I think I'm infected.

Alikhan · May 21, 2012

I recently installed Kaspersky and a user there said I have a suspicious driver running (dlhynz)with virtually no info on it apart from one link where they deleted it. Please help me.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Shazia Begum at 22:42:47 on 2012-05-21

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4008.2445 [GMT 1:00]

.

AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\IdeaCom\IDCMgr\IdcSrv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter.exe

C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter64.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\MicroNEXT\Common\RaUI.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\IdeaCom\IDCMgr\IdcMgr.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Freedom Scientific\JAWS\13.0\fsATProxy.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe

C:\Users\Shazia Begum\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = hxxp://acer.msn.com

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"

mRun: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

mRun: [ideaCom Calibration] C:\Program Files (x86)\IdeaCom\IDCMgr\StartUT.exe calibration_check

mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

StartupFolder: C:\Users\SHAZIA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICRON~1.LNK - C:\Program Files (x86)\MicroNEXT\Common\RaUI.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - C:\Users\Shazia Begum\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{4FCA798A-112F-40E2-8BCC-02391F1CB669} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{B887273F-390E-48B5-AC65-A19E4D9A682A} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{B887273F-390E-48B5-AC65-A19E4D9A682A} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{D9DA8EA3-8033-4A15-9A19-E500C47C0069} : NameServer = 8.26.56.26,156.154.70.22

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

BHO-X64: IEVkbdBHO - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

BHO-X64: link filter bho - No File

mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"

mRun-x64: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

mRun-x64: [ideaCom Calibration] C:\Program Files (x86)\IdeaCom\IDCMgr\StartUT.exe calibration_check

mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296]

R2 Freedom Scientific Kernel Manager;Freedom Scientific Kernel Manager;\??\C:\Windows\system32\fsKMgr.dll --> C:\Windows\system32\fsKMgr.dll [?]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-30 36456]

R2 IdcSrv;IDCSRV Service;C:\Program Files (x86)\IdeaCom\IDCMgr\IdcSrv.exe [2011-9-29 252928]

R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-7-9 244624]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-21 654408]

R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter.exe [2012-1-29 75040]

R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter64.exe [2012-1-29 210720]

R2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-29 2656280]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 fsvidmir_service;fsvidmir_service;C:\Windows\system32\DRIVERS\fsvidmir.sys --> C:\Windows\system32\DRIVERS\fsvidmir.sys [?]

R3 IdcFltr;HID Touch Screen Driver;C:\Windows\system32\DRIVERS\idcfltr.sys --> C:\Windows\system32\DRIVERS\idcfltr.sys [?]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\system32\DRIVERS\SNTUSB64.SYS --> C:\Windows\system32\DRIVERS\SNTUSB64.SYS [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 257696]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 JTVNCProxy_13.0;JTVNCProxy_13.0;C:\Program Files\Freedom Scientific\JAWS\13.0\JTVNCProxy.exe [2011-12-8 19736]

S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-5-25 21504]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PowerBrl;powerBraille System Driver;\??\C:\Windows\system32\Drivers\powerbrl.sys --> C:\Windows\system32\Drivers\powerbrl.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2012-05-21 19:24:05 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-05-21 19:24:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-05-21 18:53:19 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{57C86BFE-0534-405D-8638-8F39654264F2}

2012-05-21 18:52:42 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{E7083BA7-FA3B-49D2-A87E-B4A9BF641EE0}

2012-05-21 15:29:43 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-05-21 15:29:43 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab

2012-05-21 12:50:00 22 --sha-w- C:\Windows\90C7D912BE2316.sys

2012-05-21 12:50:00 22 --sha-w- C:\Users\Shazia Begum\AppData\Roaming\Windows1569_SettingsRepository.bin

2012-05-21 12:49:59 0 ----a-w- C:\Users\Shazia Begum\AppData\Local\jv16PT_temp.tmp

2012-05-21 12:35:29 -------- d-----w- C:\Windows\System32\wbem\repository

2012-05-21 12:07:07 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{0EB40C44-90BE-430E-86E2-EF28ACEC36E2}

2012-05-20 18:49:51 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{D02485CA-6F16-4E61-AB9A-BA8617F5039D}

2012-05-20 18:49:40 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{E6369319-159C-4FF5-AE36-6DB64B1D6DBD}

2012-05-20 12:38:22 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{46E0ED2D-418B-4057-B52B-4E4FB97C77CF}

2012-05-19 18:17:37 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2012-05-19 18:17:29 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2012-05-19 18:00:26 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{33BCE367-C430-47BE-930C-393277B7AE59}

2012-05-19 18:00:16 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{054B05E5-E4EF-4D7D-9E5D-30B201532DDC}

2012-05-18 14:43:15 -------- d-----w- C:\Program Files\HitmanPro

2012-05-18 11:42:20 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{FFF1E625-EBA9-447E-B8A2-B7D329343671}

2012-05-13 19:20:21 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{4B01BD36-E283-4C44-8C4B-75A555DFEDB5}

2012-05-13 09:55:26 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{D98DAD07-1DD0-4B13-AE01-E6ABFEA35DB8}

2012-05-11 15:49:35 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{812E8F69-007E-4CFA-B038-687BB8F843B2}

2012-05-09 19:39:01 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{AF18BB63-3C51-4194-ABAB-FDD9FE5A9EBE}

2012-05-09 19:29:35 -------- d-----w- C:\Program Files (x86)\BYOND4

2012-05-08 21:31:08 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\ESET

2012-05-08 21:31:08 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\ESET

2012-05-08 21:20:26 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-08 21:20:25 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-08 21:20:25 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-08 21:20:25 3146240 ----a-w- C:\Windows\System32\win32k.sys

2012-05-08 21:20:24 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-08 21:20:21 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-05-08 21:20:21 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-05-08 21:20:14 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-08 21:19:33 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-08 21:19:33 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-08 21:19:33 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-05-08 21:19:33 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-08 21:19:33 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-08 14:55:50 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{C53092E2-E7A1-4CBE-974C-4BE097AA3D42}

2012-05-04 17:54:13 73 ----a-w- C:\Windows\SysWow64\ssprs.dll

2012-04-28 19:57:27 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\EurekaLog

2012-04-28 18:38:48 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\Paoc

2012-04-28 18:38:48 -------- d-----w- C:\Users\Shazia Begum\AppData\Roaming\Ekynl

2012-04-25 18:48:07 -------- d-----w- C:\Users\Shazia Begum\VirtualBox VMs

2012-04-25 18:47:34 -------- d-----w- C:\Users\Shazia Begum\.VirtualBox

2012-04-24 19:16:00 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{7E60ED7B-A83B-409F-B448-772748B70A65}

2012-04-24 16:30:15 -------- d-----w- C:\Windows\SysWow64\Adobe

2012-04-24 14:45:45 -------- d-----w- C:\Program Files (x86)\uTorrent

2012-04-22 20:35:48 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys

2012-04-22 12:14:13 -------- d-----w- C:\Users\Shazia Begum\AppData\Local\{3D07BD89-15B8-4B11-9E69-4E045022822D}

.

==================== Find3M ====================

.

2012-05-05 16:29:16 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 16:29:16 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-05 16:29:08 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-12 17:12:56 147248 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

2012-04-09 12:17:01 1700352 ------w- C:\Windows\SysWow64\gdiplus.dll

2012-03-18 15:16:15 472808 ------w- C:\Windows\SysWow64\deployJava1.dll

2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 22:43:49.15 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 29/01/2012 14:11:20

System Uptime: 21/05/2012 22:39:15 (0 hours ago)

.

Motherboard: Acer | | Aspire Z1801

Processor: Intel® Pentium® CPU G620 @ 2.60GHz | CPU 1 | 2600/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 455 GiB total, 392.625 GiB free.

D: is FIXED (NTFS) - 455 GiB total, 454.298 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP134: 09/05/2012 19:53:36 - Installed Anti-Spyware

RP135: 15/05/2012 23:03:25 - Installed AVG 2012

RP136: 15/05/2012 23:03:52 - Installed AVG 2012

RP137: 19/05/2012 19:16:59 - Installed Oracle VM VirtualBox 4.1.14

RP138: 19/05/2012 20:43:48 - Removed Oracle VM VirtualBox 4.1.14

RP140: 21/05/2012 12:26:44 - Revo Uninstaller Pro's restore point - AVG 2012

RP141: 21/05/2012 12:29:45 - Revo Uninstaller Pro's restore point - AVG 2012

RP142: 21/05/2012 12:30:15 - Removed AVG 2012

RP143: 21/05/2012 12:34:32 - Removed AVG 2012

RP144: 21/05/2012 13:28:42 - Revo Uninstaller Pro's restore point - Kaspersky Internet Security 2012

RP145: 21/05/2012 13:32:16 - Revo Uninstaller Pro's restore point - Kaspersky Internet Security 2012

RP146: 21/05/2012 13:56:29 - Revo Uninstaller Pro's restore point - jv16 PowerTools 2012

.

