TechSpot

Internet not working

Solved
By Nicole112
Nov 3, 2012
  1. Hello all,
    A few days ago I used an USB stick from the University. Bitdefender notified me of a virus from the stick but also told me that nothing was infected. When I got home and turned it back again, I tried to go online but it didn’t work. Google Chrome wouldn’t connect to any website and I would get Error 137 each time I tried to open a new page. I remembered of the virus and decided to scan my computer. However, when I tried to update the antivirus, it wouldn’t connect to the server.
    My internet connection appeared to be working but decided to check anyway; in Command Prompt I tried the ‘ping google.com’ and it confirmed that I had a stable connection. I decided to open IE as well just to be sure and to my great surprise it worked.
    Since I had previous unpleasant experiences with malware, I scanned my computer using Bitdefender 2011, AVG 2013, Malwarebytes’s Antimalware, Kaspersky Virus Removal Tool (website version), TDSSKiller, Avast! and SUPERAntiSpyware. Some infections were found and cleaned but in the end I couldn’t use Chrome or update any software - only IE connects without issues.
    I ran out of ideas and if someone experienced something similar or has a clue about what happened, please help me!
    P.S. I have Windows 7 Home Premium
  2. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. Nicole112

    Nicole112 Newcomer, in training Topic Starter Posts: 26

    Hi! Thanks for the reply!

    I cannot update Malwarebytes Anti-Malware because of my problem with the internet(PROGRAM_ERROR_UPDATING(0, 0, Net Exception)). It does not allow me to update any program, only IE manages to connect to the internet. I’ll paste the log anyway, after I ran the program, without updating it.​
    Gmer did not give me any logs, and the dds logs will follow after the Malwarebytes one.​
    I don’t know if it has anything to do with my problem, but I can’t access Documents and Setting. It says I am not allowed, even though I only have one user account, I am the only person that accesses this computer from the only account there is.​
    Here are the logs:​
    Malwarebytes Anti-Malware​
    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.09.29.05​
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Miry :: MIRY-PC [administrator]​
    03/11/2012 23:13:09
    mbam-log-2012-11-03 (23-13-09).txt​
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 246781
    Time elapsed: 2 minute(s), 55 second(s)​
    Memory Processes Detected: 0
    (No malicious items detected)​
    Memory Modules Detected: 0
    (No malicious items detected)​
    Registry Keys Detected: 0
    (No malicious items detected)​
    Registry Values Detected: 0
    (No malicious items detected)​
    Registry Data Items Detected: 0
    (No malicious items detected)​
    Folders Detected: 0
    (No malicious items detected)​
    Files Detected: 0
    (No malicious items detected)​
    (end)​

    DDS.txt​
    DDS (Ver_2012-10-19.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by Miry at 23:47:44 on 2012-11-03
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3948.1006 [GMT 1:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\ZTE Join Air\AssistantServices.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil64_11_4_402_287_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files (x86)\Onda Connection Manager\UIMain.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = about:blank
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware2\mbamgui.exe /install /silent
    dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
    StartupFolder: C:\Users\Miry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
    TCP: Interfaces\{160DDB86-8F34-4BD3-963B-6BF10F324F58} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{160DDB86-8F34-4BD3-963B-6BF10F324F58}\35F44545F445544545F4024514655425E4 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{160DDB86-8F34-4BD3-963B-6BF10F324F58}\F4374756C6C6F60246960224F6C6F676E6160243 : DHCPNameServer = 10.0.0.1 192.168.34.221
    TCP: Interfaces\{69BB2179-BC30-48A1-AC0A-0A960D9C6BB5} : DHCPNameServer = 213.154.124.221 193.231.252.221
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    x64-mStart Page = about:blank
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
    x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-8-17 28992]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-11-2 984144]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-11-2 370288]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-11-2 25232]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-11-2 71600]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-2 44808]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-6-8 352336]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-7-17 872552]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-8 13336]
    R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-6-8 244624]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-10-8 19192]
    R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-21 67624]
    R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-21 19496]
    R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-1-20 52264]
    R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-1-14 85544]
    R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-8-23 270912]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-6-8 317440]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-1-17 412712]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-6-8 56344]
    R3 onda_cdc_acm;ONDA CDC-ACM driver;C:\Windows\System32\drivers\onda_cdc_acm.sys [2012-2-20 79872]
    R3 onda_cdc_ecm;onda_cdc_ecm;C:\Windows\System32\drivers\onda_cdc_ecm.sys [2012-2-20 60416]
    R3 onda_ecm_enum;ONDA ECM Enumerator;C:\Windows\System32\drivers\onda_ecm_enum.sys [2012-2-20 56832]
    R3 onda_ecm_enum_filter;onda_ecm_enum_filter;C:\Windows\System32\drivers\onda_ecm_enum_filter.sys [2012-2-20 56832]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-5 136176]
    S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-9 250808]
    S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-5 136176]
    S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\System32\drivers\ewusbfake.sys [2011-10-11 116224]
    S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2011-10-22 11776]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
    S3 onda_wcpo;ONDA Installation Device (WCPO);C:\Windows\System32\drivers\onda_wcpo.sys [2012-2-20 10752]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: AutoCADScriptFile="C:\Windows\System32\NOTEPAD.EXE" "%1"
    .
    =============== Created Last 30 ================
    .
    2012-11-03 21:57:54 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-03 21:57:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2
    2012-11-03 10:46:08 -------- d-----w- C:\Users\Miry\AppData\Roaming\SUPERAntiSpyware.com
    2012-11-03 10:45:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-11-03 10:45:57 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-11-03 10:28:05 -------- d-----w- C:\Users\Miry\AppData\Roaming\LavasoftStatistics
    2012-11-03 10:27:31 -------- d-----w- C:\Users\Miry\AppData\Roaming\Ad-Aware Antivirus
    2012-11-03 10:10:50 -------- d-----w- C:\$RECYCLE.BIN
    2012-11-03 10:00:50 256000 ----a-w- C:\Windows\PEV.exe
    2012-11-03 10:00:50 208896 ----a-w- C:\Windows\MBR.exe
    2012-11-03 10:00:49 98816 ----a-w- C:\Windows\sed.exe
    2012-11-03 09:52:42 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-11-03 09:32:33 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C688EB6E-1739-4AA0-A9C1-3366DE2D0C10}\mpengine.dll
    2012-11-02 22:05:05 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-11-02 22:05:04 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-11-02 22:04:59 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-11-02 22:04:35 41224 ----a-w- C:\Windows\avastSS.scr
    2012-11-02 22:04:26 -------- d-----w- C:\ProgramData\AVAST Software
    2012-11-02 22:04:26 -------- d-----w- C:\Program Files\AVAST Software
    2012-11-02 22:00:37 -------- d-----w- C:\Users\Miry\AppData\Local\Avg2013
    2012-11-02 18:44:03 -------- d-----w- C:\Users\Miry\AppData\Local\Opera
    2012-11-01 18:34:42 -------- d-----w- C:\Users\Miry\AppData\Roaming\DriverCure
    2012-11-01 18:34:41 -------- d-----w- C:\Users\Miry\AppData\Roaming\SpeedyPC Software
    2012-11-01 18:34:38 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software
    2012-11-01 18:34:36 -------- d-----w- C:\ProgramData\SpeedyPC Software
    2012-11-01 18:34:36 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software
    2012-11-01 10:25:55 -------- d-----w- C:\Users\Miry\AppData\Local\MFAData
    2012-11-01 10:25:55 -------- d-----w- C:\ProgramData\MFAData
    2012-10-31 21:04:17 -------- d-----w- C:\Program Files\CCleaner
    2012-10-31 09:40:55 -------- d-----w- C:\Program Files (x86)\Straus7
    2012-10-10 16:45:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-10-10 16:45:36 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-10-10 16:35:59 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-10-10 16:35:59 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-10-10 16:35:58 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-10-10 16:33:20 220160 ----a-w- C:\Windows\System32\wintrust.dll
    2012-10-10 16:33:20 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-10-10 16:32:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-10-10 16:32:37 1464320 ----a-w- C:\Windows\System32\crypt32.dll
    2012-10-10 16:32:37 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-10-10 16:32:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-10-10 16:32:37 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-10-10 16:32:37 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-10-10 16:32:09 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-10-10 16:28:18 715776 ----a-w- C:\Windows\System32\kerberos.dll
    2012-10-10 16:28:18 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2012-10-07 15:55:33 -------- d-----w- C:\Users\Miry\AppData\Local\PunkBuster
    .
    ==================== Find3M ====================
    .
    2012-11-02 18:49:07 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-02 18:49:07 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-11-01 12:22:33 701324 ----a-w- C:\ProgramData\bdinstall.bin
    2012-09-03 08:17:56 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-03 08:17:55 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-03 08:17:55 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-08-17 15:13:42 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-08-17 15:13:40 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    .
    ============= FINISH: 23:48:35.82 ===============​

    Attach.txt​
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-19.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 15/08/2011 15:22:17
    System Uptime: 03/11/2012 18:44:32 (5 hours ago)
    .
    Motherboard: Acer | | JE50_HR
    Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU1 | 2301/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 70 GiB total, 13.474 GiB free.
    D: is FIXED (NTFS) - 178 GiB total, 18.864 GiB free.
    E: is FIXED (NTFS) - 202 GiB total, 21.67 GiB free.
    F: is CDROM ()
    J: is CDROM (CDFS)
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP99: 02/11/2012 22:59:23 - Removed AVG 2013
    RP100: 02/11/2012 23:00:38 - Removed AVG 2013
    RP101: 02/11/2012 23:04:02 - avast! Free Antivirus Setup
    RP102: 03/11/2012 10:32:02 - Windows Update
    .
    ==== Installed Programs ======================
    .
    ???? ??? Windows Live
    ???? Windows Live
    ????? Windows Live
    ?????? ??????? ?? Windows Live
    ???????? ?????????? Windows Live
    ?????????? Windows Live
    ??????????? ?? Windows Live
    7-Zip 9.20 (x64 edition)
    Acer Backup Manager
    Acer Crystal Eye Webcam
    Acer ePower Management
    Acer eRecovery Management
    Acer Registration
    Acer Updater
    Acrobat.com
    Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    Adobe Acrobat 9 Pro Extended 64-bit Add-On
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.1 MUI
    Adobe Shockwave Player 11.6
    avast! Free Antivirus
    Backup Manager V3
    BitComet 1.29 64-bit
    Broadcom Card Reader Driver Installer
    Broadcom Gigabit NetLink Controller
    CCleaner
    clear.fi
    clear.fi Client
    D3DX10
    DAEMON Tools Lite
    Default
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dolby Advanced Audio v2
    Fotogalerija Windows Live
    Galeria de Fotografias do Windows Live
    Galeria fotografii uslugi Windows Live
    Galeria fotogràfica del Windows Live
    Galerie de photos Windows Live
    Galerie foto Windows Live
    Galería fotográfica de Windows Live
    General Runtime Files for Nemetschek Allplan 2009
    Google Chrome
    Google Earth
    Google Update Helper
    Identity Card
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Monitor 2.0
    Java 7 Update 7
    Java Auto Updater
    JavaFX 2.1.1
    Join Air
    Junk Mail filter update
    L&H TTS3000 British English
    Launch Manager
    Malwarebytes Anti-Malware version 1.65.1.1000
    Mathcad 14
    Mathcad 14 Help
    Mathcad 14 Resource Center
    MediaEspresso
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 8.2
    Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access MUI (Romanian) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Excel MUI (Romanian) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office Groove MUI (Romanian) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office InfoPath MUI (Romanian) 2010
    Microsoft Office Language Pack 2010 - Romanian/Româna
    Microsoft Office O MUI (Romanian) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office OneNote MUI (Romanian) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office Outlook MUI (Romanian) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint MUI (Romanian) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Romanian) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing (Romanian) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Publisher MUI (Romanian) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (Romanian) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared MUI (Romanian) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Office Word MUI (Romanian) 2010
    Microsoft Office X MUI (Romanian) 2010
    Microsoft Silverlight
    Microsoft SOAP Toolkit 3.0
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Mobile Partner
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NEF Codec
    Nemetschek Allplan 2009
    Nemetschek SoftLock 2006
    Nero 7 Ultra Edition
    neroxml
    Norton Online Backup
    NVIDIA 3D Vision Controller Driver 301.42
    NVIDIA Control Panel 301.42
    NVIDIA Graphics Driver 301.42
    NVIDIA Install Application
    NVIDIA Optimus 1.8.15
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0213
    NVIDIA Update 1.8.15
    NVIDIA Update Components
    Onda Connection Manager
    Opera 11.61
    Origin
    Picasa 3
    Poczta uslugi Windows Live
    Podstawowe programy Windows Live
    Pošta Windows Live
    PunkBuster Services
    QuickTime
    Raccolta foto di Windows Live
    Realtek High Definition Audio Driver
    ReNamer
    S?????? f?t???af??? t?? Windows Live
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Skype™ 5.10
    SpeedyPC Pro
    Straus7 Release 2
    SUPERAntiSpyware
    swMSM
    Synaptics Pointing Device Driver
    System Requirements Lab CYRI
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    VeryPDF PDF2Word v3.0
    Visual Studio 2010 x64 Redistributables
    VLC media player 2.0.1
    Vodafone Mobile Connect Lite Huawei
    Welcome Center
    Windows Live
    Windows Live ???
    Windows Live ????
    Windows Live Argazki Galeria
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fotótár
    Windows Live Fotogalerie
    Windows Live Fotogalleri
    Windows Live Fotogaléria
    Windows Live Fotograf Galerisi
    Windows Live Galeria de Fotos
    Windows Live Galerija fotografija
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Temel Parçalar
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Liven asennustyökalu
    Windows Liven sähköposti
    Windows Liven valokuvavalikoima
    WinRAR 4.00 beta 6 (64-bit)
    Wondershare PDF Converter (Build 2.6.0)
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    31/10/2012 10:30:23, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    03/11/2012 23:48:17, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NTI IScheduleSvc service.
    03/11/2012 18:47:13, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect.
    03/11/2012 18:47:13, Error: Service Control Manager [7001] - The Intel(R) Management and Security Application User Notification Service service depends on the Intel(R) Management and Security Application Local Management Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    03/11/2012 18:47:13, Error: Service Control Manager [7000] - The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    03/11/2012 18:47:04, Error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The specified module could not be found.
    03/11/2012 12:12:34, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.6 did not allow the name to be claimed by this computer.
    03/11/2012 11:31:57, Error: bowser [8003] - The master browser has received a server announcement from the computer PC-CASTELLO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{160DDB86-8F34-4BD3-963B-6BF10F324F58}. The master browser is stopping or an election is being forced.
    03/11/2012 11:31:55, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
    03/11/2012 11:09:11, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    02/11/2012 22:55:58, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    02/11/2012 22:55:56, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753639.
    02/11/2012 20:28:46, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user Miry-PC\Guest SID (S-1-5-21-839587973-888073759-2331354090-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    01/11/2012 15:38:58, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    01/11/2012 13:42:55, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
    01/11/2012 13:42:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    01/11/2012 13:42:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    01/11/2012 13:42:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    01/11/2012 13:42:47, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    01/11/2012 13:42:41, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 discache spldr Wanarpv6
    01/11/2012 13:42:36, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    01/11/2012 13:42:36, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
    01/11/2012 00:41:00, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    01/11/2012 00:41:00, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    .
    ==== End Of File ===========================​

  4. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    In Windows 7 "Documents and Setting" is a hidden system folder so there is no reason to play with it.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ===========================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  5. Nicole112

