19:46:50.0400 5436  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:46:50.0406 5436  SNMPTRAP - ok
19:46:50.0422 5436  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:46:50.0424 5436  spldr - ok
19:46:50.0454 5436  [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler         C:\Windows\System32\spoolsv.exe
19:46:50.0471 5436  Spooler - ok
19:46:50.0566 5436  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
19:46:50.0659 5436  sppsvc - ok
19:46:50.0672 5436  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:46:50.0676 5436  sppuinotify - ok
19:46:50.0710 5436  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:46:50.0716 5436  srv - ok
19:46:50.0755 5436  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:46:50.0763 5436  srv2 - ok
19:46:50.0799 5436  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:46:50.0803 5436  srvnet - ok
19:46:50.0831 5436  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:46:50.0839 5436  SSDPSRV - ok
19:46:50.0845 5436  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:46:50.0852 5436  SstpSvc - ok
19:46:50.0868 5436  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:46:50.0871 5436  stexstor - ok
19:46:50.0975 5436  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
19:46:50.0989 5436  stisvc - ok
19:46:51.0006 5436  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:46:51.0008 5436  swenum - ok
19:46:51.0045 5436  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:46:51.0062 5436  swprv - ok
19:46:51.0125 5436  [ CE9B5A79AEE330BC7E88C0441E5727BB ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
19:46:51.0131 5436  SynTP - ok
19:46:51.0184 5436  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
19:46:51.0237 5436  SysMain - ok
19:46:51.0261 5436  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:46:51.0268 5436  TabletInputService - ok
19:46:51.0285 5436  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:46:51.0294 5436  TapiSrv - ok
19:46:51.0316 5436  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:46:51.0320 5436  TBS - ok
19:46:51.0397 5436  [ 61DC720BB065D607D5823F13D2A64321 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:46:51.0465 5436  Tcpip - ok
19:46:51.0522 5436  [ 61DC720BB065D607D5823F13D2A64321 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:46:51.0535 5436  TCPIP6 - ok
19:46:51.0562 5436  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:46:51.0564 5436  tcpipreg - ok
19:46:51.0585 5436  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:46:51.0587 5436  TDPIPE - ok
19:46:51.0593 5436  [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:46:51.0595 5436  TDTCP - ok
19:46:51.0600 5436  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:46:51.0603 5436  tdx - ok
19:46:51.0624 5436  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:46:51.0626 5436  TermDD - ok
19:46:51.0652 5436  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
19:46:51.0667 5436  TermService - ok
19:46:51.0684 5436  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:46:51.0688 5436  Themes - ok
19:46:51.0705 5436  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:46:51.0707 5436  THREADORDER - ok
19:46:51.0717 5436  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:46:51.0722 5436  TrkWks - ok
19:46:51.0772 5436  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:46:51.0775 5436  TrustedInstaller - ok
19:46:51.0808 5436  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:46:51.0810 5436  tssecsrv - ok
19:46:51.0844 5436  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:46:51.0848 5436  tunnel - ok
19:46:51.0902 5436  [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
19:46:51.0926 5436  TurboB - ok
19:46:51.0983 5436  [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:46:51.0985 5436  TurboBoost - ok
19:46:52.0014 5436  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:46:52.0017 5436  uagp35 - ok
19:46:52.0039 5436  [ 40079B0B801C5432BA435B5AD61CE6E3 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
19:46:52.0041 5436  UBHelper - ok
19:46:52.0064 5436  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:46:52.0071 5436  udfs - ok
19:46:52.0191 5436  [ 503D393875AB9844C0CE8B3718348F8A ] UDisk Monitor   C:\Program Files\TATA Photon Whiz Dialer\bin\MonServiceUDisk.exe
19:46:52.0197 5436  UDisk Monitor - ok
19:46:52.0231 5436  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:46:52.0238 5436  UI0Detect - ok
19:46:52.0278 5436  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
19:46:52.0281 5436  uliagpkx - ok
