Jump to content

emil915

Members
  • Posts

    18
  • Joined

  • Last visited

Everything posted by emil915

  1. Kevin, When i pin Chrome to the taskbar, the home page opens to search.arab-one.com but if i launch chrome from windows 8 home menu it works fine.
  2. Thanks Kevin, Did you find out which software / website has caused the infection ? Please advise so that i can be careful the next time i deal with such stuff.
  3. Kevin, Chrome is now back to normal. i was able to delete the arabyonline search engine from settings. Thank you very much..!
  4. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/6/2015 Scan Time: 8:46 PM Logfile: Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.07.06.04 Rootkit Database: v2015.07.05.03 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Joel Scan Type: Threat Scan Result: Completed Objects Scanned: 521713 Time Elapsed: 40 min, 4 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) AdwCleanerS4.txt JRT.txt mrt.log Fixlog.txt
  5. Kevin, Thanks for helping, See below Log from Malwarebytes scan. Also Attached All other logs you require. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/5/2015 Scan Time: 11:12 PM Logfile: Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.07.05.05 Rootkit Database: v2015.07.05.03 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Joel Scan Type: Threat Scan Result: Completed Objects Scanned: 521978 Time Elapsed: 38 min, 47 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Rougekiller.txt Addition.txt FRST.txt
  6. Hi, Google chrome on my Laptop seems to be infected with some virus, the home page is automatically set to www.alarabeyes.com, search engine locked on arabeyonline, which i cannot change..! I've tride using adwcleaner. junkware removal tool, malwarebytes anti malware... Nothing Works,, Please Help..
  7. just keeps coming like this after i paste. Pls. find the .txt file attached eset online scan log.txt
  8. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF10_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF11_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF12_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF13_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF3_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF4_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF5_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF6_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF7_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF8_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF9_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_IEBHO_39.dll.vir a variant of Win64/Toolbar.SearchSuite.A application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_IEBHO_80.dll.vir a variant of Win32/Toolbar.SearchSuite application C:\AdwCleaner\Quarantine\C\Users\ANJU\AppData\Local\torch\User Data\Default\Extensions\dlmdlmoekcipeicfbnohedgkglmbhcla\1.0.0_0\background.js.vir Win32/BrowseFox.B application C:\AdwCleaner\Quarantine\C\Users\ANJU\AppData\Local\torch\User Data\Default\Extensions\dlmdlmoekcipeicfbnohedgkglmbhcla\1.0.0_0\content.js.vir Win32/BrowseFox.B application C:\AdwCleaner\Quarantine\C\Users\ANJU\AppData\LocalLow\FilmFanaticEI\Installr\Cache\001013DD.exe.vir a variant of Win32/Toolbar.MyWebSearch.O application C:\Users\ANJU\AppData\Local\BlackHawk\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0\BabMaint.x a variant of Win32/Toolbar.Babylon.I application C:\Users\ANJU\AppData\Local\BlackHawk\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html Win32/DealPly.E application C:\Users\ANJU\Downloads\Programs\cbsidlm-tr1_10a-Direct_MP3_Joiner-ORG-10360428.exe Win32/DownloadAdmin.G application C:\Users\ANJU\Downloads\Programs\free-mp3-cutter-joiner.exe Win32/Adware.RK.AP application C:\Users\ANJU\Downloads\Programs\fTalkV4.exe Win32/Toolbar.SearchSuite application C:\Users\ANJU\Downloads\Programs\MP3CutterSetup.exe Win32/InstallMonetizer.AF application C:\Users\ANJU\Downloads\Programs\Setup_FreeYouTubeDownloaderplus.exe Win32/Toolbar.SearchSuite application C:\Users\ANJU\Downloads\Programs\Setup_FreeYouTubeDownloaderplus_2.exe Win32/Toolbar.SearchSuite application C:\Users\ANJU\Downloads\Softwares\exe\MP3CutterSetup.exe Win32/InstallMonetizer.AF application
  9. Finally got the scan to work. find the log below : C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF10_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF11_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF12_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF13_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF3_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF4_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF5_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF6_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF7_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF8_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_DataMngrHlpFF9_98.dll.vir probably a variant of Win32/Toolbar.SearchSuite.D application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_IEBHO_39.dll.vir a variant of Win64/Toolbar.SearchSuite.A application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\del_IEBHO_80.dll.vir a variant of Win32/Toolbar.SearchSuite application C:\AdwCleaner\Quarantine\C\Users\ANJU\AppData\Local\torch\User Data\Default\Extensions\dlmdlmoekcipeicfbnohedgkglmbhcla\1.0.0_0\background.js.vir Win32/BrowseFox.B application C:\AdwCleaner\Quarantine\C\Users\ANJU\AppData\Local\torch\User Data\Default\Extensions\dlmdlmoekcipeicfbnohedgkglmbhcla\1.0.0_0\content.js.vir Win32/BrowseFox.B application C:\AdwCleaner\Quarantine\C\Users\ANJU\AppData\LocalLow\FilmFanaticEI\Installr\Cache\001013DD.exe.vir a variant of Win32/Toolbar.MyWebSearch.O application C:\Users\ANJU\AppData\Local\BlackHawk\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0\BabMaint.x a variant of Win32/Toolbar.Babylon.I application C:\Users\ANJU\AppData\Local\BlackHawk\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html Win32/DealPly.E application C:\Users\ANJU\Downloads\Programs\cbsidlm-tr1_10a-Direct_MP3_Joiner-ORG-10360428.exe Win32/DownloadAdmin.G application C:\Users\ANJU\Downloads\Programs\free-mp3-cutter-joiner.exe Win32/Adware.RK.AP application C:\Users\ANJU\Downloads\Programs\fTalkV4.exe Win32/Toolbar.SearchSuite application C:\Users\ANJU\Downloads\Programs\MP3CutterSetup.exe Win32/InstallMonetizer.AF application C:\Users\ANJU\Downloads\Programs\Setup_FreeYouTubeDownloaderplus.exe Win32/Toolbar.SearchSuite application C:\Users\ANJU\Downloads\Programs\Setup_FreeYouTubeDownloaderplus_2.exe Win32/Toolbar.SearchSuite application C:\Users\ANJU\Downloads\Softwares\exe\MP3CutterSetup.exe Win32/InstallMonetizer.AF application
  10. Hi, i think the online scanning is not going to work. every time i start the scan, the virus signature database download step gets disconnected at around 30 to 50%, and i have to start all over again. i have tried this for 5 times now. may be it is due to my internet connectivity issue ?
  11. MBAM Log : Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.10.08.01 Windows 7 x64 NTFSInternet Explorer 8.0.7600.16385ANJU :: ANJU-PC [administrator] Protection: Disabled 18-10-2013 PM 1:35:48mbam-log-2013-10-18 (13-35-48).txt Scan type: Full scan (C:\|D:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 390828Time elapsed: 42 minute(s), 1 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 1HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully. Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 2C:\AdwCleaner\Quarantine\C\Users\ANJU\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\mgHelperGCFB.dll.vir (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.C:\AdwCleaner\Quarantine\C\Users\ANJU\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\mgHelperGC.dll.vir (PUP.Optional.SweetIM) -> Quarantined and deleted successfully. (end)
  12. Combofix scripting Log. ComboFix 13-10-16.02 - ANJU 18-10-2013 13:05:22.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3767.2199 [GMT 5.5:30]Running from: c:\users\ANJU\Desktop\ComboFix.exeCommand switches used :: c:\users\ANJU\Desktop\CFScript.txtAV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-09-18 to 2013-10-18 )))))))))))))))))))))))))))))))..2013-10-18 07:44 . 2013-10-18 07:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2013-10-18 07:44 . 2013-10-18 07:44 -------- d-----w- c:\users\Guest User\AppData\Local\temp2013-10-18 07:44 . 2013-10-18 07:44 -------- d-----w- c:\users\Default\AppData\Local\temp2013-10-15 13:01 . 2013-10-15 13:01 12872 ----a-w- c:\windows\system32\bootdelete.exe2013-10-15 10:14 . 2013-10-15 13:01 -------- d-----w- c:\programdata\HitmanPro2013-10-15 07:27 . 2013-10-17 08:11 -------- d-----w- C:\AdwCleaner2013-10-15 05:11 . 2012-08-30 04:08 1718392 ----a-w- c:\windows\system32\WdfCoinstaller01009.dll2013-10-15 05:11 . 2012-08-30 04:08 40448 ----a-w- c:\windows\system32\drivers\usb2ser.sys2013-10-15 05:11 . 2012-08-30 04:06 103424 ----a-w- c:\windows\SysWow64\MyDIT_GenClassCoInst.dll2013-10-15 05:11 . 2013-10-15 05:11 -------- d-----w- c:\program files (x86)\D-Link Connection Manager2013-10-07 12:25 . 2013-10-07 12:33 -------- d-----w- C:\Acer2013-10-03 13:29 . 2013-10-03 13:29 17154952 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2013-09-28 16:14 . 2013-09-28 16:14 -------- d-----w- c:\users\ANJU\AppData\Local\avgchrome...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-03 13:30 . 2013-03-02 16:26 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-10-03 13:30 . 2011-10-01 15:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-09-26 14:52 . 2013-03-22 14:27 161720 ----a-w- c:\program files (x86)\pares.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]2009-11-25 07:17 297808 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Facebook Update"="c:\users\ANJU\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-22 138096]"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-06-07 3491264]"Nimbuzz"="c:\program files (x86)\Nimbuzz\Nimbuzz.exe" [2012-10-17 12859904]"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19876968].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-21 98304]"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-06-25 124136]"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-20 296056]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304].c:\users\ANJU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk - c:\users\ANJU\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-8-25 113664]Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer2"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]R2 Idea Net Setter. RunOuc;Idea Net Setter. OUC;c:\program files (x86)\Idea Net Setter\UpdateDog\ouc.exe;c:\program files (x86)\Idea Net Setter\UpdateDog\ouc.