    Nicole112 Newcomer, in training Topic Starter Posts: 26

    I've run the three scans, I'll post the three logs. After I ran Rougekiller, on my desktop appeared my user folder (C:\Users\Miry). It wasn't there until now. Do you know why is that and if it is normal?
    TDSSKiller Log:

    09:40:02.0006 2396 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    09:40:02.0022 2396 ============================================================
    09:40:02.0022 2396 Current date / time: 2012/11/04 09:40:02.0022
    09:40:02.0022 2396 SystemInfo:
    09:40:02.0022 2396
    09:40:02.0022 2396 OS Version: 6.1.7601 ServicePack: 1.0
    09:40:02.0022 2396 Product type: Workstation
    09:40:02.0022 2396 ComputerName: MIRY-PC
    09:40:02.0022 2396 UserName: Miry
    09:40:02.0022 2396 Windows directory: C:\Windows
    09:40:02.0022 2396 System windows directory: C:\Windows
    09:40:02.0022 2396 Running under WOW64
    09:40:02.0022 2396 Processor architecture: Intel x64
    09:40:02.0022 2396 Number of processors: 4
    09:40:02.0022 2396 Page size: 0x1000
    09:40:02.0022 2396 Boot type: Normal boot
    09:40:02.0022 2396 ============================================================
    09:40:02.0381 2396 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    09:40:02.0396 2396 ============================================================
    09:40:02.0396 2396 \Device\Harddisk0\DR0:
    09:40:02.0396 2396 MBR partitions:
    09:40:02.0396 2396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
    09:40:02.0396 2396 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x8C043E6
    09:40:02.0412 2396 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAA36C25, BlocksNum 0x164E5C00
    09:40:02.0428 2396 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x20F1C868, BlocksNum 0x194683D9
    09:40:02.0428 2396 ============================================================
    09:40:02.0459 2396 C: <-> \Device\Harddisk0\DR0\Partition2
    09:40:02.0490 2396 D: <-> \Device\Harddisk0\DR0\Partition3
    09:40:02.0506 2396 E: <-> \Device\Harddisk0\DR0\Partition4
    09:40:02.0506 2396 ============================================================
    09:40:02.0506 2396 Initialize success
    09:40:02.0506 2396 ============================================================
    09:40:20.0157 5924 ============================================================
    09:40:20.0157 5924 Scan started
    09:40:20.0157 5924 Mode: Manual;
    09:40:20.0157 5924 ============================================================
    09:40:20.0266 5924 ================ Scan system memory ========================
    09:40:20.0266 5924 System memory - ok
    09:40:20.0266 5924 ================ Scan services =============================
    09:40:20.0360 5924 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    09:40:20.0360 5924 !SASCORE - ok
    09:40:20.0578 5924 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    09:40:20.0594 5924 1394ohci - ok
    09:40:20.0625 5924 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    09:40:20.0625 5924 ACPI - ok
    09:40:20.0656 5924 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    09:40:20.0656 5924 AcpiPmi - ok
    09:40:20.0828 5924 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    09:40:20.0828 5924 AdobeFlashPlayerUpdateSvc - ok
    09:40:20.0875 5924 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    09:40:20.0890 5924 adp94xx - ok
    09:40:20.0937 5924 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    09:40:20.0937 5924 adpahci - ok
    09:40:20.0984 5924 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    09:40:20.0984 5924 adpu320 - ok
    09:40:21.0015 5924 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    09:40:21.0015 5924 AeLookupSvc - ok
    09:40:21.0062 5924 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    09:40:21.0078 5924 AFD - ok
    09:40:21.0109 5924 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    09:40:21.0109 5924 agp440 - ok
    09:40:21.0109 5924 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    09:40:21.0124 5924 ALG - ok
    09:40:21.0140 5924 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    09:40:21.0140 5924 aliide - ok
    09:40:21.0156 5924 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    09:40:21.0156 5924 amdide - ok
    09:40:21.0187 5924 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    09:40:21.0187 5924 AmdK8 - ok
    09:40:21.0187 5924 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    09:40:21.0187 5924 AmdPPM - ok
    09:40:21.0218 5924 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    09:40:21.0218 5924 amdsata - ok
    09:40:21.0249 5924 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    09:40:21.0249 5924 amdsbs - ok
    09:40:21.0265 5924 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    09:40:21.0265 5924 amdxata - ok
    09:40:21.0296 5924 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    09:40:21.0296 5924 AppID - ok
    09:40:21.0312 5924 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    09:40:21.0312 5924 AppIDSvc - ok
    09:40:21.0358 5924 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    09:40:21.0358 5924 Appinfo - ok
    09:40:21.0390 5924 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    09:40:21.0390 5924 arc - ok
    09:40:21.0405 5924 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    09:40:21.0405 5924 arcsas - ok
    09:40:21.0499 5924 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
    09:40:21.0499 5924 aswFsBlk - ok
    09:40:21.0546 5924 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    09:40:21.0546 5924 aswMonFlt - ok
    09:40:21.0592 5924 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
    09:40:21.0592 5924 aswRdr - ok
    09:40:21.0624 5924 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    09:40:21.0639 5924 aswSnx - ok
    09:40:21.0670 5924 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    09:40:21.0670 5924 aswSP - ok
    09:40:21.0702 5924 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
    09:40:21.0702 5924 aswTdi - ok
    09:40:21.0733 5924 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    09:40:21.0733 5924 AsyncMac - ok
    09:40:21.0764 5924 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    09:40:21.0764 5924 atapi - ok
    09:40:21.0811 5924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    09:40:21.0811 5924 AudioEndpointBuilder - ok
    09:40:21.0826 5924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    09:40:21.0826 5924 AudioSrv - ok
    09:40:21.0998 5924 [ 32A5DEFDDC3562BF89D73586F5915B34 ] Autodesk Licensing Service C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    09:40:21.0998 5924 Autodesk Licensing Service - ok
    09:40:22.0107 5924 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    09:40:22.0107 5924 avast! Antivirus - ok
    09:40:22.0154 5924 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    09:40:22.0154 5924 AxInstSV - ok
    09:40:22.0201 5924 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    09:40:22.0201 5924 b06bdrv - ok
    09:40:22.0248 5924 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    09:40:22.0248 5924 b57nd60a - ok
    09:40:22.0310 5924 [ A424CB46A145E5AABF15621550976DF2 ] b57xdbd C:\Windows\system32\drivers\b57xdbd.sys
    09:40:22.0310 5924 b57xdbd - ok
    09:40:22.0326 5924 [ BE4E6FD5A898812B85D5817AD9754A9F ] b57xdmp C:\Windows\system32\drivers\b57xdmp.sys
    09:40:22.0326 5924 b57xdmp - ok
    09:40:22.0450 5924 [ 85111026F1C5A1C4CCE3697F0DA7BC1A ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    09:40:22.0482 5924 BCM43XX - ok
    09:40:22.0528 5924 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    09:40:22.0528 5924 BDESVC - ok
    09:40:22.0575 5924 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    09:40:22.0575 5924 Beep - ok
    09:40:22.0622 5924 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    09:40:22.0622 5924 BFE - ok
    09:40:22.0716 5924 BITCOMET_HELPER_SERVICE - ok
    09:40:22.0747 5924 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
    09:40:22.0762 5924 BITS - ok
    09:40:22.0809 5924 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    09:40:22.0809 5924 blbdrive - ok
    09:40:22.0825 5924 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    09:40:22.0825 5924 bowser - ok
    09:40:22.0840 5924 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    09:40:22.0856 5924 BrFiltLo - ok
    09:40:22.0872 5924 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    09:40:22.0872 5924 BrFiltUp - ok
    09:40:22.0887 5924 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    09:40:22.0887 5924 BridgeMP - ok
    09:40:22.0934 5924 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    09:40:22.0934 5924 Browser - ok
    09:40:22.0965 5924 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    09:40:22.0965 5924 Brserid - ok
    09:40:22.0996 5924 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    09:40:22.0996 5924 BrSerWdm - ok
    09:40:23.0012 5924 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    09:40:23.0012 5924 BrUsbMdm - ok
    09:40:23.0028 5924 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    09:40:23.0028 5924 BrUsbSer - ok
    09:40:23.0074 5924 [ 520408CFDB56DE8CDB44B2F11B9C5B5C ] bScsiMSa C:\Windows\system32\drivers\bScsiMSa.sys
    09:40:23.0074 5924 bScsiMSa - ok
    09:40:23.0121 5924 [ 9F880F03F4A72215C8B77FD51322C297 ] bScsiSDa C:\Windows\system32\DRIVERS\bScsiSDa.sys
    09:40:23.0121 5924 bScsiSDa - ok
    09:40:23.0137 5924 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    09:40:23.0137 5924 BTHMODEM - ok
    09:40:23.0199 5924 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    09:40:23.0199 5924 bthserv - ok
    09:40:23.0215 5924 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    09:40:23.0215 5924 cdfs - ok
    09:40:23.0246 5924 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    09:40:23.0246 5924 cdrom - ok
    09:40:23.0277 5924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    09:40:23.0277 5924 CertPropSvc - ok
    09:40:23.0293 5924 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    09:40:23.0293 5924 circlass - ok
    09:40:23.0308 5924 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    09:40:23.0324 5924 CLFS - ok
    09:40:23.0386 5924 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    09:40:23.0386 5924 clr_optimization_v2.0.50727_32 - ok
    09:40:23.0433 5924 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    09:40:23.0433 5924 clr_optimization_v2.0.50727_64 - ok
    09:40:23.0511 5924 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    09:40:23.0511 5924 clr_optimization_v4.0.30319_32 - ok
    09:40:23.0542 5924 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    09:40:23.0558 5924 clr_optimization_v4.0.30319_64 - ok
    09:40:23.0589 5924 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    09:40:23.0589 5924 CmBatt - ok
    09:40:23.0605 5924 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    09:40:23.0605 5924 cmdide - ok
    09:40:23.0652 5924 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    09:40:23.0652 5924 CNG - ok
    09:40:23.0667 5924 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    09:40:23.0667 5924 Compbatt - ok
    09:40:23.0714 5924 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    09:40:23.0714 5924 CompositeBus - ok
    09:40:23.0730 5924 COMSysApp - ok
    09:40:23.0730 5924 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    09:40:23.0745 5924 crcdisk - ok
    09:40:23.0761 5924 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    09:40:23.0761 5924 CryptSvc - ok
    09:40:23.0823 5924 [ 1CA90212A99DB6975C344826D11055C9 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
    09:40:23.0823 5924 dc3d - ok
    09:40:23.0854 5924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    09:40:23.0870 5924 DcomLaunch - ok
    09:40:23.0901 5924 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    09:40:23.0901 5924 defragsvc - ok
    09:40:23.0917 5924 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    09:40:23.0917 5924 DfsC - ok
    09:40:23.0932 5924 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    09:40:23.0932 5924 Dhcp - ok
    09:40:23.0948 5924 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    09:40:23.0948 5924 discache - ok
    09:40:23.0979 5924 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    09:40:23.0979 5924 Disk - ok
    09:40:23.0995 5924 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    09:40:23.0995 5924 Dnscache - ok
    09:40:24.0010 5924 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    09:40:24.0010 5924 dot3svc - ok
    09:40:24.0026 5924 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    09:40:24.0026 5924 DPS - ok
    09:40:24.0042 5924 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    09:40:24.0042 5924 drmkaud - ok
    09:40:24.0104 5924 [ 4AB2A58816CC6BE771F1D8C768B804C5 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    09:40:24.0104 5924 DsiWMIService - ok
    09:40:24.0151 5924 [ D3D64CF7B2BCEAA34A270F45A3FFFB36 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    09:40:24.0151 5924 dtsoftbus01 - ok
    09:40:24.0182 5924 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    09:40:24.0182 5924 DXGKrnl - ok
    09:40:24.0198 5924 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    09:40:24.0198 5924 EapHost - ok
    09:40:24.0276 5924 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    09:40:24.0354 5924 ebdrv - ok
    09:40:24.0385 5924 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    09:40:24.0385 5924 EFS - ok
    09:40:24.0447 5924 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    09:40:24.0447 5924 ehRecvr - ok
    09:40:24.0494 5924 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    09:40:24.0494 5924 ehSched - ok
    09:40:24.0525 5924 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    09:40:24.0541 5924 elxstor - ok
    09:40:24.0634 5924 [ AC5C64F828C0A6A1350971501AC2A0C7 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    09:40:24.0634 5924 ePowerSvc - ok
    09:40:24.0650 5924 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    09:40:24.0650 5924 ErrDev - ok
    09:40:24.0697 5924 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    09:40:24.0697 5924 EventSystem - ok
    09:40:24.0728 5924 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    09:40:24.0728 5924 exfat - ok
    09:40:24.0744 5924 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    09:40:24.0744 5924 fastfat - ok
    09:40:24.0775 5924 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    09:40:24.0790 5924 Fax - ok
    09:40:24.0822 5924 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    09:40:24.0822 5924 fdc - ok
    09:40:24.0837 5924 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    09:40:24.0837 5924 fdPHost - ok
    09:40:24.0853 5924 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    09:40:24.0853 5924 FDResPub - ok
    09:40:24.0884 5924 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    09:40:24.0884 5924 FileInfo - ok
    09:40:24.0900 5924 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    09:40:24.0900 5924 Filetrace - ok
    09:40:24.0962 5924 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    09:40:24.0978 5924 FLEXnet Licensing Service - ok
    09:40:24.0978 5924 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    09:40:24.0993 5924 flpydisk - ok
    09:40:25.0009 5924 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    09:40:25.0009 5924 FltMgr - ok
    09:40:25.0040 5924 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    09:40:25.0040 5924 FontCache - ok
    09:40:25.0102 5924 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    09:40:25.0102 5924 FontCache3.0.0.0 - ok
    09:40:25.0118 5924 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    09:40:25.0118 5924 FsDepends - ok
    09:40:25.0165 5924 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    09:40:25.0165 5924 Fs_Rec - ok
    09:40:25.0180 5924 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    09:40:25.0180 5924 fvevol - ok
    09:40:25.0212 5924 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    09:40:25.0212 5924 gagp30kx - ok
    09:40:25.0243 5924 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    09:40:25.0243 5924 gpsvc - ok
    09:40:25.0368 5924 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    09:40:25.0368 5924 gupdate - ok
    09:40:25.0368 5924 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    09:40:25.0368 5924 gupdatem - ok
    09:40:25.0414 5924 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    09:40:25.0430 5924 gusvc - ok
    09:40:25.0461 5924 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    09:40:25.0461 5924 hcw85cir - ok
    09:40:25.0492 5924 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    09:40:25.0492 5924 HdAudAddService - ok
    09:40:25.0524 5924 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    09:40:25.0524 5924 HDAudBus - ok
    09:40:25.0539 5924 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    09:40:25.0539 5924 HidBatt - ok
    09:40:25.0555 5924 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    09:40:25.0555 5924 HidBth - ok
    09:40:25.0586 5924 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    09:40:25.0586 5924 HidIr - ok
    09:40:25.0617 5924 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    09:40:25.0617 5924 hidserv - ok
    09:40:25.0648 5924 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    09:40:25.0664 5924 HidUsb - ok
    09:40:25.0664 5924 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    09:40:25.0664 5924 hkmsvc - ok
    09:40:25.0680 5924 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    09:40:25.0680 5924 HomeGroupListener - ok
    09:40:25.0711 5924 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    09:40:25.0726 5924 HomeGroupProvider - ok
    09:40:25.0726 5924 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    09:40:25.0742 5924 HpSAMD - ok
    09:40:25.0882 5924 HPSLPSVC - ok
    09:40:25.0914 5924 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    09:40:25.0929 5924 HTTP - ok
    09:40:25.0945 5924 [ 4B5C07DB91A0099272FAAE732E1152BD ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
    09:40:25.0960 5924 hwdatacard - ok
    09:40:25.0976 5924 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    09:40:25.0976 5924 hwpolicy - ok
    09:40:26.0023 5924 [ 1F24CF1F7DB6D4461AC65A86DB8E4BC2 ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys
    09:40:26.0023 5924 hwusbfake - ok
    09:40:26.0038 5924 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    09:40:26.0054 5924 i8042prt - ok
    09:40:26.0085 5924 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\drivers\iaStor.sys
    09:40:26.0085 5924 iaStor - ok
    09:40:26.0148 5924 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    09:40:26.0148 5924 IAStorDataMgrSvc - ok
    09:40:26.0194 5924 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    09:40:26.0194 5924 iaStorV - ok
    09:40:26.0272 5924 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    09:40:26.0288 5924 idsvc - ok
    09:40:26.0553 5924 [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    09:40:26.0850 5924 igfx - ok
    09:40:26.0881 5924 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    09:40:26.0881 5924 iirsp - ok