19:46:52.0322 5436  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:46:52.0325 5436  umbus - ok
19:46:52.0349 5436  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:46:52.0351 5436  UmPass - ok
19:46:52.0478 5436  [ CBDEE152D73200EE49031A26310B9D3E ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:46:52.0495 5436  UNS - ok
19:46:52.0542 5436  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
19:46:52.0543 5436  Updater Service - ok
19:46:52.0579 5436  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:46:52.0591 5436  upnphost - ok
19:46:52.0625 5436  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:46:52.0628 5436  usbccgp - ok
19:46:52.0661 5436  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
19:46:52.0665 5436  usbcir - ok
19:46:52.0671 5436  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:46:52.0673 5436  usbehci - ok
19:46:52.0699 5436  [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:46:52.0705 5436  usbhub - ok
19:46:52.0720 5436  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:46:52.0723 5436  usbohci - ok
19:46:52.0742 5436  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:46:52.0744 5436  usbprint - ok
19:46:52.0787 5436  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:46:52.0790 5436  usbscan - ok
19:46:52.0813 5436  [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:46:52.0817 5436  USBSTOR - ok
19:46:52.0835 5436  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:46:52.0837 5436  usbuhci - ok
19:46:52.0895 5436  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:46:52.0900 5436  usbvideo - ok
19:46:52.0934 5436  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:46:52.0941 5436  UxSms - ok
19:46:52.0952 5436  [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc        C:\Windows\system32\lsass.exe
19:46:52.0955 5436  VaultSvc - ok
19:46:52.0990 5436  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
19:46:52.0993 5436  vdrvroot - ok
19:46:53.0019 5436  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
19:46:53.0037 5436  vds - ok
19:46:53.0058 5436  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:46:53.0060 5436  vga - ok
19:46:53.0066 5436  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:46:53.0068 5436  VgaSave - ok
19:46:53.0089 5436  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
19:46:53.0094 5436  vhdmp - ok
19:46:53.0111 5436  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
19:46:53.0113 5436  viaide - ok
19:46:53.0120 5436  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
19:46:53.0123 5436  volmgr - ok
19:46:53.0132 5436  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:46:53.0138 5436  volmgrx - ok
19:46:53.0158 5436  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
19:46:53.0162 5436  volsnap - ok
19:46:53.0193 5436  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:46:53.0196 5436  vsmraid - ok
19:46:53.0255 5436  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
19:46:53.0293 5436  VSS - ok
19:46:53.0297 5436  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:46:53.0298 5436  vwifibus - ok
19:46:53.0303 5436  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:46:53.0305 5436  vwififlt - ok
19:46:53.0351 5436  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:46:53.0352 5436  vwifimp - ok
19:46:53.0402 5436  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:46:53.0409 5436  W32Time - ok
19:46:53.0424 5436  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:46:53.0426 5436  WacomPen - ok
19:46:53.0516 5436  wampmysqld - ok
19:46:53.0570 5436  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:46:53.0573 5436  WANARP - ok
19:46:53.0591 5436  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:46:53.0593 5436  Wanarpv6 - ok
19:46:53.0663 5436  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:46:53.0696 5436  WatAdminSvc - ok
19:46:53.0759 5436  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
19:46:53.0805 5436  wbengine - ok
19:46:53.0829 5436  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:46:53.0837 5436  WbioSrvc - ok
19:46:53.0871 5436  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:46:53.0939 5436  wcncsvc - ok
19:46:53.0970 5436  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:46:53.0977 5436  WcsPlugInService - ok
19:46:54.0005 5436  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:46:54.0007 5436  Wd - ok
19:46:54.0022 5436  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:46:54.0034 5436  Wdf01000 - ok
19:46:54.0080 5436  [ 7F681EEF56F16050033349EEBE0E45BF ] wdf_usb         C:\Windows\system32\DRIVERS\usb2ser.sys
