mason45

Members

View Profile See their activity

Posts
5
Joined
June 10, 2014
Last visited
June 15, 2014

Reputation

0 Neutral

Laptop security proble,

mason45 replied to mason45's topic in Resolved Malware Removal Logs

Start R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.) C:\Windows\system32\mfevtps.exe R1 BprotectEx; C:\Windows\System32\drivers\BprotectEx.sys [83264 2014-01-09] (Baidu, Inc.) C:\Windows\System32\drivers\BprotectEx.sys S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.) C:\Windows\system32\drivers\mfeapfk.sys R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.) C:\Windows\System32\drivers\mfehidk.sys C:\Users\Aspire\AppData\Local\temp\Quarantine.exe C:\Users\Aspire\AppData\Local\temp\stn_515_TH.exe End
- June 15, 2014
- 9 replies
Laptop security proble,

mason45 replied to mason45's topic in Resolved Malware Removal Logs

Sorry Kevin, I forgot to mention that I tried several major security programs thinking that it maybe a quick fix. I'm not receiving help from anywhere else. Thanks again.
- June 15, 2014
- 9 replies
Laptop security proble,

mason45 replied to mason45's topic in Resolved Malware Removal Logs

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02 Ran by Aspire at 2014-06-15 15:44:17 Running from C:\Users\Aspire\Downloads ======================================================= ==================== Security Center ======================== AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} ==================== Installed Programs ====================== clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3003 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated) AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated) AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated) Aircard Connection (HKLM-x32\...\Aircard Connection) (Version: 23.009.09.00.935 - Wireless Device Supply Co., LTD.) AMD Accelerated Video Transcoding (Version: 12.10.100.30322 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{DC22DA79-9D24-68F6-E801-A59CFBCDC41D}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD VISION Engine Control Center (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies) AVG 2014 (Version: 14.0.3964 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.423 - AVG) Hidden AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.423 - AVG) AVG PC TuneUp 2014 (x32 Version: 14.0.1001.423 - AVG) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform) clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated) ETDWare PS/2-X64 11.6.22.201_WHQL (HKLM\...\Elantech) (Version: 11.6.22.201 - ELAN Microelectronic Corp.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard) HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden Nero BackItUp (x32 Version: 12.5.5000 - Nero AG) Hidden Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG) Nero BackItUp Help (CHM) (x32 Version: 12.0.10000 - Nero AG) Hidden Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Popup-Ad-Shield (HKLM-x32\...\ST6UNST #1) (Version: - ) Porn Terminator (HKLM-x32\...\{6180CB20-64F9-4148-BFD6-4012D04D15B6}) (Version: 3.0.0 - ) Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.224 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.49 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.) Realtek USB Ethernet Controller Driver (HKLM-x32\...\{D2B61BE0-B18B-4091-81B4-F234F4C30DFD}) (Version: 8.7.227.2013 - Realtek) Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 31.0.2014.0 - BillP Studios) Wise Disk Cleaner 8.11 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 8.11 - WiseCleaner.com, Inc.) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - ) Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.) ==================== Restore Points ========================= 09-06-2014 01:21:09 Created by Wise Disk Cleaner 12-06-2014 11:06:24 Windows Update ==================== Hosts content: ========================== 2012-07-26 12:26 - 2014-06-09 19:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {001770EE-7B98-4B67-9F8B-AB9BC3025A60} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-04-15] (AVG) Task: {1439A7AE-5B75-4D7E-8C17-F73CE031DDD0} - \SomotoUpdateCheckerAutoStart No Task File <==== ATTENTION Task: {181BBBAA-8DFF-412F-8715-5D53FB33F984} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {238F3CB6-6186-4948-90E7-433DF84DAE8E} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-03-15] (Acer Incorporate) Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {42F4F808-9F0D-4236-BF9B-6D891BA34188} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-16] (Acer Incorporated) Task: {4E2FC917-65B9-4F9C-935D-187C8282581C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-06-12] (Microsoft Corporation) Task: {5B0B5478-FA74-4121-BE7C-C09C4236FBA7} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28] (Hewlett-Packard) Task: {6307CD76-19D1-42A8-A66E-2C5835FA3D11} - System32\Tasks\{2B469948-9917-4A71-AF93-06DFC574D195} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.10.0.104&LastError=12002 Task: {9D433B54-A9C0-44A0-8E0D-3404E27DE2CA} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {C2905E80-E226-4AE4-BCD4-094FCB17AD84} - System32\Tasks\{C959F489-0D4F-4137-B459-586939B1537A} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.10.0.104&LastError=12007 Task: {C68DF3D3-2F70-48A0-9BF8-834EDBE3CB1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-03] (Google Inc.) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {DCB3BB61-5DAA-40DC-8EDB-FDBC8F9456CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-03] (Google Inc.) Task: {E17A3F4B-D5F1-42D0-8278-71D30EA35D5D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd) Task: {E5C36A0F-DE9D-4834-8232-A2D0155F4FDD} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] () Task: {E614A083-9048-4378-A728-CB40005D72FA} - \BackgroundContainer Startup Task No Task File <==== ATTENTION Task: {E87583E8-6A10-4473-8295-0FB1AC466704} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] () Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {EF440F96-6DE0-481A-B849-EFA51D5A086C} - System32\Tasks\{C5907A2C-3AB2-4314-B8E8-C8EE1896CE56} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.11.0.102&LastError=12002 Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-11-19 21:02 - 2012-11-12 12:59 - 00657504 _____ () C:\ProgramData\Aircard Connection\OnlineUpdate\ouc.exe 2011-03-14 22:27 - 2011-03-14 22:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2014-04-15 21:23 - 2014-04-15 21:23 - 00675640 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll 2013-05-21 04:22 - 2013-02-21 12:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll 2013-11-19 20:59 - 2013-11-19 21:01 - 00516096 _____ () C:\Program Files (x86)\Aircard Connection\Aircard Connection.exe 2013-11-19 20:59 - 2012-11-23 15:40 - 00605696 _____ () C:\Program Files (x86)\Aircard Connection\eap\wifimansvc.exe 2013-11-19 19:47 - 2012-11-12 12:59 - 01546848 _____ () C:\ProgramData\Aircard Connection\OnlineUpdate\LiveUpd.exe 2013-11-19 21:03 - 2009-01-11 01:32 - 00011362 _____ () C:\ProgramData\Aircard Connection\OnlineUpdate\mingwm10.dll 2013-11-19 21:03 - 2009-06-23 09:42 - 00043008 _____ () C:\ProgramData\Aircard Connection\OnlineUpdate\libgcc_s_dw2-1.dll 2013-11-19 21:03 - 2012-10-31 16:11 - 02417152 _____ () C:\ProgramData\Aircard Connection\OnlineUpdate\QtCore4.dll 2013-11-19 21:03 - 2012-10-31 16:14 - 01148416 _____ () C:\ProgramData\Aircard Connection\OnlineUpdate\QtNetwork4.dll 2013-11-19 21:03 - 2012-11-12 10:48 - 00843264 _____ () C:\ProgramData\Aircard Connection\OnlineUpdate\QueryStrategy.dll 2013-11-19 21:03 - 2012-10-31 16:11 - 00398336 _____ () C:\ProgramData\Aircard Connection\OnlineUpdate\QtXml4.dll 2013-11-19 20:58 - 2013-01-11 21:59 - 00596480 _____ () C:\Program Files (x86)\Aircard Connection\core.dll 2013-11-19 20:59 - 2012-11-23 13:13 - 00288256 _____ () C:\Program Files (x86)\Aircard Connection\sdk.dll 2013-11-19 21:01 - 2012-10-31 16:11 - 02417152 _____ () C:\Program Files (x86)\Aircard Connection\QtCore4.dll 2013-11-19 21:01 - 2012-10-31 16:33 - 09562624 _____ () C:\Program Files (x86)\Aircard Connection\QtGui4.dll 2013-11-19 21:01 - 2009-01-11 01:32 - 00011362 _____ () C:\Program Files (x86)\Aircard Connection\mingwm10.dll 2013-11-19 21:01 - 2009-06-23 09:42 - 00043008 _____ () C:\Program Files (x86)\Aircard Connection\libgcc_s_dw2-1.dll 2013-11-19 20:59 - 2012-11-23 13:12 - 00407040 _____ () C:\Program Files (x86)\Aircard Connection\Proxy.DLL 2013-11-19 20:58 - 2012-11-23 13:12 - 00628224 _____ () C:\Program Files (x86)\Aircard Connection\Common.dll 2013-11-19 20:59 - 2012-11-23 13:12 - 00158208 _____ () C:\Program Files (x86)\Aircard Connection\Trace.dll 2013-11-19 20:59 - 2012-11-23 13:13 - 00583168 _____ () C:\Program Files (x86)\Aircard Connection\PluginContainer.dll 2013-11-19 20:58 - 2012-11-23 13:13 - 00646144 _____ () C:\Program Files (x86)\Aircard Connection\AtCodec.dll 2013-11-19 20:58 - 2013-01-15 17:42 - 00729088 _____ () C:\Program Files (x86)\Aircard Connection\DeviceSrvPlugin.dll 2013-11-19 20:59 - 2012-11-23 13:13 - 00195584 _____ () C:\Program Files (x86)\Aircard Connection\XCodec.dll 2013-11-19 20:59 - 2012-11-23 13:13 - 00247296 _____ () C:\Program Files (x86)\Aircard Connection\NetSrvPlugin.dll 2013-11-19 20:59 - 2012-11-23 13:13 - 00166400 _____ () C:\Program Files (x86)\Aircard Connection\OSDialup.dll 2013-11-19 20:58 - 2012-11-23 13:12 - 00155136 _____ () C:\Program Files (x86)\Aircard Connection\DataServicePlugin.dll 2013-11-19 20:58 - 2012-11-23 13:13 - 00177152 _____ () C:\Program Files (x86)\Aircard Connection\CallSrvPlugin.dll 2013-11-19 20:58 - 2012-11-23 13:13 - 00672768 _____ () C:\Program Files (x86)\Aircard Connection\AddrBookSrvPlugin.dll 2013-11-19 20:59 - 2012-11-23 13:13 - 00219648 _____ () C:\Program Files (x86)\Aircard Connection\SmsSrvPlugin.dll 2013-11-19 20:59 - 2012-11-23 13:13 - 00142336 _____ () C:\Program Files (x86)\Aircard Connection\USSDSrvPlugin.dll 2013-11-19 20:59 - 2012-11-23 13:13 - 00157184 _____ () C:\Program Files (x86)\Aircard Connection\STKSrvPlugin.dll 2013-11-19 20:58 - 2013-01-15 17:42 - 00730624 _____ () C:\Program Files (x86)\Aircard Connection\DeviceAppPlugin.dll 2013-11-19 20:59 - 2012-11-23 13:13 - 00065536 _____ () C:\Program Files (x86)\Aircard Connection\OSPowerMgr.dll 2013-11-19 20:59 - 2012-06-06 08:22 - 00155648 _____ () C:\Program Files (x86)\Aircard Connection\Win7Support.dll 2013-11-19 20:58 - 2012-11-23 13:13 - 01124352 _____ () C:\Program Files (x86)\Aircard Connection\AddrBookPlugin.dll 2013-11-19 20:59 - 2012-11-23 13:13 - 00704000 _____ () C:\Program Files (x86)\Aircard Connection\SmsAppPlugin.dll 2013-11-19 20:58 - 2012-11-23 13:13 - 00187392 _____ () C:\Program Files (x86)\Aircard Connection\CallAppPlugin.dll 2013-11-19 20:58 - 2012-11-23 13:13 - 00569344 _____ () C:\Program Files (x86)\Aircard Connection\CallLogSrvPlugin.dll 2013-11-19 20:59 - 2012-11-23 13:12 - 00158720 _____ () C:\Program Files (x86)\Aircard Connection\NetConnectSrvPlugin.dll 2013-11-19 20:58 - 2012-11-23 13:13 - 00236032 _____ () C:\Program Files (x86)\Aircard Connection\DialUpPlugin.dll 2013-11-19 20:59 - 2012-11-23 13:13 - 00102400 _____ () C:\Program Files (x86)\Aircard Connection\OSAdapt.dll 2013-11-19 20:59 - 2012-11-23 15:43 - 00851968 _____ () C:\Program Files (x86)\Aircard Connection\WLANPlugin.dll 2013-11-19 20:59 - 2012-11-23 15:43 - 00207360 _____ () C:\Program Files (x86)\Aircard Connection\WiFiMan.dll 2013-11-19 20:59 - 2012-11-23 13:13 - 00201216 _____ () C:\Program Files (x86)\Aircard Connection\NDISPlugin.dll 2013-11-19 20:59 - 2012-11-23 13:13 - 00131584 _____ () C:\Program Files (x86)\Aircard Connection\OSNDIS.dll 2013-11-19 20:59 - 2012-07-27 13:53 - 01114112 _____ () C:\Program Files (x86)\Aircard Connection\NDISAPI.dll 2013-11-19 20:59 - 2012-11-23 13:13 - 00702464 _____ () C:\Program Files (x86)\Aircard Connection\NetInfoSrvPlugin.dll 2013-11-19 20:59 - 2012-11-23 13:13 - 00062976 _____ () C:\Program Files (x86)\Aircard Connection\OSCall.dll 2013-11-19 20:59 - 2012-06-06 08:22 - 00224256 _____ () C:\Program Files (x86)\Aircard Connection\tdpcvoice.dll 2013-11-19 20:58 - 2012-11-23 13:14 - 00581120 _____ () C:\Program Files (x86)\Aircard Connection\DeviceMgrUIPlugin.dll 2013-11-19 21:01 - 2012-10-31 16:11 - 00398336 _____ () C:\Program Files (x86)\Aircard Connection\QtXml4.dll 2013-11-19 20:59 - 2012-11-23 13:14 - 00270848 _____ () C:\Program Files (x86)\Aircard Connection\XFramePlugin.dll 2013-11-19 20:58 - 2012-11-23 13:13 - 00168960 _____ () C:\Program Files (x86)\Aircard Connection\ATR2SMgr.dll 2013-11-19 20:59 - 2012-11-23 13:13 - 00323584 _____ () C:\Program Files (x86)\Aircard Connection\StatusBarMgrPlugin.dll 2013-11-19 20:59 - 2012-11-23 13:14 - 00391168 _____ () C:\Program Files (x86)\Aircard Connection\NetConnectPlugin.dll 2013-11-19 20:58 - 2013-01-18 14:36 - 00604160 _____ () C:\Program Files (x86)\Aircard Connection\DialupUIPlugin.dll 2013-11-19 20:59 - 2013-01-11 20:10 - 00646144 _____ () C:\Program Files (x86)\Aircard Connection\WLANUIPlugin.dll 2013-11-19 21:01 - 2012-10-31 16:14 - 01148416 _____ () C:\Program Files (x86)\Aircard Connection\QtNetwork4.dll 2013-11-19 20:59 - 2013-01-11 20:10 - 00195584 _____ () C:\Program Files (x86)\Aircard Connection\PriorityPlugin.dll 2013-11-19 20:59 - 2012-11-23 13:13 - 00097792 _____ () C:\Program Files (x86)\Aircard Connection\NotifyServicePlugin.dll 2013-11-19 20:59 - 2012-11-23 13:14 - 00117248 _____ () C:\Program Files (x86)\Aircard Connection\LayoutPlugin.dll 2013-11-19 20:59 - 2012-11-23 13:14 - 00330752 _____ () C:\Program Files (x86)\Aircard Connection\MenuMgrPlugin.dll 2013-11-19 20:59 - 2013-01-11 19:51 - 00513024 _____ () C:\Program Files (x86)\Aircard Connection\USSDUIPlugin.dll 2013-11-19 20:58 - 2012-11-23 13:14 - 00302592 _____ () C:\Program Files (x86)\Aircard Connection\DiagnosisPlugin.dll 2013-11-19 20:59 - 2012-11-23 13:14 - 00493568 _____ () C:\Program Files (x86)\Aircard Connection\NetInfoUIExPlugin.dll 2013-11-19 20:59 - 2013-01-11 19:51 - 00854528 _____ () C:\Program Files (x86)\Aircard Connection\SMSUIPlugin.dll 2013-11-19 20:58 - 2012-11-23 13:13 - 00818688 _____ () C:\Program Files (x86)\Aircard Connection\AddrBookUIPlugin.dll 2013-11-19 20:59 - 2013-01-11 19:51 - 00222208 _____ () C:\Program Files (x86)\Aircard Connection\ToolBarMgrPlugin.dll 2013-11-19 20:59 - 2012-11-12 10:48 - 00694272 _____ () C:\Program Files (x86)\Aircard Connection\LiveUpdateInterface.DLL 2013-11-19 21:00 - 2012-11-01 19:10 - 00082944 _____ () C:\Program Files (x86)\Aircard Connection\plugins\imageformats\qgif4.dll 2013-11-19 21:00 - 2012-11-01 19:10 - 00081920 _____ () C:\Program Files (x86)\Aircard Connection\plugins\imageformats\qico4.dll 2013-11-19 21:00 - 2012-11-01 19:10 - 00192000 _____ () C:\Program Files (x86)\Aircard Connection\plugins\imageformats\qjpeg4.dll 2013-11-19 21:00 - 2012-11-01 19:10 - 00350720 _____ () C:\Program Files (x86)\Aircard Connection\plugins\imageformats\qmng4.dll 2013-11-19 21:00 - 2012-11-01 19:10 - 00370176 _____ () C:\Program Files (x86)\Aircard Connection\plugins\imageformats\qtiff4.dll 2013-11-19 21:03 - 2012-10-31 16:33 - 09562624 _____ () C:\ProgramData\Aircard Connection\OnlineUpdate\QtGui4.dll 2013-11-19 19:47 - 2012-11-01 19:10 - 00082944 _____ () C:\ProgramData\Aircard Connection\OnlineUpdate\plugins\imageformats\qgif4.dll 2013-11-19 19:47 - 2012-11-01 19:10 - 00081920 _____ () C:\ProgramData\Aircard Connection\OnlineUpdate\plugins\imageformats\qico4.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= HKLM\...\StartupApproved\Run32: => "HP Software Update" ==================== Faulty Device Manager Devices ============= Name: Bluetooth USB Adapter Description: Bluetooth USB Adapter Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Qualcomm Atheros Communications Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/15/2014 09:38:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Acer) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/15/2014 09:38:35 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.0.1119.516 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: fd4 Start Time: 01cf883f027b2ff1 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 22d3eb6e-f436-11e3-80b1-81aa3a602ea7 Faulting package full name: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe Faulting package-relative application ID: Microsoft.WindowsLive.Mail Error: (06/15/2014 09:38:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Acer) Description: App microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail did not launch within its allotted time. Error: (06/15/2014 09:04:45 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program wwahost.exe version 6.2.9200.16420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 3dc Start Time: 01cf882f67caa48b Termination Time: 4294967295 Application Path: C:\Windows\system32\wwahost.exe Report Id: 632f0ed4-f431-11e3-80b1-81aa3a602ea7 Faulting package full name: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe Faulting package-relative application ID: Microsoft.WindowsLive.Mail Error: (06/15/2014 09:04:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Acer) Description: Package microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe was terminated because it took too long to suspend. Error: (06/15/2014 08:04:28 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (06/15/2014 08:04:08 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (06/14/2014 01:39:38 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 10.0.9200.16921 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ed8 Start Time: 01cf879b0801a028 Termination Time: 90 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: 9166a4a5-f38e-11e3-80af-d23f3a98e680 Faulting package full name: Faulting package-relative application ID: Error: (06/14/2014 00:45:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Acer) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/14/2014 00:45:37 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.0.1119.516 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: dfc Start Time: 01cf878f84a30ede Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 1617cd68-f387-11e3-80af-d23f3a98e680 Faulting package full name: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe Faulting package-relative application ID: Microsoft.WindowsLive.Mail System errors: ============= Error: (06/15/2014 03:20:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The HP Network Devices Support service terminated with the following error: %%126 Error: (06/15/2014 03:18:47 PM) (Source: DCOM) (EventID: 10005) (User: Acer) Description: 1053WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (06/15/2014 03:18:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: %%1053 Error: (06/15/2014 03:18:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. Error: (06/15/2014 03:17:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Aircard Connection. OUC service failed to start due to the following error: %%1053 Error: (06/15/2014 03:17:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Aircard Connection. OUC service to connect. Error: (06/15/2014 00:51:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The HP Network Devices Support service terminated with the following error: %%126 Error: (06/15/2014 00:48:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Aircard Connection. OUC service failed to start due to the following error: %%1053 Error: (06/15/2014 00:48:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Aircard Connection. OUC service to connect. Error: (06/15/2014 00:45:44 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030} Microsoft Office Sessions: ========================= Error: (06/15/2014 09:38:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Acer) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927142 Error: (06/15/2014 09:38:35 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.0.1119.516fd401cf883f027b2ff14294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe22d3eb6e-f436-11e3-80b1-81aa3a602ea7microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail Error: (06/15/2014 09:38:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Acer) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail Error: (06/15/2014 09:04:45 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.2.9200.164203dc01cf882f67caa48b4294967295C:\Windows\system32\wwahost.exe632f0ed4-f431-11e3-80b1-81aa3a602ea7microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail Error: (06/15/2014 09:04:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Acer) Description: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe Error: (06/15/2014 08:04:28 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Aspire\Downloads\SoftonicDownloader_for_kaspersky-tdsskiller.exe Error: (06/15/2014 08:04:08 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Aspire\Downloads\SoftonicDownloader_for_kaspersky-tdsskiller.exe Error: (06/14/2014 01:39:38 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: IEXPLORE.EXE10.0.9200.16921ed801cf879b0801a02890C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE9166a4a5-f38e-11e3-80af-d23f3a98e680 Error: (06/14/2014 00:45:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Acer) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927142 Error: (06/14/2014 00:45:37 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.0.1119.516dfc01cf878f84a30ede4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe1617cd68-f387-11e3-80af-d23f3a98e680microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail CodeIntegrity Errors: =================================== Date: 2014-06-09 07:38:43.144 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix_14_4_30_1\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
- June 15, 2014
- 9 replies
Laptop security proble,