  6. Nicole112

    Nicole112 Newcomer, in training Topic Starter Posts: 26

    09:40:26.0928 5924 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    09:40:26.0928 5924 IKEEXT - ok
    09:40:27.0021 5924 [ B60ACCD29F8FAFC4A6344CD2BD5CA3A5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    09:40:27.0037 5924 IntcAzAudAddService - ok
    09:40:27.0084 5924 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    09:40:27.0084 5924 IntcDAud - ok
    09:40:27.0099 5924 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    09:40:27.0099 5924 intelide - ok
    09:40:27.0130 5924 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    09:40:27.0130 5924 intelppm - ok
    09:40:27.0146 5924 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    09:40:27.0146 5924 IPBusEnum - ok
    09:40:27.0162 5924 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    09:40:27.0162 5924 IpFilterDriver - ok
    09:40:27.0193 5924 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    09:40:27.0208 5924 iphlpsvc - ok
    09:40:27.0224 5924 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    09:40:27.0224 5924 IPMIDRV - ok
    09:40:27.0271 5924 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    09:40:27.0271 5924 IPNAT - ok
    09:40:27.0271 5924 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    09:40:27.0286 5924 IRENUM - ok
    09:40:27.0286 5924 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    09:40:27.0286 5924 isapnp - ok
    09:40:27.0302 5924 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    09:40:27.0302 5924 iScsiPrt - ok
    09:40:27.0364 5924 [ 0469BFF65BBDEE9E46D0C45EE32A08BD ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
    09:40:27.0364 5924 k57nd60a - ok
    09:40:27.0380 5924 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    09:40:27.0380 5924 kbdclass - ok
    09:40:27.0380 5924 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    09:40:27.0380 5924 kbdhid - ok
    09:40:27.0396 5924 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    09:40:27.0396 5924 KeyIso - ok
    09:40:27.0442 5924 KMService - ok
    09:40:27.0474 5924 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    09:40:27.0474 5924 KSecDD - ok
    09:40:27.0489 5924 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    09:40:27.0489 5924 KSecPkg - ok
    09:40:27.0505 5924 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    09:40:27.0505 5924 ksthunk - ok
    09:40:27.0552 5924 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    09:40:27.0552 5924 KtmRm - ok
    09:40:27.0645 5924 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
    09:40:27.0645 5924 LanmanServer - ok
    09:40:27.0661 5924 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    09:40:27.0661 5924 LanmanWorkstation - ok
    09:40:27.0723 5924 [ 6BCEE9C766815BFFF89DE7D81AF34CE1 ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    09:40:27.0723 5924 Live Updater Service - ok
    09:40:27.0754 5924 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    09:40:27.0754 5924 lltdio - ok
    09:40:27.0801 5924 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    09:40:27.0801 5924 lltdsvc - ok
    09:40:27.0817 5924 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    09:40:27.0817 5924 lmhosts - ok
    09:40:27.0864 5924 [ 50C7CE53EF461870410355F1F2E7D515 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    09:40:27.0864 5924 LMS - ok
    09:40:27.0895 5924 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    09:40:27.0895 5924 LSI_FC - ok
    09:40:27.0926 5924 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    09:40:27.0926 5924 LSI_SAS - ok
    09:40:27.0942 5924 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    09:40:27.0942 5924 LSI_SAS2 - ok
    09:40:27.0957 5924 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    09:40:27.0957 5924 LSI_SCSI - ok
    09:40:27.0973 5924 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    09:40:27.0973 5924 luafv - ok
    09:40:28.0051 5924 [ 23488767CB18FC3FF39E3AF1DB3FB02C ] massfilter C:\Windows\system32\drivers\massfilter.sys
    09:40:28.0051 5924 massfilter - ok
    09:40:28.0082 5924 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    09:40:28.0082 5924 Mcx2Svc - ok
    09:40:28.0098 5924 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    09:40:28.0113 5924 megasas - ok
    09:40:28.0144 5924 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    09:40:28.0144 5924 MegaSR - ok
    09:40:28.0176 5924 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    09:40:28.0176 5924 MEIx64 - ok
    09:40:28.0238 5924 Microsoft SharePoint Workspace Audit Service - ok
    09:40:28.0269 5924 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    09:40:28.0269 5924 MMCSS - ok
    09:40:28.0285 5924 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    09:40:28.0285 5924 Modem - ok
    09:40:28.0300 5924 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    09:40:28.0300 5924 monitor - ok
    09:40:28.0316 5924 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    09:40:28.0316 5924 mouclass - ok
    09:40:28.0347 5924 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    09:40:28.0347 5924 mouhid - ok
    09:40:28.0363 5924 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    09:40:28.0363 5924 mountmgr - ok
    09:40:28.0378 5924 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    09:40:28.0378 5924 mpio - ok
    09:40:28.0394 5924 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    09:40:28.0410 5924 mpsdrv - ok
    09:40:28.0441 5924 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    09:40:28.0441 5924 MpsSvc - ok
    09:40:28.0456 5924 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    09:40:28.0472 5924 MRxDAV - ok
    09:40:28.0488 5924 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    09:40:28.0503 5924 mrxsmb - ok
    09:40:28.0519 5924 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    09:40:28.0519 5924 mrxsmb10 - ok
    09:40:28.0534 5924 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    09:40:28.0534 5924 mrxsmb20 - ok
    09:40:28.0534 5924 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    09:40:28.0550 5924 msahci - ok
    09:40:28.0566 5924 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    09:40:28.0566 5924 msdsm - ok
    09:40:28.0581 5924 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    09:40:28.0597 5924 MSDTC - ok
    09:40:28.0612 5924 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    09:40:28.0612 5924 Msfs - ok
    09:40:28.0628 5924 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    09:40:28.0628 5924 mshidkmdf - ok
    09:40:28.0644 5924 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    09:40:28.0644 5924 msisadrv - ok
    09:40:28.0675 5924 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    09:40:28.0675 5924 MSiSCSI - ok
    09:40:28.0675 5924 msiserver - ok
    09:40:28.0722 5924 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    09:40:28.0722 5924 MSKSSRV - ok
    09:40:28.0737 5924 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    09:40:28.0737 5924 MSPCLOCK - ok
    09:40:28.0753 5924 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    09:40:28.0753 5924 MSPQM - ok
    09:40:28.0768 5924 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    09:40:28.0784 5924 MsRPC - ok
    09:40:28.0800 5924 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    09:40:28.0800 5924 mssmbios - ok
    09:40:28.0815 5924 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    09:40:28.0831 5924 MSTEE - ok
    09:40:28.0831 5924 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    09:40:28.0831 5924 MTConfig - ok
    09:40:28.0862 5924 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    09:40:28.0862 5924 Mup - ok
    09:40:28.0893 5924 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    09:40:28.0893 5924 napagent - ok
    09:40:28.0940 5924 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    09:40:28.0940 5924 NativeWifiP - ok
    09:40:29.0065 5924 [ B498A14133BD09AD0817590ACE4470AD ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
    09:40:29.0080 5924 NBService - ok
    09:40:29.0174 5924 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    09:40:29.0174 5924 NDIS - ok
    09:40:29.0205 5924 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    09:40:29.0205 5924 NdisCap - ok
    09:40:29.0221 5924 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    09:40:29.0221 5924 NdisTapi - ok
    09:40:29.0252 5924 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    09:40:29.0252 5924 Ndisuio - ok
    09:40:29.0268 5924 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    09:40:29.0268 5924 NdisWan - ok
    09:40:29.0283 5924 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    09:40:29.0283 5924 NDProxy - ok
    09:40:29.0299 5924 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    09:40:29.0299 5924 NetBIOS - ok
    09:40:29.0314 5924 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    09:40:29.0314 5924 NetBT - ok
    09:40:29.0330 5924 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    09:40:29.0330 5924 Netlogon - ok
    09:40:29.0377 5924 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    09:40:29.0392 5924 Netman - ok
    09:40:29.0408 5924 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    09:40:29.0408 5924 netprofm - ok
    09:40:29.0455 5924 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    09:40:29.0455 5924 NetTcpPortSharing - ok
    09:40:29.0486 5924 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    09:40:29.0486 5924 nfrd960 - ok
    09:40:29.0502 5924 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    09:40:29.0502 5924 NlaSvc - ok
    09:40:29.0595 5924 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    09:40:29.0595 5924 NMIndexingService - ok
    09:40:29.0736 5924 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    09:40:29.0751 5924 NOBU - ok
    09:40:29.0767 5924 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    09:40:29.0767 5924 Npfs - ok
    09:40:29.0782 5924 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    09:40:29.0798 5924 nsi - ok
    09:40:29.0798 5924 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    09:40:29.0798 5924 nsiproxy - ok
    09:40:29.0860 5924 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    09:40:29.0907 5924 Ntfs - ok
    09:40:29.0938 5924 [ 6CC09D2F0BA4A09BABC3C41B8FD888F7 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    09:40:29.0938 5924 NTI IScheduleSvc - ok
    09:40:29.0970 5924 [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
    09:40:29.0970 5924 NTIDrvr - ok
    09:40:29.0985 5924 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    09:40:29.0985 5924 Null - ok
    09:40:30.0282 5924 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    09:40:30.0344 5924 nvlddmkm - ok
    09:40:30.0375 5924 [ 715D45ED30003FC70CFA0D9C6DD0B538 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
    09:40:30.0375 5924 nvpciflt - ok
    09:40:30.0406 5924 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    09:40:30.0406 5924 nvraid - ok
    09:40:30.0422 5924 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    09:40:30.0438 5924 nvstor - ok
    09:40:30.0516 5924 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
    09:40:30.0516 5924 nvsvc - ok
    09:40:30.0594 5924 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    09:40:30.0609 5924 nvUpdatusService - ok
    09:40:30.0640 5924 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    09:40:30.0640 5924 nv_agp - ok
    09:40:30.0672 5924 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    09:40:30.0672 5924 ohci1394 - ok
    09:40:30.0718 5924 [ D30872C42C79C7EF494FC2B95B07B51A ] onda_cdc_acm C:\Windows\system32\DRIVERS\onda_cdc_acm.sys
    09:40:30.0718 5924 onda_cdc_acm - ok
    09:40:30.0765 5924 [ D09A057A1B7F03484ED6FC4B7FCEB998 ] onda_cdc_ecm C:\Windows\system32\DRIVERS\onda_cdc_ecm.sys
    09:40:30.0765 5924 onda_cdc_ecm - ok
    09:40:30.0781 5924 [ 3D4CDBE615107102E4FC6AFEE50DE2A2 ] onda_ecm_enum C:\Windows\system32\DRIVERS\onda_ecm_enum.sys
    09:40:30.0796 5924 onda_ecm_enum - ok
    09:40:30.0796 5924 [ 3D4CDBE615107102E4FC6AFEE50DE2A2 ] onda_ecm_enum_filter C:\Windows\system32\DRIVERS\onda_ecm_enum_filter.sys
    09:40:30.0812 5924 onda_ecm_enum_filter - ok
    09:40:30.0859 5924 [ 01223B53B30FB6FCDA18C5BFD44F7553 ] onda_wcpo C:\Windows\system32\DRIVERS\onda_wcpo.sys
    09:40:30.0859 5924 onda_wcpo - ok
    09:40:30.0952 5924 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    09:40:30.0952 5924 ose - ok
    09:40:31.0108 5924 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    09:40:31.0218 5924 osppsvc - ok
    09:40:31.0233 5924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    09:40:31.0233 5924 p2pimsvc - ok
    09:40:31.0249 5924 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    09:40:31.0264 5924 p2psvc - ok
    09:40:31.0280 5924 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    09:40:31.0280 5924 Parport - ok
    09:40:31.0311 5924 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    09:40:31.0311 5924 partmgr - ok
    09:40:31.0311 5924 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    09:40:31.0327 5924 PcaSvc - ok
    09:40:31.0327 5924 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    09:40:31.0342 5924 pci - ok
    09:40:31.0358 5924 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    09:40:31.0358 5924 pciide - ok
    09:40:31.0374 5924 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    09:40:31.0374 5924 pcmcia - ok
    09:40:31.0389 5924 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    09:40:31.0389 5924 pcw - ok
    09:40:31.0420 5924 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    09:40:31.0420 5924 PEAUTH - ok
    09:40:31.0561 5924 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    09:40:31.0561 5924 PerfHost - ok
    09:40:31.0608 5924 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    09:40:31.0639 5924 pla - ok
    09:40:31.0686 5924 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    09:40:31.0701 5924 PlugPlay - ok
    09:40:31.0732 5924 PnkBstrA - ok
    09:40:31.0748 5924 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    09:40:31.0764 5924 PNRPAutoReg - ok
    09:40:31.0764 5924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    09:40:31.0779 5924 PNRPsvc - ok
    09:40:31.0810 5924 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
    09:40:31.0810 5924 Point64 - ok
    09:40:31.0842 5924 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    09:40:31.0842 5924 PolicyAgent - ok
    09:40:31.0873 5924 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    09:40:31.0873 5924 Power - ok
    09:40:31.0904 5924 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    09:40:31.0904 5924 PptpMiniport - ok
    09:40:31.0920 5924 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    09:40:31.0920 5924 Processor - ok
    09:40:31.0951 5924 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    09:40:31.0951 5924 ProfSvc - ok
    09:40:31.0966 5924 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    09:40:31.0966 5924 ProtectedStorage - ok
    09:40:31.0998 5924 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    09:40:31.0998 5924 Psched - ok
    09:40:32.0060 5924 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    09:40:32.0091 5924 ql2300 - ok
    09:40:32.0091 5924 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    09:40:32.0091 5924 ql40xx - ok
    09:40:32.0122 5924 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    09:40:32.0138 5924 QWAVE - ok
    09:40:32.0138 5924 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    09:40:32.0138 5924 QWAVEdrv - ok
    09:40:32.0154 5924 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    09:40:32.0154 5924 RasAcd - ok
    09:40:32.0169 5924 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    09:40:32.0169 5924 RasAgileVpn - ok
    09:40:32.0185 5924 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    09:40:32.0185 5924 RasAuto - ok
    09:40:32.0200 5924 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    09:40:32.0200 5924 Rasl2tp - ok
    09:40:32.0247 5924 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    09:40:32.0247 5924 RasMan - ok
    09:40:32.0263 5924 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    09:40:32.0263 5924 RasPppoe - ok
    09:40:32.0278 5924 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    09:40:32.0278 5924 RasSstp - ok
    09:40:32.0294 5924 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    09:40:32.0294 5924 rdbss - ok
    09:40:32.0341 5924 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    09:40:32.0341 5924 rdpbus - ok
    09:40:32.0388 5924 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    09:40:32.0388 5924 RDPCDD - ok
    09:40:32.0403 5924 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    09:40:32.0403 5924 RDPENCDD - ok
    09:40:32.0434 5924 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    09:40:32.0434 5924 RDPREFMP - ok
    09:40:32.0466 5924 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    09:40:32.0466 5924 RDPWD - ok
    09:40:32.0497 5924 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    09:40:32.0497 5924 rdyboost - ok
    09:40:32.0528 5924 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    09:40:32.0544 5924 RemoteAccess - ok
    09:40:32.0559 5924 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    09:40:32.0559 5924 RemoteRegistry - ok
    09:40:32.0575 5924 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    09:40:32.0575 5924 RpcEptMapper - ok
    09:40:32.0606 5924 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    09:40:32.0606 5924 RpcLocator - ok
    09:40:32.0622 5924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