19:46:54.0082 5436  wdf_usb - ok
19:46:54.0112 5436  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:46:54.0120 5436  WdiServiceHost - ok
19:46:54.0125 5436  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:46:54.0132 5436  WdiSystemHost - ok
19:46:54.0171 5436  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
19:46:54.0181 5436  WebClient - ok
19:46:54.0209 5436  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:46:54.0217 5436  Wecsvc - ok
19:46:54.0237 5436  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:46:54.0244 5436  wercplsupport - ok
19:46:54.0263 5436  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:46:54.0270 5436  WerSvc - ok
19:46:54.0290 5436  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:46:54.0292 5436  WfpLwf - ok
19:46:54.0320 5436  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:46:54.0323 5436  WIMMount - ok
19:46:54.0333 5436  WinDefend - ok
19:46:54.0344 5436  WinHttpAutoProxySvc - ok
19:46:54.0402 5436  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:46:54.0408 5436  Winmgmt - ok
19:46:54.0471 5436  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:46:54.0528 5436  WinRM - ok
19:46:54.0593 5436  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:46:54.0595 5436  WinUsb - ok
19:46:54.0640 5436  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:46:54.0672 5436  Wlansvc - ok
19:46:54.0796 5436  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:46:54.0853 5436  wlidsvc - ok
19:46:54.0879 5436  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:46:54.0881 5436  WmiAcpi - ok
19:46:54.0916 5436  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:46:54.0919 5436  wmiApSrv - ok
19:46:54.0941 5436  WMPNetworkSvc - ok
19:46:54.0972 5436  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:46:54.0979 5436  WPCSvc - ok
19:46:55.0002 5436  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:46:55.0011 5436  WPDBusEnum - ok
19:46:55.0041 5436  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:46:55.0043 5436  ws2ifsl - ok
19:46:55.0083 5436  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:46:55.0090 5436  wscsvc - ok
19:46:55.0095 5436  WSearch - ok
19:46:55.0178 5436  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:46:55.0247 5436  wuauserv - ok
19:46:55.0265 5436  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:46:55.0268 5436  WudfPf - ok
19:46:55.0309 5436  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:46:55.0312 5436  WUDFRd - ok
19:46:55.0338 5436  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:46:55.0343 5436  wudfsvc - ok
19:46:55.0359 5436  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:46:55.0366 5436  WwanSvc - ok
19:46:55.0474 5436  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:46:55.0482 5436  YahooAUService - ok
19:46:55.0542 5436  [ B36E54DD76DCAC72581306F5504C6491 ] ztemtusbser     C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
19:46:55.0544 5436  ztemtusbser - ok
19:46:55.0634 5436  ================ Scan global ===============================
19:46:55.0666 5436  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:46:55.0701 5436  [ B200DECA2186858595A97FBE63E896CC ] C:\Windows\system32\winsrv.dll
19:46:55.0714 5436  [ B200DECA2186858595A97FBE63E896CC ] C:\Windows\system32\winsrv.dll
19:46:55.0747 5436  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:46:55.0776 5436  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:46:55.0783 5436  [Global] - ok
19:46:55.0783 5436  ================ Scan MBR ==================================
19:46:55.0796 5436  [ 89B5DB6675722B3F1FCF978126515316 ] \Device\Harddisk0\DR0
19:46:55.0875 5436  \Device\Harddisk0\DR0 - ok
19:46:55.0891 5436  ================ Scan VBR ==================================
19:46:55.0895 5436  [ 62A528C88C7DB07C12FF31355E007372 ] \Device\Harddisk0\DR0\Partition1
19:46:55.0897 5436  \Device\Harddisk0\DR0\Partition1 - ok
19:46:55.0918 5436  [ 7C165894CE5979C4A87BA13948D45BA0 ] \Device\Harddisk0\DR0\Partition2
19:46:55.0920 5436  \Device\Harddisk0\DR0\Partition2 - ok
19:46:55.0966 5436  [ AB0FB2F484B87FEDC447ED9AE8847561 ] \Device\Harddisk0\DR0\Partition3
19:46:55.0978 5436  \Device\Harddisk0\DR0\Partition3 - ok
19:46:55.0979 5436  ============================================================
19:46:55.0979 5436  Scan finished
19:46:55.0979 5436  ============================================================
19:46:55.0990 3664  Detected object count: 0
19:46:55.0990 3664  Actual detected object count: 0