==== Installed Programs ======================

.

???? ??? Windows Live

???? Windows Live

????? Windows Live

?????? ??????? ?? Windows Live

???????? ?????????? Windows Live

?????????? Windows Live

??????????? ?? Windows Live

Acer eRecovery Management

Acer Games

Acer PowerSaver

Acer Registration

Acer ScreenSaver

Acer Updater

Adobe Reader X (10.1.3) MUI

Adobe Shockwave Player 11.6

Agatha Christie - Death on the Nile

µTorrent

Bejeweled 2 Deluxe

Build Your Own Net Dream (remove only)

Chuzzle Deluxe

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Crazy Chicken Kart 2

CyberLink YouCam

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

FATE

Final Drive: Nitro

Fotogalerija Windows Live

Free YouTube Download version 3.1.22.319

Freedom Scientific Ocr

Freedom Scientific OmniPage

Freedom Scientific Synthesizer Eloquence

Galeria de Fotografias do Windows Live

Galeria fotografii uslugi Windows Live

Galeria fotogràfica del Windows Live

Galerie de photos Windows Live

Galerie foto Windows Live

Galería fotográfica de Windows Live

Google Chrome

Hotkey Utility

IdeaCom Touch Screen 3.3.0000.26

Identity Card

Insaniquarium Deluxe

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Java Auto Updater

Java 6 Update 31

Jewel Match 3

Jewel Quest Solitaire

John Deere Drive Green

Junk Mail filter update

K-Lite Codec Pack 8.2.0 (Basic)

Kaspersky Internet Security 2012

Malwarebytes Anti-Malware version 1.61.0.1400

Mesh Runtime

MicroNEXT MicroNEXT USB Wireless

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery of Mortlake Mansion

Penguins!

Plants vs. Zombies - Game of the Year

Poczta uslugi Windows Live

Podstawowe programy Windows Live

Polar Bowler

Pošta Windows Live

Raccolta foto di Windows Live

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1

S?????? f?t???af??? t?? Windows Live

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Sentinel System Driver Installer 7.5.0

Slingo Deluxe

SopCast 3.4.8

swMSM

Torchlight

TouchSettings

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update Installer for WildTangent Games App

Veetle TV

Virtual Villagers 4 - The Tree of Life

Visual Studio 2008 x64 Redistributables

Wedding Dash

WildTangent Games App (Acer Games)

Windows Live

Windows Live ???

Windows Live ????

Windows Live Argazki Galeria

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotótár

Windows Live Fotogalerie

Windows Live Fotogalleri

Windows Live Fotogaléria

Windows Live Fotograf Galerisi

Windows Live Galeria de Fotos

Windows Live Galerija fotografija

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Temel Parçalar

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Liven asennustyökalu

Windows Liven sähköposti

Windows Liven valokuvavalikoima

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

21/05/2012 22:39:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: dlhynz raeehd

21/05/2012 22:39:33, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

21/05/2012 16:15:05, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

21/05/2012 16:15:05, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

21/05/2012 16:14:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

21/05/2012 16:14:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

21/05/2012 16:14:42, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

21/05/2012 16:14:42, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

21/05/2012 14:02:47, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff960000ea9a2, 0xfffff880029051f0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052112-23290-01.

21/05/2012 13:38:24, Error: Service Control Manager [7030] - The ESET Uninstaller Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

21/05/2012 13:37:32, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

21/05/2012 13:37:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

21/05/2012 13:37:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

21/05/2012 13:37:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

21/05/2012 13:37:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

21/05/2012 13:37:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

21/05/2012 13:37:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

21/05/2012 13:37:10, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache dlhynz NetBIOS NetBT nsiproxy Psched raeehd rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

21/05/2012 13:37:10, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

21/05/2012 13:37:10, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

21/05/2012 13:37:10, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

21/05/2012 13:37:10, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

21/05/2012 13:37:10, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

21/05/2012 13:37:09, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

21/05/2012 13:37:09, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

21/05/2012 13:37:09, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

21/05/2012 13:37:09, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

21/05/2012 13:37:09, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

19/05/2012 20:36:14, Error: bowser [8003] - The master browser has received a server announcement from the computer DON-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E6C779D3-9F68-4B58-8319-702DB6A4DD7A}. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.21.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Shazia Begum :: SHAZIABEGUM-PC [administrator]

Protection: Enabled

21/05/2012 22:45:00

mbam-log-2012-05-21 (22-45-00).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 210867

Time elapsed: 2 minute(s), 2 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

D-FRED-BROWN · May 21, 2012

Hello All821 and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

TDSSKiller_log.txt

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

TDSSKiller logfile
C:\ComboFix.txt
Security Check checkup.txt

How is your computer running now?

Alikhan · May 22, 2012

Computer is running alittle better now. There is still some slowdown and connection to random survey sites.

11:35:43.0354 0988 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

11:35:43.0529 0988 ============================================================

11:35:43.0529 0988 Current date / time: 2012/05/22 11:35:43.0529

11:35:43.0529 0988 SystemInfo:

11:35:43.0529 0988

11:35:43.0529 0988 OS Version: 6.1.7601 ServicePack: 1.0

11:35:43.0529 0988 Product type: Workstation

11:35:43.0529 0988 ComputerName: SHAZIABEGUM-PC

11:35:43.0529 0988 UserName: Shazia Begum

11:35:43.0529 0988 Windows directory: C:\Windows

11:35:43.0529 0988 System windows directory: C:\Windows

11:35:43.0529 0988 Running under WOW64

11:35:43.0529 0988 Processor architecture: Intel x64

11:35:43.0529 0988 Number of processors: 2

11:35:43.0529 0988 Page size: 0x1000

11:35:43.0529 0988 Boot type: Normal boot

11:35:43.0529 0988 ============================================================

11:35:44.0595 0988 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:35:44.0610 0988 ============================================================

11:35:44.0610 0988 \Device\Harddisk0\DR0:

11:35:44.0610 0988 MBR partitions:

11:35:44.0610 0988 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2AF8800, BlocksNum 0x32000

11:35:44.0610 0988 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B2A800, BlocksNum 0x38DEC800

11:35:44.0610 0988 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3B917000, BlocksNum 0x38DEF5B0

11:35:44.0610 0988 ============================================================

11:35:44.0626 0988 C: <-> \Device\Harddisk0\DR0\Partition1

11:35:44.0673 0988 D: <-> \Device\Harddisk0\DR0\Partition2

11:35:44.0673 0988 ============================================================

11:35:44.0673 0988 Initialize success

11:35:44.0673 0988 ============================================================

11:35:46.0034 4996 ============================================================

11:35:46.0034 4996 Scan started

11:35:46.0034 4996 Mode: Manual;

11:35:46.0034 4996 ============================================================

11:35:46.0939 4996 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

11:35:46.0939 4996 1394ohci - ok

11:35:46.0970 4996 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

11:35:46.0970 4996 ACPI - ok

11:35:46.0986 4996 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

11:35:46.0986 4996 AcpiPmi - ok

11:35:47.0111 4996 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

11:35:47.0111 4996 AdobeARMservice - ok

11:35:47.0204 4996 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

11:35:47.0204 4996 AdobeFlashPlayerUpdateSvc - ok

11:35:47.0251 4996 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

11:35:47.0267 4996 adp94xx - ok

11:35:47.0298 4996 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

11:35:47.0298 4996 adpahci - ok

11:35:47.0329 4996 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

11:35:47.0329 4996 adpu320 - ok

11:35:47.0360 4996 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

11:35:47.0360 4996 AeLookupSvc - ok

11:35:47.0407 4996 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

11:35:47.0423 4996 AFD - ok

11:35:47.0438 4996 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

11:35:47.0438 4996 agp440 - ok

11:35:47.0454 4996 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

11:35:47.0454 4996 ALG - ok

11:35:47.0485 4996 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

11:35:47.0485 4996 aliide - ok

11:35:47.0501 4996 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

11:35:47.0501 4996 amdide - ok

11:35:47.0516 4996 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

11:35:47.0532 4996 AmdK8 - ok

11:35:47.0547 4996 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

11:35:47.0547 4996 AmdPPM - ok

11:35:47.0579 4996 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

11:35:47.0579 4996 amdsata - ok

11:35:47.0594 4996 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

11:35:47.0610 4996 amdsbs - ok

11:35:47.0610 4996 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

11:35:47.0610 4996 amdxata - ok

11:35:47.0625 4996 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

11:35:47.0625 4996 AppID - ok

11:35:47.0641 4996 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

11:35:47.0641 4996 AppIDSvc - ok

11:35:47.0657 4996 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

11:35:47.0657 4996 Appinfo - ok

11:35:47.0672 4996 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

11:35:47.0672 4996 arc - ok

11:35:47.0688 4996 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

11:35:47.0688 4996 arcsas - ok

11:35:47.0735 4996 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

11:35:47.0735 4996 AsyncMac - ok

11:35:47.0750 4996 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

11:35:47.0750 4996 atapi - ok

11:35:47.0781 4996 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:35:47.0781 4996 AudioEndpointBuilder - ok