    09:40:32.0637 5924 RpcSs - ok
    09:40:32.0653 5924 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    09:40:32.0653 5924 rspndr - ok
    09:40:32.0668 5924 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    09:40:32.0668 5924 SamSs - ok
    09:40:32.0715 5924 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    09:40:32.0715 5924 SASDIFSV - ok
    09:40:32.0746 5924 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    09:40:32.0746 5924 SASKUTIL - ok
    09:40:32.0762 5924 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    09:40:32.0762 5924 sbp2port - ok
    09:40:32.0778 5924 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    09:40:32.0778 5924 SCardSvr - ok
    09:40:32.0778 5924 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    09:40:32.0793 5924 scfilter - ok
    09:40:32.0809 5924 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    09:40:32.0824 5924 Schedule - ok
    09:40:32.0840 5924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    09:40:32.0856 5924 SCPolicySvc - ok
    09:40:32.0871 5924 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
    09:40:32.0871 5924 sdbus - ok
    09:40:32.0902 5924 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    09:40:32.0902 5924 SDRSVC - ok
    09:40:32.0918 5924 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    09:40:32.0918 5924 secdrv - ok
    09:40:32.0918 5924 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    09:40:32.0918 5924 seclogon - ok
    09:40:32.0965 5924 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    09:40:32.0965 5924 SENS - ok
    09:40:32.0980 5924 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    09:40:32.0980 5924 SensrSvc - ok
    09:40:33.0012 5924 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
    09:40:33.0012 5924 Serenum - ok
    09:40:33.0027 5924 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
    09:40:33.0027 5924 Serial - ok
    09:40:33.0058 5924 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    09:40:33.0058 5924 sermouse - ok
    09:40:33.0090 5924 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    09:40:33.0090 5924 SessionEnv - ok
    09:40:33.0105 5924 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    09:40:33.0105 5924 sffdisk - ok
    09:40:33.0121 5924 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    09:40:33.0121 5924 sffp_mmc - ok
    09:40:33.0136 5924 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    09:40:33.0136 5924 sffp_sd - ok
    09:40:33.0152 5924 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    09:40:33.0168 5924 sfloppy - ok
    09:40:33.0199 5924 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    09:40:33.0214 5924 SharedAccess - ok
    09:40:33.0230 5924 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    09:40:33.0230 5924 ShellHWDetection - ok
    09:40:33.0261 5924 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    09:40:33.0261 5924 SiSRaid2 - ok
    09:40:33.0261 5924 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    09:40:33.0261 5924 SiSRaid4 - ok
    09:40:33.0324 5924 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    09:40:33.0324 5924 SkypeUpdate - ok
    09:40:33.0355 5924 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    09:40:33.0355 5924 Smb - ok
    09:40:33.0386 5924 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    09:40:33.0386 5924 SNMPTRAP - ok
    09:40:33.0402 5924 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    09:40:33.0402 5924 spldr - ok
    09:40:33.0448 5924 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    09:40:33.0448 5924 Spooler - ok
    09:40:33.0526 5924 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    09:40:33.0542 5924 sppsvc - ok
    09:40:33.0589 5924 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    09:40:33.0604 5924 sppuinotify - ok
    09:40:33.0636 5924 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    09:40:33.0636 5924 srv - ok
    09:40:33.0667 5924 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    09:40:33.0682 5924 srv2 - ok
    09:40:33.0682 5924 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    09:40:33.0682 5924 srvnet - ok
    09:40:33.0714 5924 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    09:40:33.0714 5924 SSDPSRV - ok
    09:40:33.0729 5924 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    09:40:33.0729 5924 SstpSvc - ok
    09:40:33.0745 5924 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    09:40:33.0745 5924 stexstor - ok
    09:40:33.0792 5924 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    09:40:33.0792 5924 stisvc - ok
    09:40:33.0807 5924 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    09:40:33.0807 5924 swenum - ok
    09:40:33.0838 5924 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    09:40:33.0838 5924 swprv - ok
    09:40:33.0916 5924 [ EF51B22706DB03F0857FADE127C804EC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    09:40:33.0916 5924 SynTP - ok
    09:40:33.0979 5924 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    09:40:33.0979 5924 SysMain - ok
    09:40:34.0026 5924 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    09:40:34.0041 5924 TabletInputService - ok
    09:40:34.0041 5924 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    09:40:34.0041 5924 TapiSrv - ok
    09:40:34.0057 5924 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    09:40:34.0057 5924 TBS - ok
    09:40:34.0119 5924 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    09:40:34.0166 5924 Tcpip - ok
    09:40:34.0197 5924 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    09:40:34.0213 5924 TCPIP6 - ok
    09:40:34.0244 5924 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    09:40:34.0244 5924 tcpipreg - ok
    09:40:34.0260 5924 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    09:40:34.0260 5924 TDPIPE - ok
    09:40:34.0306 5924 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    09:40:34.0306 5924 TDTCP - ok
    09:40:34.0322 5924 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    09:40:34.0322 5924 tdx - ok
    09:40:34.0369 5924 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    09:40:34.0369 5924 TermDD - ok
    09:40:34.0400 5924 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    09:40:34.0416 5924 TermService - ok
    09:40:34.0416 5924 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    09:40:34.0431 5924 Themes - ok
    09:40:34.0447 5924 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    09:40:34.0447 5924 THREADORDER - ok
    09:40:34.0478 5924 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    09:40:34.0478 5924 TrkWks - ok
    09:40:34.0540 5924 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    09:40:34.0540 5924 TrustedInstaller - ok
    09:40:34.0540 5924 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    09:40:34.0556 5924 tssecsrv - ok
    09:40:34.0572 5924 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    09:40:34.0572 5924 TsUsbFlt - ok
    09:40:34.0587 5924 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    09:40:34.0587 5924 TsUsbGD - ok
    09:40:34.0618 5924 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    09:40:34.0618 5924 tunnel - ok
    09:40:34.0650 5924 [ 48743B69EA47C020A792D8649F753F44 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
    09:40:34.0650 5924 TurboB - ok
    09:40:34.0681 5924 [ 759F59E3EA3802FF23F93DCDB6FE9171 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    09:40:34.0681 5924 TurboBoost - ok
    09:40:34.0696 5924 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    09:40:34.0696 5924 uagp35 - ok
    09:40:34.0712 5924 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
    09:40:34.0712 5924 UBHelper - ok
    09:40:34.0728 5924 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    09:40:34.0728 5924 udfs - ok
    09:40:34.0806 5924 [ 528610A96539CD6AD6B68B199E2F3C73 ] UI Assistant Service C:\Program Files (x86)\ZTE Join Air\AssistantServices.exe
    09:40:34.0806 5924 UI Assistant Service - ok
    09:40:34.0837 5924 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    09:40:34.0837 5924 UI0Detect - ok
    09:40:34.0852 5924 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    09:40:34.0868 5924 uliagpkx - ok
    09:40:34.0868 5924 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    09:40:34.0868 5924 umbus - ok
    09:40:34.0899 5924 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
    09:40:34.0899 5924 UmPass - ok
    09:40:35.0040 5924 [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    09:40:35.0086 5924 UNS - ok
    09:40:35.0102 5924 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    09:40:35.0118 5924 upnphost - ok
    09:40:35.0133 5924 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    09:40:35.0149 5924 usbccgp - ok
    09:40:35.0164 5924 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    09:40:35.0164 5924 usbcir - ok
    09:40:35.0180 5924 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    09:40:35.0180 5924 usbehci - ok
    09:40:35.0211 5924 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    09:40:35.0211 5924 usbhub - ok
    09:40:35.0227 5924 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    09:40:35.0242 5924 usbohci - ok
    09:40:35.0274 5924 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    09:40:35.0274 5924 usbprint - ok
    09:40:35.0289 5924 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    09:40:35.0289 5924 USBSTOR - ok
    09:40:35.0305 5924 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    09:40:35.0305 5924 usbuhci - ok
    09:40:35.0320 5924 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    09:40:35.0320 5924 usbvideo - ok
    09:40:35.0336 5924 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    09:40:35.0336 5924 UxSms - ok
    09:40:35.0352 5924 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    09:40:35.0352 5924 VaultSvc - ok
    09:40:35.0367 5924 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    09:40:35.0367 5924 vdrvroot - ok
    09:40:35.0383 5924 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    09:40:35.0398 5924 vds - ok
    09:40:35.0430 5924 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    09:40:35.0430 5924 vga - ok
    09:40:35.0445 5924 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    09:40:35.0445 5924 VgaSave - ok
    09:40:35.0476 5924 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    09:40:35.0476 5924 vhdmp - ok
    09:40:35.0492 5924 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    09:40:35.0508 5924 viaide - ok
    09:40:35.0508 5924 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    09:40:35.0523 5924 volmgr - ok
    09:40:35.0539 5924 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    09:40:35.0539 5924 volmgrx - ok
    09:40:35.0554 5924 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    09:40:35.0554 5924 volsnap - ok
    09:40:35.0586 5924 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    09:40:35.0586 5924 vsmraid - ok
    09:40:35.0632 5924 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    09:40:35.0664 5924 VSS - ok
    09:40:35.0679 5924 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    09:40:35.0695 5924 vwifibus - ok
    09:40:35.0710 5924 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    09:40:35.0710 5924 vwififlt - ok
    09:40:35.0726 5924 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    09:40:35.0726 5924 W32Time - ok
    09:40:35.0742 5924 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    09:40:35.0742 5924 WacomPen - ok
    09:40:35.0757 5924 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    09:40:35.0773 5924 WANARP - ok
    09:40:35.0773 5924 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    09:40:35.0773 5924 Wanarpv6 - ok
    09:40:35.0866 5924 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    09:40:35.0898 5924 WatAdminSvc - ok
    09:40:35.0960 5924 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    09:40:35.0991 5924 wbengine - ok
    09:40:36.0022 5924 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    09:40:36.0038 5924 WbioSrvc - ok
    09:40:36.0054 5924 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    09:40:36.0054 5924 wcncsvc - ok
    09:40:36.0069 5924 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    09:40:36.0069 5924 WcsPlugInService - ok
    09:40:36.0100 5924 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    09:40:36.0100 5924 Wd - ok
    09:40:36.0116 5924 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    09:40:36.0132 5924 Wdf01000 - ok
    09:40:36.0132 5924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    09:40:36.0147 5924 WdiServiceHost - ok
    09:40:36.0147 5924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    09:40:36.0147 5924 WdiSystemHost - ok
    09:40:36.0163 5924 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    09:40:36.0163 5924 WebClient - ok
    09:40:36.0194 5924 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    09:40:36.0194 5924 Wecsvc - ok
    09:40:36.0210 5924 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    09:40:36.0210 5924 wercplsupport - ok
    09:40:36.0225 5924 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    09:40:36.0225 5924 WerSvc - ok
    09:40:36.0241 5924 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    09:40:36.0241 5924 WfpLwf - ok
    09:40:36.0256 5924 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    09:40:36.0272 5924 WIMMount - ok
    09:40:36.0288 5924 WinDefend - ok
    09:40:36.0303 5924 WinHttpAutoProxySvc - ok
    09:40:36.0381 5924 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    09:40:36.0381 5924 Winmgmt - ok
    09:40:36.0428 5924 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    09:40:36.0475 5924 WinRM - ok
    09:40:36.0568 5924 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    09:40:36.0568 5924 WinUsb - ok
    09:40:36.0615 5924 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    09:40:36.0615 5924 Wlansvc - ok
    09:40:36.0678 5924 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    09:40:36.0678 5924 wlcrasvc - ok
    09:40:36.0771 5924 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    09:40:36.0787 5924 wlidsvc - ok
    09:40:36.0834 5924 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    09:40:36.0834 5924 WmiAcpi - ok
    09:40:36.0880 5924 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    09:40:36.0880 5924 wmiApSrv - ok
    09:40:36.0912 5924 WMPNetworkSvc - ok
    09:40:36.0943 5924 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    09:40:36.0943 5924 WPCSvc - ok
    09:40:36.0958 5924 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    09:40:36.0958 5924 WPDBusEnum - ok
    09:40:36.0974 5924 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    09:40:36.0974 5924 ws2ifsl - ok
    09:40:37.0021 5924 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
    09:40:37.0021 5924 wscsvc - ok
    09:40:37.0036 5924 WSearch - ok
    09:40:37.0130 5924 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    09:40:37.0192 5924 wuauserv - ok
    09:40:37.0239 5924 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    09:40:37.0239 5924 WudfPf - ok
    09:40:37.0270 5924 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    09:40:37.0270 5924 WUDFRd - ok
    09:40:37.0286 5924 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    09:40:37.0286 5924 wudfsvc - ok
    09:40:37.0302 5924 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    09:40:37.0302 5924 WwanSvc - ok
    09:40:37.0395 5924 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    09:40:37.0411 5924 YahooAUService - ok
    09:40:37.0473 5924 [ F98415E5B83742C901D0A336972509A0 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
    09:40:37.0473 5924 ZTEusbmdm6k - ok
    09:40:37.0489 5924 [ F98415E5B83742C901D0A336972509A0 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
    09:40:37.0489 5924 ZTEusbnmea - ok
    09:40:37.0504 5924 [ F98415E5B83742C901D0A336972509A0 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
    09:40:37.0504 5924 ZTEusbser6k - ok
    09:40:37.0520 5924 ================ Scan global ===============================
    09:40:37.0551 5924 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    09:40:37.0582 5924 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    09:40:37.0598 5924 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    09:40:37.0614 5924 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    09:40:37.0660 5924 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    09:40:37.0660 5924 [Global] - ok
    09:40:37.0660 5924 ================ Scan MBR ==================================
    09:40:37.0676 5924 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    09:40:38.0035 5924 \Device\Harddisk0\DR0 - ok
    09:40:38.0035 5924 ================ Scan VBR ==================================
    09:40:38.0035 5924 [ D8496D41A6ED9BB566EA4E1EB08C4379 ] \Device\Harddisk0\DR0\Partition1
    09:40:38.0035 5924 \Device\Harddisk0\DR0\Partition1 - ok
    09:40:38.0050 5924 [ 8CE2EC83F9A6174AAB10AF840C3AC270 ] \Device\Harddisk0\DR0\Partition2
    09:40:38.0050 5924 \Device\Harddisk0\DR0\Partition2 - ok
    09:40:38.0066 5924 [ 4D52E0231C355BCD08B556546AE55437 ] \Device\Harddisk0\DR0\Partition3
    09:40:38.0066 5924 \Device\Harddisk0\DR0\Partition3 - ok
    09:40:38.0097 5924 [ BCAC51F6FA73B4B51D8A2579991EB9E7 ] \Device\Harddisk0\DR0\Partition4
    09:40:38.0097 5924 \Device\Harddisk0\DR0\Partition4 - ok
    09:40:38.0097 5924 ============================================================
    09:40:38.0097 5924 Scan finished
    09:40:38.0097 5924 ============================================================
    09:40:38.0113 5044 Detected object count: 0
    09:40:38.0113 5044 Actual detected object count: 0
  7. Nicole112