Share this post


Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Share this post


Link to post
Share on other sites

ComboFix Log :

 

 

ComboFix 13-10-16.02 - ANJU 17-10-2013  20:23:22.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.91.1033.18.3767.2066 [GMT 5.5:30]
Running from: c:\users\ANJU\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ANJU\AppData\Local\Temp\_MEI31962\_ctypes.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\_elementtree.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\_hashlib.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\_multiprocessing.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\_socket.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\_ssl.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\pyexpat.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\pysqlite2._sqlite.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\python27.dll
c:\users\ANJU\AppData\Local\Temp\_MEI31962\pythoncom27.dll
c:\users\ANJU\AppData\Local\Temp\_MEI31962\PyWinTypes27.dll
c:\users\ANJU\AppData\Local\Temp\_MEI31962\select.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\unicodedata.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\win32api.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\win32com.shell.shell.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\win32crypt.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\win32event.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\win32file.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\win32inet.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\win32pdh.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\win32process.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\win32profile.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\win32security.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\win32ts.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\windows._cacheinvalidation.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\wx._controls_.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\wx._core_.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\wx._gdi_.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\wx._html2.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\wx._misc_.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\wx._windows_.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\wx._wizard.pyd
c:\users\ANJU\AppData\Local\Temp\_MEI31962\wxbase294u_net_vc90.dll
c:\users\ANJU\AppData\Local\Temp\_MEI31962\wxbase294u_vc90.dll
c:\users\ANJU\AppData\Local\Temp\_MEI31962\wxmsw294u_adv_vc90.dll
c:\users\ANJU\AppData\Local\Temp\_MEI31962\wxmsw294u_core_vc90.dll
c:\users\ANJU\AppData\Local\Temp\_MEI31962\wxmsw294u_html_vc90.dll
c:\users\ANJU\AppData\Local\Temp\_MEI31962\wxmsw294u_webview_vc90.dll
c:\windows\87534825D130C004.log
c:\windows\ST6UNST.000
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-17 to 2013-10-17  )))))))))))))))))))))))))))))))
.
.
2013-10-17 15:07 . 2013-10-17 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-17 15:06 . 2013-10-17 15:06 -------- d-----w- c:\users\Guest User\AppData\Local\temp
2013-10-15 13:01 . 2013-10-15 13:01 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-10-15 10:14 . 2013-10-15 13:01 -------- d-----w- c:\programdata\HitmanPro
2013-10-15 07:27 . 2013-10-17 08:11 -------- d-----w- C:\AdwCleaner
2013-10-15 05:11 . 2012-08-30 04:08 1718392 ----a-w- c:\windows\system32\WdfCoinstaller01009.dll
2013-10-15 05:11 . 2012-08-30 04:08 40448 ----a-w- c:\windows\system32\drivers\usb2ser.sys
2013-10-15 05:11 . 2012-08-30 04:06 103424 ----a-w- c:\windows\SysWow64\MyDIT_GenClassCoInst.dll
2013-10-15 05:11 . 2013-10-15 05:11 -------- d-----w- c:\program files (x86)\D-Link Connection Manager
2013-10-07 12:25 . 2013-10-07 12:33 -------- d-----w- C:\Acer
2013-10-03 13:29 . 2013-10-03 13:29 17154952 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-09-28 16:14 . 2013-09-28 16:14 -------- d-----w- c:\users\ANJU\AppData\Local\avgchrome
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-03 13:30 . 2013-03-02 16:26 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-03 13:30 . 2011-10-01 15:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-26 14:52 . 2013-03-22 14:27 161720 ----a-w- c:\program files (x86)\pares.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
2009-11-25 07:17 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\ANJU\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-22 138096]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-06-07 3491264]
"Nimbuzz"="c:\program files (x86)\Nimbuzz\Nimbuzz.exe" [2012-10-17 12859904]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19876968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-21 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-06-25 124136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-20 296056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