11:35:47.0797 4996 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:35:47.0797 4996 AudioSrv - ok

11:35:47.0937 4996 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

11:35:47.0937 4996 AVP - ok

11:35:47.0969 4996 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

11:35:47.0984 4996 AxInstSV - ok

11:35:48.0015 4996 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

11:35:48.0031 4996 b06bdrv - ok

11:35:48.0062 4996 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

11:35:48.0062 4996 b57nd60a - ok

11:35:48.0093 4996 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

11:35:48.0093 4996 BDESVC - ok

11:35:48.0109 4996 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

11:35:48.0109 4996 Beep - ok

11:35:48.0156 4996 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

11:35:48.0171 4996 BFE - ok

11:35:48.0234 4996 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

11:35:48.0249 4996 BITS - ok

11:35:48.0281 4996 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

11:35:48.0281 4996 blbdrive - ok

11:35:48.0296 4996 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

11:35:48.0296 4996 bowser - ok

11:35:48.0312 4996 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

11:35:48.0312 4996 BrFiltLo - ok

11:35:48.0327 4996 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

11:35:48.0327 4996 BrFiltUp - ok

11:35:48.0359 4996 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

11:35:48.0359 4996 BridgeMP - ok

11:35:48.0374 4996 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

11:35:48.0374 4996 Browser - ok

11:35:48.0390 4996 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

11:35:48.0390 4996 Brserid - ok

11:35:48.0405 4996 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

11:35:48.0405 4996 BrSerWdm - ok

11:35:48.0421 4996 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:35:48.0421 4996 BrUsbMdm - ok

11:35:48.0437 4996 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

11:35:48.0437 4996 BrUsbSer - ok

11:35:48.0452 4996 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

11:35:48.0452 4996 BTHMODEM - ok

11:35:48.0483 4996 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

11:35:48.0483 4996 bthserv - ok

11:35:48.0515 4996 catchme - ok

11:35:48.0530 4996 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

11:35:48.0530 4996 cdfs - ok

11:35:48.0561 4996 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

11:35:48.0561 4996 cdrom - ok

11:35:48.0593 4996 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:35:48.0593 4996 CertPropSvc - ok

11:35:48.0624 4996 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

11:35:48.0624 4996 circlass - ok

11:35:48.0655 4996 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

11:35:48.0671 4996 CLFS - ok

11:35:48.0725 4996 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:35:48.0726 4996 clr_optimization_v2.0.50727_32 - ok

11:35:48.0765 4996 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

11:35:48.0767 4996 clr_optimization_v2.0.50727_64 - ok

11:35:48.0811 4996 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:35:48.0812 4996 clr_optimization_v4.0.30319_32 - ok

11:35:48.0827 4996 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

11:35:48.0828 4996 clr_optimization_v4.0.30319_64 - ok

11:35:48.0877 4996 clwvd (e13a438f9e51dd034730678e33b73290) C:\Windows\system32\DRIVERS\clwvd.sys

11:35:48.0878 4996 clwvd - ok

11:35:48.0898 4996 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

11:35:48.0900 4996 CmBatt - ok

11:35:48.0905 4996 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

11:35:48.0907 4996 cmdide - ok

11:35:48.0961 4996 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

11:35:48.0965 4996 CNG - ok

11:35:48.0975 4996 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

11:35:48.0977 4996 Compbatt - ok

11:35:49.0006 4996 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

11:35:49.0007 4996 CompositeBus - ok

11:35:49.0020 4996 COMSysApp - ok

11:35:49.0115 4996 cphs (df3e8c2c443d3618260dff5705ce2df5) C:\Windows\SysWow64\IntelCpHeciSvc.exe

11:35:49.0117 4996 cphs - ok

11:35:49.0125 4996 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

11:35:49.0212 4996 crcdisk - ok

11:35:49.0244 4996 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

11:35:49.0245 4996 CryptSvc - ok

11:35:49.0290 4996 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:35:49.0294 4996 DcomLaunch - ok

11:35:49.0317 4996 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

11:35:49.0321 4996 defragsvc - ok

11:35:49.0341 4996 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

11:35:49.0342 4996 DfsC - ok

11:35:49.0362 4996 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

11:35:49.0366 4996 Dhcp - ok

11:35:49.0380 4996 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

11:35:49.0381 4996 discache - ok

11:35:49.0421 4996 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

11:35:49.0422 4996 Disk - ok

11:35:49.0428 4996 dlhynz - ok

11:35:49.0450 4996 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

11:35:49.0453 4996 Dnscache - ok

11:35:49.0478 4996 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

11:35:49.0481 4996 dot3svc - ok

11:35:49.0490 4996 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

11:35:49.0492 4996 DPS - ok

11:35:49.0531 4996 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

11:35:49.0533 4996 drmkaud - ok

11:35:49.0599 4996 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

11:35:49.0604 4996 DXGKrnl - ok

11:35:49.0650 4996 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

11:35:49.0652 4996 EapHost - ok

11:35:49.0776 4996 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

11:35:49.0837 4996 ebdrv - ok

11:35:49.0925 4996 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

11:35:49.0927 4996 EFS - ok

11:35:50.0007 4996 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

11:35:50.0011 4996 ehRecvr - ok

11:35:50.0030 4996 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

11:35:50.0031 4996 ehSched - ok

11:35:50.0073 4996 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

11:35:50.0087 4996 elxstor - ok

11:35:50.0113 4996 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

11:35:50.0114 4996 ErrDev - ok

11:35:50.0167 4996 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

11:35:50.0170 4996 EventSystem - ok

11:35:50.0196 4996 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

11:35:50.0199 4996 exfat - ok

11:35:50.0215 4996 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

11:35:50.0218 4996 fastfat - ok

11:35:50.0273 4996 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

11:35:50.0295 4996 Fax - ok

11:35:50.0310 4996 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

11:35:50.0311 4996 fdc - ok

11:35:50.0318 4996 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

11:35:50.0320 4996 fdPHost - ok

11:35:50.0334 4996 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

11:35:50.0336 4996 FDResPub - ok

11:35:50.0344 4996 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

11:35:50.0345 4996 FileInfo - ok

11:35:50.0353 4996 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

11:35:50.0355 4996 Filetrace - ok

11:35:50.0365 4996 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

11:35:50.0367 4996 flpydisk - ok

11:35:50.0387 4996 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

11:35:50.0390 4996 FltMgr - ok

11:35:50.0450 4996 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

11:35:50.0468 4996 FontCache - ok

11:35:50.0527 4996 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

11:35:50.0528 4996 FontCache3.0.0.0 - ok

11:35:50.0563 4996 Freedom Scientific Kernel Manager (575d36a0b7fa467367af92d10d04f4b5) C:\Windows\system32\fsKMgr.dll

11:35:50.0563 4996 Freedom Scientific Kernel Manager - ok

11:35:50.0589 4996 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

11:35:50.0591 4996 FsDepends - ok

11:35:50.0621 4996 fsvidmir_service (4c93b7ce0df37059517f3c75ae59daae) C:\Windows\system32\DRIVERS\fsvidmir.sys

11:35:50.0622 4996 fsvidmir_service - ok

11:35:50.0654 4996 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

11:35:50.0654 4996 Fs_Rec - ok

11:35:50.0666 4996 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

11:35:50.0668 4996 fvevol - ok

11:35:50.0698 4996 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

11:35:50.0700 4996 gagp30kx - ok

11:35:50.0759 4996 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

11:35:50.0760 4996 GamesAppService - ok

11:35:50.0801 4996 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

11:35:50.0819 4996 gpsvc - ok

11:35:50.0875 4996 GREGService (c9b2d1d3f86fd3673ef847def73b6f9e) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