    Nicole112 Newcomer, in training Topic Starter Posts: 26

    RogueKiller Log No1:

    RogueKiller V8.2.2 [11/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Miry [Admin rights]
    Mode : Scan -- Date : 11/04/2012 09:45:03
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 4 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{A362A735-5019-4A6B-828C-DA3488185196} : NameServer (193.70.152.25 212.52.97.25) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 license.superantispyware.com

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT1 +++++
    --- User ---
    [MBR] ea93c3b95309e7f5938dfb3c70a4c594
    [BSP] 937f25c132151c3449a2581c95b00e38 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 71688 Mo
    3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 178482150 | Size: 389788 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1]_S_11042012_02d0945.txt >>
    RKreport[1]_S_11042012_02d0945.txt


    RogueKiller Log No2:

    RogueKiller V8.2.2 [11/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Miry [Admin rights]
    Mode : Remove -- Date : 11/04/2012 09:45:28
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 3 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{A362A735-5019-4A6B-828C-DA3488185196} : NameServer (193.70.152.25 212.52.97.25) -> NOT REMOVED, USE DNSFIX
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 license.superantispyware.com

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT1 +++++
    --- User ---
    [MBR] ea93c3b95309e7f5938dfb3c70a4c594
    [BSP] 937f25c132151c3449a2581c95b00e38 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 71688 Mo
    3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 178482150 | Size: 389788 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2]_D_11042012_02d0945.txt >>
    RKreport[1]_S_11042012_02d0945.txt ; RKreport[2]_D_11042012_02d0945.txt

    aswMBR Log:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-04 09:50:50
    -----------------------------
    09:50:50.981 OS Version: Windows x64 6.1.7601 Service Pack 1
    09:50:50.981 Number of processors: 4 586 0x2A07
    09:50:50.981 ComputerName: MIRY-PC UserName: Miry
    09:50:51.698 Initialize success
    09:50:51.776 AVAST engine defs: 12103100
    09:51:14.240 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    09:51:14.256 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
    09:51:14.256 Disk 0 MBR read successfully
    09:51:14.256 Disk 0 MBR scan
    09:51:14.272 Disk 0 Windows 7 default MBR code
    09:51:14.272 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
    09:51:14.287 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
    09:51:14.287 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71688 MB offset 31664128
    09:51:14.287 Disk 0 Partition - 00 0F Extended LBA 389788 MB offset 178482150
    09:51:14.303 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 182731 MB offset 178482213
    09:51:14.318 Disk 0 Partition - 00 05 Extended 207056 MB offset 552716329
    09:51:14.334 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 207056 MB offset 552716392
    09:51:14.350 Disk 0 scanning C:\Windows\system32\drivers
    09:51:20.964 Service scanning
    09:51:40.168 Modules scanning
    09:51:40.168 Disk 0 trace - called modules:
    09:51:40.183 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    09:51:40.183 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006bfd060]
    09:51:40.183 3 CLASSPNP.SYS[fffff88000cc143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004e10050]
    09:51:40.511 AVAST engine scan C:\Windows
    09:51:42.476 AVAST engine scan C:\Windows\system32
    09:53:25.088 AVAST engine scan C:\Windows\system32\drivers
    09:53:32.621 AVAST engine scan C:\Users\Miry
    10:02:49.891 AVAST engine scan C:\ProgramData
    10:04:16.128 Scan finished successfully
    10:04:39.715 Disk 0 MBR has been saved successfully to "C:\Users\Miry\Desktop\MBR.dat"
    10:04:39.731 The log file has been saved successfully to "C:\Users\Miry\Desktop\aswMBR.txt"
  8. Nicole112

    Nicole112 Newcomer, in training Topic Starter Posts: 26

    Now that you said about the "Documents and Settings" folder as being a hidden one, I've notice that all the hidden folders that are suposed to be hidden (in C for example) are no more hidden, even if the folders option is to not show hidden files. They are normal folders now.
  9. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Don't show hidden files, and folders, and checkmark Hide protected operating system files.

    Now....

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  10. Nicole112

    Nicole112 Newcomer, in training Topic Starter Posts: 26

    The checkmarks for the hidden folder are like you said, still they are shown. And they ar not transparent, like they were before.

    I ran ComboFix with no problem, here is the log:

    ComboFix 12-11-04.01 - Miry 05/11/2012 0:01.5.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3948.2159 [GMT 1:00]
    Running from: c:\users\Miry\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-04 to 2012-11-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-04 23:06 . 2012-11-04 23:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-11-04 23:06 . 2012-11-04 23:06 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-11-04 23:06 . 2012-11-04 23:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-11-04 01:04 . 2012-11-04 01:04 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C688EB6E-1739-4AA0-A9C1-3366DE2D0C10}\offreg.dll
    2012-11-03 21:57 . 2012-11-03 21:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2
    2012-11-03 21:57 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-03 10:46 . 2012-11-03 10:46 -------- d-----w- c:\users\Miry\AppData\Roaming\SUPERAntiSpyware.com
    2012-11-03 10:45 . 2012-11-03 10:46 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-11-03 10:45 . 2012-11-03 10:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-11-03 10:28 . 2012-11-03 10:28 -------- d-----w- c:\users\Miry\AppData\Roaming\LavasoftStatistics
    2012-11-03 10:27 . 2012-11-03 10:27 -------- d-----w- c:\users\Miry\AppData\Roaming\Ad-Aware Antivirus
    2012-11-03 09:52 . 2012-11-03 09:52 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-11-03 09:32 . 2012-10-17 01:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C688EB6E-1739-4AA0-A9C1-3366DE2D0C10}\mpengine.dll
    2012-11-02 22:05 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-11-02 22:05 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-11-02 22:05 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-11-02 22:05 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-11-02 22:05 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-11-02 22:04 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-11-02 22:04 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-11-02 22:04 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
    2012-11-02 22:04 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-11-02 22:04 . 2012-11-02 22:04 -------- d-----w- c:\programdata\AVAST Software
    2012-11-02 22:04 . 2012-11-02 22:04 -------- d-----w- c:\program files\AVAST Software
    2012-11-02 22:00 . 2012-11-02 22:00 -------- d-----w- c:\users\Miry\AppData\Local\Avg2013
    2012-11-02 19:28 . 2012-11-02 19:28 -------- d-----w- c:\users\Guest
    2012-11-02 18:49 . 2012-11-02 18:49 -------- d-----w- c:\windows\system32\Macromed
    2012-11-02 18:44 . 2012-11-03 17:52 -------- d-----w- c:\users\Miry\AppData\Local\Opera
    2012-11-02 18:44 . 2012-11-03 17:52 -------- d-----w- c:\program files (x86)\Opera
    2012-11-01 18:34 . 2012-11-01 18:34 -------- d-----w- c:\users\Miry\AppData\Roaming\DriverCure
    2012-11-01 18:34 . 2012-11-01 18:34 -------- d-----w- c:\users\Miry\AppData\Roaming\SpeedyPC Software
    2012-11-01 18:34 . 2012-11-01 18:34 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
    2012-11-01 18:34 . 2012-11-01 18:34 -------- d-----w- c:\programdata\SpeedyPC Software
    2012-11-01 18:34 . 2012-11-01 18:34 -------- d-----w- c:\program files (x86)\SpeedyPC Software
    2012-11-01 10:25 . 2012-11-02 22:01 -------- d-----w- c:\programdata\MFAData
    2012-11-01 10:25 . 2012-11-01 10:25 -------- d-----w- c:\users\Miry\AppData\Local\MFAData
    2012-10-31 21:04 . 2012-10-31 21:04 -------- d-----w- c:\program files\CCleaner
    2012-10-31 09:40 . 2012-10-31 09:40 -------- d-----w- c:\program files (x86)\Straus7
    2012-10-10 16:45 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-10-10 16:45 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-10-10 16:35 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-10-10 16:35 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-10-10 16:35 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-10-10 16:33 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
    2012-10-10 16:33 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-10-10 16:32 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-10-10 16:32 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-10-10 16:32 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
    2012-10-10 16:32 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-10-10 16:32 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-10-10 16:32 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-10-10 16:32 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-10-10 16:28 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
    2012-10-10 16:28 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
    2012-10-07 15:55 . 2012-10-07 15:55 -------- d-----w- c:\users\Miry\AppData\Local\PunkBuster
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-02 18:49 . 2012-06-09 01:13 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-11-02 18:49 . 2011-11-20 15:14 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-01 12:22 . 2011-08-19 21:58 701324 ----a-w- c:\programdata\bdinstall.bin
    2012-10-10 22:39 . 2011-08-15 19:42 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-09-03 08:17 . 2012-09-03 08:18 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-03 08:17 . 2012-06-08 15:34 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-09-03 08:17 . 2011-08-25 17:53 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-08-24 11:15 . 2012-09-29 08:19 17810944 ----a-w- c:\windows\system32\mshtml.dll
    2012-08-24 10:39 . 2012-09-29 08:19 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-08-24 10:31 . 2012-09-29 08:20 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 10:22 . 2012-09-29 08:20 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-08-24 10:21 . 2012-09-29 08:20 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 10:20 . 2012-09-29 08:20 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 10:18 . 2012-09-29 08:20 237056 ----a-w- c:\windows\system32\url.dll
    2012-08-24 10:17 . 2012-09-29 08:20 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-08-24 10:14 . 2012-09-29 08:20 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 10:14 . 2012-09-29 08:20 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-08-24 10:13 . 2012-09-29 08:20 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 10:12 . 2012-09-29 08:20 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-08-24 10:11 . 2012-09-29 08:20 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-08-24 10:10 . 2012-09-29 08:20 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-08-24 10:09 . 2012-09-29 08:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-24 10:04 . 2012-09-29 08:20 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-08-24 06:59 . 2012-09-29 08:20 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-08-24 06:51 . 2012-09-29 08:20 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-08-24 06:51 . 2012-09-29 08:20 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47 . 2012-09-29 08:20 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47 . 2012-09-29 08:20 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-08-24 06:43 . 2012-09-29 08:20 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-08-22 18:12 . 2012-09-12 20:16 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 20:16 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 20:16 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 20:16 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01 . 2012-09-28 15:42 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-08-20 17:38 . 2012-10-10 16:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-08-17 15:13 . 2012-08-17 15:13 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-08-17 15:13 . 2012-08-17 15:13 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
    "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
    "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-03-09 297280]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
    .
    c:\users\Miry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-20 226176]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
    R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
    R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 116224]
    R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-09-27 11776]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
    R3 onda_cdc_ecm;onda_cdc_ecm;c:\windows\system32\DRIVERS\onda_cdc_ecm.sys [2012-02-20 60416]
    R3 onda_ecm_enum;ONDA ECM Enumerator;c:\windows\system32\DRIVERS\onda_ecm_enum.sys [2012-02-20 56832]
    R3 onda_ecm_enum_filter;onda_ecm_enum_filter;c:\windows\system32\DRIVERS\onda_ecm_enum_filter.sys [2012-02-20 56832]
    R3 onda_wcpo;ONDA Installation Device (WCPO);c:\windows\system32\DRIVERS\onda_wcpo.sys [2012-02-20 10752]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-15 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
    S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-03-09 257344]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
    S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\ZTE Join Air\AssistantServices.exe [2010-11-01 253264]
    S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys [2011-01-21 67624]
    S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys [2011-01-21 19496]
    S3 bScsiMSa;bScsiMSa;c:\windows\system32\drivers\bScsiMSa.sys [2011-01-20 52264]
    S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-01-14 85544]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
    S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-23 270912]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-01-17 412712]
    S3 onda_cdc_acm;ONDA CDC-ACM driver;c:\windows\system32\DRIVERS\onda_cdc_acm.sys [2012-02-20 79872]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 18:49]
    .
    2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-05 13:03]
    .
    2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-05 13:03]
    .
    2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839587973-888073759-2331354090-1001Core.job
    - c:\users\Miry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-23 16:55]
    .
    2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839587973-888073759-2331354090-1001Core1cc90e62f9582a.job
    - c:\users\Miry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-23 16:55]
    .
    2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839587973-888073759-2331354090-1001UA.job
    - c:\users\Miry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-23 16:55]
    .
    2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839587973-888073759-2331354090-1001UA1cc90e655ee659.job
    - c:\users\Miry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-23 16:55]
    .
    2012-11-03 c:\windows\Tasks\SpeedyPC Pro.job
    - c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-10-04 20:42]
    .
    2012-11-02 c:\windows\Tasks\SpeedyPC Registration3.job
    - c:\windows\system32\rundll32.exe [2009-07-13 01:14]
    .
    2012-11-04 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
    - c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]
    .
    2012-11-02 c:\windows\Tasks\SpeedyPC Update Version3.job
    - c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-09 2189416]
    "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\acaptuser64.dll c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Launch Manager\LMutilps32.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    .
    **************************************************************************
    .
    Completion time: 2012-11-05 00:12:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-11-04 23:12
    ComboFix2.txt 2012-11-03 10:14
    .
    Pre-Run: 14,645,448,704 bytes free
    Post-Run: 14,444,826,624 bytes free
    .
    - - End Of File - - F32576A24E9B9B75F30D5AE3129C1222
  11. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Looks good :)

    Any current issues?

    ========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. Nicole112

    Nicole112 Newcomer, in training Topic Starter Posts: 26

    Unfortunately I don’t see any changes. Google chrome still can’t connect to the internet, I receive this error:
    The web page at http://www.techspot.com/ might be temporarily down or it may have moved permanently to a new web address.
    Error 137 (net::ERR_NAME_RESOLUTION_FAILED): Unknown error.