c:\users\ANJU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\ANJU\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-8-25 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Idea Net Setter. RunOuc;Idea Net Setter. OUC;c:\program files (x86)\Idea Net Setter\UpdateDog\ouc.exe;c:\program files (x86)\Idea Net Setter\UpdateDog\ouc.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 aswVmm;aswVmm; [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdf_usb;wdf_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UDisk Monitor;UDisk Monitor;c:\program files\TATA Photon Whiz Dialer\bin\MonServiceUDisk.exe;c:\program files\TATA Photon Whiz Dialer\bin\MonServiceUDisk.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-06 04:20 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-02 16:06]
.
2013-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2178933935-4143419969-1144191208-1000Core.job
- c:\users\ANJU\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-22 14:48]
.
2013-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2178933935-4143419969-1144191208-1000UA.job
- c:\users\ANJU\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-22 14:48]
.
2013-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-19 08:59]
.
2013-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-19 08:59]
.
2013-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2178933935-4143419969-1144191208-1000Core.job
- c:\users\ANJU\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-12 13:07]
.
2013-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2178933935-4143419969-1144191208-1000UA.job
- c:\users\ANJU\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-12 13:07]
.
2013-10-17 c:\windows\Tasks\ReclaimerUpdateFiles_ANJU.job
- c:\users\ANJU\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 13:57]
.
2013-09-28 c:\windows\Tasks\ReclaimerUpdateXML_ANJU.job
- c:\users\ANJU\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 13:57]
.
2013-10-17 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_ANJU.job
- c:\users\ANJU\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 13:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 10:40 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 10:40 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 10:40 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 10:40 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-13 2103912]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-20 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-20 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-20 414744]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-11 496160]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.2 10.0.0.3
FF - ProfilePath - c:\users\ANJU\AppData\Roaming\Mozilla\Firefox\Profiles\y3uf64cy.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
URLSearchHooks-{9384bd4c-dd14-4be9-80f7-f6277511e4f5} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Messenger (Yahoo!) - ~c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe
Wow6432Node-HKLM-Run-Yahoo Messenger - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{3CC29C1A-B5FE-457B-8F22-32A2557A92C7}}_is1 - c:\program files (x86)\Windows Movie Maker\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-2178933935-4143419969-1144191208-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-2178933935-4143419969-1144191208-1000)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-2178933935-4143419969-1144191208-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-2178933935-4143419969-1144191208-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-2178933935-4143419969-1144191208-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40966F84-4AD1-63BE-00B5-BDB4A610243D}*]
"oafjempfdjlbclhgpnjnfjboegdnag"=hex:6a,61,6d,6f,69,67,65,69,68,6c,6d,63,66,6c,
   6e,64,63,6d,67,65,00,fa
"naljolbllikbjeiafggjohiioggp"=hex:6a,61,6d,6f,6e,67,6e,68,6b,64,6f,68,6f,6c,
   6e,66,6b,6f,65,6f,00,ff
"oajicaooaelehglmgfcepfdnonkgmo"=hex:64,61,6d,6f,69,67,6c,67,00,fc
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):76,f9,7a,e3,12,53,3c,50,6b,fa,a3,90,7d,a8,fa,8d,68,ed,ce,93,ab,
   2c,18,0b,6b,ce,39,90,73,53,bd,55,ea,2e,9d,38,0b,0b,ff,fc,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):05,77,84,ed,af,4c,2c,fb,d0,72,dc,ea,6d,07,fd,fc,07,05,93,b2,9f,
   b0,36,9a,2e,21,dc,cc,42,e7,5b,0b,8a,9c,be,d4,d3,4d,d2,90,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000_Classes\Wow6432Node\CLSID\{82fba445-bd83-4f01-823e-dd9274bbfb03}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000c5
"Therad"=dword:00000020
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,85,b1,12,f9,90,dd,23,a1,46,8f,3c,f2,5c,68,ee,21,4a,c5,cc,d9,5d,57,\
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000_Classes\Wow6432Node\CLSID\{ab006fd2-42bf-4123-8ff7-9e37e83218e0}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000005a
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\programdata\Idea Net Setter\OnlineUpdate\ouc.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-10-17  20:59:04 - machine was rebooted
ComboFix-quarantined-files.txt  2013-10-17 15:28
.
Pre-Run: 200,839,053,312 bytes free
Post-Run: 204,502,401,024 bytes free
.
- - End Of File - - 2E0B843F980E4B34FDF6AB8F3851BA56

Share this post


Link to post
Share on other sites

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

CFScript.txt

Share this post


Link to post
Share on other sites

 Combofix scripting Log.