mason45 replied to mason45's topic in Resolved Malware Removal Logs

Thanks Kevin, as you can see I got the Farbar scan report ok but when I tried to download Rogue Killer after a few minutes I got the message " this program has been disrupted, so I resumed and a few minutes later again I got the message " this program maybe corrupt" Lately this has happenend everytime I've tried to download other security programs or tried to download updates for my current securty programs. Once again thanks very much. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02 Ran by Aspire (administrator) on ACER on 15-06-2014 15:41:11 Running from C:\Users\Aspire\Downloads Platform: Windows 8 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\ProgramData\Aircard Connection\OnlineUpdate\ouc.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMMsg.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe () C:\Program Files (x86)\Aircard Connection\Aircard Connection.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe () C:\Program Files (x86)\Aircard Connection\eap\wifimansvc.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16921_none_421682c720aee408\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe () C:\ProgramData\Aircard Connection\OnlineUpdate\LiveUpd.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-2569229807-465856810-1703829547-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-04] (BillP Studios) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en-AU;q=0.7,en;q=0.3 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {EA342FE4-4EE0-4F20-B00F-882ADDAFDEFA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM - {EA342FE4-4EE0-4F20-B00F-882ADDAFDEFA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKLM-x32 - {EA342FE4-4EE0-4F20-B00F-882ADDAFDEFA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKCU - DefaultScope {EA342FE4-4EE0-4F20-B00F-882ADDAFDEFA} URL = SearchScopes: HKCU - {13832EB2-651D-4E04-946D-E7B40FED52DB} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1424524&CUI=UN24592029051973782&UM=1 SearchScopes: HKCU - {EA342FE4-4EE0-4F20-B00F-882ADDAFDEFA} URL = BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) Tcpip\..\Interfaces\{57F0FEAA-EA71-48E1-BB9A-D09C4FD625E7}: [NameServer]115.178.58.26 115.178.58.10 Tcpip\..\Interfaces\{E6442087-1721-494B-8CB7-23B46D55A13D}: [NameServer]115.178.58.26 115.178.58.10 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_7&idate=2013-12-04&ent=hp&u=81FDB55DEF166FE15F454C529F2A8DE8 CHR RestoreOnStartup: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_7&idate=2013-12-04&ent=hp&u=81FDB55DEF166FE15F454C529F2A8DE8", "hxxp://www.google.com" CHR DefaultSearchKeyword: google.co.th CHR Extension: (Docs) - C:\Users\Aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-01] CHR Extension: (Google Drive) - C:\Users\Aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-01] CHR Extension: (YouTube) - C:\Users\Aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-01] CHR Extension: (Google Search) - C:\Users\Aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-01] CHR Extension: (Google Wallet) - C:\Users\Aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-01] CHR Extension: (Gmail) - C:\Users\Aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-01] ==================== Services (Whitelisted) ================= S2 Aircard Connection. RunOuc; C:\Program Files (x86)\Aircard Connection\UpdateDog\ouc.exe [657504 2012-11-12] () R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [228480 2013-04-16] (Qualcomm Atheros Commnucations) R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1473792 2014-05-13] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-20] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-16] (Acer Incorporated) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-04-10] (ELAN Microelectronics Corp.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-17] (WildTangent) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-03-15] (Acer Incorporate) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2185528 2014-04-15] (AVG) R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-04-15] (AVG) R3 wifimansvc; C:\Program Files (x86)\Aircard Connection\eap\wifimansvc.exe [605696 2012-11-23] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) S2 HPSLPSVC; C:\Users\Aspire\AppData\Local\Temp\7zS5BFD\hpslpsvc64.dll [X] ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2013-04-21] (Microsoft Corporation) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-03-31] (AVG Technologies CZ, s.r.o.) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [104960 2012-07-07] (ASIX Electronics Corp.) R1 BprotectEx; C:\Windows\System32\drivers\BprotectEx.sys [83264 2014-01-09] (Baidu, Inc.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-16] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [241152 2012-12-03] (Huawei Technologies Co., Ltd.) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [88280 2014-06-10] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.) R3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2012-06-06] (CACE Technologies, Inc.) R3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2012-06-06] (CACE Technologies, Inc.) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software) S3 catchme; \??\C:\ComboFix_14_4_30_1\catchme.sys [X] S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [X] ========================== Drivers MD5 ======================= C:\Windows\System32\drivers\1394ohci.sys E890C46E4754F0DF51BAFCC8D2E07498 C:\Windows\System32\drivers\3ware.sys 4F18D4C7EA14F11A7211F60D553C03DB C:\Windows\System32\drivers\ACPI.sys 975AABEB243B800C23626D6B652C5A9C C:\Windows\System32\Drivers\acpiex.sys DC968C37822117E576B933F34A2D130C C:\Windows\System32\drivers\acpipagr.sys 0CA9F7C3A78227C21A0A7854E245CFB2 C:\Windows\System32\drivers\acpipmi.sys 8EB8DA03B142D3DD1EB9ED8107A76C43 C:\Windows\System32\drivers\acpitime.sys CBCE725C5D86ABA7D2604E22951AA9B8 C:\Windows\System32\drivers\adp94xx.sys 93C6388592B99925C1D1576E465BC80F C:\Windows\System32\drivers\adpahci.sys D27763E0247292654E7F7D16444C7C72 C:\Windows\System32\drivers\adpu320.sys 67B90070FF48F794AF19F9FCF0080D75 C:\Windows\system32\drivers\afd.sys 7C0E0EDF18D6CC565D7BFBB451709FA5 C:\Windows\System32\drivers\agp440.sys 01590377A5AB19E792528C628A2A68F9 C:\Windows\System32\drivers\amdk8.sys 5A81054B824004B1ECC04F0034A1CDF9 C:\Windows\system32\DRIVERS\atikmdag.sys A2ED708BE8ECB88C039565631B88BF90 C:\Windows\system32\DRIVERS\atikmpag.sys 0E56EB2F21CFC9AB62990CC2ACE5ABD2 C:\Windows\System32\drivers\amdppm.sys B849D453E644FAB9BC8EF6DC8CA9C4C6 C:\Windows\System32\drivers\amdsata.sys 35A0EB5AECB0FA3C41A2FB514A562304 C:\Windows\System32\drivers\amdsbs.sys 00452671904F5EE94B50BF0219C97164 C:\Windows\System32\drivers\amdxata.sys EA3FFE53E92E59C87E3ECA9BEB20D9B7 C:\Windows\system32\drivers\appid.sys 83B3682CE922FB0F415734B26D9D6233 C:\Windows\System32\drivers\arc.sys E933401B392387F4BE34DE8BAF1722A7 C:\Windows\System32\drivers\arcsas.sys 07CA323EF2E8247A568AB0F3662AD644 C:\Windows\System32\DRIVERS\asyncmac.sys 74DBAEC35366C4EE7670428808715A6A C:\Windows\System32\drivers\atapi.sys A721FF570C2387E383BDDEA9632863C9 C:\Windows\system32\DRIVERS\btath_flt.sys 1E71A166547A110CD66EA44326DB4552 C:\Windows\system32\DRIVERS\athw8x.sys B21B37989D3B6E8A54A703DFE13A42D6 C:\Windows\system32\drivers\AtihdW86.sys 005D1AA28FFAA7FB327842B3CAFF726E C:\Windows\System32\DRIVERS\avgboota.sys 4EB2E8EE8BA47B58E08B67139C31CB41 C:\Windows\System32\DRIVERS\avgdiska.sys D89F8E4E025DAA0C39FF61AC0199E101 C:\Windows\system32\DRIVERS\avgfwd6a.sys CA10D51653068DB6A0ADEEDDC4946C47 C:\Windows\System32\DRIVERS\avgidsdrivera.sys F9984B8432204D000E15DE0A40D6F9AD C:\Windows\System32\DRIVERS\avgidsha.sys 73B684F26AD82BABC2A1B3E539ED027A C:\Windows\System32\DRIVERS\avgldx64.sys 18A542A22A31DFFEA51666E75393E7A5 C:\Windows\System32\DRIVERS\avgloga.sys EC0E347F6C95541504CCF1B85D74F91F C:\Windows\System32\DRIVERS\avgmfx64.sys ADC65C6074A994D91CA9C6339C3DC978 C:\Windows\System32\DRIVERS\avgrkx64.sys 7D206FA06603E95984EFF9822C9FC958 C:\Windows\system32\DRIVERS\avgwfpa.sys AE2B554B1A12A7737158B96E050C8A2E C:\Windows\system32\DRIVERS\ax88772.sys 555C879F7CD2A5E476F2F46D3FBD5537 C:\Windows\System32\drivers\bxvbda.sys 87AB5BB072A3F128541D5B815F82FFDD C:\Windows\System32\drivers\BasicDisplay.sys 81703BC5D68DEDBB086C2368FBE7B334 C:\Windows\System32\drivers\BasicRender.sys 5EC68164E14D25675C98BBB5F09E8606 C:\Windows\System32\Drivers\Beep.sys 9E7AEA59776D904607985AFFE7E5E183 C:\Windows\System32\DRIVERS\bowser.sys B17AC10B47C7FCB44D22A1F06415840E C:\Windows\System32\drivers\BprotectEx.sys 90FC18CBEFCD54BE4288541558E5187E C:\Windows\system32\drivers\btath_a2dp.sys 5ED7B1EE371751CF2ACAE89E7FC566FA C:\Windows\system32\drivers\btath_avdt.sys 31BDF24D1C9213A0E891568FE643C79C C:\Windows\System32\drivers\btath_bus.sys C6978F7EBA6F37D626482AC6B9390630 C:\Windows\System32\drivers\btath_hcrp.sys 4AF7C20F94DAC343C01ED671C82DCB99 C:\Windows\system32\DRIVERS\btath_lwflt.sys 785C38070043BEEE9E9D591DE4067244 C:\Windows\System32\drivers\btath_rcp.sys 31EC5FC3FC5CB273F2709AAF4AD88ED4 C:\Windows\system32\DRIVERS\btfilter.sys 0D70E980F91FDBF3DB55922CECCE4616 C:\Windows\System32\drivers\BthAvrcpTg.sys 6695200F455E251F0BCC9CE4D0978D59 C:\Windows\System32\drivers\BthEnum.sys A8B20D852B07AE19A13B5D47EC4E4C3B C:\Windows\System32\drivers\bthhfenum.sys 616EB8748C988AEE98D93DA141C3D3B4 C:\Windows\System32\drivers\BthHFHid.sys DCB4EBD928A6FB368BE6CAE522412DE1 C:\Windows\system32\DRIVERS\BthLEEnum.sys 42201C346F0B8C458E1E9CDE04D68A2C C:\Windows\System32\drivers\bthmodem.sys 033916CE8784A848B9A3D686B7F66D97 C:\Windows\system32\DRIVERS\bthpan.sys 091BB978E9504D0AD14586929431A957 C:\Windows\System32\Drivers\BTHport.sys 13795CAA34239D97A7211E7F9D96E012 C:\Windows\System32\Drivers\BTHUSB.sys 1F715957F5236D30B6020A19A4271F6A C:\Windows\System32\DRIVERS\cdfs.sys 990B1BABE6E81FB18E65A87EBEFB1772 C:\Windows\System32\drivers\cdrom.sys 339BFF85D788268752DA8C9644B188EE C:\Windows\System32\drivers\circlass.sys F64B7D1A37CC1D5F421D5359EEC81E2E C:\Windows\System32\drivers\CLFS.sys 9905168708DB68849B879B5548F68AB3 C:\Windows\System32\drivers\CmBatt.sys 2DC8538A2260647484A6C921CA837313 C:\Windows\System32\Drivers\cng.sys DBF9E5346431557BF56F41E7F8EC0DC1 C:\Windows\System32\drivers\CompositeBus.sys 0E5B1E9E7122EDAAF1F6CE047965CA92 C:\Windows\System32\drivers\condrv.sys D9CB0782AF819548072AA45B70F8B22D C:\Windows\System32\drivers\dam.sys FAEF4C245BE832DB41B15DAAC336AFB7 C:\Windows\System32\Drivers\dfsc.sys 431141C6859990824D17F71C30A78728 C:\Windows\System32\drivers\discache.sys 3C736FAE17BA6F91BA37594AAB139CD0 C:\Windows\System32\drivers\disk.sys