Page 2 of 2 First 12
  1. #21

    Re: [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes

    QuickScan 32-bit v0.9.9.119
    ---------------------------
    Scan date: Sat Jul 05 05:36:19 2014
    Machine ID: C44B41B1



    No infection found.
    -------------------



    Processes
    ---------
    ADSMTray 3412 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    CyberLink MediaLibray Service 3692 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    Firefox 4196 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Firefox 5508 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    IEMonitor Application 1500 C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    Internet Download Manager (IDM) 3088 C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    Malwarebytes Anti-Exploit 3472 C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    NVIDIA GeForce Experience 2912 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    Skype 2856 C:\Program Files (x86)\Skype\Phone\Skype.exe
    (verified) ASUS Screen Saver Protector 3696 C:\Windows\AsScrPro.exe


    Network activity
    ----------------
    Process Skype.exe (2856) connected on port 40010 --> 65.55.223.42
    Process Skype.exe (2856) connected on port 12350 --> 157.56.116.200
    Process Skype.exe (2856) connected on port 443 (HTTP over SSL) --> 157.56.126.111
    Process Skype.exe (2856) connected on port 6499 --> 24.47.177.52
    Process firefox.exe (4196) connected on port 443 (HTTP over SSL) --> 63.245.215.42
    Process firefox.exe (4196) connected on port 443 (HTTP over SSL) --> 63.245.215.42
    Process firefox.exe (4196) connected on port 80 (HTTP) --> 37.59.67.149
    Process firefox.exe (4196) connected on port 80 (HTTP) --> 37.59.67.149
    Process firefox.exe (4196) connected on port 80 (HTTP) --> 37.59.67.149
    Process firefox.exe (4196) connected on port 80 (HTTP) --> 37.59.67.149

    Process Skype.exe (2856) listens on ports: 80 (HTTP), 443 (HTTP over SSL), 34918


    Autoruns and critical files
    ---------------------------
    FileHippo.com Update Checker C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
    Internet Download Manager (IDM) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    Malwarebytes Anti-Exploit C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    Mozilla Firefox C:\Program Files (x86)\Mozilla Firefox
    NVIDIA Streamer c:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll
    Skype C:\Program Files (x86)\Skype\Phone\Skype.exe
    (verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    (verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe


    Browser plugins
    ---------------
    Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    Bitdefender QuickScan C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\y3qdajn6.default-1404230161963\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
    Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
    Google Earth Plugin C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    Google Update C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
    Internet Download Manager Module c:\program files (x86)\internet download manager\idmiecc.dll
    Internet Explorer C:\Windows\SysWOW64\ieframe.dll
    Java Deployment Toolkit 7.0.600.19 C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
    Java(TM) Platform SE 7 U60 C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    Java(TM) Platform SE 7 U60 c:\program files (x86)\java\jre7\bin\ssv.dll
    Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
    Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
    Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
    npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    NPSWF32_14_0_0_139.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_139.dll
    NVIDIA 3D VISION C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    Qualys BrowserCheck Plugin C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk\1.9.20.1_0\npqbc.dll
    RealJukebox NS Plugin c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
    RealNetworks(tm) Chrome Background Exte C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    VLC Web Plugin C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    (unsigned) NVIDIA 3D Vision C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    (unsigned) RealPlayer Version Plugin c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
    (unsigned) RealPlayer(tm) HTML5VideoShim Plug-In ( C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    (unsigned) Shockwave for Director C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll

    (verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\system32\wshbth.dll


    Missing files
    -------------
    File not found: c:\program files (x86)\java\jre7\bin\jp2ssv.dll
    --> HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InprocServer32\"(default)"