 

ComboFix 13-10-16.02 - ANJU 18-10-2013  13:05:22.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.91.1033.18.3767.2199 [GMT 5.5:30]
Running from: c:\users\ANJU\Desktop\ComboFix.exe
Command switches used :: c:\users\ANJU\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-18 to 2013-10-18  )))))))))))))))))))))))))))))))
.
.
2013-10-18 07:44 . 2013-10-18 07:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-10-18 07:44 . 2013-10-18 07:44 -------- d-----w- c:\users\Guest User\AppData\Local\temp
2013-10-18 07:44 . 2013-10-18 07:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-15 13:01 . 2013-10-15 13:01 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-10-15 10:14 . 2013-10-15 13:01 -------- d-----w- c:\programdata\HitmanPro
2013-10-15 07:27 . 2013-10-17 08:11 -------- d-----w- C:\AdwCleaner
2013-10-15 05:11 . 2012-08-30 04:08 1718392 ----a-w- c:\windows\system32\WdfCoinstaller01009.dll
2013-10-15 05:11 . 2012-08-30 04:08 40448 ----a-w- c:\windows\system32\drivers\usb2ser.sys
2013-10-15 05:11 . 2012-08-30 04:06 103424 ----a-w- c:\windows\SysWow64\MyDIT_GenClassCoInst.dll
2013-10-15 05:11 . 2013-10-15 05:11 -------- d-----w- c:\program files (x86)\D-Link Connection Manager
2013-10-07 12:25 . 2013-10-07 12:33 -------- d-----w- C:\Acer
2013-10-03 13:29 . 2013-10-03 13:29 17154952 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-09-28 16:14 . 2013-09-28 16:14 -------- d-----w- c:\users\ANJU\AppData\Local\avgchrome
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-03 13:30 . 2013-03-02 16:26 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-03 13:30 . 2011-10-01 15:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-26 14:52 . 2013-03-22 14:27 161720 ----a-w- c:\program files (x86)\pares.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
2009-11-25 07:17 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\ANJU\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-22 138096]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-06-07 3491264]
"Nimbuzz"="c:\program files (x86)\Nimbuzz\Nimbuzz.exe" [2012-10-17 12859904]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19876968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-21 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-06-25 124136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-20 296056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
c:\users\ANJU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\ANJU\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-8-25 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
R2 Idea Net Setter. RunOuc;Idea Net Setter. OUC;c:\program files (x86)\Idea Net Setter\UpdateDog\ouc.exe;c:\program files (x86)\Idea Net Setter\UpdateDog\ouc.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 aswVmm;aswVmm; [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UDisk Monitor;UDisk Monitor;c:\program files\TATA Photon Whiz Dialer\bin\MonServiceUDisk.exe;c:\program files\TATA Photon Whiz Dialer\bin\MonServiceUDisk.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 wdf_usb;wdf_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-06 04:20 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-02 16:06]
.
2013-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2178933935-4143419969-1144191208-1000Core.job
- c:\users\ANJU\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-22 14:48]
.
2013-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2178933935-4143419969-1144191208-1000UA.job
- c:\users\ANJU\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-22 14:48]
.
2013-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-19 08:59]
.
2013-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-19 08:59]
.
2013-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2178933935-4143419969-1144191208-1000Core.job
- c:\users\ANJU\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-12 13:07]
.
2013-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2178933935-4143419969-1144191208-1000UA.job
- c:\users\ANJU\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-12 13:07]
.
2013-10-17 c:\windows\Tasks\ReclaimerUpdateFiles_ANJU.job
- c:\users\ANJU\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 13:57]
.
2013-09-28 c:\windows\Tasks\ReclaimerUpdateXML_ANJU.job
- c:\users\ANJU\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 13:57]
.
2013-10-18 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_ANJU.job
- c:\users\ANJU\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 13:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 10:40 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 10:40 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 10:40 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 10:40 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-13 2103912]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-20 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-20 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-20 414744]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-11 496160]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.2 10.0.0.3
TCP: Interfaces\{39C1F243-4DD3-44A8-BB5C-91764DE735FD}: NameServer = 112.110.240.5 112.110.249.5
FF - ProfilePath - c:\users\ANJU\AppData\Roaming\Mozilla\Firefox\Profiles\y3uf64cy.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-{3CC29C1A-B5FE-457B-8F22-32A2557A92C7}}_is1 - c:\program files (x86)\Windows Movie Maker\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-2178933935-4143419969-1144191208-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-2178933935-4143419969-1144191208-1000)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-2178933935-4143419969-1144191208-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-2178933935-4143419969-1144191208-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-2178933935-4143419969-1144191208-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-18  13:30:24
ComboFix-quarantined-files.txt  2013-10-18 08:00
ComboFix2.txt  2013-10-17 15:29
.
Pre-Run: 204,069,412,864 bytes free
Post-Run: 203,827,965,952 bytes free
.
- - End Of File - - 29D409FE170F7D5EF322AC02F4402FBE