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]R3 aswVmm;aswVmm; [x]R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]S0 aswRvrt;aswRvrt; [x]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [x]S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]S2 UDisk Monitor;UDisk Monitor;c:\program files\TATA Photon Whiz Dialer\bin\MonServiceUDisk.exe;c:\program files\TATA Photon Whiz Dialer\bin\MonServiceUDisk.exe [x]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]S3 wdf_usb;wdf_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-10-06 04:20 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-02 16:06].2013-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2178933935-4143419969-1144191208-1000Core.job- c:\users\ANJU\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-22 14:48].2013-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2178933935-4143419969-1144191208-1000UA.job- c:\users\ANJU\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-22 14:48].2013-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-19 08:59].2013-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-19 08:59].2013-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2178933935-4143419969-1144191208-1000Core.job- c:\users\ANJU\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-12 13:07].2013-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2178933935-4143419969-1144191208-1000UA.job- c:\users\ANJU\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-12 13:07].2013-10-17 c:\windows\Tasks\ReclaimerUpdateFiles_ANJU.job- c:\users\ANJU\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 13:57].2013-09-28 c:\windows\Tasks\ReclaimerUpdateXML_ANJU.job- c:\users\ANJU\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 13:57].2013-10-18 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_ANJU.job- c:\users\ANJU\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 13:57]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2013-04-16 10:40 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-04-16 10:40 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2013-04-16 10:40 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2013-04-16 10:40 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504]"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-13 2103912]"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-20 161304]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-20 386584]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-20 414744]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-11 496160].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htmIE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 10.0.0.2 10.0.0.3TCP: Interfaces\{39C1F243-4DD3-44A8-BB5C-91764DE735FD}: NameServer = 112.110.240.5 112.110.249.5FF - ProfilePath - c:\users\ANJU\AppData\Roaming\Mozilla\Firefox\Profiles\y3uf64cy.default\FF - prefs.js: browser.search.defaulturl - FF - prefs.js: network.proxy.type - 0.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Toolbar-10 - (no file)AddRemove-{3CC29C1A-B5FE-457B-8F22-32A2557A92C7}}_is1 - c:\program files (x86)\Windows Movie Maker\unins000.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]@Denied: (2) (LocalSystem)"Progid"="SafariDownload".[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]@Denied: (2) (S-1-5-21-2178933935-4143419969-1144191208-1000)@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]@Denied: (2) (S-1-5-21-2178933935-4143419969-1144191208-1000)@Denied: (2) (LocalSystem)"Progid"="Applications\\notepad.exe".[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]@Denied: (2) (LocalSystem)"Progid"="SafariExtension".[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]@Denied: (2) (S-1-5-21-2178933935-4143419969-1144191208-1000)@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]@Denied: (2) (LocalSystem)"Progid"="SafariHTML".[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]@Denied: (2) (LocalSystem)"Progid"="SafariHTML".[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]@Denied: (2) (S-1-5-21-2178933935-4143419969-1144191208-1000)@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]@Denied: (2) (S-1-5-21-2178933935-4143419969-1144191208-1000)@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="SafariHTML".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-10-18 13:30:24ComboFix-quarantined-files.txt 2013-10-18 08:00ComboFix2.txt 2013-10-17 15:29.Pre-Run: 204,069,412,864 bytes freePost-Run: 203,827,965,952 bytes free.- - End Of File - - 29D409FE170F7D5EF322AC02F4402FBE
  13. ComboFix Log : ComboFix 13-10-16.02 - ANJU 17-10-2013 20:23:22.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3767.2066 [GMT 5.5:30]Running from: c:\users\ANJU\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\ANJU\AppData\Local\Temp\_MEI31962\_ctypes.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\_elementtree.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\_hashlib.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\_multiprocessing.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\_socket.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\_ssl.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\pyexpat.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\pysqlite2._sqlite.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\python27.dllc:\users\ANJU\AppData\Local\Temp\_MEI31962\pythoncom27.dllc:\users\ANJU\AppData\Local\Temp\_MEI31962\PyWinTypes27.dllc:\users\ANJU\AppData\Local\Temp\_MEI31962\select.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\unicodedata.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\win32api.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\win32com.shell.shell.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\win32crypt.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\win32event.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\win32file.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\win32inet.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\win32pdh.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\win32process.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\win32profile.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\win32security.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\win32ts.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\windows._cacheinvalidation.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\wx._controls_.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\wx._core_.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\wx._gdi_.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\wx._html2.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\wx._misc_.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\wx._windows_.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\wx._wizard.pydc:\users\ANJU\AppData\Local\Temp\_MEI31962\wxbase294u_net_vc90.dllc:\users\ANJU\AppData\Local\Temp\_MEI31962\wxbase294u_vc90.dllc:\users\ANJU\AppData\Local\Temp\_MEI31962\wxmsw294u_adv_vc90.dllc:\users\ANJU\AppData\Local\Temp\_MEI31962\wxmsw294u_core_vc90.dllc:\users\ANJU\AppData\Local\Temp\_MEI31962\wxmsw294u_html_vc90.dllc:\users\ANJU\AppData\Local\Temp\_MEI31962\wxmsw294u_webview_vc90.dllc:\windows\87534825D130C004.logc:\windows\ST6UNST.000c:\windows\SysWow64\DEBUG.logc:\windows\SysWow64\Packet.dllc:\windows\SysWow64\pthreadVC.dllc:\windows\SysWow64\wpcap.dllc:\windows\wininit.ini..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_NPF-------\Service_npf..((((((((((((((((((((((((( Files Created from 2013-09-17 to 2013-10-17 )))))))))))))))))))))))))))))))..2013-10-17 15:07 . 2013-10-17 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp2013-10-17 15:06 . 2013-10-17 15:06 -------- d-----w- c:\users\Guest User\AppData\Local\temp2013-10-15 13:01 . 2013-10-15 13:01 12872 ----a-w- c:\windows\system32\bootdelete.exe2013-10-15 10:14 . 2013-10-15 13:01 -------- d-----w- c:\programdata\HitmanPro2013-10-15 07:27 . 2013-10-17 08:11 -------- d-----w- C:\AdwCleaner2013-10-15 05:11 . 2012-08-30 04:08 1718392 ----a-w- c:\windows\system32\WdfCoinstaller01009.dll2013-10-15 05:11 . 2012-08-30 04:08 40448 ----a-w- c:\windows\system32\drivers\usb2ser.sys2013-10-15 05:11 . 2012-08-30 04:06 103424 ----a-w- c:\windows\SysWow64\MyDIT_GenClassCoInst.dll2013-10-15 05:11 . 2013-10-15 05:11 -------- d-----w- c:\program files (x86)\D-Link Connection Manager2013-10-07 12:25 . 2013-10-07 12:33 -------- d-----w- C:\Acer2013-10-03 13:29 . 2013-10-03 13:29 17154952 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2013-09-28 16:14 . 2013-09-28 16:14 -------- d-----w- c:\users\ANJU\AppData\Local\avgchrome...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-03 13:30 . 2013-03-02 16:26 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-10-03 13:30 . 2011-10-01 15:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-09-26 14:52 . 2013-03-22 14:27 161720 ----a-w- c:\program files (x86)\pares.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]2009-11-25 07:17 297808 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Facebook Update"="c:\users\ANJU\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-22 138096]"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-06-07 3491264]"Nimbuzz"="c:\program files (x86)\Nimbuzz\Nimbuzz.exe" [2012-10-17 12859904]"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19876968].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-21 98304]"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-06-25 124136]"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-20 296056]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304].c:\users\ANJU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk - c:\users\ANJU\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-8-25 113664]Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer2"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 Idea Net Setter. RunOuc;Idea Net Setter. OUC;c:\program files (x86)\Idea Net Setter\UpdateDog\ouc.exe;c:\program files (x86)\Idea Net Setter\UpdateDog\ouc.