11:35:50.0876 4996 GREGService - ok

11:35:50.0884 4996 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

11:35:50.0885 4996 hcw85cir - ok

11:35:50.0918 4996 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

11:35:50.0922 4996 HdAudAddService - ok

11:35:50.0940 4996 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

11:35:50.0942 4996 HDAudBus - ok

11:35:50.0954 4996 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

11:35:50.0955 4996 HidBatt - ok

11:35:50.0976 4996 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

11:35:50.0978 4996 HidBth - ok

11:35:50.0989 4996 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

11:35:50.0990 4996 HidIr - ok

11:35:51.0001 4996 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

11:35:51.0003 4996 hidserv - ok

11:35:51.0028 4996 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

11:35:51.0029 4996 HidUsb - ok

11:35:51.0048 4996 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

11:35:51.0050 4996 hkmsvc - ok

11:35:51.0086 4996 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

11:35:51.0090 4996 HomeGroupListener - ok

11:35:51.0118 4996 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

11:35:51.0120 4996 HomeGroupProvider - ok

11:35:51.0134 4996 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

11:35:51.0136 4996 HpSAMD - ok

11:35:51.0194 4996 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

11:35:51.0213 4996 HTTP - ok

11:35:51.0256 4996 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

11:35:51.0256 4996 hwpolicy - ok

11:35:51.0282 4996 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

11:35:51.0284 4996 i8042prt - ok

11:35:51.0335 4996 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

11:35:51.0340 4996 iaStorV - ok

11:35:51.0386 4996 IdcFltr (83c749c7d723cfc852b7430044affd4f) C:\Windows\system32\DRIVERS\idcfltr.sys

11:35:51.0387 4996 IdcFltr - ok

11:35:51.0468 4996 IdcSrv (c9811ea9d8e6e2b6cb76a435ad8ac4f8) C:\Program Files (x86)\IdeaCom\IDCMgr\IdcSrv.exe

11:35:51.0471 4996 IdcSrv - ok

11:35:51.0544 4996 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

11:35:51.0549 4996 idsvc - ok

11:35:51.0961 4996 igfx (276ee9cdab16c50e1df0e4cefa882f5f) C:\Windows\system32\DRIVERS\igdkmd64.sys

11:35:52.0182 4996 igfx - ok

11:35:52.0267 4996 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

11:35:52.0268 4996 iirsp - ok

11:35:52.0331 4996 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

11:35:52.0347 4996 IKEEXT - ok

11:35:52.0514 4996 IntcAzAudAddService (0b21b66574e5478fa10cca2d36694c2d) C:\Windows\system32\drivers\RTKVHD64.sys

11:35:52.0554 4996 IntcAzAudAddService - ok

11:35:52.0593 4996 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

11:35:52.0594 4996 intelide - ok

11:35:52.0614 4996 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

11:35:52.0615 4996 intelppm - ok

11:35:52.0627 4996 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

11:35:52.0630 4996 IPBusEnum - ok

11:35:52.0655 4996 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:35:52.0657 4996 IpFilterDriver - ok

11:35:52.0703 4996 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

11:35:52.0713 4996 iphlpsvc - ok

11:35:52.0734 4996 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

11:35:52.0736 4996 IPMIDRV - ok

11:35:52.0753 4996 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

11:35:52.0755 4996 IPNAT - ok

11:35:52.0770 4996 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

11:35:52.0771 4996 IRENUM - ok

11:35:52.0797 4996 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

11:35:52.0799 4996 isapnp - ok

11:35:52.0826 4996 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

11:35:52.0830 4996 iScsiPrt - ok

11:35:52.0935 4996 JTVNCProxy_13.0 (2ce0c9a1dfec2e57151983815d6e5c25) C:\Program Files\Freedom Scientific\JAWS\13.0\JTVNCProxy.exe

11:35:52.0936 4996 JTVNCProxy_13.0 - ok

11:35:52.0957 4996 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

11:35:52.0958 4996 kbdclass - ok

11:35:52.0976 4996 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

11:35:52.0977 4996 kbdhid - ok

11:35:53.0004 4996 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:35:53.0005 4996 KeyIso - ok

11:35:53.0053 4996 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys

11:35:53.0059 4996 KL1 - ok

11:35:53.0100 4996 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys

11:35:53.0101 4996 kl2 - ok

11:35:53.0163 4996 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys

11:35:53.0195 4996 KLIF - ok

11:35:53.0220 4996 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys

11:35:53.0221 4996 KLIM6 - ok

11:35:53.0241 4996 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys

11:35:53.0242 4996 klmouflt - ok

11:35:53.0262 4996 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

11:35:53.0264 4996 KSecDD - ok

11:35:53.0285 4996 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

11:35:53.0287 4996 KSecPkg - ok

11:35:53.0300 4996 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

11:35:53.0301 4996 ksthunk - ok

11:35:53.0374 4996 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

11:35:53.0379 4996 KtmRm - ok

11:35:53.0404 4996 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

11:35:53.0408 4996 LanmanServer - ok

11:35:53.0428 4996 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

11:35:53.0431 4996 LanmanWorkstation - ok

11:35:53.0459 4996 libusb0 (acec35f181075b20a5ef4a71958b13df) C:\Windows\system32\drivers\libusb0.sys

11:35:53.0460 4996 libusb0 - ok

11:35:53.0533 4996 Live Updater Service (b705c7097f9a0ec941d02dce7c7d426c) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

11:35:53.0535 4996 Live Updater Service - ok

11:35:53.0560 4996 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

11:35:53.0561 4996 lltdio - ok

11:35:53.0593 4996 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

11:35:53.0593 4996 lltdsvc - ok

11:35:53.0608 4996 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

11:35:53.0608 4996 lmhosts - ok

11:35:53.0686 4996 LMS (e7859ba062db5e23c6dd34ad66b09f50) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

11:35:53.0686 4996 LMS - ok

11:35:53.0717 4996 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

11:35:53.0733 4996 LSI_FC - ok

11:35:53.0749 4996 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

11:35:53.0749 4996 LSI_SAS - ok

11:35:53.0764 4996 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

11:35:53.0764 4996 LSI_SAS2 - ok

11:35:53.0780 4996 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

11:35:53.0780 4996 LSI_SCSI - ok

11:35:53.0795 4996 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

11:35:53.0811 4996 luafv - ok

11:35:53.0842 4996 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

11:35:53.0842 4996 MBAMProtector - ok

11:35:53.0889 4996 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

11:35:53.0889 4996 MBAMService - ok

11:35:53.0920 4996 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

11:35:53.0920 4996 Mcx2Svc - ok

11:35:53.0936 4996 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

11:35:53.0936 4996 megasas - ok

11:35:53.0967 4996 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

11:35:53.0967 4996 MegaSR - ok

11:35:54.0014 4996 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

11:35:54.0014 4996 MEIx64 - ok

11:35:54.0076 4996 Microsoft SharePoint Workspace Audit Service - ok

11:35:54.0092 4996 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:35:54.0092 4996 MMCSS - ok

11:35:54.0107 4996 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

11:35:54.0107 4996 Modem - ok

11:35:54.0139 4996 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

11:35:54.0139 4996 monitor - ok

11:35:54.0170 4996 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

11:35:54.0170 4996 mouclass - ok

11:35:54.0185 4996 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

11:35:54.0185 4996 mouhid - ok

11:35:54.0295 4996 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

11:35:54.0341 4996 mountmgr - ok

11:35:54.0451 4996 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

11:35:54.0466 4996 mpio - ok

11:35:54.0482 4996 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

11:35:54.0482 4996 mpsdrv - ok

11:35:54.0513 4996 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

11:35:54.0529 4996 MpsSvc - ok

11:35:54.0544 4996 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

11:35:54.0544 4996 MRxDAV - ok

11:35:54.0591 4996 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:35:54.0591 4996 mrxsmb - ok

11:35:54.0607 4996 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:35:54.0607 4996 mrxsmb10 - ok

11:35:54.0622 4996 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:35:54.0622 4996 mrxsmb20 - ok