Share this post


Link to post
Share on other sites

MBAM Log :

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.08.01
 
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
ANJU :: ANJU-PC [administrator]
 
Protection: Disabled
 
18-10-2013 PM 1:35:48
mbam-log-2013-10-18 (13-35-48).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 390828
Time elapsed: 42 minute(s), 1 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\AdwCleaner\Quarantine\C\Users\ANJU\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\mgHelperGCFB.dll.vir (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\ANJU\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\mgHelperGC.dll.vir (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
 
(end)

Share this post


Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Share this post


Link to post
Share on other sites

Hi,

i think the online scanning is not going to work.

every time i start the scan,

the virus signature database download step gets disconnected  at  around 30 to 50%,

and i have to start all over again.

i have tried this for 5 times now.

 

may be it is due to my internet connectivity issue ?

Share this post


Link to post
Share on other sites

Finally got the scan to work.

find the log below :

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF10_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF11_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF12_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF13_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF3_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF4_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF5_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF6_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF7_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF8_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF9_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_IEBHO_39.dll.vir a variant of Win64/Toolbar.SearchSuite.A application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_IEBHO_80.dll.vir a variant of Win32/Toolbar.SearchSuite application

C:\AdwCleaner\Quarantine\C\Users\ANJU\AppData\Local\torch\User Data\Default\Extensions\dlmdlmoekcipeicfbnohedgkglmbhcla\1.0.0_0\background.js.vir Win32/BrowseFox.B application

C:\AdwCleaner\Quarantine\C\Users\ANJU\AppData\Local\torch\User Data\Default\Extensions\dlmdlmoekcipeicfbnohedgkglmbhcla\1.0.0_0\content.js.vir Win32/BrowseFox.B application

C:\AdwCleaner\Quarantine\C\Users\ANJU\AppData\LocalLow\FilmFanaticEI\Installr\Cache\001013DD.exe.vir a variant of Win32/Toolbar.MyWebSearch.O application

C:\Users\ANJU\AppData\Local\BlackHawk\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0\BabMaint.x a variant of Win32/Toolbar.Babylon.I application

C:\Users\ANJU\AppData\Local\BlackHawk\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html Win32/DealPly.E application

C:\Users\ANJU\Downloads\Programs\cbsidlm-tr1_10a-Direct_MP3_Joiner-ORG-10360428.exe Win32/DownloadAdmin.G application

C:\Users\ANJU\Downloads\Programs\free-mp3-cutter-joiner.exe Win32/Adware.RK.AP application

C:\Users\ANJU\Downloads\Programs\fTalkV4.exe Win32/Toolbar.SearchSuite application