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]R3 aswVmm;aswVmm; [x]R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 wdf_usb;wdf_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x]R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]S0 aswRvrt;aswRvrt; [x]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [x]S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]S2 UDisk Monitor;UDisk Monitor;c:\program files\TATA Photon Whiz Dialer\bin\MonServiceUDisk.exe;c:\program files\TATA Photon Whiz Dialer\bin\MonServiceUDisk.exe [x]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-10-06 04:20 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-02 16:06].2013-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2178933935-4143419969-1144191208-1000Core.job- c:\users\ANJU\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-22 14:48].2013-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2178933935-4143419969-1144191208-1000UA.job- c:\users\ANJU\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-22 14:48].2013-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-19 08:59].2013-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-19 08:59].2013-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2178933935-4143419969-1144191208-1000Core.job- c:\users\ANJU\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-12 13:07].2013-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2178933935-4143419969-1144191208-1000UA.job- c:\users\ANJU\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-12 13:07].2013-10-17 c:\windows\Tasks\ReclaimerUpdateFiles_ANJU.job- c:\users\ANJU\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 13:57].2013-09-28 c:\windows\Tasks\ReclaimerUpdateXML_ANJU.job- c:\users\ANJU\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 13:57].2013-10-17 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_ANJU.job- c:\users\ANJU\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 13:57]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2013-04-16 10:40 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-04-16 10:40 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2013-04-16 10:40 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2013-04-16 10:40 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504]"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-13 2103912]"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-20 161304]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-20 386584]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-20 414744]"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-11 496160].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = localIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htmIE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 10.0.0.2 10.0.0.3FF - ProfilePath - c:\users\ANJU\AppData\Roaming\Mozilla\Firefox\Profiles\y3uf64cy.default\FF - prefs.js: browser.search.defaulturl - FF - prefs.js: network.proxy.type - 0.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)URLSearchHooks-{9384bd4c-dd14-4be9-80f7-f6277511e4f5} - (no file)Toolbar-Locked - (no file)Toolbar-10 - (no file)Wow6432Node-HKCU-Run-Messenger (Yahoo!) - ~c:\progra~2\Yahoo!\Messenger\YahooMessenger.exeWow6432Node-HKLM-Run-Yahoo Messenger - (no file)Toolbar-Locked - (no file)Toolbar-10 - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeAddRemove-{3CC29C1A-B5FE-457B-8F22-32A2557A92C7}}_is1 - c:\program files (x86)\Windows Movie Maker\unins000.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]@Denied: (2) (LocalSystem)"Progid"="SafariDownload".[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]@Denied: (2) (S-1-5-21-2178933935-4143419969-1144191208-1000)@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]@Denied: (2) (S-1-5-21-2178933935-4143419969-1144191208-1000)@Denied: (2) (LocalSystem)"Progid"="Applications\\notepad.exe".[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]@Denied: (2) (LocalSystem)"Progid"="SafariExtension".[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]@Denied: (2) (S-1-5-21-2178933935-4143419969-1144191208-1000)@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]@Denied: (2) (LocalSystem)"Progid"="SafariHTML".[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]@Denied: (2) (LocalSystem)"Progid"="SafariHTML".[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]@Denied: (2) (S-1-5-21-2178933935-4143419969-1144191208-1000)@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]@Denied: (2) (S-1-5-21-2178933935-4143419969-1144191208-1000)@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="SafariHTML".[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40966F84-4AD1-63BE-00B5-BDB4A610243D}*]"oafjempfdjlbclhgpnjnfjboegdnag"=hex:6a,61,6d,6f,69,67,65,69,68,6c,6d,63,66,6c, 6e,64,63,6d,67,65,00,fa"naljolbllikbjeiafggjohiioggp"=hex:6a,61,6d,6f,6e,67,6e,68,6b,64,6f,68,6f,6c, 6e,66,6b,6f,65,6f,00,ff"oajicaooaelehglmgfcepfdnonkgmo"=hex:64,61,6d,6f,69,67,6c,67,00,fc.[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"scansk"=hex(0):76,f9,7a,e3,12,53,3c,50,6b,fa,a3,90,7d,a8,fa,8d,68,ed,ce,93,ab, 2c,18,0b,6b,ce,39,90,73,53,bd,55,ea,2e,9d,38,0b,0b,ff,fc,00,00,00,00,00,00,\.[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]@Denied: (Full) (Everyone)"scansk"=hex(0):05,77,84,ed,af,4c,2c,fb,d0,72,dc,ea,6d,07,fd,fc,07,05,93,b2,9f, b0,36,9a,2e,21,dc,cc,42,e7,5b,0b,8a,9c,be,d4,d3,4d,d2,90,00,00,00,00,00,00,\.[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000_Classes\Wow6432Node\CLSID\{82fba445-bd83-4f01-823e-dd9274bbfb03}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"Model"=dword:000000c5"Therad"=dword:00000020"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,46,8f,3c,f2,5c,68,ee,21,4a,c5,cc,d9,5d,57,\.[HKEY_USERS\S-1-5-21-2178933935-4143419969-1144191208-1000_Classes\Wow6432Node\CLSID\{ab006fd2-42bf-4123-8ff7-9e37e83218e0}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"Model"=dword:0000005a"Therad"=dword:0000001b"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files\AVAST Software\Avast\AvastSvc.exec:\programdata\Idea Net Setter\OnlineUpdate\ouc.exec:\program files (x86)\Cyberlink\Shared files\RichVideo.exec:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exec:\windows\SysWOW64\RunDll32.exec:\program files (x86)\Launch Manager\LMworker.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2013-10-17 20:59:04 - machine was rebootedComboFix-quarantined-files.txt 2013-10-17 15:28.Pre-Run: 200,839,053,312 bytes freePost-Run: 204,502,401,024 bytes free.- - End Of File - - 2E0B843F980E4B34FDF6AB8F3851BA56
  14. Log from TDSS-Killer 19:46:22.0628 5832 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:4219:46:24.0629 5832 ============================================================19:46:24.0629 5832 Current date / time: 2013/10/17 19:46:24.062919:46:24.0629 5832 SystemInfo:19:46:24.0629 5832 19:46:24.0629 5832 OS Version: 6.1.7600 ServicePack: 0.019:46:24.0629 5832 Product type: Workstation19:46:24.0630 5832 ComputerName: ANJU-PC19:46:24.0630 5832 UserName: ANJU19:46:24.0630 5832 Windows directory: C:\Windows19:46:24.0630 5832 System windows directory: C:\Windows19:46:24.0630 5832 Running under WOW6419:46:24.0630 5832 Processor architecture: Intel x6419:46:24.0630 5832 Number of processors: 419:46:24.0630 5832 Page size: 0x100019:46:24.0630 5832 Boot type: Normal boot19:46:24.0630 5832 ============================================================19:46:26.0407 5832 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004019:46:26.0421 5832 ============================================================19:46:26.0421 5832 \Device\Harddisk0\DR0:19:46:26.0421 5832 MBR partitions:19:46:26.0421 5832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x3200019:46:26.0421 5832 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x1DDB800019:46:26.0470 5832 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1FBEB000, BlocksNum 0x124F800019:46:26.0504 5832 ============================================================19:46:26.0542 5832 C: <-> \Device\Harddisk0\DR0\Partition219:46:26.0610 5832 D: <-> \Device\Harddisk0\DR0\Partition319:46:26.0610 5832 ============================================================19:46:26.0611 5832 Initialize success19:46:26.0611 5832 ============================================================19:46:30.0309 5436 ============================================================19:46:30.0309 5436 Scan started19:46:30.0309 5436 Mode: Manual; 19:46:30.0309 5436 ============================================================19:46:32.0439 5436 ================ Scan system memory ========================19:46:32.0439 5436 System memory - ok19:46:32.0440 5436 ================ Scan services =============================19:46:32.0613 5436 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys19:46:32.0618 5436 1394ohci - ok19:46:33.0038 5436 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys19:46:33.0044 5436 ACPI - ok19:46:33.0067 5436 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys19:46:33.0069 5436 AcpiPmi - ok19:46:33.0196 5436 [ 3109B16A0939BA11696EEB04F345D099 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe19:46:33.0200 5436 AdobeFlashPlayerUpdateSvc - ok19:46:33.0262 5436 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys19:46:33.0271 5436 adp94xx - ok19:46:33.0323 5436 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys19:46:33.0330 5436 adpahci - ok19:46:33.0354 5436 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys19:46:33.0358 5436 adpu320 - ok19:46:33.0394 5436 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll19:46:33.0396 5436 AeLookupSvc - ok19:46:33.0466 5436 [ 6EF20DDF3172E97D69F596FB90602F29 ] AFD C:\Windows\system32\drivers\afd.sys19:46:33.0475 5436 AFD - ok19:46:33.0520 5436 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys19:46:33.0522 5436 agp440 - ok19:46:33.0560 5436 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe19:46:33.0562 5436 ALG - ok19:46:33.0599 5436 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys19:46:33.0601 5436 aliide - ok19:46:33.0630 5436 [ 893D2125996BB8B92054D743D75FDC09 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe19:46:33.0634 5436 AMD External Events Utility - ok19:46:33.0657 5436 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys19:46:33.0659 5436 amdide - ok19:46:33.0700 5436 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys19:46:33.0702 5436 AmdK8 - ok19:46:33.0928 5436 [ 6AA57C2C6B586CAC8910A142928A79C7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys19:46:34.0107 5436 amdkmdag - ok19:46:34.0158 5436 [ 2705B5AF991EFF9396109FBE63635FC9 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys19:46:34.0182 5436 amdkmdap - ok19:46:34.0209 5436 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys19:46:34.0211 5436 AmdPPM - ok19:46:34.0246 5436 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys19:46:34.0249 5436 amdsata - ok19:46:34.0289 5436 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys19:46:34.0293 5436 amdsbs - ok19:46:34.0310 5436 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys19:46:34.0312 5436 amdxata - ok19:46:34.0339 5436 [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS19:46:34.0340 5436 AmUStor - ok19:46:34.0375 5436 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys19:46:34.0377 5436 AppID - ok19:46:34.0400 5436 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll19:46:34.0402 5436 AppIDSvc - ok19:46:34.0423 5436 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll19:46:34.0426 5436 Appinfo - ok19:46:34.0452 5436 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys19:46:34.0455 5436 arc - ok19:46:34.0479 5436 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys19:46:34.0481 5436 arcsas - ok19:46:34.0594 5436 [ FA558B04F900EF9801534D20F24FF2BF ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe19:46:34.0596 5436 aspnet_state - ok19:46:34.0670 5436 [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys19:46:34.0672 5436 aswFsBlk - ok19:46:34.0746 5436 [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys19:46:34.0749 5436 aswMonFlt - ok19:46:34.0780 5436 [ 8F90459AFB7FD4557D935CE639EF6110 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys19:46:34.0783 5436 aswRdr - ok19:46:34.0849 5436 [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys19:46:34.0852 5436 aswRvrt - ok19:46:34.0938 5436 [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys19:46:34.0983 5436 aswSnx - ok19:46:35.0053 5436 [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP C:\Windows\system32\drivers\aswSP.sys19:46:35.0062 5436 aswSP - ok19:46:35.0198 5436 [ D62C10D1829C65115111C160EA956260 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys19:46:35.0201 5436 aswTdi - ok19:46:35.0259 5436 [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm C:\Windows\system32\drivers\aswVmm.sys19:46:35.0263 5436 aswVmm - ok19:46:35.0311 5436 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys19:46:35.0312 5436 AsyncMac - ok19:46:35.0377 5436 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys19:46:35.0379 5436 atapi - ok19:46:35.0440 5436 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys19:46:35.0475 5436 athr - ok19:46:35.0527 5436 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys19:46:35.0530 5436 AtiHdmiService - ok19:46:35.0643 5436 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll19:46:35.0656 5436 AudioEndpointBuilder - ok19:46:35.0671 5436 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll19:46:35.0677 5436 AudioSrv - ok19:46:35.0806 5436 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe19:46:35.0808 5436 avast! Antivirus - ok19:46:35.0919 5436 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll19:46:35.0923 5436 AxInstSV - ok19:46:35.0973 5436 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys19:46:35.0985 5436 b06bdrv - ok19:46:36.0048 5436 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys19:46:36.0055 5436 b57nd60a - ok19:46:36.0327 5436 [ 2D659B569A76CDB83B815675A80D7096 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys19:46:36.0417 5436 BCM43XX - ok19:46:36.0476 5436 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll19:46:36.0479 5436 BDESVC - ok19:46:36.0511 5436 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys19:46:36.0515 5436 Beep - ok19:46:36.0587 5436 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll19:46:36.0601 5436 BFE - ok19:46:36.0641 5436 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll19:46:36.0663 5436 BITS - ok19:46:36.0713 5436 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys19:46:36.0715 5436 blbdrive - ok19:46:36.0808 5436 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe19:46:36.0817 5436 Bonjour Service - ok19:46:36.0859 5436 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys19:46:36.0861 5436 bowser - ok19:46:36.0895 5436 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys19:46:36.0897 5436 BrFiltLo - ok19:46:36.0908 5436 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys19:46:36.0910 5436 BrFiltUp - ok19:46:36.0942 5436 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll19:46:36.0945 5436 Browser - ok19:46:36.0972 5436 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys19:46:36.0978 5436 Brserid - ok19:46:37.0001 5436 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys19:46:37.0003 5436 BrSerWdm - ok19:46:37.0033 5436 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys19:46:37.0035 5436 BrUsbMdm - ok19:46:37.0044 5436 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys19:46:37.0046 5436 BrUsbSer - ok19:46:37.0100 5436 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys19:46:37.0102 5436 BthEnum - ok19:46:37.0124 5436 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys19:46:37.0126 5436 BTHMODEM - ok19:46:37.0145 5436 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys19:46:37.0148 5436 BthPan - ok19:46:37.0174 5436 [ A51FA9D0E85D5ADABEF72E67F386309C ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys19:46:37.0183 5436 BTHPORT - ok19:46:37.0252 5436 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll19:46:37.0255 5436 bthserv - ok19:46:37.0278 5436 [ F740B9A16B2C06700F2130E19986BF3B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys19:46:37.0281 5436 BTHUSB - ok19:46:37.0329 5436 [ 73A1C54749FE4F0019241E36C796AB86 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys19:46:37.0337 5436 btwampfl - ok19:46:37.0358 5436 [ 1872074ED0A3FB22E3F1E3197B984BFA ] btwaudio C:\Windows\system32\drivers\btwaudio.sys19:46:37.0360 5436 btwaudio - ok19:46:37.0388 5436 [ 691CF076C33AB1C3A5B2FD5450300733 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys19:46:37.0392 5436 btwavdt - ok19:46:37.0452 5436 [ 4E6AC6475EF653BDFFDA67A74B9591D8 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe19:46:37.0474 5436 btwdins - ok19:46:37.0502 5436 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys19:46:37.0504 5436 btwl2cap - ok19:46:37.0520 5436 [ C9273B20DEC8CE38DBCE5D29DE63C907 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys19:46:37.0521 5436 btwrchid - ok19:46:37.0559 5436 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys19:46:37.0561 5436 cdfs - ok19:46:37.0628 5436 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys19:46:37.0632 5436 cdrom - ok19:46:37.0674 5436 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll19:46:37.0677 5436 CertPropSvc - ok19:46:37.0698 5436 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys19:46:37.0701 5436 circlass - ok19:46:37.0722 5436 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys19:46:37.0729 5436 CLFS - ok19:46:37.0779 5436 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe19:46:37.0782 5436 clr_optimization_v2.0.50727_32 - ok19:46:37.0813 5436 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe19:46:37.0816 5436 clr_optimization_v2.0.50727_64 - ok19:46:37.0927 5436 [ F53E15A89675B7489FABE74F2091568E ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe19:46:37.0931 5436 clr_optimization_v4.0.30319_32 - ok19:46:37.0945 5436 [ 101D397632B9007DF13E9A957EA68E04 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe19:46:37.0947 5436 clr_optimization_v4.0.30319_64 - ok19:46:37.0997 5436 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys19:46:37.0998 5436 CmBatt - ok19:46:38.0039 5436 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys19:46:38.0041 5436 cmdide - ok19:46:38.0451 5436 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys19:46:38.0460 5436 CNG - ok19:46:38.0471 5436 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys19:46:38.0474 5436 Compbatt - ok19:46:38.0491 5436 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys19:46:38.0492 5436 CompositeBus - ok19:46:38.0498 5436 COMSysApp - ok19:46:38.0503 5436 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys19:46:38.0505 5436 crcdisk - ok19:46:38.0531 5436 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll19:46:38.0534 5436 CryptSvc - ok19:46:38.0590 5436 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll19:46:38.0602 5436 DcomLaunch - ok19:46:38.0620 5436 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll19:46:38.0625 5436 defragsvc - ok19:46:38.0667 5436 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys19:46:38.0670 5436 DfsC - ok19:46:38.0718 5436 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll19:46:38.0725 5436 Dhcp - ok19:46:38.0773 5436 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys19:46:38.0775 5436 discache - ok19:46:38.0802 5436 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys19:46:38.0804 5436 Disk - ok19:46:38.0842 5436 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll19:46:38.0847 5436 Dnscache - ok19:46:38.0903 5436 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll19:46:38.0908 5436 dot3svc - ok19:46:38.0936 5436 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll19:46:38.0940 5436 DPS - ok19:46:38.0980 5436 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys19:46:38.0981 5436 drmkaud - ok19:46:39.0059 5436 [ 9CF46FDF163E06B83D03FF929EF2296C ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe19:46:39.0064 5436 DsiWMIService - ok19:46:39.0474 5436 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys19:46:39.0489 5436 DXGKrnl - ok19:46:39.0524 5436 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll19:46:39.0527 5436 EapHost - ok19:46:39.0627 5436 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys19:46:39.0709 5436 ebdrv - ok19:46:39.0742 5436 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe19:46:39.0746 5436 EFS - ok19:46:39.0823 5436 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe19:46:39.0830 5436 ehRecvr - ok19:46:39.0861 5436 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe19:46:39.0932 5436 ehSched - ok19:46:39.0995 5436 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys19:46:40.0006 5436 elxstor - ok19:46:40.0093 5436 [ EB78FBD1C3DB8223EEB364D485627EF1 ] ePowerSvc C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe19:46:40.0101 5436 ePowerSvc - ok19:46:40.0125 5436 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys19:46:40.0126 5436 ErrDev - ok19:46:40.0191 5436 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll19:46:40.0199 5436 EventSystem - ok19:46:40.0290 5436 [ 334C907536E815E56CD13108A6D5FB9D ] ewusbmbb C:\Windows\system32\DRIVERS\ewusbwwan.sys19:46:40.0299 5436 ewusbmbb - ok19:46:40.0332 5436 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys19:46:40.0334 5436 ew_hwusbdev - ok19:46:40.0398 5436 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys19:46:40.0403 5436 exfat - ok19:46:40.0438 5436 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys19:46:40.0442 5436 fastfat - ok19:46:40.0533 5436 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe19:46:40.0550 5436 Fax - ok19:46:40.0575 5436 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys19:46:40.0577 5436 fdc - ok19:46:40.0598 5436 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll19:46:40.0601 5436 fdPHost - ok19:46:40.0611 5436 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll19:46:40.0614 5436 FDResPub - ok19:46:40.0650 5436 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys19:46:40.0652 5436 FileInfo - ok19:46:40.0681 5436 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys19:46:40.0683 5436 Filetrace - ok19:46:40.0695 5436 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys19:46:40.0697 5436 flpydisk - ok19:46:40.0707 5436 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys19:46:40.0712 5436 FltMgr - ok19:46:40.0761 5436 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll19:46:40.0797 5436 FontCache - ok19:46:40.0850 5436 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe19:46:40.0853 5436 FontCache3.0.0.0 - ok19:46:41.0052 5436 [ AA7DBB7B955DAB8438B1E222057692A7 ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe19:46:41.0054 5436 Freemake Improver - ok19:46:41.0168 5436 [ CE0494485C1A7A5E8E9E6FD4F11E6D6F ] FreemakeVideoCapture C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe19:46:41.0169 5436 FreemakeVideoCapture - ok19:46:41.0200 5436 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys19:46:41.0203 5436 FsDepends - ok19:46:41.0232 5436 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys19:46:41.0234 5436 Fs_Rec - ok19:46:41.0289 5436 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys19:46:41.0294 5436 fvevol - ok19:46:41.0329 5436 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys19:46:41.0333 5436 gagp30kx - ok19:46:41.0372 5436 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll19:46:41.0388 5436 gpsvc - ok19:46:41.0438 5436 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe19:46:41.0439 5436 GREGService - ok19:46:41.0569 5436 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe19:46:41.0572 5436 gupdate - ok19:46:41.0589 5436 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe19:46:41.0591 5436 gupdatem - ok19:46:41.0634 5436 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe19:46:41.0636 5436 gusvc - ok19:46:41.0668 5436 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys19:46:41.0671 5436 hcw85cir - ok19:46:41.0707 5436 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys19:46:41.0714 5436 HdAudAddService - ok19:46:41.0741 5436 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys19:46:41.0744 5436 HDAudBus - ok19:46:41.0778 5436 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys19:46:41.0780 5436 HECIx64 - ok19:46:41.0805 5436 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys19:46:41.0807 5436 HidBatt - ok19:46:41.0825 5436 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys19:46:41.0828 5436 HidBth - ok19:46:41.0859 5436 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys19:46:41.0862 5436 HidIr - ok19:46:41.0908 5436 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll19:46:41.0911 5436 hidserv - ok19:46:41.0949 5436 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys19:46:41.0951 5436 HidUsb - ok19:46:41.0968 5436 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll19:46:41.0973 5436 hkmsvc - ok19:46:42.0014 5436 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll19:46:42.0020 5436 HomeGroupListener - ok19:46:42.0073 5436 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll19:46:42.0080 5436 HomeGroupProvider - ok19:46:42.0128 5436 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys19:46:42.0131 5436 HpSAMD - ok19:46:42.0200 5436 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys19:46:42.0216 5436 HTTP - ok19:46:42.0259 5436 [ 1642C62F1FD5E1FF44608283994A7BB8 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys19:46:42.0261 5436 huawei_enumerator - ok19:46:42.0298 5436 [ 04D1DE1E8ACE40CA396502C90524E945 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys19:46:42.0302 5436 hwdatacard - ok19:46:42.0336 5436 HWDeviceService64.exe - ok19:46:42.0362 5436 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys19:46:42.0363 5436 hwpolicy - ok19:46:42.0386 5436 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys19:46:42.0389 5436 i8042prt - ok19:46:42.0403 5436 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys19:46:42.0409 5436 iaStor - ok19:46:42.0461 5436 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe19:46:42.0462 5436 IAStorDataMgrSvc - ok19:46:42.0500 5436 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys19:46:42.0506 5436 iaStorV - ok19:46:42.0573 5436 [ 38106C7BD34EAE89D2769AC0BA2E846B ] Idea Net Setter. RunOuc C:\Program Files (x86)\Idea Net Setter\UpdateDog\ouc.exe19:46:42.0576 5436 Idea Net Setter. RunOuc - ok19:46:42.0631 5436 [ 2A63036283B36B3B68CDC6F85A7D53ED ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys19:46:42.0635 5436 IDMWFP - ok19:46:42.0685 5436 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe19:46:42.0692 5436 idsvc - ok19:46:42.0737 5436 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys19:46:42.0739 5436 iirsp - ok19:46:42.0790 5436 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll19:46:42.0807 5436 IKEEXT - ok19:46:42.0852 5436 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys19:46:42.0855 5436 Impcd - ok19:46:42.0956 5436 [ CB5FD9B681AD43B560490B5283DDC1C1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys19:46:43.0012 5436 IntcAzAudAddService - ok19:46:43.0031 5436 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys19:46:43.0033 5436 intelide - ok19:46:43.0245 5436 [ B744E1375CD1DB3EB7B89781B8C93D9F ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys19:46:43.0452 5436 intelkmd - ok19:46:43.0503 5436 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys19:46:43.0505 5436 intelppm - ok19:46:43.0531 5436 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll19:46:43.0537 5436 IPBusEnum - ok19:46:43.0555 5436 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys19:46:43.0558 5436 IpFilterDriver - ok19:46:43.0607 5436 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll19:46:43.0618 5436 iphlpsvc - ok19:46:43.0640 5436 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys19:46:43.0642 5436 IPMIDRV - ok19:46:43.0669 5436 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys19:46:43.0672 5436 IPNAT - ok19:46:43.0710 5436 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys19:46:43.0712 5436 IRENUM - ok19:46:43.0731 5436 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys19:46:43.0733 5436 isapnp - ok19:46:43.0754 5436 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys19:46:43.0759 5436 iScsiPrt - ok19:46:43.0804 5436 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys19:46:43.0807 5436 kbdclass - ok19:46:43.0840 5436 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys19:46:43.0842 5436 kbdhid - ok19:46:43.0864 5436 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe19:46:43.0889 5436 KeyIso - ok19:46:43.0895 5436 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys19:46:43.0898 5436 KSecDD - ok19:46:43.0905 5436 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys19:46:43.0909 5436 KSecPkg - ok19:46:43.0933 5436 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys19:46:43.0935 5436 ksthunk - ok19:46:43.0967 5436 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll19:46:43.0976 5436 KtmRm - ok19:46:44.0011 5436 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys19:46:44.0014 5436 L1C - ok19:46:44.0078 5436 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll19:46:44.0088 5436 LanmanServer - ok19:46:44.0119 5436 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll19:46:44.0128 5436 LanmanWorkstation - ok19:46:44.0157 5436 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys19:46:44.0159 5436 lltdio - ok19:46:44.0179 5436 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll19:46:44.0188 5436 lltdsvc - ok19:46:44.0225 5436 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll19:46:44.0229 5436 lmhosts - ok19:46:44.0296 5436 [ 23D990150D56B670A62B21B9ABDD45EE ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe19:46:44.0300 5436 LMS - ok19:46:44.0341 5436 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys19:46:44.0344 5436 LSI_FC - ok19:46:44.0368 5436 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys19:46:44.0371 5436 LSI_SAS - ok19:46:44.0390 5436 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys19:46:44.0393 5436 LSI_SAS2 - ok19:46:44.0400 5436 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys19:46:44.0403 5436 LSI_SCSI - ok19:46:44.0436 5436 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys19:46:44.0439 5436 luafv - ok19:46:44.0493 5436 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys19:46:44.0495 5436 MBAMProtector - ok19:46:44.0548 5436 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe19:46:44.0553 5436 MBAMScheduler - ok19:46:44.0579 5436 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe19:46:44.0585 5436 MBAMService - ok19:46:44.0637 5436 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll19:46:44.0643 5436 Mcx2Svc - ok19:46:44.0674 5436 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys19:46:44.0676 5436 megasas - ok19:46:44.0723 5436 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys19:46:44.0727 5436 MegaSR - ok19:46:45.0197 5436 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe19:46:45.0199 5436 Microsoft Office Groove Audit Service - ok19:46:45.0250 5436 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll19:46:45.0255 5436 MMCSS - ok19:46:45.0272 5436 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys19:46:45.0274 5436 Modem - ok19:46:45.0303 5436 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys19:46:45.0304 5436 monitor - ok19:46:45.0324 5436 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys19:46:45.0326 5436 mouclass - ok19:46:45.0352 5436 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys19:46:45.0354 5436 mouhid - ok19:46:45.0369 5436 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys19:46:45.0372 5436 mountmgr - ok19:46:45.0446 5436 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe19:46:45.0449 5436 MozillaMaintenance - ok19:46:45.0484 5436 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys19:46:45.0488 5436 mpio - ok19:46:45.0505 5436 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys19:46:45.0508 5436 mpsdrv - ok19:46:45.0549 5436 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll19:46:45.0569 5436 MpsSvc - ok19:46:45.0587 5436 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys19:46:45.0591 5436 MRxDAV - ok19:46:45.0608 5436 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys19:46:45.0611 5436 mrxsmb - ok19:46:45.0635 5436 [ A8C2D7673C8A010569390C826A0EFAF4 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys19:46:45.0640 5436 mrxsmb10 - ok19:46:45.0651 5436 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys19:46:45.0654 5436 mrxsmb20 - ok19:46:45.0682 5436 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys19:46:45.0684 5436 msahci - ok19:46:45.0708 5436 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys19:46:45.0712 5436 msdsm - ok19:46:45.0755 5436 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe19:46:45.0760 5436 MSDTC - ok19:46:45.0791 5436 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys19:46:45.0793 5436 Msfs - ok19:46:45.0811 5436 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys19:46:45.0812 5436 mshidkmdf - ok19:46:45.0817 5436 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys19:46:45.0819 5436 msisadrv - ok19:46:45.0845 5436 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll19:46:45.0849 5436 MSiSCSI - ok19:46:45.0854 5436 msiserver - ok19:46:45.0894 5436 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys19:46:45.0937 5436 MSKSSRV - ok19:46:45.0960 5436 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys19:46:45.0962 5436 MSPCLOCK - ok19:46:45.0975 5436 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys19:46:45.0977 5436 MSPQM - ok19:46:45.0998 5436 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys19:46:46.0004 5436 MsRPC - ok19:46:46.0011 5436 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys19:46:46.0012 5436 mssmbios - ok19:46:46.0031 5436 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys19:46:46.0033 5436 MSTEE - ok19:46:46.0050 5436 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys19:46:46.0051 5436 MTConfig - ok19:46:46.0057 5436 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys19:46:46.0059 5436 Mup - ok19:46:46.0083 5436 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys19:46:46.0085 5436 mwlPSDFilter - ok19:46:46.0094 5436 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys19:46:46.0096 5436 mwlPSDNServ - ok19:46:46.0108 5436 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys19:46:46.0110 5436 mwlPSDVDisk - ok19:46:46.0162 5436 [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe19:46:46.0167 5436 MWLService - ok19:46:46.0238 5436 MySQL - ok19:46:46.0273 5436 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll19:46:46.0285 5436 napagent - ok19:46:46.0327 5436 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys19:46:46.0332 5436 NativeWifiP - ok19:46:46.0360 5436 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys19:46:46.0372 5436 NDIS - ok19:46:46.0397 5436 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys19:46:46.0399 5436 NdisCap - ok19:46:46.0412 5436 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys19:46:46.0413 5436 NdisTapi - ok19:46:46.0418 5436 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys19:46:46.0420 5436 Ndisuio - ok19:46:46.0425 5436 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys19:46:46.0428 5436 NdisWan - ok19:46:46.0433 5436 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys19:46:46.0434 5436 NDProxy - ok19:46:46.0438 5436 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys19:46:46.0440 5436 NetBIOS - ok19:46:46.0453 5436 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys19:46:46.0457 5436 NetBT - ok19:46:46.0474 5436 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe19:46:46.0477 5436 Netlogon - ok19:46:46.0505 5436 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll19:46:46.0512 5436 Netman - ok19:46:46.0554 5436 [ 7E9228C814C0D0B551AF9A114B7E0B16 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe19:46:46.0558 5436 NetMsmqActivator - ok19:46:46.0565 5436 [ 7E9228C814C0D0B551AF9A114B7E0B16 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe19:46:46.0567 5436 NetPipeActivator - ok19:46:46.0580 5436 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll19:46:46.0590 5436 netprofm - ok19:46:46.0599 5436 [ 7E9228C814C0D0B551AF9A114B7E0B16 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe19:46:46.0602 5436 NetTcpActivator - ok19:46:46.0607 5436 [ 7E9228C814C0D0B551AF9A114B7E0B16 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe19:46:46.0610 5436 NetTcpPortSharing - ok19:46:46.0632 5436 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys19:46:46.0634 5436 nfrd960 - ok19:46:46.0667 5436 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll19:46:46.0673 5436 NlaSvc - ok19:46:46.0713 5436 [ 351533ACC2A069B94E80BBFC177E8FDF ] npf C:\Windows\system32\drivers\npf.sys19:46:46.0715 5436 npf - ok19:46:46.0734 5436 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys19:46:46.0736 5436 Npfs - ok19:46:46.0740 5436 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll19:46:46.0744 5436 nsi - ok19:46:46.0748 5436 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys19:46:46.0750 5436 nsiproxy - ok19:46:46.0783 5436 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys19:46:46.0803 5436 Ntfs - ok19:46:46.0853 5436 [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe19:46:46.0856 5436 NTI IScheduleSvc - ok19:46:46.0882 5436 [ 710263B44C1D1AEE07525A53401FBE48 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys19:46:46.0884 5436 NTIDrvr - ok19:46:46.0915 5436 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys19:46:46.0916 5436 Null - ok19:46:46.0948 5436 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys19:46:46.0952 5436 nvraid - ok19:46:46.0973 5436 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys19:46:46.0978 5436 nvstor - ok19:46:47.0020 5436 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys19:46:47.0023 5436 nv_agp - ok19:46:47.0091 5436 [ BA7DAC1B8A86D9402C3E04E1FCAA600D ] ODDPwrSvc C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe19:46:47.0094 5436 ODDPwrSvc - ok19:46:47.0158 5436 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE19:46:47.0166 5436 odserv - ok19:46:47.0186 5436 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys19:46:47.0189 5436 ohci1394 - ok19:46:47.0225 5436 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE19:46:47.0227 5436 ose - ok19:46:47.0268 5436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll19:46:47.0277 5436 p2pimsvc - ok19:46:47.0321 5436 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll19:46:47.0331 5436 p2psvc - ok19:46:47.0361 5436 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys19:46:47.0364 5436 Parport - ok19:46:47.0384 5436 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys19:46:47.0387 5436 partmgr - ok19:46:47.0400 5436 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll19:46:47.0407 5436 PcaSvc - ok19:46:47.0414 5436 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys19:46:47.0418 5436 pci - ok19:46:47.0431 5436 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys19:46:47.0433 5436 pciide - ok19:46:47.0457 5436 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys19:46:47.0461 5436 pcmcia - ok19:46:47.0464 5436 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys19:46:47.0467 5436 pcw - ok19:46:47.0496 5436 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys19:46:47.0502 5436 PEAUTH - ok19:46:47.0593 5436 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe19:46:47.0597 5436 PerfHost - ok19:46:47.0661 5436 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll19:46:47.0705 5436 pla - ok19:46:47.0759 5436 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll19:46:47.0769 5436 PlugPlay - ok19:46:47.0788 5436 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll19:46:47.0793 5436 PNRPAutoReg - ok19:46:47.0812 5436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll19:46:47.0819 5436 PNRPsvc - ok19:46:47.0853 5436 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll19:46:47.0862 5436 PolicyAgent - ok19:46:47.0923 5436 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll19:46:47.0930 5436 Power - ok19:46:47.0969 5436 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys19:46:47.0972 5436 PptpMiniport - ok19:46:48.0002 5436 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys19:46:48.0004 5436 Processor - ok19:46:48.0033 5436 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll19:46:48.0040 5436 ProfSvc - ok19:46:48.0052 5436 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe19:46:48.0056 5436 ProtectedStorage - ok19:46:48.0084 5436 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys19:46:48.0088 5436 Psched - ok19:46:48.0179 5436 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys19:46:48.0225 5436 ql2300 - ok19:46:48.0245 5436 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys19:46:48.0247 5436 ql40xx - ok19:46:48.0287 5436 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll19:46:48.0295 5436 QWAVE - ok19:46:48.0322 5436 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys19:46:48.0324 5436 QWAVEdrv - ok19:46:48.0341 5436 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys19:46:48.0343 5436 RasAcd - ok19:46:48.0388 5436 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys19:46:48.0390 5436 RasAgileVpn - ok19:46:48.0426 5436 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll19:46:48.0432 5436 RasAuto - ok19:46:48.0455 5436 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys19:46:48.0459 5436 Rasl2tp - ok19:46:48.0495 5436 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll19:46:48.0504 5436 RasMan - ok19:46:48.0510 5436 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys19:46:48.0512 5436 RasPppoe - ok19:46:48.0518 5436 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys19:46:48.0521 5436 RasSstp - ok19:46:48.0530 5436 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys19:46:48.0534 5436 rdbss - ok19:46:48.0542 5436 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys19:46:48.0544 5436 rdpbus - ok19:46:48.0575 5436 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys19:46:48.0577 5436 RDPCDD - ok19:46:48.0594 5436 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys19:46:48.0595 5436 RDPENCDD - ok19:46:48.0603 5436 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys19:46:48.0604 5436 RDPREFMP - ok19:46:48.0621 5436 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys19:46:48.0625 5436 RDPWD - ok19:46:48.0654 5436 [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys19:46:48.0658 5436 rdyboost - ok19:46:48.0697 5436 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll19:46:48.0700 5436 RemoteAccess - ok19:46:48.0759 5436 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll19:46:48.0766 5436 RemoteRegistry - ok19:46:48.0809 5436 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys19:46:48.0813 5436 RFCOMM - ok19:46:48.0879 5436 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe19:46:48.0882 5436 RichVideo - ok19:46:48.0898 5436 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll19:46:48.0904 5436 RpcEptMapper - ok19:46:48.0933 5436 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe19:46:48.0937 5436 RpcLocator - ok19:46:48.0967 5436 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll19:46:48.0975 5436 RpcSs - ok19:46:49.0022 5436 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys19:46:49.0024 5436 rspndr - ok19:46:49.0070 5436 [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A ] RS_Service C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe19:46:49.0074 5436 RS_Service - ok19:46:49.0085 5436 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe19:46:49.0089 5436 SamSs - ok19:46:49.0110 5436 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys19:46:49.0113 5436 sbp2port - ok19:46:49.0148 5436 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll19:46:49.0156 5436 SCardSvr - ok19:46:49.0182 5436 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys19:46:49.0184 5436 scfilter - ok19:46:49.0257 5436 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll19:46:49.0291 5436 Schedule - ok19:46:49.0319 5436 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll19:46:49.0321 5436 SCPolicySvc - ok19:46:49.0347 5436 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll19:46:49.0356 5436 SDRSVC - ok19:46:49.0421 5436 [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe19:46:49.0425 5436 SeaPort - ok19:46:49.0455 5436 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys19:46:49.0457 5436 secdrv - ok19:46:49.0480 5436 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll19:46:49.0485 5436 seclogon - ok19:46:49.0503 5436 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll19:46:49.0509 5436 SENS - ok19:46:49.0525 5436 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll19:46:49.0531 5436 SensrSvc - ok19:46:49.0543 5436 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys19:46:49.0545 5436 Serenum - ok19:46:49.0561 5436 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys19:46:49.0564 5436 Serial - ok19:46:49.0610 5436 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys19:46:49.0612 5436 sermouse - ok19:46:49.0649 5436 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll19:46:49.0655 5436 SessionEnv - ok19:46:49.0676 5436 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys19:46:49.0679 5436 