11:35:54.0638 4996 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

11:35:54.0638 4996 msahci - ok

11:35:54.0669 4996 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

11:35:54.0669 4996 msdsm - ok

11:35:54.0685 4996 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

11:35:54.0685 4996 MSDTC - ok

11:35:54.0716 4996 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

11:35:54.0716 4996 Msfs - ok

11:35:54.0716 4996 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

11:35:54.0716 4996 mshidkmdf - ok

11:35:54.0731 4996 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

11:35:54.0731 4996 msisadrv - ok

11:35:54.0763 4996 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

11:35:54.0763 4996 MSiSCSI - ok

11:35:54.0778 4996 msiserver - ok

11:35:54.0794 4996 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

11:35:54.0794 4996 MSKSSRV - ok

11:35:54.0794 4996 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

11:35:54.0794 4996 MSPCLOCK - ok

11:35:54.0809 4996 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

11:35:54.0809 4996 MSPQM - ok

11:35:54.0841 4996 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

11:35:54.0841 4996 MsRPC - ok

11:35:54.0856 4996 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

11:35:54.0856 4996 mssmbios - ok

11:35:54.0856 4996 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

11:35:54.0856 4996 MSTEE - ok

11:35:54.0903 4996 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

11:35:54.0934 4996 MTConfig - ok

11:35:54.0981 4996 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

11:35:54.0981 4996 Mup - ok

11:35:55.0028 4996 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

11:35:55.0028 4996 napagent - ok

11:35:55.0075 4996 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

11:35:55.0090 4996 NativeWifiP - ok

11:35:55.0121 4996 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

11:35:55.0137 4996 NDIS - ok

11:35:55.0137 4996 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

11:35:55.0137 4996 NdisCap - ok

11:35:55.0153 4996 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

11:35:55.0168 4996 NdisTapi - ok

11:35:55.0168 4996 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

11:35:55.0168 4996 Ndisuio - ok

11:35:55.0184 4996 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

11:35:55.0184 4996 NdisWan - ok

11:35:55.0199 4996 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

11:35:55.0199 4996 NDProxy - ok

11:35:55.0215 4996 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

11:35:55.0215 4996 NetBIOS - ok

11:35:55.0231 4996 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

11:35:55.0231 4996 NetBT - ok

11:35:55.0246 4996 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:35:55.0246 4996 Netlogon - ok

11:35:55.0277 4996 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

11:35:55.0277 4996 Netman - ok

11:35:55.0293 4996 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

11:35:55.0309 4996 netprofm - ok

11:35:55.0371 4996 netr28ux (eed1fbde98cf5f6d5c0c5b27ab1f68ec) C:\Windows\system32\DRIVERS\netr28ux.sys

11:35:55.0387 4996 netr28ux - ok

11:35:55.0434 4996 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

11:35:55.0434 4996 NetTcpPortSharing - ok

11:35:55.0465 4996 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

11:35:55.0465 4996 nfrd960 - ok

11:35:55.0496 4996 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

11:35:55.0496 4996 NlaSvc - ok

11:35:55.0527 4996 nmwcdnsux64 (9573223e205907247ae6d948e3453770) C:\Windows\system32\drivers\nmwcdnsux64.sys

11:35:55.0527 4996 nmwcdnsux64 - ok

11:35:55.0543 4996 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

11:35:55.0543 4996 Npfs - ok

11:35:55.0543 4996 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

11:35:55.0543 4996 nsi - ok

11:35:55.0558 4996 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

11:35:55.0558 4996 nsiproxy - ok

11:35:55.0652 4996 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

11:35:55.0652 4996 Ntfs - ok

11:35:55.0714 4996 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

11:35:55.0714 4996 Null - ok

11:35:55.0761 4996 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

11:35:55.0761 4996 nvraid - ok

11:35:55.0792 4996 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

11:35:55.0792 4996 nvstor - ok

11:35:55.0824 4996 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

11:35:55.0824 4996 nv_agp - ok

11:35:55.0839 4996 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

11:35:55.0839 4996 ohci1394 - ok

11:35:55.0933 4996 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:35:55.0933 4996 ose - ok

11:35:56.0151 4996 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

11:35:56.0182 4996 osppsvc - ok

11:35:56.0245 4996 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:35:56.0260 4996 p2pimsvc - ok

11:35:56.0276 4996 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

11:35:56.0292 4996 p2psvc - ok

11:35:56.0323 4996 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

11:35:56.0323 4996 Parport - ok

11:35:56.0354 4996 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

11:35:56.0354 4996 partmgr - ok

11:35:56.0370 4996 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

11:35:56.0385 4996 PcaSvc - ok

11:35:56.0401 4996 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

11:35:56.0401 4996 pci - ok

11:35:56.0401 4996 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

11:35:56.0416 4996 pciide - ok

11:35:56.0432 4996 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

11:35:56.0432 4996 pcmcia - ok

11:35:56.0448 4996 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

11:35:56.0448 4996 pcw - ok

11:35:56.0494 4996 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

11:35:56.0526 4996 PEAUTH - ok

11:35:56.0572 4996 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

11:35:56.0572 4996 PerfHost - ok

11:35:56.0650 4996 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

11:35:56.0666 4996 pla - ok

11:35:56.0713 4996 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

11:35:56.0713 4996 PlugPlay - ok

11:35:56.0713 4996 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

11:35:56.0728 4996 PNRPAutoReg - ok

11:35:56.0744 4996 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:35:56.0744 4996 PNRPsvc - ok

11:35:56.0791 4996 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

11:35:56.0806 4996 PolicyAgent - ok

11:35:56.0838 4996 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

11:35:56.0853 4996 Power - ok

11:35:56.0916 4996 PowerBrl (c6b37e8e347bf175027ec0ba0daf06b9) C:\Windows\system32\Drivers\powerbrl.sys

11:35:56.0916 4996 PowerBrl - ok

11:35:56.0962 4996 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

11:35:56.0962 4996 PptpMiniport - ok

11:35:56.0978 4996 PQAWRwa - ok

11:35:56.0994 4996 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

11:35:56.0994 4996 Processor - ok

11:35:57.0025 4996 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

11:35:57.0025 4996 ProfSvc - ok

11:35:57.0040 4996 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:35:57.0040 4996 ProtectedStorage - ok

11:35:57.0056 4996 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

11:35:57.0056 4996 Psched - ok

11:35:57.0150 4996 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

11:35:57.0181 4996 ql2300 - ok

11:35:57.0274 4996 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

11:35:57.0274 4996 ql40xx - ok

11:35:57.0306 4996 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

11:35:57.0306 4996 QWAVE - ok

11:35:57.0321 4996 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

11:35:57.0321 4996 QWAVEdrv - ok

11:35:57.0337 4996 raeehd - ok

11:35:57.0400 4996 RalinkRegistryWriter (81bebbffe45855b7faf204c517fbeef1) C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter.exe

11:35:57.0400 4996 RalinkRegistryWriter - ok

11:35:57.0420 4996 RalinkRegistryWriter64 (0878786c69b92e2a239b94f96f2aa963) C:\Program Files (x86)\MicroNEXT\Common\RalinkRegistryWriter64.exe

11:35:57.0430 4996 RalinkRegistryWriter64 - ok

11:35:57.0440 4996 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

11:35:57.0440 4996 RasAcd - ok

11:35:57.0470 4996 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:35:57.0470 4996 RasAgileVpn - ok

11:35:57.0486 4996 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

11:35:57.0486 4996 RasAuto - ok

11:35:57.0501 4996 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:35:57.0501 4996 Rasl2tp - ok

11:35:57.0532 4996 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

11:35:57.0548 4996 RasMan - ok

11:35:57.0579 4996 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

11:35:57.0579 4996 RasPppoe - ok

11:35:57.0595 4996 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

11:35:57.0595 4996 RasSstp - ok

11:35:57.0626 4996 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

11:35:57.0626 4996 rdbss - ok

11:35:57.0642 4996 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

11:35:57.0642 4996 rdpbus - ok

11:35:57.0642 4996 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:35:57.0642 4996 RDPCDD - ok

11:35:57.0673 4996 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

11:35:57.0673 4996 RDPENCDD - ok

11:35:57.0688 4996 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

11:35:57.0688 4996 RDPREFMP - ok

11:35:57.0704 4996 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

11:35:57.0704 4996 RDPWD - ok

11:35:57.0735 4996 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

11:35:57.0735 4996 rdyboost - ok

11:35:57.0751 4996 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

11:35:57.0766 4996 RemoteAccess - ok

11:35:57.0782 4996 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

11:35:57.0782 4996 RemoteRegistry - ok

11:35:57.0798 4996 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

11:35:57.0798 4996 RpcEptMapper - ok

11:35:57.0813 4996 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

11:35:57.0813 4996 RpcLocator - ok

11:35:57.0844 4996 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:35:57.0860 4996 RpcSs - ok

11:35:57.0876 4996 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

11:35:57.0876 4996 rspndr - ok

11:35:57.0922 4996 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys

11:35:57.0938 4996 RTL8167 - ok

11:35:57.0954 4996 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:35:57.0954 4996 SamSs - ok

11:35:57.0969 4996 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

11:35:57.0969 4996 sbp2port - ok

11:35:58.0000 4996 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

11:35:58.0000 4996 SCardSvr - ok

11:35:58.0016 4996 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

11:35:58.0016 4996 scfilter - ok

11:35:58.0078 4996 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

11:35:58.0094 4996 Schedule - ok

11:35:58.0110 4996 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:35:58.0110 4996 SCPolicySvc - ok