    And other programs that use the internet don’t work as well (Skype, YMessenger, updating anti-virus programs etc). Somehow only IE can connect to any webpage.
    The Logs from OTL are:


    OTL logfile created on: 05/11/2012 00:36:15 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Miry\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.86 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 65.14% Memory free
    7.71 Gb Paging File | 6.23 Gb Available in Paging File | 80.78% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 70.01 Gb Total Space | 13.56 Gb Free Space | 19.36% Space Free | Partition Type: NTFS
    Drive D: | 178.45 Gb Total Space | 18.07 Gb Free Space | 10.13% Space Free | Partition Type: NTFS
    Drive E: | 202.20 Gb Total Space | 19.19 Gb Free Space | 9.49% Space Free | Partition Type: NTFS

    Computer Name: MIRY-PC | User Name: Miry | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/05 00:35:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Miry\Desktop\OTL.exe
    PRC - [2012/10/30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/08/17 16:13:40 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2011/08/02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2011/03/14 12:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    PRC - [2011/03/14 12:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
    PRC - [2011/03/14 12:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2011/03/14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2011/03/09 18:11:22 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    PRC - [2011/03/09 18:10:04 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
    PRC - [2011/02/22 10:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    PRC - [2011/01/31 21:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    PRC - [2010/11/01 12:58:54 | 000,253,264 | ---- | M] () -- C:\Program Files (x86)\ZTE Join Air\AssistantServices.exe
    PRC - [2010/09/14 02:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/09/14 02:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/06/11 20:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    PRC - [2007/06/27 17:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    PRC - [2007/06/27 17:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/14 14:27:20 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll
    MOD - [2012/06/14 14:24:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 14:24:40 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/05/12 13:27:58 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll
    MOD - [2012/05/12 09:34:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/12 09:33:40 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/05/12 09:33:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/12 09:33:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/12 09:33:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/12 09:33:26 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2011/03/09 18:13:18 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
    MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2012/07/11 19:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2011/05/10 14:01:08 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2011/01/31 21:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
    SRV:64bit: - [2010/12/28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
    SRV:64bit: - [2010/10/08 02:24:16 | 000,150,016 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/11/02 19:49:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/08/17 16:13:40 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/07/13 11:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/11/11 02:42:52 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
    SRV - [2011/07/17 02:46:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/03/14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2011/03/09 18:11:22 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2011/02/01 22:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2011/02/01 22:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/11/01 12:58:54 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ZTE Join Air\AssistantServices.exe -- (UI Assistant Service)
    SRV - [2010/09/14 02:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/10/30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/10/30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/10/30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/10/30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/10/30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/10/15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/05/15 11:48:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/20 10:01:32 | 000,056,832 | ---- | M] (ONDA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\onda_ecm_enum_filter.sys -- (onda_ecm_enum_filter)
    DRV:64bit: - [2012/02/20 10:01:32 | 000,056,832 | ---- | M] (ONDA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\onda_ecm_enum.sys -- (onda_ecm_enum)
    DRV:64bit: - [2012/02/20 10:01:30 | 000,079,872 | ---- | M] (ONDA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\onda_cdc_acm.sys -- (onda_cdc_acm)
    DRV:64bit: - [2012/02/20 10:01:30 | 000,060,416 | ---- | M] (ONDA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\onda_cdc_ecm.sys -- (onda_cdc_ecm)
    DRV:64bit: - [2012/02/20 10:01:30 | 000,010,752 | ---- | M] (ONDA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\onda_wcpo.sys -- (onda_wcpo)
    DRV:64bit: - [2011/08/23 18:09:08 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2011/08/01 14:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/04/15 19:08:28 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/10 05:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2011/03/10 05:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV:64bit: - [2011/03/01 15:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2011/01/21 02:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
    DRV:64bit: - [2011/01/21 02:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
    DRV:64bit: - [2011/01/20 04:28:26 | 000,052,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
    DRV:64bit: - [2011/01/17 23:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
    DRV:64bit: - [2011/01/14 02:22:24 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
    DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/10/15 09:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/10/08 02:23:38 | 000,019,192 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2010/09/14 02:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/07/29 14:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/09/27 07:46:34 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV:64bit: - [2009/09/27 07:46:34 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV:64bit: - [2009/09/27 07:46:34 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV:64bit: - [2009/09/27 07:46:16 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/12/30 09:59:02 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
    DRV:64bit: - [2008/12/13 09:28:20 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-839587973-888073759-2331354090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-839587973-888073759-2331354090-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-839587973-888073759-2331354090-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Miry\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Miry\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Miry\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Miry\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Miry\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Miry\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - Extension: BIODIGITAL HUMAN = C:\Users\Miry\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
    CHR - Extension: Angry Birds = C:\Users\Miry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: AutoCAD WS = C:\Users\Miry\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjeclnkejmbepoibfnamioojinoopln\1.4.3_0\
    CHR - Extension: Chain Reaction = C:\Users\Miry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa\1.2_0\
    CHR - Extension: avast! WebRep = C:\Users\Miry\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
    CHR - Extension: CPDD-Blossom = C:\Users\Miry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlialpgnoagkdecfaggejocpfdbommon\1.4_0\
    CHR - Extension: Castle Empire = C:\Users\Miry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lihkgalcjmofecbdobcgehpgomdekkgd\1.0.1_0\
    CHR - Extension: Do It (Tomorrow) = C:\Users\Miry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfagjoblnoeagfhfhohcdklnddjaiglo\1.0.6_0\

    O1 HOSTS File: ([2012/11/05 00:08:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKU\S-1-5-21-839587973-888073759-2331354090-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    O4 - HKU\S-1-5-21-839587973-888073759-2331354090-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-839587973-888073759-2331354090-1001..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-839587973-888073759-2331354090-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-839587973-888073759-2331354090-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
    O10 - Broken Internet access at catalog 000000000005
    O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.7.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{160DDB86-8F34-4BD3-963B-6BF10F324F58}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69BB2179-BC30-48A1-AC0A-0A960D9C6BB5}: DhcpNameServer = 213.154.124.221 193.231.252.221
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  13. Nicole112

    Nicole112 Newcomer, in training Topic Starter Posts: 26

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/05 00:35:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Miry\Desktop\OTL.exe
    [2012/11/05 00:08:16 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/11/04 23:55:20 | 004,996,943 | R--- | C] (Swearware) -- C:\Users\Miry\Desktop\ComboFix.exe
    [2012/11/04 09:32:38 | 000,000,000 | ---D | C] -- C:\Users\Miry\Desktop\Clean
    [2012/11/03 22:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/11/03 22:57:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/11/03 22:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware2
    [2012/11/03 21:35:41 | 000,000,000 | ---D | C] -- C:\Users\Miry\Desktop\prostiutze
    [2012/11/03 11:46:08 | 000,000,000 | ---D | C] -- C:\Users\Miry\AppData\Roaming\SUPERAntiSpyware.com
    [2012/11/03 11:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/11/03 11:45:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/11/03 11:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/11/03 11:28:05 | 000,000,000 | ---D | C] -- C:\Users\Miry\AppData\Roaming\LavasoftStatistics
    [2012/11/03 11:27:31 | 000,000,000 | ---D | C] -- C:\Users\Miry\AppData\Roaming\Ad-Aware Antivirus
    [2012/11/03 11:00:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/03 11:00:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/03 11:00:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/03 11:00:40 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/03 10:52:42 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/11/02 23:05:07 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/11/02 23:05:07 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/11/02 23:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/11/02 23:05:05 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/11/02 23:05:05 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/11/02 23:05:04 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/11/02 23:04:59 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/11/02 23:04:59 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/11/02 23:04:35 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/11/02 23:04:35 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/11/02 23:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/11/02 23:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/11/02 23:00:37 | 000,000,000 | ---D | C] -- C:\Users\Miry\AppData\Local\Avg2013
    [2012/11/02 19:49:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2012/11/02 19:44:03 | 000,000,000 | ---D | C] -- C:\Users\Miry\AppData\Roaming\Opera
    [2012/11/02 19:44:03 | 000,000,000 | ---D | C] -- C:\Users\Miry\AppData\Local\Opera
    [2012/11/02 19:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
    [2012/11/01 19:34:42 | 000,000,000 | ---D | C] -- C:\Users\Miry\AppData\Roaming\DriverCure
    [2012/11/01 19:34:41 | 000,000,000 | ---D | C] -- C:\Users\Miry\AppData\Roaming\SpeedyPC Software
    [2012/11/01 19:34:39 | 000,000,000 | ---D | C] -- C:\Users\Miry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
    [2012/11/01 19:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
    [2012/11/01 19:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
    [2012/11/01 19:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
    [2012/11/01 11:25:55 | 000,000,000 | ---D | C] -- C:\Users\Miry\AppData\Local\MFAData
    [2012/11/01 11:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2012/10/31 22:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2012/10/31 22:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/10/31 10:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Straus7 Release 2
    [2012/10/31 10:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Straus7
    [2012/10/31 10:35:49 | 000,000,000 | ---D | C] -- C:\Users\Miry\Documents\OneNote Notebooks
    [2012/10/07 22:32:37 | 000,000,000 | ---D | C] -- C:\Users\Miry\Documents\Outlook Files
    [2012/10/07 16:55:33 | 000,000,000 | ---D | C] -- C:\Users\Miry\AppData\Local\PunkBuster
    [1 C:\Users\Miry\Desktop\*.tmp files -> C:\Users\Miry\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/11/05 00:35:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Miry\Desktop\OTL.exe
    [2012/11/05 00:35:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/05 00:22:02 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/05 00:22:02 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/05 00:16:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-839587973-888073759-2331354090-1001UA1cc90e655ee659.job
    [2012/11/05 00:14:58 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/05 00:14:57 | 000,000,514 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
    [2012/11/05 00:14:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/05 00:14:25 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/05 00:11:20 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-839587973-888073759-2331354090-1001UA.job
    [2012/11/05 00:08:15 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/04 23:59:18 | 004,996,943 | R--- | M] (Swearware) -- C:\Users\Miry\Desktop\ComboFix.exe
    [2012/11/04 23:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/11/04 21:52:16 | 000,730,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/11/04 21:52:16 | 000,631,816 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/11/04 21:52:16 | 000,111,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/11/04 14:11:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-839587973-888073759-2331354090-1001Core.job
    [2012/11/04 13:16:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-839587973-888073759-2331354090-1001Core1cc90e62f9582a.job
    [2012/11/03 18:50:37 | 000,001,218 | ---- | M] () -- C:\Users\Miry\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/11/03 02:20:55 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
    [2012/11/02 23:04:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/11/02 19:25:16 | 004,679,862 | ---- | M] () -- C:\Users\Miry\Desktop\DSCN0555.JPG
    [2012/11/02 18:00:00 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
    [2012/11/02 11:12:37 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
    [2012/11/01 19:39:12 | 000,018,476 | ---- | M] () -- C:\Users\Miry\Documents\cc_20121101_193907.reg
    [2012/11/01 13:22:33 | 000,701,324 | ---- | M] () -- C:\ProgramData\bdinstall.bin
    [2012/10/31 20:48:35 | 000,001,267 | ---- | M] () -- C:\Windows\Straus7.ini
    [2012/10/31 10:36:03 | 000,001,256 | ---- | M] () -- C:\Users\Miry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2012/10/30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/10/30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/10/30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/10/30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/10/30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/10/30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/10/30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/10/30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/10/19 22:09:26 | 003,145,728 | ---- | M] () -- C:\Users\Miry\Desktop\DSCF4122 - Copy.JPG
    [2012/10/15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/10/07 22:32:43 | 000,001,095 | ---- | M] () -- C:\Users\Miry\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
    [1 C:\Users\Miry\Desktop\*.tmp files -> C:\Users\Miry\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/11/03 18:52:36 | 000,001,805 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
    [2012/11/03 11:00:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/03 11:00:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/03 11:00:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/03 11:00:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/03 11:00:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/02 23:04:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/11/01 19:39:10 | 000,018,476 | ---- | C] () -- C:\Users\Miry\Documents\cc_20121101_193907.reg
    [2012/11/01 19:34:44 | 000,000,490 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
    [2012/11/01 19:34:39 | 000,000,514 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
    [2012/11/01 19:34:39 | 000,000,462 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
    [2012/11/01 19:34:38 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
    [2012/10/31 10:43:18 | 000,001,267 | ---- | C] () -- C:\Windows\Straus7.ini
    [2012/10/31 10:36:03 | 000,001,256 | ---- | C] () -- C:\Users\Miry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2012/10/19 22:13:54 | 003,145,728 | ---- | C] () -- C:\Users\Miry\Desktop\DSCF4122 - Copy.JPG
    [2012/10/07 22:32:43 | 000,001,095 | ---- | C] () -- C:\Users\Miry\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
    [2012/08/17 16:13:41 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/08/17 16:13:40 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012/05/25 17:27:40 | 000,000,047 | ---- | C] () -- C:\Windows\ODA.INI
    [2012/05/03 22:47:18 | 000,003,584 | ---- | C] () -- C:\Users\Miry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/05/01 18:24:36 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
    [2011/12/02 00:50:41 | 000,000,044 | ---- | C] () -- C:\Windows\Esa.INI
    [2011/11/27 16:05:52 | 000,000,384 | ---- | C] () -- C:\Windows\pdf2word.INI
    [2011/10/05 18:44:39 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
    [2011/09/23 12:40:19 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\implode.dll
    [2011/08/19 22:58:32 | 000,701,324 | ---- | C] () -- C:\ProgramData\bdinstall.bin
    [2011/08/19 21:55:19 | 002,469,248 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
    [2011/08/19 21:55:19 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
    [2011/08/19 21:55:19 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
    [2011/08/19 21:55:19 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
    [2011/08/19 21:55:19 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
    [2011/08/15 19:02:17 | 000,000,017 | ---- | C] () -- C:\Users\Miry\AppData\Local\resmon.resmoncfg
    [2011/06/08 08:30:47 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/06/08 08:30:45 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/06/08 08:30:44 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011/06/08 08:30:43 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/06/08 08:30:41 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2008/03/07 15:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
    [2008/03/07 12:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/11/02 20:28:41 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Opera
    [2012/11/03 11:27:42 | 000,000,000 | ---D | M] -- C:\Users\Miry\AppData\Roaming\Ad-Aware Antivirus
    [2011/11/11 02:45:27 | 000,000,000 | ---D | M] -- C:\Users\Miry\AppData\Roaming\Autodesk
    [2012/01/29 20:51:51 | 000,000,000 | ---D | M] -- C:\Users\Miry\AppData\Roaming\Big Fish Games
    [2012/11/05 00:04:55 | 000,000,000 | ---D | M] -- C:\Users\Miry\AppData\Roaming\BitComet
    [2011/08/30 11:51:34 | 000,000,000 | ---D | M] -- C:\Users\Miry\AppData\Roaming\BitTorrent
    [2012/10/31 22:17:21 | 000,000,000 | ---D | M] -- C:\Users\Miry\AppData\Roaming\DAEMON Tools Lite
    [2012/11/01 19:34:42 | 000,000,000 | ---D | M] -- C:\Users\Miry\AppData\Roaming\DriverCure
    [2012/02/18 03:14:22 | 000,000,000 | ---D | M] -- C:\Users\Miry\AppData\Roaming\Mathsoft
    [2012/11/03 18:52:43 | 000,000,000 | ---D | M] -- C:\Users\Miry\AppData\Roaming\Opera
    [2012/02/04 00:37:05 | 000,000,000 | ---D | M] -- C:\Users\Miry\AppData\Roaming\Origin
    [2011/08/27 20:53:37 | 000,000,000 | ---D | M] -- C:\Users\Miry\AppData\Roaming\PowerCinema
    [2012/08/17 16:13:39 | 000,000,000 | ---D | M] -- C:\Users\Miry\AppData\Roaming\PunkBuster
    [2011/08/19 22:58:58 | 000,000,000 | ---D | M] -- C:\Users\Miry\AppData\Roaming\QuickScan
    [2012/04/01 17:08:57 | 000,000,000 | ---D | M] -- C:\Users\Miry\AppData\Roaming\Rovio
    [2012/11/01 19:34:41 | 000,000,000 | ---D | M] -- C:\Users\Miry\AppData\Roaming\SpeedyPC Software
    [2012/03/03 17:29:12 | 000,000,000 | ---D | M] -- C:\Users\Miry\AppData\Roaming\SystemRequirementsLab
    [2011/12/28 15:28:51 | 000,000,000 | ---D | M] -- C:\Users\Miry\AppData\Roaming\Trine2
    [2012/09/16 22:33:42 | 000,000,000 | ---D | M] -- C:\Users\Miry\AppData\Roaming\TuneUp Software
    [2012/10/07 16:55:26 | 000,000,000 | ---D | M] -- C:\Users\Miry\AppData\Roaming\Ubisoft
    [2011/11/24 10:38:16 | 000,000,000 | ---D | M] -- C:\Users\Miry\AppData\Roaming\Vodafone

    ========== Purity Check ==========


    < End of report >
  14. Nicole112

    Nicole112 Newcomer, in training Topic Starter Posts: 26

    OTL Extras logfile created on: 05/11/2012 00:36:15 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Miry\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.86 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 65.14% Memory free
    7.71 Gb Paging File | 6.23 Gb Available in Paging File | 80.78% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 70.01 Gb Total Space | 13.56 Gb Free Space | 19.36% Space Free | Partition Type: NTFS
    Drive D: | 178.45 Gb Total Space | 18.07 Gb Free Space | 10.13% Space Free | Partition Type: NTFS
    Drive E: | 202.20 Gb Total Space | 19.19 Gb Free Space | 9.49% Space Free | Partition Type: NTFS