sffdisk - ok19:46:49.0693 5436 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys19:46:49.0696 5436 sffp_mmc - ok19:46:49.0707 5436 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys19:46:49.0709 5436 sffp_sd - ok19:46:49.0721 5436 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys19:46:49.0723 5436 sfloppy - ok19:46:49.0756 5436 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll19:46:49.0764 5436 SharedAccess - ok19:46:49.0812 5436 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll19:46:49.0821 5436 ShellHWDetection - ok19:46:49.0852 5436 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys19:46:49.0854 5436 SiSRaid2 - ok19:46:49.0873 5436 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys19:46:49.0904 5436 SiSRaid4 - ok19:46:50.0115 5436 [ EB17DF573B4423DF0B3B2EE3B268A6DE ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe19:46:50.0195 5436 Skype C2C Service - ok19:46:50.0288 5436 [ CA058CB8320CF9E3F978D729E55C82CF ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe19:46:50.0292 5436 SkypeUpdate - ok19:46:50.0331 5436 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys19:46:50.0336 5436 Smb - ok19:46:50.0400 5436 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe19:46:50.0406 5436 SNMPTRAP - ok19:46:50.0422 5436 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys19:46:50.0424 5436 spldr - ok19:46:50.0454 5436 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe19:46:50.0471 5436 Spooler - ok19:46:50.0566 5436 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe19:46:50.0659 5436 sppsvc - ok19:46:50.0672 5436 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll19:46:50.0676 5436 sppuinotify - ok19:46:50.0710 5436 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys19:46:50.0716 5436 srv - ok19:46:50.0755 5436 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys19:46:50.0763 5436 srv2 - ok19:46:50.0799 5436 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys19:46:50.0803 5436 srvnet - ok19:46:50.0831 5436 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll19:46:50.0839 5436 SSDPSRV - ok19:46:50.0845 5436 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll19:46:50.0852 5436 SstpSvc - ok19:46:50.0868 5436 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys19:46:50.0871 5436 stexstor - ok19:46:50.0975 5436 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll19:46:50.0989 5436 stisvc - ok19:46:51.0006 5436 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys19:46:51.0008 5436 swenum - ok19:46:51.0045 5436 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll19:46:51.0062 5436 swprv - ok19:46:51.0125 5436 [ CE9B5A79AEE330BC7E88C0441E5727BB ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys19:46:51.0131 5436 SynTP - ok19:46:51.0184 5436 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll19:46:51.0237 5436 SysMain - ok19:46:51.0261 5436 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll19:46:51.0268 5436 TabletInputService - ok19:46:51.0285 5436 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll19:46:51.0294 5436 TapiSrv - ok19:46:51.0316 5436 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll19:46:51.0320 5436 TBS - ok19:46:51.0397 5436 [ 61DC720BB065D607D5823F13D2A64321 ] Tcpip C:\Windows\system32\drivers\tcpip.sys19:46:51.0465 5436 Tcpip - ok19:46:51.0522 5436 [ 61DC720BB065D607D5823F13D2A64321 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys19:46:51.0535 5436 TCPIP6 - ok19:46:51.0562 5436 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys19:46:51.0564 5436 tcpipreg - ok19:46:51.0585 5436 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys19:46:51.0587 5436 TDPIPE - ok19:46:51.0593 5436 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys19:46:51.0595 5436 TDTCP - ok19:46:51.0600 5436 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys19:46:51.0603 5436 tdx - ok19:46:51.0624 5436 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys19:46:51.0626 5436 TermDD - ok19:46:51.0652 5436 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll19:46:51.0667 5436 TermService - ok19:46:51.0684 5436 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll19:46:51.0688 5436 Themes - ok19:46:51.0705 5436 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll19:46:51.0707 5436 THREADORDER - ok19:46:51.0717 5436 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll19:46:51.0722 5436 TrkWks - ok19:46:51.0772 5436 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe19:46:51.0775 5436 TrustedInstaller - ok19:46:51.0808 5436 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys19:46:51.0810 5436 tssecsrv - ok19:46:51.0844 5436 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys19:46:51.0848 5436 tunnel - ok19:46:51.0902 5436 [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys19:46:51.0926 5436 TurboB - ok19:46:51.0983 5436 [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe19:46:51.0985 5436 TurboBoost - ok19:46:52.0014 5436 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys19:46:52.0017 5436 uagp35 - ok19:46:52.0039 5436 [ 40079B0B801C5432BA435B5AD61CE6E3 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys19:46:52.0041 5436 UBHelper - ok19:46:52.0064 5436 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys19:46:52.0071 5436 udfs - ok19:46:52.0191 5436 [ 503D393875AB9844C0CE8B3718348F8A ] UDisk Monitor C:\Program Files\TATA Photon Whiz Dialer\bin\MonServiceUDisk.exe19:46:52.0197 5436 UDisk Monitor - ok19:46:52.0231 5436 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe19:46:52.0238 5436 UI0Detect - ok19:46:52.0278 5436 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys19:46:52.0281 5436 uliagpkx - ok19:46:52.0322 5436 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys19:46:52.0325 5436 umbus - ok19:46:52.0349 5436 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys19:46:52.0351 5436 UmPass - ok19:46:52.0478 5436 [ CBDEE152D73200EE49031A26310B9D3E ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe19:46:52.0495 5436 UNS - ok19:46:52.0542 5436 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe19:46:52.0543 5436 Updater Service - ok19:46:52.0579 5436 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll19:46:52.0591 5436 upnphost - ok19:46:52.0625 5436 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys19:46:52.0628 5436 usbccgp - ok19:46:52.0661 5436 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys19:46:52.0665 5436 usbcir - ok19:46:52.0671 5436 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys19:46:52.0673 5436 usbehci - ok19:46:52.0699 5436 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys19:46:52.0705 5436 usbhub - ok19:46:52.0720 5436 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys19:46:52.0723 5436 usbohci - ok19:46:52.0742 5436 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys19:46:52.0744 5436 usbprint - ok19:46:52.0787 5436 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys19:46:52.0790 5436 usbscan - ok19:46:52.0813 5436 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS19:46:52.0817 5436 USBSTOR - ok19:46:52.0835 5436 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys19:46:52.0837 5436 usbuhci - ok19:46:52.0895 5436 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys19:46:52.0900 5436 usbvideo - ok19:46:52.0934 5436 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll19:46:52.0941 5436 UxSms - ok19:46:52.0952 5436 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe19:46:52.0955 5436 VaultSvc - ok19:46:52.0990 5436 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys19:46:52.0993 5436 vdrvroot - ok19:46:53.0019 5436 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe19:46:53.0037 5436 vds - ok19:46:53.0058 5436 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys19:46:53.0060 5436 vga - ok19:46:53.0066 5436 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys19:46:53.0068 5436 VgaSave - ok19:46:53.0089 5436 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys19:46:53.0094 5436 vhdmp - ok19:46:53.0111 5436 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys19:46:53.0113 5436 viaide - ok19:46:53.0120 5436 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys19:46:53.0123 5436 volmgr - ok19:46:53.0132 5436 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys19:46:53.0138 5436 volmgrx - ok19:46:53.0158 5436 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys19:46:53.0162 5436 volsnap - ok19:46:53.0193 5436 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys19:46:53.0196 5436 vsmraid - ok19:46:53.0255 5436 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe19:46:53.0293 5436 VSS - ok19:46:53.0297 5436 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys19:46:53.0298 5436 vwifibus - ok19:46:53.0303 5436 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys19:46:53.0305 5436 vwififlt - ok19:46:53.0351 5436 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys19:46:53.0352 5436 vwifimp - ok19:46:53.0402 5436 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll19:46:53.0409 5436 W32Time - ok19:46:53.0424 5436 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys19:46:53.0426 5436 WacomPen - ok19:46:53.0516 5436 wampmysqld - ok19:46:53.0570 5436 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys19:46:53.0573 5436 WANARP - ok19:46:53.0591 5436 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys19:46:53.0593 5436 Wanarpv6 - ok19:46:53.0663 5436 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe19:46:53.0696 5436 WatAdminSvc - ok19:46:53.0759 5436 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe19:46:53.0805 5436 wbengine - ok19:46:53.0829 5436 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll19:46:53.0837 5436 WbioSrvc - ok19:46:53.0871 5436 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll19:46:53.0939 5436 wcncsvc - ok19:46:53.0970 5436 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll19:46:53.0977 5436 WcsPlugInService - ok19:46:54.0005 5436 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys19:46:54.0007 5436 Wd - ok19:46:54.0022 5436 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys19:46:54.0034 5436 Wdf01000 - ok19:46:54.0080 5436 [ 7F681EEF56F16050033349EEBE0E45BF ] wdf_usb C:\Windows\system32\DRIVERS\usb2ser.sys19:46:54.0082 5436 wdf_usb - ok19:46:54.0112 5436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll19:46:54.0120 5436 WdiServiceHost - ok19:46:54.0125 5436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll19:46:54.0132 5436 WdiSystemHost - ok19:46:54.0171 5436 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll19:46:54.0181 5436 WebClient - ok19:46:54.0209 5436 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll19:46:54.0217 5436 Wecsvc - ok19:46:54.0237 5436 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll19:46:54.0244 5436 wercplsupport - ok19:46:54.0263 5436 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll19:46:54.0270 5436 WerSvc - ok19:46:54.0290 5436 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys19:46:54.0292 5436 WfpLwf - ok19:46:54.0320 5436 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys19:46:54.0323 