11:35:58.0125 4996 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

11:35:58.0141 4996 SDRSVC - ok

11:35:58.0172 4996 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

11:35:58.0172 4996 secdrv - ok

11:35:58.0188 4996 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

11:35:58.0188 4996 seclogon - ok

11:35:58.0203 4996 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

11:35:58.0203 4996 SENS - ok

11:35:58.0219 4996 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

11:35:58.0219 4996 SensrSvc - ok

11:35:58.0234 4996 Sentinel64 (255476b54c82a89416efdf09fd62f107) C:\Windows\System32\Drivers\Sentinel64.sys

11:35:58.0234 4996 Sentinel64 - ok

11:35:58.0250 4996 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

11:35:58.0250 4996 Serenum - ok

11:35:58.0281 4996 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

11:35:58.0281 4996 Serial - ok

11:35:58.0312 4996 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

11:35:58.0312 4996 sermouse - ok

11:35:58.0328 4996 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

11:35:58.0328 4996 SessionEnv - ok

11:35:58.0344 4996 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

11:35:58.0344 4996 sffdisk - ok

11:35:58.0344 4996 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

11:35:58.0344 4996 sffp_mmc - ok

11:35:58.0359 4996 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

11:35:58.0359 4996 sffp_sd - ok

11:35:58.0375 4996 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

11:35:58.0375 4996 sfloppy - ok

11:35:58.0422 4996 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

11:35:58.0422 4996 SharedAccess - ok

11:35:58.0453 4996 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

11:35:58.0453 4996 ShellHWDetection - ok

11:35:58.0468 4996 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

11:35:58.0468 4996 SiSRaid2 - ok

11:35:58.0484 4996 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

11:35:58.0484 4996 SiSRaid4 - ok

11:35:58.0500 4996 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

11:35:58.0515 4996 Smb - ok

11:35:58.0531 4996 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

11:35:58.0531 4996 SNMPTRAP - ok

11:35:58.0562 4996 SNTUSB64 (b3d47be53a032eb8cd0a9b77d946dc19) C:\Windows\system32\DRIVERS\SNTUSB64.SYS

11:35:58.0562 4996 SNTUSB64 - ok

11:35:58.0593 4996 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

11:35:58.0593 4996 spldr - ok

11:35:58.0624 4996 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

11:35:58.0624 4996 Spooler - ok

11:35:58.0780 4996 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

11:35:58.0827 4996 sppsvc - ok

11:35:58.0905 4996 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

11:35:58.0905 4996 sppuinotify - ok

11:35:58.0952 4996 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

11:35:58.0952 4996 srv - ok

11:35:58.0983 4996 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

11:35:58.0999 4996 srv2 - ok

11:35:59.0046 4996 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

11:35:59.0046 4996 srvnet - ok

11:35:59.0061 4996 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

11:35:59.0061 4996 SSDPSRV - ok

11:35:59.0077 4996 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

11:35:59.0077 4996 SstpSvc - ok

11:35:59.0108 4996 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

11:35:59.0108 4996 stexstor - ok

11:35:59.0155 4996 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

11:35:59.0170 4996 stisvc - ok

11:35:59.0186 4996 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

11:35:59.0186 4996 swenum - ok

11:35:59.0233 4996 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

11:35:59.0248 4996 swprv - ok

11:35:59.0311 4996 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

11:35:59.0342 4996 SysMain - ok

11:35:59.0373 4996 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

11:35:59.0373 4996 TabletInputService - ok

11:35:59.0404 4996 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

11:35:59.0404 4996 TapiSrv - ok

11:35:59.0420 4996 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

11:35:59.0436 4996 TBS - ok

11:35:59.0638 4996 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

11:35:59.0654 4996 Tcpip - ok

11:35:59.0763 4996 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

11:35:59.0763 4996 TCPIP6 - ok

11:35:59.0794 4996 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

11:35:59.0810 4996 tcpipreg - ok

11:35:59.0810 4996 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

11:35:59.0826 4996 TDPIPE - ok

11:35:59.0826 4996 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

11:35:59.0826 4996 TDTCP - ok

11:35:59.0857 4996 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

11:35:59.0857 4996 tdx - ok

11:35:59.0857 4996 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

11:35:59.0872 4996 TermDD - ok

11:35:59.0904 4996 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

11:35:59.0904 4996 TermService - ok

11:35:59.0919 4996 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

11:35:59.0919 4996 Themes - ok

11:35:59.0935 4996 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:35:59.0935 4996 THREADORDER - ok

11:35:59.0950 4996 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

11:35:59.0950 4996 TrkWks - ok

11:35:59.0997 4996 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

11:35:59.0997 4996 TrustedInstaller - ok

11:36:00.0013 4996 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:36:00.0013 4996 tssecsrv - ok

11:36:00.0044 4996 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

11:36:00.0044 4996 TsUsbFlt - ok

11:36:00.0060 4996 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

11:36:00.0060 4996 TsUsbGD - ok

11:36:00.0091 4996 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

11:36:00.0106 4996 tunnel - ok

11:36:00.0122 4996 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

11:36:00.0122 4996 uagp35 - ok

11:36:00.0153 4996 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

11:36:00.0153 4996 udfs - ok

11:36:00.0169 4996 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

11:36:00.0169 4996 UI0Detect - ok

11:36:00.0184 4996 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

11:36:00.0184 4996 uliagpkx - ok

11:36:00.0200 4996 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

11:36:00.0200 4996 umbus - ok

11:36:00.0200 4996 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

11:36:00.0216 4996 UmPass - ok

11:36:00.0387 4996 UNS (e91f8afbd7fb96c94b266579d6bfa77a) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

11:36:00.0403 4996 UNS - ok

11:36:00.0481 4996 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

11:36:00.0481 4996 upnphost - ok

11:36:00.0512 4996 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

11:36:00.0512 4996 usbccgp - ok

11:36:00.0543 4996 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

11:36:00.0543 4996 usbcir - ok

11:36:00.0559 4996 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

11:36:00.0559 4996 usbehci - ok

11:36:00.0590 4996 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

11:36:00.0590 4996 usbhub - ok

11:36:00.0621 4996 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

11:36:00.0621 4996 usbohci - ok

11:36:00.0637 4996 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

11:36:00.0637 4996 usbprint - ok

11:36:00.0684 4996 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

11:36:00.0684 4996 usbscan - ok

11:36:00.0699 4996 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:36:00.0699 4996 USBSTOR - ok

11:36:00.0715 4996 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

11:36:00.0715 4996 usbuhci - ok

11:36:00.0746 4996 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

11:36:00.0746 4996 usbvideo - ok

11:36:00.0762 4996 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

11:36:00.0762 4996 UxSms - ok

11:36:00.0793 4996 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:36:00.0793 4996 VaultSvc - ok

11:36:00.0824 4996 VBoxNetAdp (e705a3a384e7569fa2f1a3a29bdc5240) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys

11:36:00.0824 4996 VBoxNetAdp - ok

11:36:00.0855 4996 VBoxNetFlt - ok

11:36:00.0871 4996 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

11:36:00.0871 4996 vdrvroot - ok

11:36:00.0918 4996 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

11:36:00.0933 4996 vds - ok

11:36:00.0964 4996 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

11:36:00.0964 4996 vga - ok

11:36:00.0980 4996 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

11:36:00.0980 4996 VgaSave - ok

11:36:01.0011 4996 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

11:36:01.0011 4996 vhdmp - ok

11:36:01.0027 4996 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

11:36:01.0027 4996 viaide - ok

11:36:01.0042 4996 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

11:36:01.0042 4996 volmgr - ok

11:36:01.0058 4996 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

11:36:01.0074 4996 volmgrx - ok

11:36:01.0105 4996 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

11:36:01.0120 4996 volsnap - ok

11:36:01.0136 4996 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

11:36:01.0136 4996 vsmraid - ok

11:36:01.0214 4996 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

11:36:01.0230 4996 VSS - ok

11:36:01.0308 4996 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

11:36:01.0308 4996 vwifibus - ok

11:36:01.0323 4996 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

11:36:01.0323 4996 vwififlt - ok

11:36:01.0339 4996 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

11:36:01.0354 4996 vwifimp - ok

11:36:01.0386 4996 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

11:36:01.0386 4996 W32Time - ok

11:36:01.0401 4996 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

11:36:01.0417 4996 WacomPen - ok

11:36:01.0432 4996 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:36:01.0432 4996 WANARP - ok

11:36:01.0432 4996 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:36:01.0432 4996 Wanarpv6 - ok

11:36:01.0526 4996 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

11:36:01.0542 4996 WatAdminSvc - ok

11:36:01.0604 4996 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

11:36:01.0635 4996 wbengine - ok

11:36:01.0729 4996 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

11:36:01.0729 4996 WbioSrvc - ok

11:36:01.0760 4996 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

11:36:01.0760 4996 wcncsvc - ok

11:36:01.0776 4996 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

11:36:01.0776 4996 WcsPlugInService - ok

11:36:01.0791 4996 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

11:36:01.0791 4996 Wd - ok

11:36:01.0838 4996 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:36:01.0854 4996 Wdf01000 - ok

11:36:01.0869 4996 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:36:01.0869 4996 WdiServiceHost - ok

11:36:01.0869 4996 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:36:01.0869 4996 WdiSystemHost - ok

11:36:01.0900 4996 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

11:36:01.0900 4996 WebClient - ok

11:36:01.0932 4996 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

11:36:01.0932 4996 Wecsvc - ok

11:36:01.0947 4996 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

11:36:01.0947 4996 wercplsupport - ok

11:36:01.0978 4996 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

11:36:01.0978 4996 WerSvc - ok

11:36:01.0978 4996 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:36:01.0994 4996 WfpLwf - ok

11:36:01.0994 4996 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:36:02.0010 4996 WIMMount - ok

11:36:02.0056 4996 WinDefend - ok

11:36:02.0056 4996 WinHttpAutoProxySvc - ok

11:36:02.0103 4996 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

11:36:02.0103 4996 Winmgmt - ok

11:36:02.0181 4996 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

11:36:02.0212 4996 WinRM - ok

11:36:02.0306 4996 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

11:36:02.0306 4996 WinUsb - ok

11:36:02.0353 4996 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

11:36:02.0368 4996 Wlansvc - ok

11:36:02.0431 4996 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

11:36:02.0431 4996 wlcrasvc - ok

11:36:02.0571 4996 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

11:36:02.0587 4996 wlidsvc - ok

11:36:02.0649 4996 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

11:36:02.0649 4996 WmiAcpi - ok

11:36:02.0680 4996 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

11:36:02.0680 4996 wmiApSrv - ok

11:36:02.0727 4996 WMPNetworkSvc - ok

11:36:02.0743 4996 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

11:36:02.0743 4996 WPCSvc - ok

11:36:02.0758 4996 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

11:36:02.0758 4996 WPDBusEnum - ok

11:36:02.0774 4996 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:36:02.0774 4996 ws2ifsl - ok

11:36:02.0790 4996 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

11:36:02.0790 4996 wscsvc - ok

11:36:02.0790 4996 WSearch - ok

11:36:02.0883 4996 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

11:36:02.0930 4996 wuauserv - ok

11:36:02.0977 4996 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

11:36:02.0977 4996 WudfPf - ok

11:36:02.0992 4996 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:36:02.0992 4996 WUDFRd - ok

11:36:03.0008 4996 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

11:36:03.0008 4996 wudfsvc - ok

11:36:03.0039 4996 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

11:36:03.0039 4996 WwanSvc - ok

11:36:03.0102 4996 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

11:36:03.0273 4996 \Device\Harddisk0\DR0 - ok

11:36:03.0273 4996 Boot (0x1200) (6c29d0304f608a862d981236945ca2a6) \Device\Harddisk0\DR0\Partition0

11:36:03.0273 4996 \Device\Harddisk0\DR0\Partition0 - ok

11:36:03.0289 4996 Boot (0x1200) (b8de73dd3ab05971da83d44cc7a6392c) \Device\Harddisk0\DR0\Partition1

11:36:03.0289 4996 \Device\Harddisk0\DR0\Partition1 - ok

11:36:03.0304 4996 Boot (0x1200) (7cae826f03fe553e82ac8fa17b109f35) \Device\Harddisk0\DR0\Partition2

11:36:03.0304 4996 \Device\Harddisk0\DR0\Partition2 - ok

11:36:03.0304 4996 ============================================================

11:36:03.0304 4996 Scan finished

11:36:03.0304 4996 ============================================================

11:36:03.0320 4868 Detected object count: 0

11:36:03.0320 4868 Actual detected object count: 0

11:36:05.0301 0536 Deinitialize success

Alikhan · May 22, 2012

ComboFix 12-05-22.01 - Shazia Begum 22/05/2012 11:19:43.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4008.2468 [GMT 1:00]

Running from: c:\users\Shazia Begum\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\ntuser.dat

c:\windows\SysWow64\ssprs.dll

.

((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))

.

2012-05-22 10:24 . 2012-05-22 10:24 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-05-22 10:24 . 2012-05-22 10:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-21 19:24 . 2012-05-21 19:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-21 19:24 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-21 15:29 . 2012-05-22 10:26 -------- d-----w- c:\programdata\Kaspersky Lab

2012-05-21 15:29 . 2012-05-21 15:29 -------- d-----w- c:\program files (x86)\Kaspersky Lab

2012-05-21 12:50 . 2012-05-21 12:50 22 --sha-w- c:\windows\90C7D912BE2316.sys

2012-05-21 12:50 . 2012-05-21 12:50 22 --sha-w- c:\users\Shazia Begum\AppData\Roaming\Windows1569_SettingsRepository.bin

2012-05-21 12:49 . 2012-05-21 12:49 0 ----a-w- c:\users\Shazia Begum\AppData\Local\jv16PT_temp.tmp

2012-05-21 12:35 . 2012-05-22 10:24 -------- d-----w- c:\windows\system32\wbem\repository

2012-05-19 18:17 . 2012-04-12 17:12 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2012-05-19 18:17 . 2012-04-12 17:12 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2012-05-18 14:43 . 2012-05-18 14:43 -------- d-----w- c:\program files\HitmanPro

2012-05-09 19:29 . 2012-05-09 19:29 -------- d-----w- c:\program files (x86)\BYOND4

2012-05-09 14:41 . 2012-05-09 14:41 -------- d-----w- c:\program files\Microsoft Silverlight

2012-05-09 14:41 . 2012-05-09 14:41 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-05-08 21:31 . 2012-05-08 21:31 -------- d-----w- c:\users\Shazia Begum\AppData\Local\ESET

2012-05-08 21:20 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-08 21:20 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-08 21:20 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-08 21:20 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-08 21:20 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-08 21:20 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-08 21:20 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-08 21:20 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-08 21:19 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-08 21:19 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-08 21:19 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-08 21:19 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-08 21:19 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-04-28 19:57 . 2012-05-18 16:02 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\EurekaLog

2012-04-28 18:38 . 2012-05-21 12:57 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\Paoc

2012-04-28 18:38 . 2012-04-28 19:22 -------- d-----w- c:\users\Shazia Begum\AppData\Roaming\Ekynl

2012-04-25 18:48 . 2012-05-19 19:38 -------- d-----w- c:\users\Shazia Begum\VirtualBox VMs

2012-04-25 18:47 . 2012-05-19 19:43 -------- d-----w- c:\users\Shazia Begum\.VirtualBox

2012-04-25 18:46 . 2012-05-19 19:44 -------- dc----w- c:\windows\system32\DRVSTORE

2012-04-24 16:30 . 2012-05-12 12:44 -------- d-----w- c:\windows\SysWow64\Adobe

2012-04-24 14:45 . 2012-04-24 14:45 -------- d-----w- c:\program files (x86)\uTorrent

2012-04-22 20:35 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 16:29 . 2012-04-05 11:37 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-05 16:29 . 2011-07-09 08:17 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 16:29 . 2012-04-17 20:29 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-12 17:12 . 2012-04-12 17:12 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2012-04-09 12:17 . 2012-04-09 12:17 1700352 ------w- c:\windows\SysWow64\gdiplus.dll

2012-03-20 02:51 . 2012-04-06 10:20 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E993DC25-C93B-4BB9-8366-626753F1FEA6}\mpengine.dll

2012-03-18 15:16 . 2012-02-01 19:58 472808 ------w- c:\windows\SysWow64\deployJava1.dll

2012-03-01 06:46 . 2012-04-11 11:19 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:38 . 2012-04-11 11:19 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:33 . 2012-04-11 11:19 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:28 . 2012-04-11 11:19 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:37 . 2012-04-11 11:19 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:33 . 2012-04-11 11:19 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:29 . 2012-04-11 11:19 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-02-28 06:56 . 2012-04-11 11:23 2311168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 06:49 . 2012-04-11 11:22 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 06:48 . 2012-04-11 11:23 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 06:42 . 2012-04-11 11:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-28 01:18 . 2012-04-11 11:23 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-02-28 01:11 . 2012-04-11 11:23 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11 . 2012-04-11 11:23 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2012-02-28 01:03 . 2012-04-11 11:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-05-11 136488]

"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2011-09-23 165160]