    Computer Name: MIRY-PC | User Name: Miry | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0122A361-7282-4FD0-9D40-9BB1AA7BE74D}" = protocol=6 | dir=in | app=d:\games\assassins creed revelation\assassinscreedrevelations.exe |
    "{12F96883-4F63-477F-92BC-C24C75F761F6}" = protocol=6 | dir=in | app=c:\users\miry\scia\scia.exe |
    "{32E7D90B-D664-4F36-9E20-714EFC1D4E2C}" = protocol=17 | dir=in | app=d:\games\assassins creed revelation\acrsp.exe |
    "{39441D56-F5F8-4473-B46B-15FBE634528A}" = protocol=6 | dir=in | app=d:\games\assassins creed revelation\acrsp.exe |
    "{3BA54584-E2F3-41E7-A066-3C10679A21EB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{3E54EEC5-07BE-4C9F-A845-C3DAEC046175}" = protocol=17 | dir=in | app=c:\users\miry\appdata\local\google\chrome\application\chrome.exe |
    "{3F18C3B9-17B6-461E-A6F7-2F15BB04E197}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{49346FD2-0E8C-4822-8806-87FC5EDEAB92}" = protocol=17 | dir=in | app=d:\games\assassins creed brotherhood\assassinscreedbrotherhood.exe |
    "{49ACC972-F2AE-4F23-8AD0-46F985A78A06}" = protocol=6 | dir=in | app=d:\games\assassins creed brotherhood\uplaybrowser.exe |
    "{51901A01-8D9D-4451-A598-ECD1507A4F9B}" = protocol=17 | dir=in | app=c:\users\miry\scia\scia.exe |
    "{53025521-EF6D-4055-9A45-31BB1916EF8C}" = protocol=17 | dir=in | app=d:\games\assassins creed brotherhood\acbsp.exe |
    "{5366296A-3782-443D-819E-954ABC801279}" = protocol=6 | dir=in | app=d:\games\assassins creed 2\uplaybrowser.exe |
    "{64B39FCE-0FFE-4133-9863-4CB9424543AA}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
    "{654A861F-1B1C-4FFF-B65C-646701981757}" = protocol=17 | dir=in | app=d:\games\assassins creed 2\assassinscreediigame.exe |
    "{66C02FB9-1E57-403D-A415-2AF18E9AD770}" = protocol=17 | dir=in | app=d:\games\assassins creed 2\uplaybrowser.exe |
    "{7217C9F9-52E6-476D-8153-C3D8AA2040C1}" = protocol=6 | dir=in | app=d:\games\assassins creed revelation\acrmp.exe |
    "{8427D1FB-2E4C-4C83-8EA2-6CD68F79697C}" = protocol=17 | dir=in | app=d:\games\assassins creed brotherhood\uplaybrowser.exe |
    "{9154F1BC-5D34-4983-8E35-AA83510C824D}" = protocol=6 | dir=in | app=d:\games\assassins creed brotherhood\assassinscreedbrotherhood.exe |
    "{929B95F2-9CD5-4E07-9244-EA19DA8B9980}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
    "{98A56357-9F4C-4D2F-91BC-720173D5737D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{9FD92534-5BF0-4759-B764-5F8BE7E63E9A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{A139E09C-C6B1-4F2A-A204-986B27A32AF2}" = protocol=6 | dir=in | app=d:\games\assassins creed brotherhood\acbmp.exe |
    "{A2ED5EF6-07C4-4ACD-A27A-3E08FBEA434B}" = protocol=17 | dir=in | app=d:\games\assassins creed 2\assassinscreedii.exe |
    "{A63A29A2-9023-4D6F-96DD-5B63A06D1C6F}" = protocol=6 | dir=in | app=c:\users\miry\appdata\local\google\chrome\application\chrome.exe |
    "{AA3CC9C6-A5A2-48B8-BC2F-B2FC7B0AF8D9}" = protocol=17 | dir=in | app=d:\games\assassins creed revelation\assassinscreedrevelations.exe |
    "{B2908868-60D9-46DB-98D9-62BEA4FDB13B}" = protocol=17 | dir=in | app=d:\games\assassins creed brotherhood\acbmp.exe |
    "{B5E791AD-FD7C-4F36-9B10-EEFB0FF0306F}" = protocol=6 | dir=in | app=d:\games\assassins creed 2\assassinscreediigame.exe |
    "{B8CA16A9-1F97-4091-AA3F-F3C3D769F640}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B8E81240-7F9C-4136-A4D0-818F4A75FA5C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{BE8D261C-F30A-42A6-B68F-83C9E2862777}" = protocol=6 | dir=in | app=d:\games\assassins creed 2\assassinscreedii.exe |
    "{BFFB2A8F-F407-43BB-9CBD-B253A7B7EBC1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{DCFA76B5-CEC6-4BE3-AB70-DD7C7E00C434}" = protocol=17 | dir=in | app=d:\games\assassins creed revelation\acrmp.exe |
    "{E9FC7E80-5E02-400C-81D5-DC9F77F92E68}" = protocol=6 | dir=in | app=d:\games\assassins creed brotherhood\acbsp.exe |
    "{F4DD79AF-5AD1-4725-B5EF-6CB48BCBFFE1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{FBFD00C9-4D80-4C9D-87FD-76A895A7F129}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "TCP Query User{0B1F2CFC-891F-4C63-B0E2-48D628D0617E}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "TCP Query User{0DE0C37E-11B2-4DF6-AC46-B0C207F23EE5}C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
    "TCP Query User{4DC967F0-CA04-43AD-A716-ABB72AD8356A}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
    "TCP Query User{5E54BF1C-1922-403F-96F2-7823F6B9E095}D:\games\assassins creed revelation\acrsp.exe" = protocol=6 | dir=in | app=d:\games\assassins creed revelation\acrsp.exe |
    "TCP Query User{927A505A-FDAA-44FE-A163-1D8A1DE8809F}D:\games\assassins creed revelation\acrmp.exe" = protocol=6 | dir=in | app=d:\games\assassins creed revelation\acrmp.exe |
    "TCP Query User{A7364157-2B84-423C-93B5-D69106EA00F8}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{AF4F6873-11B1-488A-BB03-A5C7AE542794}C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
    "TCP Query User{B0020937-4C08-4591-ADFF-651D681BAD83}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{D5B81DDF-3E9F-4EC6-97A3-D927F9E63E99}C:\users\miry\scia\lmgrd.exe" = protocol=6 | dir=in | app=c:\users\miry\scia\lmgrd.exe |
    "TCP Query User{DB89C485-3CCA-4519-AE40-4507569D6BAC}C:\users\miry\scia\lmgrd.exe" = protocol=6 | dir=in | app=c:\users\miry\scia\lmgrd.exe |
    "TCP Query User{E250F0CE-D39F-47B7-B0F8-7F3F87B7F6CF}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
    "TCP Query User{EFCC1776-F72E-4096-975A-4ECEA1EF15AC}C:\users\miry\scia\scia.exe" = protocol=6 | dir=in | app=c:\users\miry\scia\scia.exe |
    "UDP Query User{07B3E155-DCE1-4E9B-BEBA-A37616ED9998}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{2B8D4059-EE77-46FB-A332-5AB9AFA20BAE}C:\users\miry\scia\scia.exe" = protocol=17 | dir=in | app=c:\users\miry\scia\scia.exe |
    "UDP Query User{43C59C5C-6E75-4FCF-9DCD-88DAD6DE4B76}C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
    "UDP Query User{55F9610D-FC39-42DD-AECA-D080D8E2E41A}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
    "UDP Query User{5A4FB8BA-4686-44ED-98AB-E0FFF41A1904}C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
    "UDP Query User{5F9A2EFC-3F7C-4D32-A636-DB65BC6B03B1}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
    "UDP Query User{AA2C63E9-3EFC-4144-9BEF-69C6C1E20A36}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{B223F1B8-BD24-4257-B080-87AF8AAF385F}D:\games\assassins creed revelation\acrmp.exe" = protocol=17 | dir=in | app=d:\games\assassins creed revelation\acrmp.exe |
    "UDP Query User{CBAA5953-8690-4D9D-9305-E147288BDB84}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "UDP Query User{D98B2610-84AF-45F3-8A40-664FF33A6D63}C:\users\miry\scia\lmgrd.exe" = protocol=17 | dir=in | app=c:\users\miry\scia\lmgrd.exe |
    "UDP Query User{E293DE08-14D7-4D33-B72D-5A5E769DD1C9}C:\users\miry\scia\lmgrd.exe" = protocol=17 | dir=in | app=c:\users\miry\scia\lmgrd.exe |
    "UDP Query User{EEB30934-BD91-4192-8DA8-864E63FD3983}D:\games\assassins creed revelation\acrsp.exe" = protocol=17 | dir=in | app=d:\games\assassins creed revelation\acrsp.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
    "{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
    "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
    "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
    "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
    "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
    "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
    "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
    "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
    "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
    "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
    "{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
    "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
    "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
    "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
    "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
    "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
    "{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
    "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
    "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
    "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
    "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
    "{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
    "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
    "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
    "{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-002A-0418-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Romanian) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
    "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
    "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
    "{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
    "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
    "{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources
    "{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.8.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
    "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
    "{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller
    "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
    "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
    "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
    "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
    "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
    "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
    "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR 4.00 beta 6 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
    "{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
    "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
    "{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
    "{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
    "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
    "{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
    "{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Master Suite Stuff
    "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
    "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
    "{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
    "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
    "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
    "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
    "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
    "{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run
    "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
    "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
    "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
    "{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
    "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
    "{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common
    "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
    "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
    "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
    "{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = MediaEspresso
    "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
    "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
    "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
    "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
    "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
    "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
    "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack
    "{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14 Help
    "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
    "{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker
    "{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
    "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
    "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
    "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
    "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
    "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
    "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
    "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
    "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
    "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
    "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
    "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
    "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
    "{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
    "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.02
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
    "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
    "{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space
    "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
    "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
    "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
    "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
    "{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
    "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
    "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
    "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
    "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
    "{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
    "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
    "{46BD06C2-8D71-4A41-A71F-2EEA0FB2AEAB}_is1" = Wondershare PDF Converter (Build 2.6.0)
    "{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
    "{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
    "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
    "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
    "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
    "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
    "{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer
    "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
    "{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
    "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
    "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
    "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
    "{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
    "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
    "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
    "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
    "{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
    "{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
    "{5E5E66D9-68DF-4818-A883-8787DC52EB7A}" = General Runtime Files for Nemetschek Allplan 2009
    "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
    "{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
    "{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
    "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
    "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
    "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
    "{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
    "{64890719-1716-1156-9324-004005470643}" = Straus7 Release 2
    "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
    "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
    "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
    "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
    "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
    "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
    "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
    "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
    "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
    "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
    "{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
    "{6DBAF277-66A6-4DA9-8E01-AA549CED1DDB}" = Scia Engineer 2009.0
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
    "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
    "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
    "{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
    "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
    "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
    "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
    "{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}" = Nemetschek SoftLock 2006
    "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
    "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
    "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
    "{73B39198-9279-4A38-806F-D3853153E924}" = Default
    "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
    "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
    "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
    "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
    "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
    "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
    "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
    "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
    "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
    "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
    "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
    "{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff
    "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
    "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
    "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
    "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
    "{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
    "{7D99B933-E29C-4599-92F0-DAED2AF041E3}" = Windows Live Essentials
    "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
    "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
    "{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
    "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
    "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
    "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
    "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
    "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
    "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
    "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
    "{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
    "{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria
    "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
    "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
  15. Nicole112

    Nicole112 Newcomer, in training Topic Starter Posts: 26

    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0418-0000-0000000FF1CE}" = Microsoft Office Access MUI (Romanian) 2010
    "{90140000-0015-0418-0000-0000000FF1CE}_Office14.OMUI.ro-ro_{ED53A55E-7173-4052-A8FE-82254FA7CBB8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0418-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Romanian) 2010
    "{90140000-0016-0418-0000-0000000FF1CE}_Office14.OMUI.ro-ro_{ED53A55E-7173-4052-A8FE-82254FA7CBB8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0418-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Romanian) 2010
    "{90140000-0018-0418-0000-0000000FF1CE}_Office14.OMUI.ro-ro_{ED53A55E-7173-4052-A8FE-82254FA7CBB8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0418-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Romanian) 2010
    "{90140000-0019-0418-0000-0000000FF1CE}_Office14.OMUI.ro-ro_{ED53A55E-7173-4052-A8FE-82254FA7CBB8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0418-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Romanian) 2010
    "{90140000-001A-0418-0000-0000000FF1CE}_Office14.OMUI.ro-ro_{ED53A55E-7173-4052-A8FE-82254FA7CBB8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0418-0000-0000000FF1CE}" = Microsoft Office Word MUI (Romanian) 2010
    "{90140000-001B-0418-0000-0000000FF1CE}_Office14.OMUI.ro-ro_{ED53A55E-7173-4052-A8FE-82254FA7CBB8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0418-0000-0000000FF1CE}" = Microsoft Office Proof (Romanian) 2010
    "{90140000-001F-0418-0000-0000000FF1CE}_Office14.OMUI.ro-ro_{B44588C0-5117-481F-B0E2-DAB2D992A6C3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002A-0418-1000-0000000FF1CE}_Office14.OMUI.ro-ro_{104C3612-1A90-42C0-B25F-19D9D6D2C249}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0418-0000-0000000FF1CE}" = Microsoft Office Proofing (Romanian) 2010
    "{90140000-002C-0418-0000-0000000FF1CE}_Office14.OMUI.ro-ro_{42043BAE-2E07-4858-A0DA-46284FE3BD1A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0418-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Romanian) 2010
    "{90140000-0044-0418-0000-0000000FF1CE}_Office14.OMUI.ro-ro_{ED53A55E-7173-4052-A8FE-82254FA7CBB8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0418-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Romanian) 2010
    "{90140000-006E-0418-0000-0000000FF1CE}_Office14.OMUI.ro-ro_{7E98B041-7637-4D1B-A822-38FAAAC0C57E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0418-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Romanian) 2010
    "{90140000-00A1-0418-0000-0000000FF1CE}_Office14.OMUI.ro-ro_{ED53A55E-7173-4052-A8FE-82254FA7CBB8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0418-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Romanian) 2010
    "{90140000-00BA-0418-0000-0000000FF1CE}_Office14.OMUI.ro-ro_{ED53A55E-7173-4052-A8FE-82254FA7CBB8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0100-0418-0000-0000000FF1CE}" = Microsoft Office O MUI (Romanian) 2010
    "{90140000-0100-0418-0000-0000000FF1CE}_Office14.OMUI.ro-ro_{49086F43-4509-49C7-9669-F914D4F1838A}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    "{90140000-0101-0418-0000-0000000FF1CE}" = Microsoft Office X MUI (Romanian) 2010
    "{90140000-0101-0418-0000-0000000FF1CE}_Office14.OMUI.ro-ro_{FACECA57-1048-4CF8-BAF8-A583358531A7}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
    "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail
    "{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Onda Connection Manager
    "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
    "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
    "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
    "{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
    "{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
    "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
    "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
    "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
    "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
    "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
    "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
    "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
    "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
    "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
    "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
    "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
    "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
    "{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
    "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
    "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
    "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
    "{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
    "{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
    "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
    "{BAED3957-C271-4670-A50D-8D7438701917}" = Nemetschek Allplan 2009
    "{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
    "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
    "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
    "{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
    "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
    "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
    "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
    "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
    "{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
    "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
    "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
    "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
    "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
    "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
    "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
    "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
    "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
    "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
    "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
    "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
    "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
    "{D6506521-0959-4FA3-875F-E2E28830B0D2}" = NEF Codec
    "{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
    "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
    "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
    "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
    "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
    "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
    "{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
    "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
    "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
    "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
    "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
    "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
    "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
    "{E666A69B-A76D-43D5-AF28-4B2150A6EDE2}" = Mathcad 14
    "{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
    "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
    "{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
    "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
    "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
    "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
    "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
    "{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14 Resource Center
    "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
    "{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
    "{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
    "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
    "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F13587F7-AA4C-4C2E-AE7D-F33F3CCE57A9}" = Windows Live Messenger
    "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
    "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
    "{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
    "{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
    "{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
    "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
    "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
    "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
    "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
    "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
    "{FCBC19F7-E068-4B7A-ACBB-CE9CCEB4B21F}" = Windows Live Messenger
    "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
    "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
    "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
    "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
    "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
    "Acer Registration" = Acer Registration
    "Acer Welcome Center" = Welcome Center
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Autodesk DWF Viewer" = Autodesk DWF Viewer
    "avast" = avast! Free Antivirus
    "BitComet_x64" = BitComet 1.29 64-bit
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Identity Card" = Identity Card
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
    "InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
    "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
    "InstallShield_{6DBAF277-66A6-4DA9-8E01-AA549CED1DDB}" = Scia Engineer 2009.0
    "LHTTSENG" = L&H TTS3000 British English
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Mobile Partner" = Mobile Partner
    "Mystery Case Files 8 - Escape from Ravenhearst CE1.0" = Mystery Case Files 8 - Escape from Ravenhearst CE
    "Office14.OMUI.ro-ro" = Microsoft Office Language Pack 2010 - Romanian/Română
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Opera 11.61.1250" = Opera 11.61
    "Origin" = Origin
    "Picasa 3" = Picasa 3
    "Postal 2_is1" = Portal 2
    "PunkBusterSvc" = PunkBuster Services
    "ReNamer_is1" = ReNamer
    "Royal Envoy 2--Collectors Edition ." = Royal Envoy 2--Collectors Edition .
    "Trine 2_is1" = Trine 2
    "VeryPDF PDF2Word v3.0_is1" = VeryPDF PDF2Word v3.0
    "VLC media player" = VLC media player 2.0.1
    "WinLiveSuite" = Windows Live Essentials
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-839587973-888073759-2331354090-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/06/2012 10:37:32 | Computer Name = Miry-PC | Source = Application Hang | ID = 1002
    Description = The program Esa.exe version 1.0.0.1 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 177c Start Time:
    01cd47dcc74dbc89 Termination Time: 70 Application Path: C:\Program Files (x86)\SCIA\Engineer2009.0\Esa.exe
    Report
    Id: f2e47404-b3d2-11e1-9268-b870f4a8f680