C:\Users\ANJU\Downloads\Programs\MP3CutterSetup.exe Win32/InstallMonetizer.AF application

C:\Users\ANJU\Downloads\Programs\Setup_FreeYouTubeDownloaderplus.exe Win32/Toolbar.SearchSuite application

C:\Users\ANJU\Downloads\Programs\Setup_FreeYouTubeDownloaderplus_2.exe Win32/Toolbar.SearchSuite application

C:\Users\ANJU\Downloads\Softwares\exe\MP3CutterSetup.exe Win32/InstallMonetizer.AF application

Share this post


Link to post
Share on other sites

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF10_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF11_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF12_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF13_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF3_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF4_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF5_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF6_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF7_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF8_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF9_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_IEBHO_39.dll.vir a variant of Win64/Toolbar.SearchSuite.A application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_IEBHO_80.dll.vir a variant of Win32/Toolbar.SearchSuite application

C:\AdwCleaner\Quarantine\C\Users\ANJU\AppData\Local\torch\User Data\Default\Extensions\dlmdlmoekcipeicfbnohedgkglmbhcla\1.0.0_0\background.js.vir Win32/BrowseFox.B application

C:\AdwCleaner\Quarantine\C\Users\ANJU\AppData\Local\torch\User Data\Default\Extensions\dlmdlmoekcipeicfbnohedgkglmbhcla\1.0.0_0\content.js.vir Win32/BrowseFox.B application

C:\AdwCleaner\Quarantine\C\Users\ANJU\AppData\LocalLow\FilmFanaticEI\Installr\Cache\001013DD.exe.vir a variant of Win32/Toolbar.MyWebSearch.O application

C:\Users\ANJU\AppData\Local\BlackHawk\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0\BabMaint.x a variant of Win32/Toolbar.Babylon.I application

C:\Users\ANJU\AppData\Local\BlackHawk\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html Win32/DealPly.E application

C:\Users\ANJU\Downloads\Programs\cbsidlm-tr1_10a-Direct_MP3_Joiner-ORG-10360428.exe Win32/DownloadAdmin.G application

C:\Users\ANJU\Downloads\Programs\free-mp3-cutter-joiner.exe Win32/Adware.RK.AP application

C:\Users\ANJU\Downloads\Programs\fTalkV4.exe Win32/Toolbar.SearchSuite application

C:\Users\ANJU\Downloads\Programs\MP3CutterSetup.exe Win32/InstallMonetizer.AF application

C:\Users\ANJU\Downloads\Programs\Setup_FreeYouTubeDownloaderplus.exe Win32/Toolbar.SearchSuite application

C:\Users\ANJU\Downloads\Programs\Setup_FreeYouTubeDownloaderplus_2.exe Win32/Toolbar.SearchSuite application

C:\Users\ANJU\Downloads\Softwares\exe\MP3CutterSetup.exe Win32/InstallMonetizer.AF application

Share this post


Link to post
Share on other sites

 

C:\Users\ANJU\Downloads\Programs\cbsidlm-tr1_10a-Direct_MP3_Joiner-ORG-10360428.exe    Win32/DownloadAdmin.G application

C:\Users\ANJU\Downloads\Programs\free-mp3-cutter-joiner.exe    Win32/Adware.RK.AP application

C:\Users\ANJU\Downloads\Programs\fTalkV4.exe    Win32/Toolbar.SearchSuite application

C:\Users\ANJU\Downloads\Programs\MP3CutterSetup.exe    Win32/InstallMonetizer.AF application

C:\Users\ANJU\Downloads\Programs\Setup_FreeYouTubeDownloaderplus.exe    Win32/Toolbar.SearchSuite application

C:\Users\ANJU\Downloads\Programs\Setup_FreeYouTubeDownloaderplus_2.exe    Win32/Toolbar.SearchSuite application

C:\Users\ANJU\Downloads\Softwares\exe\MP3CutterSetup.exe    Win32/InstallMonetizer.AF application

 

Delete these files!

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.