"IdeaCom Calibration"="c:\program files (x86)\IdeaCom\IDCMgr\StartUT.exe" [2010-03-18 270848]

"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-06-10 627304]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"avp"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]

.

c:\users\Shazia Begum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

MicroNEXT Wireless Utility.lnk - c:\program files (x86)\MicroNEXT\Common\RaUI.exe [2012-1-29 1828128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R0 dlhynz;dlhynz; [x]

R0 raeehd;raeehd; [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 JTVNCProxy_13.0;JTVNCProxy_13.0;c:\program files\Freedom Scientific\JAWS\13.0\JTVNCProxy.exe [2011-12-08 19736]

R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-12-20 29184]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 PowerBrl;powerBraille System Driver;c:\windows\system32\Drivers\powerbrl.sys [x]

R3 PQAWRwa;PQAWRwa;c:\windows\SysWOW64\PQAWDrv.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 Freedom Scientific Kernel Manager;Freedom Scientific Kernel Manager;c:\windows\system32\fsKMgr.dll [x]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]

S2 IdcSrv;IDCSRV Service;c:\program files (x86)\IdeaCom\IDCMgr\IdcSrv.exe [2011-01-06 252928]

S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\MicroNEXT\Common\RalinkRegistryWriter64.exe [2008-09-05 210720]

S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 fsvidmir_service;fsvidmir_service;c:\windows\system32\DRIVERS\fsvidmir.sys [x]

S3 IdcFltr;HID Touch Screen Driver;c:\windows\system32\DRIVERS\idcfltr.sys [x]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 16:29]

.

2012-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781961419-1968162369-1216944339-1000Core.job

- c:\users\Shazia Begum\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 14:37]

.

2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781961419-1968162369-1216944339-1000UA.job

- c:\users\Shazia Begum\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 14:37]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TouchORB"="c:\program files (x86)\TouchSettings\TouchPortalOBR.exe" [2010-05-06 153416]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]

"Acer PowerSaver"="c:\program files\Acer\Acer PowerSaver\PowerSaverTray.exe" [2011-09-06 545680]

"JAWS"="c:\program files\Freedom Scientific\JAWS\13.0\jfw.exe" [2011-12-08 6834968]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Shazia Begum\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{B887273F-390E-48B5-AC65-A19E4D9A682A}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{D9DA8EA3-8033-4A15-9A19-E500C47C0069}: NameServer = 8.26.56.26,156.154.70.22

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\MicroNEXT\Common\RalinkRegistryWriter.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-05-22 11:29:01 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-22 10:29

.

Pre-Run: 421,397,352,448 bytes free

Post-Run: 421,076,725,760 bytes free

.

- - End Of File - - 70D7A26EFC8950CB93E1E105C96533A9

Results of screen317's Security Check version 0.99.34

Windows 7 x64 (UAC is disabled!)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

Kaspersky Internet Security 2012

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 31

Java version out of date!

Adobe Reader X (10.1.3)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Kaspersky Lab Kaspersky Internet Security 2012 avp.exe

Kaspersky Lab Kaspersky Internet Security 2012 x64 klwtblfs.exe

``````````End of Log````````````

D-FRED-BROWN · May 22, 2012

Looking better!

Let's see if we can take care of some suspicious files :

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::
File::
c:\users\Shazia Begum\AppData\Local\jv16PT_temp.tmp
C:\Windows\System32\Drivers\dlhynz.sys
C:\Windows\System32\Drivers\raeehd.sys
c:\windows\90C7D912BE2316.sys
c:\users\Shazia Begum\AppData\Roaming\Windows1569_SettingsRepository.bin
Driver::
dlhynz
raeehd
90C7D912BE2316
Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

Alikhan · May 22, 2012

ComboFix 12-05-22.02 - Shazia Begum 22/05/2012 19:19:01.4.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4008.2278 [GMT 1:00]

Running from: c:\users\Shazia Begum\Desktop\ComboFix.exe

Command switches used :: c:\users\Shazia Begum\Desktop\CFScript.txt

AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

.

FILE ::

"c:\users\Shazia Begum\AppData\Local\jv16PT_temp.tmp"

"c:\users\Shazia Begum\AppData\Roaming\Windows1569_SettingsRepository.bin"

"c:\windows\90C7D912BE2316.sys"

"c:\windows\System32\Drivers\dlhynz.sys"

"c:\windows\System32\Drivers\raeehd.sys"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Shazia Begum\AppData\Local\jv16PT_temp.tmp

c:\users\Shazia Begum\AppData\Roaming\Windows1569_SettingsRepository.bin

c:\windows\90C7D912BE2316.sys

c:\windows\SysWow64\ssprs.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_DLHYNZ

-------\Legacy_RAEEHD

-------\Service_dlhynz

-------\Service_raeehd

.

((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))

.

2012-05-22 18:23 . 2012-05-22 18:23 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-05-22 18:23 . 2012-05-22 18:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-22 12:44 . 2012-05-22 12:44 -------- d-----w- c:\windows\en

2012-05-22 12:40 . 2012-05-22 12:40 -------- d-----w- c:\windows\pt-pt

2012-05-22 12:40 . 2012-05-22 12:40 -------- d-----w- c:\windows\ar

2012-05-22 12:40 . 2012-05-22 12:40 -------- d-----w- c:\windows\bg

2012-05-22 12:40 . 2012-05-22 12:40 -------- d-----w- c:\windows\cs

2012-05-22 12:40 . 2012-05-22 12:40 -------- d-----w- c:\windows\da

2012-05-22 12:40 . 2012-05-22 12:40 -------- d-----w- c:\windows\de

2012-05-22 12:40 . 2012-05-22 12:40 -------- d-----w- c:\windows\el

2012-05-22 12:39 . 2012-05-22 12:39 -------- d-----w- c:\windows\es

2012-05-22 12:39 . 2012-05-22 12:39 -------- d-----w- c:\windows\fi

2012-05-22 12:39 . 2012-05-22 12:39 -------- d-----w- c:\windows\fr

2012-05-22 12:39 . 2012-05-22 12:39 -------- d-----w- c:\windows\he

2012-05-22 12:39 . 2012-05-22 12:39 -------- d-----w- c:\windows\hr

2012-05-22 12:39 . 2012-05-22 12:39 -------- d-----w- c:\windows\hu

2012-05-22 12:39 . 2012-05-22 12:39 -------- d-----w- c:\windows\it

2012-05-22 12:39 . 2012-05-22 12:39 -------- d-----w- c:\windows\nl

2012-05-22 12:38 . 2012-05-22 12:38 -------- d-----w- c:\windows\no

2012-05-22 12:38 . 2012-05-22 12:38 -------- d-----w- c:\windows\pl

2012-05-22 12:38 . 2012-05-22 12:38 -------- d-----w- c:\windows\pt-br

2012-05-22 12:38 . 2012-05-22 12:38 -------- d-----w- c:\windows\ro

2012-05-22 12:38 . 2012-05-22 12:38 -------- d-----w- c:\windows\ru

2012-05-22 12:38 . 2012-05-22 12:38 -------- d-----w- c:\windows\sk

2012-05-22 12:38 . 2012-05-22 12:38 -------- d-----w- c:\windows\sl

2012-05-22 12:38 . 2012-05-22 12:38 -------- d-----w- c:\windows\sv

2012-05-22 12:38 . 2012-05-22 12:38 -------- d-----w- c:\windows\th

2012-05-22 12:37 . 2012-05-22 12:37 -------- d-----w- c:\windows\tr

2012-05-22 12:37 . 2012-05-22 12:37 -------- d-----w- c:\windows\zh-tw

2012-05-22 12:37 . 2012-05-22 12:37 -------- d-----w- c:\windows\ca

2012-05-22 12:37 . 2012-05-22 12:37 -------- d-----w- c:\windows\eu

2012-05-22 12:11 . 2012-05-22 12:11 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fbccaeef1cd381302\MeshBetaRemover.exe

2012-05-22 12:11 . 2012-05-22 12:11 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fb7eb4db1cd381301\DSETUP.dll

2012-05-22 12:11 . 2012-05-22 12:11 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fb7eb4db1cd381301\DXSETUP.exe

2012-05-22 12:11 . 2012-05-22 12:11 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fb7eb4db1cd381301\dsetup32.dll

2012-05-21 19:24 . 2012-05-21 19:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-21 19:24 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-21 15:29 . 2012-05-22 19:40 -------- d-----w- c:\programdata\Kaspersky Lab

2012-05-21 15:29 . 2012-05-21 15:29 -------- d-----w- c:\program files (x86)\Kaspersky Lab

2012-05-21 12:35 . 2012-05-22 18:24 -------- d-----w- c:\windows\system32\wbem\repository