AE3786294CC246A5403783E1B86A0168 C:\Windows\System32\drivers\dmvsc.sys 82A7C72593793FE1EADA7A305BD1567A C:\Windows\system32\drivers\drmkaud.sys 9C7C183F937951AE17C5B8B3259CF3FF C:\Windows\System32\drivers\dxgkrnl.sys E6AF4DF1817953D73C519B17CF849756 C:\Windows\System32\drivers\evbda.sys 5AB97B3282D7D6114949D1EB5C8598E4 C:\Windows\System32\drivers\EhStorClass.sys 66D60BD9A4C05616ABECA2A901475098 C:\Windows\System32\drivers\EhStorTcgDrv.sys A61D0F543024E458C0FE32352E1978E2 C:\Windows\System32\drivers\errdev.sys D790D058D67582DB9C84C2D33695FE6B C:\Windows\system32\DRIVERS\ETD.sys 9CB5DAEDEC3C7CCD5FAFA263A75B363C C:\Windows\system32\DRIVERS\ew_hwusbdev.sys 86F7951BBCEE4A86E79A97306BD14318 C:\Windows\System32\drivers\ew_usbenumfilter.sys FF82FE59664304F75FC56EC0E92796F0 C:\Windows\System32\Drivers\exfat.sys 7A4D6FEB8C52B3FE855E4DCDF9107E03 C:\Windows\System32\Drivers\fastfat.sys 60996602A7111FD2D086E803F33E4282 C:\Windows\System32\drivers\fdc.sys 73B2D11DF0B6E03A0CB0323218ACB3E4 C:\Windows\System32\drivers\fileinfo.sys 88A9EBACD1058ABB237A6B4E96E7F397 C:\Windows\System32\drivers\filetrace.sys 9E4EE3A0B00FF7D5F42A4AF9744CBA02 C:\Windows\System32\drivers\flpydisk.sys B1D4C168FF7B8579E3745888658FFB1D C:\Windows\System32\drivers\fltmgr.sys B33EC133AE4E6C1881D2302D93D2467D C:\Windows\System32\drivers\FsDepends.sys A5F7873A39E4E9FAAAE59B7E9E36B705 C:\Windows\System32\Drivers\Fs_Rec.sys A6DD7D491F587F4BC13FB972977DC8E8 C:\Windows\System32\DRIVERS\fvevol.sys C1646A95EAC515F60CDB2A7A8A013C1E C:\Windows\System32\drivers\fxppm.sys A969D92973DFA895E7776B4BFE36DBB2 C:\Windows\System32\drivers\gagp30kx.sys 52BC441E07A827EBAB70CDC7EAEDB28D C:\Windows\System32\drivers\vmgencounter.sys 721F8EEF5E9747F32670DEFF7FB92541 C:\Windows\System32\Drivers\msgpioclx.sys FC2B8B06BDBD3B6457F5A3DA9AD2410E C:\Windows\system32\drivers\HdAudio.sys 630555943E5A3FE21010CE91EC7FC84F C:\Windows\System32\drivers\HDAudBus.sys 3865C4E388B31940C8BB9F73D9738E93 C:\Windows\System32\drivers\HidBatt.sys 3F76BBA53D65E85A7F53E7A71082082C C:\Windows\System32\drivers\hidbth.sys 085F150D002B7F0153D3C06DDF33A143 C:\Windows\System32\drivers\hidi2c.sys CC4A07E51D89575CAB6F4EB590D87CD4 C:\Windows\System32\drivers\hidir.sys DC96F7DACB777CDEAEF9958A50BFDA06 C:\Windows\System32\drivers\hidusb.sys 012C354B4AB48E9A7A657DF39E3A2073 C:\Windows\System32\drivers\HpSAMD.sys 64DB7A8D97CA53DCCF93D0A1E08342CF C:\Windows\System32\drivers\HTTP.sys F4A91D985EB9D1D2717D538F3424603C C:\Windows\system32\DRIVERS\ew_jucdcacm.sys 4205571B46BAF3A43D43A9804810DF9A C:\Windows\System32\drivers\ew_jubusenum.sys F6C1661C55EAAD2DD9FBB37D5DF1A011 C:\Windows\System32\drivers\ew_juextctrl.sys F7D991E5EA0433DBAEEE186CAD2BEBC9 C:\Windows\system32\DRIVERS\ew_juwwanecm.sys 06D9644E6BD7AD1C18B78D4D4EE87586 C:\Windows\System32\drivers\hwpolicy.sys 2A98301068801700906C06649860FE94 C:\Windows\System32\drivers\hyperkbd.sys DC76901D82097C9E297F20C287CB9A27 C:\Windows\system32\DRIVERS\HyperVideo.sys 716413AB3CA12DE0A7222D28C1C9352C C:\Windows\System32\drivers\i8042prt.sys C9E9CBF73AFFBFE3E801EFB516787BA3 C:\Windows\System32\drivers\iaStorV.sys 5E394EBD26FD68AA9300332C46BEDD62 C:\Windows\System32\drivers\iirsp.sys 24847A06B84339FEEDE5CABF3D27D320 C:\Windows\system32\drivers\RTKVHD64.sys 7D7711B0F972C73AE46105B42092D82E C:\Windows\System32\drivers\intelide.sys 4F37726CF764CA18A8A84F85EF3A7F24 C:\Windows\System32\drivers\intelppm.sys E15CDF68DD73423F15D4AC404793AF0D C:\Windows\System32\DRIVERS\ipfltdrv.sys 8FCA66234A0933D796BB780B7953BAB9 C:\Windows\System32\drivers\IPMIDrv.sys A4071DA3AE419F9694BFCB267C7DB8D7 C:\Windows\System32\drivers\ipnat.sys 3969B9C218DD3FAA9F4ED2FFC3651C02 C:\Windows\System32\drivers\irenum.sys 25CD7C4BB2863FFC2B0B311F0AEBF77C C:\Windows\System32\drivers\isapnp.sys D940C5BB9DC92E588533C19ABCC3D2C2 C:\Windows\System32\drivers\msiscsi.sys E6530FD4F61B40F338BF4355A21B9A09 C:\Windows\System32\drivers\kbdclass.sys 8FBD94B69D6423E20ABCD59D86368B21 C:\Windows\System32\drivers\kbdhid.sys E88C932ABDF8185A62C8F2FC7B051FB6 C:\Windows\system32\DRIVERS\kdnic.sys FB6C185092E18011EF49989425C2AA87 C:\Windows\System32\Drivers\ksecdd.sys 8B3EB6372436195B8EA8AE09A184BCE2 C:\Windows\System32\Drivers\ksecpkg.sys 3DD9C86EA88E8B5A51904AD87E1F2E78 C:\Windows\system32\drivers\ksthunk.sys 81492FEEBF2F26455B00EE8DBAE8A1B0 C:\Windows\system32\DRIVERS\lltdio.sys CEEFD29FC551F289810B0B9381B321DC C:\Windows\System32\drivers\LMDriver.sys 95DD1E89A772A383E0FDC677A2E2ED44 C:\Windows\System32\drivers\lsi_sas.sys 022CDD12161B063D7852B1075BF3FFF2 C:\Windows\System32\drivers\lsi_sas2.sys 07AD59D669B996F29F91817F0ECFA34F C:\Windows\System32\drivers\lsi_scsi.sys 216FB796AA4E252ACCE93B1BCB80B5EC C:\Windows\System32\drivers\lsi_sss.sys 5E80530AF37102488EE980B4A92AF99F C:\Windows\system32\drivers\luafv.sys 2BDC5D711FA61307CE6190D47C956368 C:\Windows\system32\drivers\mbamchameleon.sys 12C1D2B46EB98B08AB573A8EC8AF84AD C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910 C:\Windows\System32\drivers\megasas.sys 9B0D829C3BE4E7472DB9DD2B79908E3C C:\Windows\System32\drivers\MegaSR.sys ECC3F54C7AFC318271C4F0B4606D8DB0 C:\Windows\system32\drivers\mfeapfk.sys 3D7E3F388680F1F854599C73D8AAF535 C:\Windows\System32\drivers\mfehidk.sys 514EC1C14BA51CE6B8F60AEFE390CA3E C:\Windows\System32\drivers\modem.sys 780098AD5DA8A4822E2563984C85EF7B C:\Windows\System32\drivers\monitor.sys EA8EAD3F5B762F889CC7F3966625B48B C:\Windows\System32\drivers\mouclass.sys 618446B98C79776654340CE27C73485E C:\Windows\System32\drivers\mouhid.sys C0ADEBED913295803B579ED288936CBB C:\Windows\System32\drivers\mountmgr.sys 89D263DBF08119CE16273991C120D6DD C:\Windows\System32\drivers\mpsdrv.sys 4CCBBD4944777CA100B9A6C2F149A46F C:\Windows\system32\drivers\mrxdav.sys 3D70147F55F1EC84EB9139ED7FFE48BC C:\Windows\System32\DRIVERS\mrxsmb.sys 7A761AEE58658378BBA45D360F874CB0 C:\Windows\System32\DRIVERS\mrxsmb10.sys 06D5F2FA3C61E8EA91648EA8E9F99FD3 C:\Windows\System32\DRIVERS\mrxsmb20.sys 697B78CE3925E4FBFC544232A5E9E2EB C:\Windows\system32\DRIVERS\bridge.sys 98487487D6B3797CA927E9D7B030AE13 C:\Windows\System32\Drivers\Msfs.sys 3886F1F2A4D2900ABAA7E4486BEEE6A2 C:\Windows\System32\drivers\msgpiowin32.sys C32A7A39B960A42BA9D4FBE47213CA03 C:\Windows\System32\drivers\mshidkmdf.sys D3857A767B91A061B408CCAB02DA4F40 C:\Windows\System32\drivers\mshidumdf.sys 839B48910FB1E887635C48F3EC11A05E C:\Windows\System32\drivers\msisadrv.sys 55C0DB741E3AB7463242B185B1C2997C C:\Windows\system32\drivers\MSKSSRV.sys 509809566E49F4411055864EA8D437CD C:\Windows\system32\DRIVERS\mslldp.sys 63145201D6458E4958E572E7D6FC2604 C:\Windows\system32\drivers\MSPCLOCK.sys 99D526E803DB6D7FF290FD98B6204641 C:\Windows\system32\drivers\MSPQM.sys 06FA77C3E2A491ADCD704C5E73006269 C:\Windows\System32\Drivers\MsRPC.sys E134EC4DE11CF78CB01432D180710D84 C:\Windows\System32\drivers\mssmbios.sys B5AECF12F09DEE97C9FCAA5BA016CE1E C:\Windows\system32\drivers\MSTEE.sys 72D66A05E0F99F2528F6C6204FD22AA1 C:\Windows\System32\drivers\MTConfig.sys 8AAAE399FC255FA105D4158CBA289001 C:\Windows\System32\Drivers\mup.sys 3BCB702F3E6CC622DCAFCAA45D7CDE0A C:\Windows\System32\drivers\mvumis.sys 3A1E095277BBD406CEA8EA6B76950664 C:\Windows\system32\DRIVERS\nwifi.sys 43D7388A90A4C6EA346A4D6FF0377479 C:\Windows\System32\drivers\ndis.sys A10E176F3B2BF83EDE7B5C4658C93B66 C:\Windows\system32\DRIVERS\ndiscap.sys 39C8A1D9D46F5E83A016BCAB72455284 C:\Windows\system32\DRIVERS\NdisImPlatform.sys 762941932B7E4C588E48A577BA9D6440 C:\Windows\system32\DRIVERS\ndistapi.sys 7A6F8A6D0E01432EBA294EF29CDD0FA7 C:\Windows\system32\DRIVERS\ndisuio.sys 79AB68BB3FFF974AD4F41FA559F4EC67 C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8 C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8 C:\Windows\System32\Drivers\NDProxy.sys 3730942D7DB2F8BB5F84542B7FF6F650 C:\Windows\System32\drivers\Ndu.sys D3F60A4345FCA9C1BE68AD7D0D6DE770 C:\Windows\System32\DRIVERS\netbios.sys 7C203A76394F9AE68F69EEE5F9612C4A C:\Windows\System32\DRIVERS\netbt.sys 7CEC25C682D319D484630B3952C31A11 C:\Windows\System32\drivers\nfrd960.sys 12DD2800E4EEA37DC9AE256AD62423B4 C:\Windows\System32\drivers\NPF.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\NPF.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys 17E19A742FB30C002F8B43575451DBE1 C:\Windows\System32\drivers\npsvctrig.sys 8ED299C30792544264E558BEA79F0947 C:\Windows\System32\drivers\nsiproxy.sys 689B3B1E95C70ABF7AFF29F9406EF1E0 C:\Windows\System32\Drivers\Ntfs.sys 7BE3EDFFA3216F989A6BDCB14795DD08 C:\Windows\System32\Drivers\Null.sys 4163ADE07DB51843AE31F65B94F5398D C:\Windows\System32\drivers\nvraid.sys D6D34118263412D3AAA8348A9572B7F2 C:\Windows\System32\drivers\nvstor.sys 27AFC428D1D32ABD04A86763A4EDDEA9 C:\Windows\System32\drivers\nv_agp.sys 051CFB5107BAAE510419BDC41F8C4036 C:\Windows\System32\drivers\parport.sys 4563DAF8C6A740AD7F501E219BD10766 C:\Windows\System32\drivers\partmgr.sys D6ACCF9F2EEEEA711C14EFD976E573F3 C:\Windows\System32\drivers\pci.sys 4A003E8F718C1E6A2050CA98CD53E3E2 C:\Windows\System32\drivers\pciide.sys F9908D274D458220F91E89B54D78D837 C:\Windows\System32\drivers\pcmcia.sys 84D19CB6102627932DCB5DFDF89FE269 C:\Windows\System32\drivers\pcw.sys CEBBAD5391C2644560C55628A40BFD27 C:\Windows\System32\drivers\pdc.sys 0698DEDEAD6A00AD0D468C687D830FBF C:\Windows\System32\drivers\peauth.sys 61FE70659CD43E07F94DA4DC31DEC493 C:\Windows\system32\DRIVERS\raspptp.sys 362D47E5B4D67270DE4B8606036F4ADD C:\Windows\System32\drivers\processr.sys DD979EB6A7212F60E4AFBE96EDC7AE6D C:\Windows\system32\DRIVERS\pacer.sys EB8034147D4820CD31BFCB11A2A652DF C:\Windows\system32\drivers\qwavedrv.sys 13D47BB0CCA2FC51BD15F8E85C6A078E C:\Windows\System32\drivers\RadioShim.sys E94067155C8AA4EF134CB2528E0C9CD7 C:\Windows\System32\DRIVERS\rasacd.sys 873C60F8178100557740A832FCE10B5F C:\Windows\system32\DRIVERS\AgileVpn.sys 69B93F623B130976243ECA3D84CC99CA C:\Windows\system32\DRIVERS\rasl2tp.sys A14D625C5AEE5FFE0F47D1A1D419FAAE C:\Windows\system32\DRIVERS\raspppoe.sys 00695B9C2DB6111064499C529E90C042 C:\Windows\system32\DRIVERS\rassstp.sys A7F24D8CD1956B0A1FDCB86CC5114DE4 C:\Windows\System32\DRIVERS\rdbss.sys CA03D642ACE58E1BA54E4B383F91CD69 C:\Windows\System32\drivers\rdpbus.sys CA7DF5EC95D8DE0DD24BE7FF97369F68 C:\Windows\System32\drivers\rdpdr.sys B2A3AD74FF2E2FFA73AF2567108231B3 C:\Windows\System32\drivers\rdpvideominiport.sys 57F4787E4602A3FCA719C0A33137C6DA C:\Windows\System32\Drivers\RDPWD.sys B3CB0721E81E30419CE7D837EF4EA151 C:\Windows\System32\drivers\rdyboost.sys 62C1F8A0685FE07E998AA296C4F697C4 C:\Windows\System32\drivers\rfcomm.sys CCBFCABDFE2BC22F0645CEAADDB36004 C:\Windows\system32\DRIVERS\rspndr.sys E04E770DD198B9399640717145E79EBF C:\Windows\System32\drivers\vms3cap.sys 752EC7DCD2F96871A3857EEE6AFE965A