5436 WIMMount - ok19:46:54.0333 5436 WinDefend - ok19:46:54.0344 5436 WinHttpAutoProxySvc - ok19:46:54.0402 5436 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll19:46:54.0408 5436 Winmgmt - ok19:46:54.0471 5436 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll19:46:54.0528 5436 WinRM - ok19:46:54.0593 5436 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys19:46:54.0595 5436 WinUsb - ok19:46:54.0640 5436 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll19:46:54.0672 5436 Wlansvc - ok19:46:54.0796 5436 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE19:46:54.0853 5436 wlidsvc - ok19:46:54.0879 5436 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys19:46:54.0881 5436 WmiAcpi - ok19:46:54.0916 5436 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe19:46:54.0919 5436 wmiApSrv - ok19:46:54.0941 5436 WMPNetworkSvc - ok19:46:54.0972 5436 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll19:46:54.0979 5436 WPCSvc - ok19:46:55.0002 5436 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll19:46:55.0011 5436 WPDBusEnum - ok19:46:55.0041 5436 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys19:46:55.0043 5436 ws2ifsl - ok19:46:55.0083 5436 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll19:46:55.0090 5436 wscsvc - ok19:46:55.0095 5436 WSearch - ok19:46:55.0178 5436 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll19:46:55.0247 5436 wuauserv - ok19:46:55.0265 5436 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys19:46:55.0268 5436 WudfPf - ok19:46:55.0309 5436 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys19:46:55.0312 5436 WUDFRd - ok19:46:55.0338 5436 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll19:46:55.0343 5436 wudfsvc - ok19:46:55.0359 5436 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll19:46:55.0366 5436 WwanSvc - ok19:46:55.0474 5436 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe19:46:55.0482 5436 YahooAUService - ok19:46:55.0542 5436 [ B36E54DD76DCAC72581306F5504C6491 ] ztemtusbser C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys19:46:55.0544 5436 ztemtusbser - ok19:46:55.0634 5436 ================ Scan global ===============================19:46:55.0666 5436 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll19:46:55.0701 5436 [ B200DECA2186858595A97FBE63E896CC ] C:\Windows\system32\winsrv.dll19:46:55.0714 5436 [ B200DECA2186858595A97FBE63E896CC ] C:\Windows\system32\winsrv.dll19:46:55.0747 5436 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll19:46:55.0776 5436 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe19:46:55.0783 5436 [Global] - ok19:46:55.0783 5436 ================ Scan MBR ==================================19:46:55.0796 5436 [ 89B5DB6675722B3F1FCF978126515316 ] \Device\Harddisk0\DR019:46:55.0875 5436 \Device\Harddisk0\DR0 - ok19:46:55.0891 5436 ================ Scan VBR ==================================19:46:55.0895 5436 [ 62A528C88C7DB07C12FF31355E007372 ] \Device\Harddisk0\DR0\Partition119:46:55.0897 5436 \Device\Harddisk0\DR0\Partition1 - ok19:46:55.0918 5436 [ 7C165894CE5979C4A87BA13948D45BA0 ] \Device\Harddisk0\DR0\Partition219:46:55.0920 5436 \Device\Harddisk0\DR0\Partition2 - ok19:46:55.0966 5436 [ AB0FB2F484B87FEDC447ED9AE8847561 ] \Device\Harddisk0\DR0\Partition319:46:55.0978 5436 \Device\Harddisk0\DR0\Partition3 - ok19:46:55.0979 5436 ============================================================19:46:55.0979 5436 Scan finished19:46:55.0979 5436 ============================================================19:46:55.0990 3664 Detected object count: 019:46:55.0990 3664 Actual detected object count: 0
  15. log from sc Cleaner Shortcut Cleaner 1.2.5 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2013 BleepingComputer.comMore Information about Shortcut Cleaner can be found at this link: http://www.bleepingcomputer.com/download/shortcut-cleaner/ Windows Version: Windows 7 Home Premium Program started at: 10/17/2013 07:39:34 PM. Scanning for registry hijacks: * No issues found in the Registry. Searching for Hijacked Shortcuts: Searching C:\Users\ANJU\AppData\Roaming\Microsoft\Windows\Start Menu\ Searching C:\ProgramData\Microsoft\Windows\Start Menu\ Searching C:\Users\ANJU\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ Searching C:\Users\Public\Desktop\ Searching C:\Users\ANJU\Desktop 0 bad shortcuts found. Program finished at: 10/17/2013 07:39:39 PMExecution time: 0 hours(s), 0 minute(s), and 4 seconds(s)
  16. Hi Marius, Thank you for your Help. Please find the Log from Gmer rootkit GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-17 18:55:43Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465.76GBRunning: o94oqqkc.exe; Driver: C:\Users\ANJU\AppData\Local\Temp\kwldrpog.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlkReg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity MonitorReg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 3Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk InstanceReg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sysReg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFltReg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-VirusReg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt InstanceReg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sysReg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdrReg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDIReg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driverReg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dllReg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrtReg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! RevertReg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 273Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 2834545Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition3\WindowsReg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnxReg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter VirtualizationReg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx InstanceReg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\AvastReg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\AvastReg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSPReg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self ProtectionReg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\AvastReg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\AvastReg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program FilesReg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadgetReg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield SupportReg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDIReg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driverReg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 11Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 3Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmmReg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM MonitorReg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! AntivirusReg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroupReg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystemReg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46ad6f769 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46ad6f769@6ca7803f0ffc 0xC1 0xA9 0x7C 0x49 ...Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46ad6f769@10f9ee058c65 0x6F 0x79 0xCC 0xCD ...Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46ad6f769@f48e09309c45 0xEC 0xE6 0x46 0xD6 ...Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlkReg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity MonitorReg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 3Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk InstanceReg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sysReg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFltReg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-VirusReg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt InstanceReg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sysReg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdrReg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDIReg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driverReg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dllReg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrtReg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! RevertReg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 273Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 2834545Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition3\WindowsReg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnxReg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter VirtualizationReg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx InstanceReg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\AvastReg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\AvastReg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSPReg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self ProtectionReg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\AvastReg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\AvastReg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program FilesReg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadgetReg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield SupportReg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDIReg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driverReg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 11Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 3Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmmReg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM MonitorReg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! AntivirusReg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroupReg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystemReg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46ad6f769 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46ad6f769@6ca7803f0ffc 0xC1 0xA9 0x7C 0x49 ...Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46ad6f769@10f9ee058c65 0x6F 0x79 0xCC 0xCD ...Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46ad6f769@f48e09309c45 0xEC 0xE6 0x46 0xD6 ...Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40966F84-4AD1-63BE-00B5-BDB4A610243D} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40966F84-4AD1-63BE-00B5-BDB4A610243D}@oafjempfdjlbclhgpnjnfjboegdnag 0x6A 0x61 0x6D 0x6F ...Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40966F84-4AD1-63BE-00B5-BDB4A610243D}@naljolbllikbjeiafggjohiioggp 0x6A 0x61 0x6D 0x6F ...Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40966F84-4AD1-63BE-00B5-BDB4A610243D}@oajicaooaelehglmgfcepfdnonkgmo 0x64 0x61 0x6D 0x6F ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----
  17. Hi, i'm infected with pup.Optional.BrowseFox.A tried AdwCleaner and Malwarebytes, but it keeps coming back a few minutes after i remove it. Pls. help. Find the Log for DDS attached. attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.