    Scan
    ----
    MD5: 14365399e83d7bc15760e8676e890c87 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    MD5: 3eccdd3fe310dd8f82d085447089adb0 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    MD5: 4c016fd76ed5c05e84ca8cab77993961 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
    MD5: 7910158929571214a959d5a6d16dd9c0 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    MD5: 2371027f8a83503b8ae73b9dc432fa68 C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
    MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
    MD5: b362181ed3771dc03b4141927c80f801 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    MD5: 221564cc7be37611fe15eacf443e1bf6 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    MD5: 4355cf8bd07b0e48c111fc3d2f36d313 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
    MD5: 57b4d34232852bfe4453be571df90d21 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    MD5: a1a6fc56a1d0dadc164637fe43c40605 C:\Program Files (x86)\CyberLink\Power2Go\MSVCR71.dll
    MD5: d72d08898e2ba14b8fd6e9533c714385 C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
    MD5: 5b92cb0a3eee50f6b9ae036b4f9b0f0c C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    MD5: fb5621842fdabf9f8359775573498fbc C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
    MD5: a1c148801b4af64847aeb9f3ad9594ef C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    MD5: 41118d920b2b268c0adc36421248cdcf C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    MD5: 372f85e458209cf202b8bedc68d0ae84 C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    MD5: c79df3ff9f779a7aef7fb84910d5596a C:\Program Files (x86)\Internet Download Manager\idmcchandler2.dll
    MD5: 0ed902533b7418e4bb62302ff0213425 c:\program files (x86)\internet download manager\idmiecc.dll
    MD5: 3b2574a4bcaab325288db198e4b9cae6 C:\Program Files (x86)\Internet Download Manager\idmmkb.dll
    MD5: bd95e822e7a958bbca842d078426a151 C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    MD5: b5371d2c9017eee216b5361d600b3543 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    MD5: 7bf7103176dbfc80a31e275f7ed7918c C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
    MD5: 6897943e58d779d1c7cb74191931b1d5 C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    MD5: a2ee57eff61ae2d6bda7e83090d170d0 c:\program files (x86)\java\jre7\bin\ssv.dll
    MD5: a542fb84be5d4b1bb1d3e6544925709c C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-api.dll
    MD5: 4bc55ed4e547ad01f692853ae208461a C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
    MD5: 2b6d8c932bdfcf135b72a3cf533f2439 C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll
    MD5: 07df8f51bce3b5556e2cb44e69f5d7c5 C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    MD5: 3be1c5810e4873962ce0feadea9f32c5 C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
    MD5: d84aea3f3329d622dfc1297dddf6163b C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    MD5: 4f45ed469906494f9bf754e476390dbd C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    MD5: 77551f57862c57e0e25f3b6227bdd37e C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
    MD5: 21565a394b054cb03a3d6e14c81c89db C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    MD5: bae3765c880d48da698bce55f49434ac C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
    MD5: d4d46ff27c82e1a275e0bb5bea49e0af C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
    MD5: 5b3500a707abf216306ceb0ec68c0985 C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
    MD5: 5f760596918f8bc0b8ae1730c176c171 C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
    MD5: 1654d1de315f297c4fdafc12b0c0e64d C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
    MD5: b68a9a56857298e9d9790e8b0dff1ed6 C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
    MD5: 24087de9426abc52d733b06eeb71f8bc C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
    MD5: b3e49cd5ba2c57c46a2857476ee49aef C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MD5: 03e9314004f504a14a61c3d364b62f66 C:\Program Files (x86)\Mozilla Firefox\MSVCP100.dll
    MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files (x86)\Mozilla Firefox\MSVCR100.dll
    MD5: 9ba049fa902a094e29fce7b5bd4716ec C:\Program Files (x86)\Mozilla Firefox\nss3.dll
    MD5: e5867ac469f33723ae4ca603832cd3ca C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
    MD5: 267a50aca93a83993cb1fd140620efe4 C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
    MD5: 6a08fa0fa8ddd10bb800484b7123127f C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    MD5: 33839ca6cc3fd43400ecaec4d73c74e2 C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    MD5: 0a2efe39806ed2606474afbab99f0d75 C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
    MD5: 7cc2abb1428877c460272ca0fe2e13a7 C:\Program Files (x86)\Mozilla Firefox\xul.dll
    MD5: 9e6d9d03c6d802e8ff2cdffae7df6aad C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    MD5: 545e63ee9b530bdd10aaf477a8dd7c63 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    MD5: 7ee6b6e962fd9e02bbdbf15052e0576d C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    MD5: 48c8ba301bad0c4a23ab3dcba2a29f69 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