    Error - 12/06/2012 07:08:05 | Computer Name = Miry-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/06/2012 09:45:40 | Computer Name = Miry-PC | Source = Application Hang | ID = 1002
    Description = The program Esa.exe version 1.0.0.1 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 1f68 Start Time:
    01cd489bc64d9058 Termination Time: 102 Application Path: C:\Program Files (x86)\SCIA\Engineer2009.0\Esa.exe
    Report
    Id: e3237847-b494-11e1-8e8e-b870f4a8f680

    Error - 12/06/2012 13:25:39 | Computer Name = Miry-PC | Source = Application Hang | ID = 1002
    Description = The program WINWORD.EXE version 14.0.4734.1000 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 950 Start
    Time: 01cd4897759380f6 Termination Time: 0 Application Path: C:\Program Files (x86)\Microsoft
    Office\Office14\WINWORD.EXE Report Id:

    Error - 12/06/2012 14:12:36 | Computer Name = Miry-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 12/06/2012 23:43:14 | Computer Name = Miry-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
    time stamp: 0x4a5bc637 Faulting module name: gcswf32.dll_unloaded, version: 0.0.0.0,
    time stamp: 0x4fc81f6f Exception code: 0xc0000005 Fault offset: 0x606868ab Faulting
    process id: 0x1704 Faulting application start time: 0x01cd488e1bb72d95 Faulting application
    path: C:\Windows\SysWOW64\rundll32.exe Faulting module path: gcswf32.dll Report Id:
    e70f39b3-b509-11e1-8e8e-b870f4a8f680

    Error - 13/06/2012 15:18:33 | Computer Name = Miry-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 14/06/2012 09:20:36 | Computer Name = Miry-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 14/06/2012 10:00:09 | Computer Name = Miry-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 14/06/2012 21:06:33 | Computer Name = Miry-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: DMREngine.exe, version: 1.1.0.3727, time
    stamp: 0x4d410b95 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
    time stamp: 0x4e211319 Exception code: 0xc0000005 Fault offset: 0x00006a6d Faulting
    process id: 0x1344 Faulting application start time: 0x01cd4a3079353c90 Faulting application
    path: C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe Faulting
    module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 58bc1ef9-b686-11e1-9350-b870f4a8f680

    Error - 15/06/2012 12:41:26 | Computer Name = Miry-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 04/11/2012 19:11:38 | Computer Name = Miry-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Intel(R)
    Management and Security Application Local Management Service service to connect.

    Error - 04/11/2012 19:11:38 | Computer Name = Miry-PC | Source = Service Control Manager | ID = 7000
    Description = The Intel(R) Management and Security Application Local Management
    Service service failed to start due to the following error: %%1053

    Error - 04/11/2012 19:11:38 | Computer Name = Miry-PC | Source = Service Control Manager | ID = 7001
    Description = The Intel(R) Management and Security Application User Notification
    Service service depends on the Intel(R) Management and Security Application Local
    Management Service service which failed to start because of the following error:
    %%1053

    Error - 04/11/2012 19:14:32 | Computer Name = Miry-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 00:13:30 on ?05/?11/?2012 was unexpected.

    Error - 04/11/2012 19:16:55 | Computer Name = Miry-PC | Source = Service Control Manager | ID = 7023
    Description = The HP Network Devices Support service terminated with the following
    error: %%126

    Error - 04/11/2012 19:16:55 | Computer Name = Miry-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Intel(R)
    Management and Security Application Local Management Service service to connect.

    Error - 04/11/2012 19:16:55 | Computer Name = Miry-PC | Source = Service Control Manager | ID = 7000
    Description = The Intel(R) Management and Security Application Local Management
    Service service failed to start due to the following error: %%1053

    Error - 04/11/2012 19:17:02 | Computer Name = Miry-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Intel(R)
    Management and Security Application Local Management Service service to connect.

    Error - 04/11/2012 19:17:02 | Computer Name = Miry-PC | Source = Service Control Manager | ID = 7000
    Description = The Intel(R) Management and Security Application Local Management
    Service service failed to start due to the following error: %%1053

    Error - 04/11/2012 19:17:02 | Computer Name = Miry-PC | Source = Service Control Manager | ID = 7001
    Description = The Intel(R) Management and Security Application User Notification
    Service service depends on the Intel(R) Management and Security Application Local
    Management Service service which failed to start because of the following error:
    %%1053


    < End of report >
  16. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    If IE connects just fine you'll have to reinstall other programs which are having problems.
    Do so and let me know how it goes.
  17. Nicole112

    Nicole112 Newcomer, in training Topic Starter Posts: 26

    Ok, I just uninstalled Google Chrome, and I tried to install it again. I was able to downoad the kit, but when I ran it, it cannot update "installation failed with error 0x80072ee4". With IE I can download programs, but if they need internet to install or run, it won't work...
  18. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Please download Farbar Service Scanner Download Link and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    ============================

    Please download MiniToolBox, save it to your desktop and run it.

    Checkmark following boxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Devices (do NOT change any settings)
    • List Users, Partitions and Memory size
    Click Go and post the result.
  19. Nicole112

    Nicole112 Newcomer, in training Topic Starter Posts: 26

    FSS Log:


    Farbar Service Scanner Version: 04-11-2012
    Ran by Miry (administrator) on 05-11-2012 at 01:58:05
    Running from "C:\Users\Miry\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
    LAN connected.
    Attempt to access Google IP returned error. Other errors
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error. Other errors
    Attempt to access Yahoo.com returned error: Other errors

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****


    MiniToolBox Log:


    MiniToolBox by Farbar Version: 23-07-2012
    Ran by Miry (administrator) on 05-11-2012 at 01:59:42
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************
    ========================= Flush DNS: ===================================
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    ========================= IE Proxy Settings: ==============================
    Proxy is not enabled.
    No Proxy Server is set.
    ========================= Hosts content: =================================
    127.0.0.1 localhost
    ========================= IP Configuration: ================================
    Broadcom 802.11n Network Adapter = Wireless Network Connection (Connected)
    Broadcom NetLink (TM) Gigabit Ethernet = Local Area Connection (Media disconnected)
    Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003

    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4
    reset
    set global

    popd
    # End of IPv4 configuration

    Windows IP Configuration
    Host Name . . . . . . . . . . . . : Miry-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    Wireless LAN adapter Wireless Network Connection:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
    Physical Address. . . . . . . . . : CC-AF-78-06-59-30
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::4564:58ce:3dbb:7527%12(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred)
    Subnet Mask . . . . . . . . . . . : 0.0.0.0
    Lease Obtained. . . . . . . . . . : 05 November 2012 00:15:56
    Lease Expires . . . . . . . . . . : 08 November 2012 01:41:43
    Default Gateway . . . . . . . . . : 192.168.1.1
    DHCP Server . . . . . . . . . . . : 192.168.1.1
    DHCPv6 IAID . . . . . . . . . . . : 399290232
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-B3-F2-B7-B8-70-F4-A8-F6-80
    DNS Servers . . . . . . . . . . . : 192.168.1.1
    NetBIOS over Tcpip. . . . . . . . : Enabled
    Ethernet adapter Local Area Connection:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
    Physical Address. . . . . . . . . : B8-70-F4-A8-F6-80
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter isatap.{160DDB86-8F34-4BD3-963B-6BF10F324F58}:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter isatap.{69BB2179-BC30-48A1-AC0A-0A960D9C6BB5}:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter Teredo Tunneling Pseudo-Interface:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:423:d03:3f57:fefa(Preferred)
    Link-local IPv6 Address . . . . . : fe80::423:d03:3f57:fefa%13(Preferred)
    Default Gateway . . . . . . . . . : ::
    NetBIOS over Tcpip. . . . . . . . : Disabled
    Server: UnKnown
    Address: NULL
    Unable to initialize Windows Sockets interface. Destination address unreachable.
    Server: UnKnown
    Address: NULL
    Unable to initialize Windows Sockets interface. Destination address unreachable.
    Server: UnKnown
    Address: NULL
    Unable to initialize Windows Sockets interface. Destination address unreachable.
    Unable to initialize Windows Sockets interface. Destination address unreachable.
    ========================= Winsock entries =====================================
    Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog5 02 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
    Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
    Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
    Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
    Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    x64-Catalog5 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
    x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 05 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
    x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
    x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
    x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    ========================= Event log errors: ===============================
    Application errors:
    ==================
    Error: (11/05/2012 00:15:03 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (11/05/2012 00:09:26 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (11/04/2012 08:10:11 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (11/04/2012 09:25:38 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (11/03/2012 11:58:08 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (11/03/2012 06:51:46 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Error: (11/03/2012 06:45:46 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (11/03/2012 01:02:01 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (11/03/2012 11:20:25 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (11/03/2012 11:17:49 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    System errors:
    =============
    Error: (11/05/2012 00:17:02 AM) (Source: Service Control Manager) (User: )
    Description: The Intel(R) Management and Security Application User Notification Service service depends on the Intel(R) Management and Security Application Local Management Service service which failed to start because of the following error:
    %%1053
    Error: (11/05/2012 00:17:02 AM) (Source: Service Control Manager) (User: )
    Description: The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error:
    %%1053
    Error: (11/05/2012 00:17:02 AM) (Source: Service Control Manager) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect.
    Error: (11/05/2012 00:16:55 AM) (Source: Service Control Manager) (User: )
    Description: The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error:
    %%1053
    Error: (11/05/2012 00:16:55 AM) (Source: Service Control Manager) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect.
    Error: (11/05/2012 00:16:55 AM) (Source: Service Control Manager) (User: )
    Description: The HP Network Devices Support service terminated with the following error:
    %%126
    Error: (11/05/2012 00:14:32 AM) (Source: EventLog) (User: )
    Description: The previous system shutdown at 00:13:30 on ?05/?11/?2012 was unexpected.
    Error: (11/05/2012 00:11:38 AM) (Source: Service Control Manager) (User: )
    Description: The Intel(R) Management and Security Application User Notification Service service depends on the Intel(R) Management and Security Application Local Management Service service which failed to start because of the following error:
    %%1053
    Error: (11/05/2012 00:11:38 AM) (Source: Service Control Manager) (User: )
    Description: The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error:
    %%1053
    Error: (11/05/2012 00:11:38 AM) (Source: Service Control Manager) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect.

    Microsoft Office Sessions:
    =========================
    Error: (11/05/2012 00:15:03 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (11/05/2012 00:09:26 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (11/04/2012 08:10:11 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (11/04/2012 09:25:38 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (11/03/2012 11:58:08 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (11/03/2012 06:51:46 PM) (Source: SideBySide)(User: )
    Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Miry\Downloads\SoftonicDownloader_for_trojan-remover.exe
    Error: (11/03/2012 06:45:46 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (11/03/2012 01:02:01 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (11/03/2012 11:20:25 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (11/03/2012 11:17:49 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    ========================= Devices: ================================

    ========================= Memory info: ===================================
    Percentage of memory in use: 54%
    Total physical RAM: 3947.86 MB
    Available physical RAM: 1808.25 MB
    Total Pagefile: 7893.91 MB
    Available Pagefile: 5706.83 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 3958.43 MB
    ========================= Partitions: =====================================
    1 Drive c: (Acer) (Fixed) (Total:70.01 GB) (Free:14.29 GB) NTFS
    2 Drive d: () (Fixed) (Total:178.45 GB) (Free:18.07 GB) NTFS
    3 Drive e: () (Fixed) (Total:202.2 GB) (Free:19.19 GB) NTFS
    ========================= Users: ========================================
    User accounts for \\MIRY-PC
    Administrator Guest Miry
    UpdatusUser

    **** End of log ****
  20. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Go Start>Run (Start search in Vista and 7), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.
    Post new FSS log.
  21. Nicole112

    Nicole112 Newcomer, in training Topic Starter Posts: 26

    I don't know if it will help with the probem, but when the computer starts, I get this error: "The TCP/IP protocol is not installed properly". I started to get this when The problem appeard, and I still do, after the last restart.

    Here is the FSS log:

    Farbar Service Scanner Version: 04-11-2012
    Ran by Miry (administrator) on 05-11-2012 at 02:19:38
    Running from "C:\Users\Miry\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
    LAN connected.
    Attempt to access Google IP returned error. Other errors
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error. Other errors
    Attempt to access Yahoo.com returned error: Other errors

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
  22. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Did you perform steps from my previous reply?
    Did they complete successfully?
  23. Nicole112

    Nicole112 Newcomer, in training Topic Starter Posts: 26

    Yes, I ran cmd as an administrator (the path was Windows/system32) and both of them had possitive results, and told me to restart in order to be ok. I did, and then the error as usual appeard, and I ran FSS again. (The window error upper bar says: BackupManagerTray)
  24. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    It may be a winsock problem but I also see possibly bad DNS entry.
    Are you located in Romania?
  25. Nicole112

    Nicole112 Newcomer, in training Topic Starter Posts: 26

    Curently no, I am in Italy till December. Been here for over a month now.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.