C:\Windows\System32\drivers\sbp2port.sys 9C7B28CE0D136DB226E24DB3BC817F92 C:\Windows\System32\DRIVERS\scfilter.sys 5D7733A12756B267FCA021672B26BC9E C:\Windows\System32\drivers\sdbus.sys F58B030A0664385C707B8C1C63682041 C:\Windows\System32\drivers\sdstor.sys BB107AA9980B0DA4E19A3A90C3BD4460 C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\System32\drivers\SerCx.sys 87C46B239A7EEF30FDFDD5E9BD46130C C:\Windows\System32\drivers\serenum.sys 7A1F9347C85FD55E39B8A76B3A25C5AD C:\Windows\System32\drivers\serial.sys F640A0A218BBF857F1D04A15D7D939F6 C:\Windows\System32\drivers\sermouse.sys F1A5F56B2620B862CC28FF96A0A6DAAB C:\Windows\System32\drivers\sfloppy.sys 7EE65419B29302C795714FF8073969A1 C:\Windows\System32\drivers\SiSRaid2.sys 2560721D6F16D5B611C36A3A9D28C1B2 C:\Windows\System32\drivers\sisraid4.sys 3AA8FDE1DBF65BB8B88B053529554A0D C:\Windows\System32\drivers\spaceport.sys 9110193D93960E38B8692E4519C75D72 C:\Windows\System32\drivers\SpbCx.sys 3D8679C8DF52EB26EB7583A4E0A29202 C:\Windows\System32\DRIVERS\srv.sys 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 C:\Windows\System32\DRIVERS\srv2.sys 8504ADDE9C146C6295B16D13A0007560 C:\Windows\System32\DRIVERS\srvnet.sys BB0F9E19C5CE4DC765B263E2A5561DE1 C:\Windows\System32\drivers\stexstor.sys 4E85355B94CFCB67C135F6521A4895A7 C:\Windows\System32\drivers\storahci.sys B240874B2CA0CD02E8CD11E140B14C57 C:\Windows\System32\DRIVERS\vmstorfl.sys F74DBC95A57B1EE866D3732EB5F79BE2 C:\Windows\System32\drivers\storvsc.sys 543CD3CC0E05B8D8815E0D4F040B6F59 C:\Windows\System32\drivers\swenum.sys 4AFD66AAE74FFB5986BC240744DC5FC9 C:\Windows\System32\drivers\tcpip.sys 0E0C16EE82E2F4EBC2FBCA24C8F00D9E C:\Windows\system32\DRIVERS\tcpip.sys 0E0C16EE82E2F4EBC2FBCA24C8F00D9E C:\Windows\System32\drivers\tcpipreg.sys 8F2A13A5DF99D72FDDE87F502A66F989 C:\Windows\System32\DRIVERS\tdx.sys 73DC722CE5DF26D7638CE2446F2655C7 C:\Windows\System32\drivers\terminpt.sys F7C8AB5D8AFFAA318D6A21093D139BF4 C:\Windows\system32\drivers\tpm.sys E94F7A7B48C7638D1F3F8089344C97B7 C:\Windows\System32\drivers\tsusbflt.sys 4E7C5FB10A50435523DE0CAA37DE2BD3 C:\Windows\System32\drivers\TsUsbGD.sys 16D684A820872EE54F6370703AC0B513 C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys 45427C4B8CAC6B241478F149B935CD80 C:\Windows\system32\DRIVERS\tunnel.sys 78C9EE193AC2B4CBDBC48B620314D740 C:\Windows\System32\drivers\uagp35.sys 6D4F67CA56ACA2085DFA2CD89EAFBC1A C:\Windows\System32\drivers\uaspstor.sys 6FD6D03B7752C78712E5CFF29A305026 C:\Windows\System32\drivers\ucx01000.sys 061BA3EE0D2BE17944990544008CF190 C:\Windows\System32\DRIVERS\udfs.sys 25C50F4EDF70D0A831E0566BD181CCF2 C:\Windows\System32\drivers\uliagpkx.sys 07FEBCDF24FABA0D47B635D85A0FFB7A C:\Windows\System32\drivers\umbus.sys 02CEB3FE6152668A7BA420B93B664860 C:\Windows\System32\drivers\umpass.sys 991EE6B5FC41EAEF99C8AF5B92F2CA09 C:\Windows\System32\drivers\usbccgp.sys C976C4306F9AE133D6BBD47FDFC3BF92 C:\Windows\System32\drivers\usbcir.sys 427B6DB8C05A5A977E8C3525370A2595 C:\Windows\System32\drivers\usbehci.sys B24FDEB1B18496F1B463782235AA3AF1 C:\Windows\system32\DRIVERS\usbfilter.sys 504901430B6E03B99EBB6BF26E0868C6 C:\Windows\System32\drivers\usbhub.sys F8C2A832DF9403F5EA8080CBDBDA95FB C:\Windows\System32\drivers\UsbHub3.sys E5F7328B1D29BCE791862CD3C0DD382A C:\Windows\System32\drivers\usbohci.sys 325F6179009B5A7F6118951A5BA422AB C:\Windows\System32\drivers\usbprint.sys 9FDBA6982582A6F2354144980F641E7B C:\Windows\System32\drivers\usbscan.sys AD91D1BBE5D3CF4501887DC1C09384FD C:\Windows\System32\drivers\USBSTOR.SYS BFC7FE4AAEB61317A921871B4085EF4B C:\Windows\System32\drivers\usbuhci.sys 1ABF657259DB57F7E5558E4DF1357C0C C:\Windows\System32\Drivers\usbvideo.sys 9EF7C01D3ACCBC243B5CB1A95865B2FF C:\Windows\System32\drivers\USBXHCI.SYS 8DC398D7B8E02C929A2096E74A170970 C:\Windows\System32\drivers\vdrvroot.sys BACECBFF9C97F7627A60B0E0F1FE7EE8 C:\Windows\System32\drivers\VerifierExt.sys 74FA2D4368DE6F6CE14393EDF1F342BE C:\Windows\System32\drivers\vhdmp.sys 500BE6B2E49883720D0AE8BB859ED7A3 C:\Windows\System32\drivers\viaide.sys F5B4A14B00E89250C50982AC762DDD1D C:\Windows\System32\drivers\vmbus.sys 78DB50F7329F6D1311658DABFFFC8BE0 C:\Windows\System32\drivers\VMBusHID.sys ECFEE2F2BA3932C7880D1A8F67D68F91 C:\Windows\System32\drivers\volmgr.sys CB60FAAED8B49B812EBBF77EB87D9B18 C:\Windows\System32\drivers\volmgrx.sys A74101DA9809251BCD0E5A26BAE0F824 C:\Windows\System32\drivers\volsnap.sys 78A5BBA3819FFFC62FFEC3E2220D102D C:\Windows\System32\drivers\vpci.sys A8DA1C1B52ECEA3726DEBED4FF1B700D C:\Windows\System32\drivers\vsmraid.sys 38A60CD9C009C55C6D3B5586F8E6A353 C:\Windows\System32\drivers\vstxraid.sys A0F6FE0FC2F647C22BBFD6BD4249DBCC C:\Windows\System32\drivers\vwifibus.sys 62460A45435A26A334907E3F2EA45611 C:\Windows\system32\DRIVERS\vwififlt.sys 095E943D27025E4D588AF0A72CC2318F C:\Windows\system32\DRIVERS\vwifimp.sys 73FA1A41A97A5C34ADC03B3577FF1A86 C:\Windows\System32\drivers\wacompen.sys 6B806E893714019969E2B50D7EF6A4D9 C:\Windows\system32\DRIVERS\wanarp.sys 61F6972FF9AC9A8D0B4D62076DC30051 C:\Windows\system32\DRIVERS\wanarp.sys 61F6972FF9AC9A8D0B4D62076DC30051 C:\Windows\System32\drivers\wd.sys B3A4D918DAB90505B6BC7B70632913CB C:\Windows\system32\drivers\WdBoot.sys 3772FF85F0098686B0DCD77076AE0786 C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\system32\drivers\WdFilter.sys AB6F7DE8BFBF61A42F8764D9A621BD8B C:\Windows\System32\DRIVERS\wfplwfs.sys 44BB9C31E6242C4BD1CE7C2B440C2533 C:\Windows\System32\drivers\wimmount.sys A3C7624A42A3447EF5EDD1ED37FE4E60 C:\Windows\System32\drivers\wmiacpi.sys E2A596CACFC6504306CDB7B593B90084 C:\Windows\System32\DRIVERS\wpcfltr.sys C6FF953D5D6F2EAE3B8883474D5076B3 C:\Windows\System32\drivers\WpdUpFltr.sys 0346CAFC181C91C6E2330332EB332ED6 C:\Windows\system32\drivers\ws2ifsl.sys BC8B5CB336E63BB25EAD1CE8EDD34B81 C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\drivers\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-15 15:07 - 2014-06-15 15:10 - 01333465 _____ () C:\Users\Aspire\Downloads\AdwCleaner.exe 2014-06-15 13:45 - 2014-06-15 13:47 - 00038882 _____ () C:\Users\Aspire\Downloads\Addition.txt 2014-06-15 13:43 - 2014-06-15 15:42 - 00036659 _____ () C:\Users\Aspire\Downloads\FRST.txt 2014-06-15 13:43 - 2014-06-15 15:41 - 00000000 ____D () C:\FRST 2014-06-15 13:40 - 2014-06-15 15:40 - 02081792 _____ (Farbar) C:\Users\Aspire\Downloads\FRST64.exe 2014-06-15 10:07 - 2014-06-15 11:12 - 00010374 _____ () C:\Users\Aspire\Desktop\avgrep.txt 2014-06-15 09:51 - 2014-06-15 09:51 - 00000241 _____ () C:\Users\Aspire\Desktop\How To Boot Into Safe Mode On Windows 8 (The Easy Way).url 2014-06-15 09:51 - 2014-06-15 09:51 - 00000000 ____D () C:\Windows\pss 2014-06-15 08:34 - 2014-06-15 08:34 - 00000193 _____ () C:\Users\Aspire\Desktop\yahoo answers - Google Search.url 2014-06-15 08:10 - 2014-06-15 08:19 - 00849064 _____ () C:\Users\Aspire\Downloads\tdsskiller.zip 2014-06-15 08:06 - 2014-06-15 08:09 - 02195988 _____ () C:\Users\Aspire\Desktop\tdsskiller-2-8-14-0.zip 2014-06-13 18:53 - 2014-06-14 05:06 - 109501208 _____ (Microsoft Corporation) C:\Users\Aspire\Downloads\msert.exe 2014-06-12 20:51 - 2014-05-03 13:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-06-12 20:51 - 2014-05-03 13:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-06-12 20:51 - 2014-05-03 11:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-06-12 20:51 - 2014-05-02 05:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-06-12 20:51 - 2014-04-30 05:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe 2014-06-12 20:51 - 2014-04-30 05:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe 2014-06-12 20:51 - 2014-04-24 06:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-06-12 20:51 - 2014-04-24 06:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-06-12 20:51 - 2014-04-24 06:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-06-12 20:51 - 2014-04-24 06:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-06-12 20:51 - 2014-02-08 11:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys 2014-06-12 19:47 - 2014-06-12 19:47 - 00280752 _____ () C:\Windows\Minidump\061214-43087-01.dmp 2014-06-12 19:46 - 2014-06-12 19:46 - 435089771 _____ () C:\Windows\MEMORY.DMP 2014-06-12 19:45 - 2014-06-12 19:45 - 00016712 _____ () C:\Windows\system32\Drivers\PROCEXP113.SYS 2014-06-12 19:44 - 2014-06-12 19:45 - 00000000 ___SD () C:\32788R22FWJFW 2014-06-12 19:23 - 2014-05-24 09:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-12 19:23 - 2014-05-24 09:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-12 19:23 - 2014-05-24 09:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-12 19:23 - 2014-05-24 09:47 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-06-12 19:23 - 2014-05-24 09:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-06-12 19:23 - 2014-05-24 09:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-12 19:23 - 2014-05-24 09:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-12 19:23 - 2014-05-24 09:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-06-12 19:23 - 2014-05-24 09:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-12 19:23 - 2014-05-24 09:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-12 19:23 - 2014-05-24 09:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-06-12 19:23 - 2014-05-24 09:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-12 19:23 - 2014-05-24 09:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-12 19:23 - 2014-05-24 09:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-12 19:23 - 2014-05-24 09:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-12 19:23 - 2014-05-24 09:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-12 19:23 - 2014-05-24 09:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-12 19:23 - 2014-05-24 09:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-12 19:23 - 2014-05-24 08:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-12 19:23 - 2014-05-24 08:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-12 19:23 - 2014-05-24 08:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-12 19:23 - 2014-05-24 08:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-12 19:23 - 2014-05-24 08:26 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-06-12 19:23 - 2014-05-24 08:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-12 19:23 - 2014-05-24 08:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-12 19:23 - 2014-05-24 08:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-12 19:23 - 2014-05-24 08:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-12 19:23 - 2014-05-24 08:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-06-12 19:23 - 2014-05-24 08:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-12 19:23 - 2014-05-24 08:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-12 19:23 - 2014-05-24 08:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-12 19:23 - 2014-05-24 08:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-12 19:23 - 2014-05-24 08:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-12 19:23 - 2014-05-24 05:37 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-06-12 19:22 - 2014-05-24 09:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-12 19:22 - 2014-05-24 09:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-12 19:22 - 2014-05-24 08:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-12 19:22 - 2014-05-24 08:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-12 19:22 - 2014-05-24 08:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-12 19:22 - 2014-05-24 08:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-12 19:22 - 2014-05-24 08:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-06-12 18:14 - 2014-06-15 15:16 - 00002688 _____ () C:\Windows\PFRO.log 2014-06-12 17:47 - 2014-06-12 17:57 - 00886288 _____ (Microsoft Corporation) C:\Users\Aspire\Downloads\mssstool64.exe 2014-06-12 17:47 - 2014-04-03 18:19 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2014-06-12 17:47 - 2014-04-03 10:44 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2014-06-12 17:47 - 2014-04-01 05:08 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml 2014-06-12 17:47 - 2014-03-25 06:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe 2014-06-12 17:47 - 2014-03-25 05:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe 2014-06-12 17:40 - 2014-04-30 05:32 - 01301504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-06-12 17:40 - 2014-04-30 05:22 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-06-12 17:38 - 2014-04-03 18:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-12 17:35 - 2014-05-03 12:47 - 03246592 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-06-12 17:35 - 2014-05-03 10:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-06-12 17:34 - 2014-03-07 07:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-12 17:34 - 2014-03-07 07:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-12 12:43 - 2014-06-12 17:52 - 02898547 _____ (Malwarebytes Corp.) C:\Users\Aspire\Downloads\mbar-1.07.0.1012 (2).exe 2014-06-11 13:54 - 2014-06-11 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol 2014-06-11 13:54 - 2014-06-11 13:59 - 00000000 ____D () C:\ProgramData\InstallMate 2014-06-11 13:54 - 2014-06-11 13:54 - 00000000 ____D () C:\Users\Aspire\AppData\Roaming\WinPatrol 2014-06-11 13:54 - 2014-06-11 13:54 - 00000000 ____D () C:\Program Files (x86)\BillP Studios 2014-06-11 13:52 - 2014-06-11 13:53 - 01064488 _____ (BillP Studios) C:\Users\Aspire\Downloads\wpsetup.exe 2014-06-11 13:22 - 2014-06-15 15:32 - 01021845 _____ () C:\Windows\WindowsUpdate.log 2014-06-11 12:41 - 2014-06-11 12:43 - 01676518 _____ (Malwarebytes Corp.) C:\Users\Aspire\Downloads\mbar-1.07.0.1012 (1).exe 2014-06-11 12:20 - 2014-06-11 12:29 - 07807057 _____ (Malwarebytes Corp.) C:\Users\Aspire\Downloads\mbar-1.07.0.1012.exe 2014-06-11 07:23 - 2014-06-11 07:23 - 00194823 _____ () C:\Users\Aspire\Documents\MLC Update.oxps 2014-06-11 06:02 - 2014-06-11 06:02 - 00307584 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-06-10 11:00 - 2014-06-10 11:00 - 00009402 _____ () C:\Users\Aspire\Documents\cc_20140610_110053.reg 2014-06-10 09:08 - 2014-06-10 09:08 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-10 09:08 - 2014-06-10 09:08 - 00000000 ____D () C:\Users\Aspire\AppData\Roaming\Malwarebytes 2014-06-10 09:08 - 2014-06-10 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-06-10 09:08 - 2014-06-10 09:08 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-10 09:08 - 2014-06-10 09:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-06-10 09:08 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-10 08:04 - 2014-06-10 08:07 - 01823074 _____ (Crawler, LLC ) C:\Users\Aspire\Downloads\SpywareTerminatorSetup.exe 2014-06-10 07:11 - 2014-06-10 07:16 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Aspire\Downloads\rkill.com 2014-06-10 06:58 - 2014-06-10 06:58 - 00000189 _____ () C:\Users\Aspire\Desktop\Malwarebytes Forum.url 2014-06-10 06:24 - 2014-06-10 06:24 - 00000000 ____D () C:\Users\Aspire\Downloads\mbam-chameleon-2.0.26.0 (1) 2014-06-10 06:11 - 2014-06-10 06:11 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Aspire\Downloads\mbam-clean-2.0.2.0 (1).exe 2014-06-09 20:10 - 2014-06-09 20:10 - 00018271 _____ () C:\combo fix.txt 2014-06-09 20:08 - 2014-06-15 15:42 - 00000000 ____D () C:\Users\Aspire\AppData\Local\temp 2014-06-09 20:08 - 2014-06-09 20:08 - 00018271 _____ () C:\ComboFix.txt 2014-06-09 20:08 - 2014-06-09 20:08 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-06-09 20:08 - 2014-06-09 20:08 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-06-09 20:08 - 2014-06-09 20:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-06-09 19:28 - 2014-06-10 05:58 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-09 19:25 - 2014-06-09 19:25 - 04793000 _____ () C:\Users\Aspire\Downloads\mbam-chameleon-2.0.26.0.zip 2014-06-09 19:07 - 2014-06-09 19:07 - 00001205 _____ () C:\Users\Aspire\Downloads\FixNCR.reg 2014-06-09 08:07 - 2014-06-09 08:07 - 00000974 _____ () C:\Users\Aspire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ComboFix_14_4_30_1.lnk 2014-06-09 08:07 - 2014-06-09 08:07 - 00000974 _____ () C:\Users\Aspire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ComboFix_14_4_30_1 (2).lnk 2014-06-09 07:22 - 2011-06-26 13:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-06-09 07:22 - 2010-11-08 00:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-06-09 07:22 - 2009-04-20 11:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-06-09 07:22 - 2000-08-31 07:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-06-09 07:22 - 2000-08-31 07:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-06-09 07:22 - 2000-08-31 07:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe 2014-06-09 07:22 - 2000-08-31 07:00 - 00098816 _____ () C:\Windows\sed.exe 2014-06-09 07:22 - 2000-08-31 07:00 - 00080412 _____ () C:\Windows\grep.exe 2014-06-09 07:22 - 2000-08-31 07:00 - 00068096 _____ () C:\Windows\zip.exe 2014-06-09 07:21 - 2014-06-09 20:08 - 00000000 ____D () C:\Qoobox 2014-06-09 07:21 - 2014-06-09 19:57 - 00000000 ____D () C:\Windows\erdnt 2014-06-09 07:12 - 2014-06-09 07:18 - 05197895 ____R (Swearware) C:\Users\Aspire\Downloads\ComboFix_14_4_30_1.exe 2014-06-08 17:22 - 2014-06-13 19:10 - 00000000 ____D () C:\Users\Aspire\AppData\Roaming\Wise Disk Cleaner 2014-06-08 17:21 - 2014-06-08 17:21 - 00001208 _____ () C:\Users\Public\Desktop\Wise Disk Cleaner.lnk 2014-06-08 17:21 - 2014-06-08 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner 2014-06-08 17:21 - 2014-06-08 17:21 - 00000000 ____D () C:\Program Files (x86)\Wise 2014-06-08 17:17 - 2014-06-08 17:21 - 02439904 _____ (WiseCleaner.com ) C:\Users\Aspire\Downloads\WDCFree (1).exe 2014-06-08 09:23 - 2014-06-08 09:23 - 00000000 ____D () C:\Users\Aspire\Downloads\mbam-chameleon-3.1.4.0 2014-06-08 09:08 - 2014-06-08 09:09 - 00000000 ____D () C:\Users\Aspire\AppData\Roaming\GetRightToGo 2014-06-08 07:40 - 2014-06-08 07:40 - 00000000 ____D () C:\Users\Aspire\AppData\Roaming\Nico Mak Computing 2014-06-08 07:39 - 2014-06-08 07:40 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2014-06-08 07:39 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe 2014-06-06 06:04 - 2014-06-06 06:04 - 00000452 _____ () C:\Users\Aspire\Documents\AER BANKING.txt 2014-06-02 19:56 - 2014-06-06 08:01 - 00000184 _____ () C:\Users\Aspire\Desktop\forum-.url 2014-06-02 06:52 - 2014-06-02 06:52 - 00000085 _____ () C:\Windows\wininit.ini 2014-05-31 16:55 - 2014-06-02 06:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-05-31 16:55 - 2014-06-02 06:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-31 16:55 - 2014-05-31 16:55 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-05-31 12:58 - 2014-05-31 13:06 - 00771306 _____ ( ) C:\Users\Aspire\Downloads\PDF_Creator.exe.mtughlu.partial 2014-05-30 08:06 - 2014-06-11 08:23 - 00002993 _____ () C:\Users\Aspire\Documents\AUSTRALIAN TOURIST VISA EXTRA DETAILS.txt 2014-05-30 06:14 - 2014-05-30 06:14 - 00000549 _____ () C:\Users\Aspire\Documents\PERSONAL DETAILS.txt 2014-05-26 17:28 - 2014-05-26 17:28 - 00000176 _____ () C:\Users\Aspire\Desktop\NSW GREYS.url 2014-05-24 15:06 - 2014-05-24 16:27 - 00000171 _____ () C:\Users\Aspire\Downloads\playlist.m3u8 2014-05-20 15:12 - 2014-05-20 15:12 - 00000291 _____ () C:\Users\Aspire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RECYCLE (2).lnk 2014-05-20 14:03 - 2014-05-20 14:03 - 00000299 _____ () C:\Users\Aspire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MY COMPUTER (2).lnk 2014-05-18 12:19 - 2014-05-18 16:15 - 00000222 _____ () C:\Users\Aspire\Desktop\VIC GREYS.url 2014-05-17 06:46 - 2014-05-31 12:16 - 00703992 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-17 06:46 - 2014-05-31 12:16 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-16 18:48 - 2014-04-12 16:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-16 18:48 - 2014-04-12 16:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-16 18:48 - 2014-04-12 16:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll 2014-05-16 18:48 - 2014-04-12 16:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2014-05-16 18:48 - 2014-04-12 16:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-16 18:48 - 2014-04-12 16:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-16 18:48 - 2014-04-12 16:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-16 18:48 - 2014-04-12 16:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-16 18:48 - 2014-04-12 16:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll 2014-05-16 18:48 - 2014-04-12 16:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-16 18:48 - 2014-04-12 16:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-16 18:48 - 2014-04-12 14:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll 2014-05-16 18:48 - 2014-04-12 14:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2014-05-16 18:48 - 2014-04-12 14:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-16 18:48 - 2014-04-12 14:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-16 18:48 - 2014-04-12 14:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-16 18:48 - 2014-04-12 14:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-16 18:48 - 2014-04-12 14:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-16 18:48 - 2014-04-12 13:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll 2014-05-16 18:48 - 2014-03-11 10:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-16 18:48 - 2014-03-11 07:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-16 18:48 - 2014-03-11 07:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-16 18:48 - 2014-03-11 07:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-16 18:48 - 2014-03-11 07:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-16 18:48 - 2014-03-11 07:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-16 18:48 - 2014-03-11 07:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-16 18:48 - 2014-03-11 07:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-16 18:48 - 2014-03-11 07:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2014-05-16 18:48 - 2014-03-11 07:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-16 18:48 - 2014-03-11 07:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-16 18:48 - 2014-03-11 07:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-16 18:48 - 2014-03-10 10:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-16 18:48 - 2014-03-10 08:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-16 18:48 - 2014-03-04 06:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-05-16 18:28 - 2014-03-28 15:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-16 18:28 - 2014-03-28 13:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-16 18:27 - 2014-03-01 16:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-05-16 18:27 - 2014-03-01 16:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll 2014-05-16 18:27 - 2014-03-01 15:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll 2014-05-16 18:27 - 2014-03-01 13:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-05-16 18:27 - 2014-02-27 06:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2014-05-16 18:27 - 2014-02-27 06:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2014-05-16 18:27 - 2014-02-27 06:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2014-05-16 18:27 - 2014-02-15 11:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys 2014-05-16 18:09 - 2014-03-29 02:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-05-16 18:09 - 2014-03-24 05:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-05-16 18:06 - 2014-03-28 15:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2014-05-16 16:03 - 2014-05-20 10:14 - 00062271 _____ () C:\Users\Aspire\Downloads\Steward's Report - Bendigo, 16 May 2014 2014-05-16 16:03 - 2014-05-16 16:03 - 00062281 _____ () C:\Users\Aspire\Downloads\Steward's Report - Bendigo, 16 May 2014 (1) ==================== One Month Modified Files and Folders ======= 2014-06-15 15:42 - 2014-06-15 13:43 - 00036659 _____ () C:\Users\Aspire\Downloads\FRST.txt 2014-06-15 15:42 - 2014-06-09 20:08 - 00000000 ____D () C:\Users\Aspire\AppData\Local\temp 2014-06-15 15:41 - 2014-06-15 13:43 - 00000000 ____D () C:\FRST 2014-06-15 15:40 - 2014-06-15 13:40 - 02081792 _____ (Farbar) C:\Users\Aspire\Downloads\FRST64.exe 2014-06-15 15:40 - 2014-02-28 11:12 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7D9A4385-7D7A-4C74-B44E-D25F18242854} 2014-06-15 15:32 - 2014-06-11 13:22 - 01021845 _____ () C:\Windows\WindowsUpdate.log 2014-06-15 15:25 - 2012-07-26 14:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-15 15:22 - 2013-11-19 20:29 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2569229807-465856810-1703829547-1001 2014-06-15 15:19 - 2013-12-03 15:11 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-15 15:19 - 2013-12-03 15:11 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-15 15:17 - 2012-07-26 14:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-15 15:16 - 2014-06-12 18:14 - 00002688 _____ () C:\Windows\PFRO.log 2014-06-15 15:16 - 2012-07-26 12:26 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-06-15 15:15 - 2014-04-30 06:17 - 00000000 ____D () C:\AdwCleaner 2014-06-15 15:10 - 2014-06-15 15:07 - 01333465 _____ () C:\Users\Aspire\Downloads\AdwCleaner.exe 2014-06-15 15:10 - 2013-12-06 14:24 - 00000000 ____D () C:\ProgramData\MFAData 2014-06-15 15:00 - 2012-07-26 15:12 - 00000000 ____D () C:\Windows\system32\sru 2014-06-15 13:47 - 2014-06-15 13:45 - 00038882 _____ () C:\Users\Aspire\Downloads\Addition.txt 2014-06-15 11:12 - 2014-06-15 10:07 - 00010374 _____ () C:\Users\Aspire\Desktop\avgrep.txt 2014-06-15 09:51 - 2014-06-15 09:51 - 00000241 _____ () C:\Users\Aspire\Desktop\How To Boot Into Safe Mode On Windows 8 (The Easy Way).url 2014-06-15 09:51 - 2014-06-15 09:51 - 00000000 ____D () C:\Windows\pss 2014-06-15 08:34 - 2014-06-15 08:34 - 00000193 _____ () C:\Users\Aspire\Desktop\yahoo answers - Google Search.url 2014-06-15 08:19 - 2014-06-15 08:10 - 00849064 _____ () C:\Users\Aspire\Downloads\tdsskiller.zip 2014-06-15 08:09 - 2014-06-15 08:06 - 02195988 _____ () C:\Users\Aspire\Desktop\tdsskiller-2-8-14-0.zip 2014-06-14 17:36 - 2013-05-21 03:39 - 00065536 _____ () C:\Windows\system32\spu_storage.bin 2014-06-14 10:09 - 2012-07-26 15:12 - 00000000 ____D () C:\Windows\rescache 2014-06-14 09:59 - 2012-07-26 12:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-06-14 05:06 - 2014-06-13 18:53 - 109501208 _____ (Microsoft Corporation) C:\Users\Aspire\Downloads\msert.exe 2014-06-13 19:10 - 2014-06-08 17:22 - 00000000 ____D () C:\Users\Aspire\AppData\Roaming\Wise Disk Cleaner 2014-06-12 21:27 - 2012-07-26 15:12 - 00000000 ____D () C:\Windows\WinStore 2014-06-12 20:52 - 2012-07-26 14:59 - 00000000 ____D () C:\Windows\CbsTemp 2014-06-12 19:47 - 2014-06-12 19:47 - 00280752 _____ () C:\Windows\Minidump\061214-43087-01.dmp 2014-06-12 19:47 - 2013-12-05 12:37 - 00000000 ____D () C:\Windows\Minidump 2014-06-12 19:46 - 2014-06-12 19:46 - 435089771 _____ () C:\Windows\MEMORY.DMP 2014-06-12 19:45 - 2014-06-12 19:45 - 00016712 _____ () C:\Windows\system32\Drivers\PROCEXP113.SYS 2014-06-12 19:45 - 2014-06-12 19:44 - 00000000 ___SD () C:\32788R22FWJFW 2014-06-12 18:10 - 2013-12-02 17:46 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-12 18:07 - 2013-12-02 17:46 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-12 17:57 - 2014-06-12 17:47 - 00886288 _____ (Microsoft Corporation) C:\Users\Aspire\Downloads\mssstool64.exe 2014-06-12 17:52 - 2014-06-12 12:43 - 02898547 _____ (Malwarebytes Corp.) C:\Users\Aspire\Downloads\mbar-1.07.0.1012 (2).exe 2014-06-11 14:00 - 2014-06-11 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol 2014-06-11 14:00 - 2014-02-21 13:47 - 00000000 ___RD () C:\Users\Aspire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-06-11 13:59 - 2014-06-11 13:54 - 00000000 ____D () C:\ProgramData\InstallMate 2014-06-11 13:54 - 2014-06-11 13:54 - 00000000 ____D () C:\Users\Aspire\AppData\Roaming\WinPatrol 2014-06-11 13:54 - 2014-06-11 13:54 - 00000000 ____D () C:\Program Files (x86)\BillP Studios 2014-06-11 13:53 - 2014-06-11 13:52 - 01064488 _____ (BillP Studios) C:\Users\Aspire\Downloads\wpsetup.exe 2014-06-11 12:43 - 2014-06-11 12:41 - 01676518 _____ (Malwarebytes Corp.) C:\Users\Aspire\Downloads\mbar-1.07.0.1012 (1).exe 2014-06-11 12:29 - 2014-06-11 12:20 - 07807057 _____ (Malwarebytes Corp.) C:\Users\Aspire\Downloads\mbar-1.07.0.1012.exe 2014-06-11 09:20 - 2013-11-20 06:44 - 00000348 _____ () C:\Users\Aspire\Desktop\OUTLOOK.url 2014-06-11 08:23 - 2014-05-30 08:06 - 00002993 _____ () C:\Users\Aspire\Documents\AUSTRALIAN TOURIST VISA EXTRA DETAILS.txt 2014-06-11 07:23 - 2014-06-11 07:23 - 00194823 _____ () C:\Users\Aspire\Documents\MLC Update.oxps 2014-06-11 06:02 - 2014-06-11 06:02 - 00307584 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-06-10 16:12 - 2013-11-29 13:48 - 00000000 ____D () C:\Users\Aspire\AppData\Roaming\HpUpdate 2014-06-10 11:00 - 2014-06-10 11:00 - 00009402 _____ () C:\Users\Aspire\Documents\cc_20140610_110053.reg 2014-06-10 09:08 - 2014-06-10 09:08 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-10 09:08 - 2014-06-10 09:08 - 00000000 ____D () C:\Users\Aspire\AppData\Roaming\Malwarebytes 2014-06-10 09:08 - 2014-06-10 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-06-10 09:08 - 2014-06-10 09:08 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-10 09:08 - 2014-06-10 09:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-06-10 08:07 - 2014-06-10 08:04 - 01823074 _____ (Crawler, LLC ) C:\Users\Aspire\Downloads\SpywareTerminatorSetup.exe 2014-06-10 07:16 - 2014-06-10 07:11 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Aspire\Downloads\rkill.com 2014-06-10 06:58 - 2014-06-10 06:58 - 00000189 _____ () C:\Users\Aspire\Desktop\Malwarebytes Forum.url 2014-06-10 06:24 - 2014-06-10 06:24 - 00000000 ____D () C:\Users\Aspire\Downloads\mbam-chameleon-2.0.26.0 (1) 2014-06-10 06:11 - 2014-06-10 06:11 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Aspire\Downloads\mbam-clean-2.0.2.0 (1).exe 2014-06-10 05:58 - 2014-06-09 19:28 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-09 20:10 - 2014-06-09 20:10 - 00018271 _____ () C:\combo fix.txt 2014-06-09 20:08 - 2014-06-09 20:08 - 00018271 _____ () C:\ComboFix.txt 2014-06-09 20:08 - 2014-06-09 20:08 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-06-09 20:08 - 2014-06-09 20:08 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-06-09 20:08 - 2014-06-09 20:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-06-09 20:08 - 2014-06-09 07:21 - 00000000 ____D () C:\Qoobox 2014-06-09 19:59 - 2012-07-26 12:26 - 00000215 _____ () C:\Windows\system.ini 2014-06-09 19:57 - 2014-06-09 07:21 - 00000000 ____D () C:\Windows\erdnt 2014-06-09 19:57 - 2012-07-26 12:26 - 70516736 _____ () C:\Windows\system32\config\software.bak 2014-06-09 19:57 - 2012-07-26 12:26 - 14155776 _____ () C:\Windows\system32\config\system.bak 2014-06-09 19:57 - 2012-07-26 12:26 - 00311296 _____ () C:\Windows\system32\config\default.bak 2014-06-09 19:57 - 2012-07-26 12:26 - 00061440 _____ () C:\Windows\system32\config\sam.bak 2014-06-09 19:57 - 2012-07-26 12:26 - 00024576 _____ () C:\Windows\system32\config\security.bak 2014-06-09 19:25 - 2014-06-09 19:25 - 04793000 _____ () C:\Users\Aspire\Downloads\mbam-chameleon-2.0.26.0.zip 2014-06-09 19:07 - 2014-06-09 19:07 - 00001205 _____ () C:\Users\Aspire\Downloads\FixNCR.reg 2014-06-09 08:22 - 2012-07-26 15:12 - 00000000 ____D () C:\Windows\Help 2014-06-09 08:07 - 2014-06-09 08:07 - 00000974 _____ () C:\Users\Aspire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ComboFix_14_4_30_1.lnk 2014-06-09 08:07 - 2014-06-09 08:07 - 00000974 _____ () C:\Users\Aspire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ComboFix_14_4_30_1 (2).lnk 2014-06-09 07:52 - 2012-07-26 12:37 - 00000000 __RHD () C:\Users\Default 2014-06-09 07:18 - 2014-06-09 07:12 - 05197895 ____R (Swearware) C:\Users\Aspire\Downloads\ComboFix_14_4_30_1.exe 2014-06-08 17:25 - 2013-04-27 12:38 - 00000000 ____D () C:\Windows\Panther 2014-06-08 17:21 - 2014-06-08 17:21 - 00001208 _____ () C:\Users\Public\Desktop\Wise Disk Cleaner.lnk 2014-06-08 17:21 - 2014-06-08 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner 2014-06-08 17:21 - 2014-06-08 17:21 - 00000000 ____D () C:\Program Files (x86)\Wise 2014-06-08 17:21 - 2014-06-08 17:17 - 02439904 _____ (WiseCleaner.com ) C:\Users\Aspire\Downloads\WDCFree (1).exe 2014-06-08 09:23 - 2014-06-08 09:23 - 00000000 ____D () C:\Users\Aspire\Downloads\mbam-chameleon-3.1.4.0 2014-06-08 09:09 - 2014-06-08 09:08 - 00000000 ____D () C:\Users\Aspire\AppData\Roaming\GetRightToGo 2014-06-08 07:40 - 2014-06-08 07:40 - 00000000 ____D () C:\Users\Aspire\AppData\Roaming\Nico Mak Computing 2014-06-08 07:40 - 2014-06-08 07:39 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2014-06-06 08:01 - 2014-06-02 19:56 - 00000184 _____ () C:\Users\Aspire\Desktop\forum-.url 2014-06-06 06:04 - 2014-06-06 06:04 - 00000452 _____ () C:\Users\Aspire\Documents\AER BANKING.txt 2014-06-02 12:23 - 2012-07-26 15:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-06-02 10:15 - 2013-11-19 10:45 - 00000000 ____D () C:\Users\Aspire 2014-06-02 10:14 - 2014-03-29 05:47 - 00000000 ____D () C:\Program Files (x86)\Porn Terminator 2014-06-02 06:54 - 2014-05-31 16:55 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-06-02 06:52 - 2014-06-02 06:52 - 00000085 _____ () C:\Windows\wininit.ini 2014-06-02 06:52 - 2014-05-31 16:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-06-01 11:28 - 2013-11-29 16:15 - 00000000 ____D () C:\Users\Aspire\AppData\Local\CrashDumps 2014-05-31 16:55 - 2014-05-31 16:55 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-05-31 13:06 - 2014-05-31 12:58 - 00771306 _____ ( ) C:\Users\Aspire\Downloads\PDF_Creator.exe.mtughlu.partial 2014-05-31 12:16 - 2014-05-17 06:46 - 00703992 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-31 12:16 - 2014-05-17 06:46 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-30 06:14 - 2014-05-30 06:14 - 00000549 _____ () C:\Users\Aspire\Documents\PERSONAL DETAILS.txt 2014-05-26 17:28 - 2014-05-26 17:28 - 00000176 _____ () C:\Users\Aspire\Desktop\NSW GREYS.url 2014-05-24 16:27 - 2014-05-24 15:06 - 00000171 _____ () C:\Users\Aspire\Downloads\playlist.m3u8 2014-05-24 11:55 - 2014-04-01 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-05-24 11:55 - 2013-12-06 15:39 - 00000969 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-05-24 09:48 - 2014-06-12 19:23 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-05-24 09:47 - 2014-06-12 19:23 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-24 09:47 - 2014-06-12 19:23 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-24 09:47 - 2014-06-12 19:23 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-05-24 09:47 - 2014-06-12 19:23 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-05-24 09:46 - 2014-06-12 19:23 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-24 09:46 - 2014-06-12 19:23 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-24 09:46 - 2014-06-12 19:23 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-05-24 09:46 - 2014-06-12 19:23 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-24 09:46 - 2014-06-12 19:23 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-05-24 09:46 - 2014-06-12 19:23 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-05-24 09:46 - 2014-06-12 19:23 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-24 09:46 - 2014-06-12 19:23 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-05-24 09:46 - 2014-06-12 19:23 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-24 09:46 - 2014-06-12 19:23 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-05-24 09:46 - 2014-06-12 19:22 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-24 09:46 - 2014-06-12 19:22 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-24 09:45 - 2014-06-12 19:23 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-24 09:45 - 2014-06-12 19:23 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-24 09:45 - 2014-06-12 19:23 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-24 08:26 - 2014-06-12 19:23 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-05-24 08:26 - 2014-06-12 19:23 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-05-24 08:26 - 2014-06-12 19:23 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-05-24 08:26 - 2014-06-12 19:23 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-05-24 08:26 - 2014-06-12 19:23 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-05-24 08:26 - 2014-06-12 19:22 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-24 08:26 - 2014-06-12 19:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-24 08:25 - 2014-06-12 19:23 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-05-24 08:25 - 2014-06-12 19:23 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-05-24 08:25 - 2014-06-12 19:23 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-05-24 08:25 - 2014-06-12 19:23 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-05-24 08:25 - 2014-06-12 19:23 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-05-24 08:25 - 2014-06-12 19:23 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-05-24 08:25 - 2014-06-12 19:23 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-05-24 08:25 - 2014-06-12 19:23 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-05-24 08:25 - 2014-06-12 19:22 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-05-24 08:25 - 2014-06-12 19:22 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-05-24 08:25 - 2014-06-12 19:22 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-05-24 08:09 - 2014-06-12 19:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-24 08:03 - 2014-06-12 19:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-24 05:37 - 2014-06-12 19:23 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-05-20 15:12 - 2014-05-20 15:12 - 00000291 _____ () C:\Users\Aspire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RECYCLE (2).lnk 2014-05-20 14:42 - 2013-12-09 18:45 - 00000204 _____ () C:\Users\Aspire\Desktop\REAL ESTATE.url 2014-05-20 14:03 - 2014-05-20 14:03 - 00000299 _____ () C:\Users\Aspire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MY COMPUTER (2).lnk 2014-05-20 13:48 - 2014-04-07 10:27 - 00000000 ____D () C:\Program Files\CCleaner 2014-05-20 10:14 - 2014-05-16 16:03 - 00062271 _____ () C:\Users\Aspire\Downloads\Steward's Report - Bendigo, 16 May 2014 2014-05-19 06:08 - 2014-05-14 14:14 - 00000561 _____ () C:\Users\Aspire\Documents\visa and licence.txt 2014-05-18 16:15 - 2014-05-18 12:19 - 00000222 _____ () C:\Users\Aspire\Desktop\VIC GREYS.url 2014-05-17 06:46 - 2014-03-13 05:56 - 00000000 ___RD () C:\Users\Aspire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-17 06:46 - 2013-11-19 10:47 - 00000363 _____ () C:\Users\Aspire\Downloads\RecentPlaces.lnk 2014-05-16 20:40 - 2012-07-26 15:12 - 00000000 ___RD () C:\Windows\ToastData 2014-05-16 20:40 - 2012-07-26 15:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-16 20:40 - 2012-07-26 15:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-05-16 20:40 - 2012-07-26 15:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates 2014-05-16 20:40 - 2012-07-26 15:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-05-16 20:40 - 2012-07-26 15:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-05-16 16:03 - 2014-05-16 16:03 - 00062281 _____ () C:\Users\Aspire\Downloads\Steward's Report - Bendigo, 16 May 2014 (1) Some content of TEMP: ==================== C:\Users\Aspire\AppData\Local\temp\Quarantine.exe C:\Users\Aspire\AppData\Local\temp\stn_515_TH.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Firmware Boot Manager --------------------- identifier {fwbootmgr} displayorder {bootmgr} {6bd2d5ce-c1a3-11e2-9dfb-206a8a5bcb22} {6bd2d5cf-c1a3-11e2-9dfb-206a8a5bcb22} {6bd2d5d0-c1a3-11e2-9dfb-206a8a5bcb22} timeout 2 Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\bootmgfw.efi description Windows Boot Manager locale en-US inherit {globalsettings} integrityservices Enable default {current} resumeobject {6bd2d5d7-c1a3-11e2-9dfb-206a8a5bcb22} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Firmware Application (101fffff) ------------------------------- identifier {6bd2d5ce-c1a3-11e2-9dfb-206a8a5bcb22} description EFI USB Device Firmware Application (101fffff) ------------------------------- identifier {6bd2d5cf-c1a3-11e2-9dfb-206a8a5bcb22} description EFI DVD/CDROM Firmware Application (101fffff) ------------------------------- identifier {6bd2d5d0-c1a3-11e2-9dfb-206a8a5bcb22} description EFI Network Windows Boot Loader ------------------- identifier {6bd2d5d5-c1a3-11e2-9dfb-206a8a5bcb22} device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{6bd2d5d6-c1a3-11e2-9dfb-206a8a5bcb22} path \windows\system32\winload.efi description Windows Recovery Environment locale en-us inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{6bd2d5d6-c1a3-11e2-9dfb-206a8a5bcb22} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.efi description Windows 8 locale en-US inherit {bootloadersettings} recoverysequence {6bd2d5d5-c1a3-11e2-9dfb-206a8a5bcb22} integrityservices Enable recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \Windows resumeobject {6bd2d5d7-c1a3-11e2-9dfb-206a8a5bcb22} nx OptIn bootmenupolicy Standard detecthal Yes Resume from Hibernate --------------------- identifier {6bd2d5d7-c1a3-11e2-9dfb-206a8a5bcb22} device partition=C: path \Windows\system32\winresume.efi description Windows Resume Application locale en-US inherit {resumeloadersettings} recoverysequence {6bd2d5d5-c1a3-11e2-9dfb-206a8a5bcb22} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\memtest.efi description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems No Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {6bd2d5d6-c1a3-11e2-9dfb-206a8a5bcb22} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \Recovery\WindowsRE\boot.sdi LastRegBack: 2014-06-09 06:42 ==================== End Of Log ============================
- June 15, 2014
- 9 replies
Laptop security proble,

mason45 posted a topic in Resolved Malware Removal Logs

Lately my 9 months old laptop has become very sluggish and I cannot download any new security programs or update. my current security programs. I started in safe mode, scanned with AVG 2014 Internet Security Suite and Malwarebytes 5-6 times also several other root kill programs. I went back into normal mode and nothing has changed, so I'm back to where I started. Thanks.
- June 15, 2014
- 9 replies

Sign In

mason45

Posts

Joined

Last visited

Reputation

Laptop security proble,

Laptop security proble,

Laptop security proble,

Laptop security proble,

Laptop security proble,

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information