    MD5: c6a168deaa5c3090a8399e16ce0ea592 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
    MD5: a6876fdc7216b1faee1335e4aa361240 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStereoApiI.dll
    MD5: 056ef5c4af4bd002aeae417412c8eb71 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    MD5: 15378e660b6ecfe704074748e050b056 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    MD5: b6892768c986588d6e924f5c2e2ebe15 c:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll
    MD5: f7b9148f6e0db4f722634452dff578e0 c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
    MD5: 692c1cc6a09fde9f356524dd0d0391b8 c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
    MD5: 449e6cd914920b84dddf0f12880411ee C:\Program Files (x86)\Skype\Phone\Skype.exe
    MD5: 0ca4180b21c6b728578f3b0433bb740e C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    MD5: 7b4c82899a967a7eb22dab502770ae8e C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    MD5: f0e80e561c3f715db01accc97b72463a C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    MD5: f9d908de6b166dac9b89bf62fa291ce8 C:\Program Files\Bonjour\mdnsNSP.dll
    MD5: ebbcd5dfbb1de70e8f4af8fa59e401fd C:\Program Files\Bonjour\mDNSResponder.exe
    MD5: af528b4eca925f63d437f76e87d8971d C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
    MD5: 357cabbf155afd1d3926e62539d2a3a7 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    MD5: 4cb575d97653fa91ffb02da3105eb084 C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    MD5: 835fc2ea0631b734bb06c12b0665f01d C:\Program Files\iPod\bin\iPodService.exe
    MD5: 7a2a8c975356858eb38466a6b1592e8d C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
    MD5: 912602bb857f31baad644c993d0e5f8d C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    MD5: 3170fdfa0cce1d9133b6546315d11983 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    MD5: 76c5adfe97a6960d0851522ea7aa5af4 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    MD5: 0ade25d0fb771b95e7021766d9eca32b C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk\1.9.20.1_0\npqbc.dll
    MD5: 4a5ec99b7a300946e15adbd8d303ab59 C:\Users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\logging.dll
    MD5: ab09ce954c647f3c2b4328b57d519996 C:\Users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\MSVCP110.dll
    MD5: 80e987dbe08677e2ec09615cd4358607 C:\Users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\MSVCR110.dll
    MD5: 1c1bb3dd5cb3714d3810b0c035b29a99 C:\Users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
    MD5: 1f1c57ba9954d396144760193e25c3b1 C:\Users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\Telemetry.dll
    MD5: e16b8626c385d20e428006916bcdb6c8 C:\Users\ali\AppData\Roaming\IDM\idmmzcc5\components10\idmmzcc.dll
    MD5: c9e3864fb9cbfa93d9010bcfe18a5697 C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\y3qdajn6.default-1404230161963\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    MD5: c4002b6b41975f057d98c439030cea07 C:\Windows\ehome\ehRecvr.exe
    MD5: 332feab1435662fc6c672e25beb37be3 C:\Windows\Explorer.exe
    MD5: 9a262edd17f8473b91b333d6b031a901 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    MD5: 4aedab50f83580d0b4d6cf78191f92aa C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    MD5: 21318671bcad3acf16638f98d4d00973 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    MD5: e87213f37a13e2b54391e40934f071d0 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    MD5: b53bbeb3a90030adcd8fcec26ab0e65b C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    MD5: cfcd9edb4b54653b767ebdf722ba8309 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    MD5: 4810bdb223adbef09c6a96153f7b9987 C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    MD5: 05635e9f41c3ed112e48b06a039c0b3d C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    MD5: ca9bf20c89804ddf90b77186e9c4053d C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    MD5: 6ab46ceebd62287b3cac9cabf35c0b31 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    MD5: c1b384335b462d49d44a36eef3d84458 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    MD5: 9bb5788e5403adb0fbec56c12fdf01f6 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    MD5: e1364901e2db1d50069b3c7d3167d788 C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    MD5: c204a714c587e5935d93818357c5f2f1 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    MD5: ab19dc0b708cfda06567b1428d5ebe16 C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    MD5: 4d338a4961c16ce062725508a43392ad C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    MD5: 1f89ee12d56d833d0bf4b8070d213a27 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    MD5: f8664c3b4a7365773312eae6593e7525 C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    MD5: 6f482e6ba305ab471d0baf728bc75310 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    MD5: 541f08d2a39affbd938c76137407d286 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    MD5: 9ceba869447b1e338631db05493c21ce C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    MD5: c74df35f56ca85075060ed2a715d776a C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    MD5: 5ea6870fe09f75d92e26a2614a756659 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    MD5: b28490ac5caabf0bf796a49946300f67 C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    MD5: 65e14c022a7e3a70c7fd2627ef75b4d6 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    MD5: c7280f39f0e4ed5ddb97630b59c1a804 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    MD5: e515b51caa7ce378ca9419ee9b07cd2f C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    MD5: 232e3a49a5897afda0881f3d2a1ad98a C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    MD5: 46237f5c64ca4638024e341be2ad1d19 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    MD5: ccba7f264a5259df5f6915cbefc453c9 C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    MD5: c3566123385c8ff53bffe4d7413f6290 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    MD5: ff41cf91302c9c12bc2abd41989ddeb5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    MD5: 088cf5b6380fb9002f2a4246f812225d C:\Windows\system32\asycfilt.dll
    MD5: 5fc2d30c05487b480c2a154d5d281ba0 C:\Windows\system32\Connect.dll
    MD5: 2a86c18ce6869c77fceb62f3b47d4d5b C:\Windows\system32\credssp.dll
    MD5: 14800bd31701a5047ac3145bb1e698ae C:\Windows\system32\d2d1.dll
    MD5: 3c1936a12c62254f914a01bbc6a8dc69 C:\Windows\system32\d3d10_1.dll
    MD5: d4212ab475a3b25ec4df574536c3edc5 C:\Windows\system32\d3d10_1core.dll
    MD5: d96106cf60505734b14f6ae80aaa4b07 C:\Windows\system32\D3D10Warp.dll
    MD5: d4f264fe23f8953d840904418220c15e C:\Windows\system32\dxgi.dll
    MD5: f0d0e883ebbdc7615dc9edea0ffb2817 C:\Windows\System32\fwpuclnt.dll
    MD5: 298fde634538b62ceeec266d8773b21a C:\Windows\system32\msls31.dll
    MD5: 0e37fbfa79d349d672456923ec5fbbe3 C:\Windows\system32\MSVCR100.dll
    MD5: e94c583cde2348950155f2af2876f34d C:\Windows\system32\mswsock.dll
    MD5: ad7fb087a238883d1618f29f7bbbd584 C:\Windows\system32\ncrypt.dll
    MD5: eab975db4c2805927fe5bd047d05c9aa C:\Windows\system32\netshell.dll
    MD5: 086f19d0444f20725b585c7c1bacb6af C:\Windows\system32\nvwgf2um.dll
    MD5: 75e8ebd7040ce238684333f97014762a C:\Windows\System32\webclnt.dll
    MD5: a054ea8fbe16d4d34f06d81a4f0088e2 C:\Windows\system32\windowscodecs.dll
    MD5: 6c4b2e1a25841077084eb9f76ff6ffa7 C:\Windows\system32\wmp.dll
    MD5: 02df0628be8b64b84d50fbe53549aa3b C:\Windows\system32\wmploc.dll
    MD5: ae7b288233c212c62cd544bf768c45e6 C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
    MD5: d67472125471784de7147946eda25feb C:\Windows\syswow64\ADVAPI32.dll
    MD5: 6951562dc4625eefc6eacd52ad165866 C:\Windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    MD5: cc09e0c9a2d89c6e71d093dc8bd121b7 C:\Windows\syswow64\CRYPT32.dll
    MD5: 56e3313690866f99cd17aa1342f64ae1 C:\Windows\syswow64\GDI32.dll
    MD5: 688227d38a6ff6403b293d0c50b454b9 C:\Windows\SysWOW64\ieframe.dll
    MD5: 9eaab4305536829d6b7d9c3a47e92861 C:\Windows\syswow64\iertutil.dll
    MD5: c58e97eeb1cb80ce91d5e7fd5e78794f C:\Windows\SysWOW64\jscript9.dll
    MD5: 76161b9d78a275f8f28dd67436013110 C:\Windows\syswow64\kernel32.dll
    MD5: 461b713de7f353c6447b744f1a049930 C:\Windows\syswow64\KERNELBASE.dll
    MD5: cc23295da8f7b5c53f93804d2f5d30eb C:\Windows\syswow64\LPK.dll
    MD5: cf778f22a20b47402397f9b4b330f1d1 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_139.dll
    MD5: d5ecbb3bfdc73a59440d9ca79ab3a342 C:\Windows\SysWOW64\mshtml.dll
    MD5: a2b0924d50f4435fd389499047ce553a C:\Windows\SysWOW64\ntdll.dll
    MD5: 828185688fdaae6c7959b884abed1766 C:\Windows\SysWOW64\schannel.dll
    MD5: c94ce65ae7701e9fdba889045543e27c C:\Windows\syswow64\Secur32.dll
    MD5: e9d88493fbdb36d4b65c6f2f7f122c95 C:\Windows\syswow64\SHELL32.dll
    MD5: 75878492f2b33405eef900f8c16c6d08 C:\Windows\syswow64\SspiCli.dll
    MD5: 0afce8eef3751810fe2101fd608fb8b3 C:\Windows\syswow64\URLMON.DLL
    MD5: a5f833506bf6a1b5d693e1499dee2444 C:\Windows\syswow64\USP10.dll
    MD5: 771cdbc3d62437d6db070820bb1edccf C:\Windows\syswow64\WININET.dll
    MD5: ee19c85ca685a275be346ec41f1870f9 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll


    No file uploaded.

    Scan finished - communication took 1 sec
    Total traffic - 0.01 MB sent, 0.49 KB recvd
    Scanned 352 files and modules - 30 seconds

    ==============================================================================


    • Ad Bot

      advertising
      Beep.

        
       

  2. #22
    niemiro's Avatar
    Join Date
    Mar 2012
    Location
    District 12
    Posts
    7,865

    Re: [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes

    Quote Originally Posted by malis2007 View Post
    btw, i face also a problem in "Microsoft Visual Basic 2010 Express - ENU" which is whenever i try to debug i get this error:

    Attachment 8482

    i used to play with services long time ago, and sometimes with "Microsoft Visual Basic 2010 Express - ENU's" settings.
    tried to reinstall (Microsoft Visual Basic 2010 Express - ENU) and repair it.. but still.

    is this related somehow? i would be greatly happy if you could find a solution for me. as i searched and tried a lot of stuff but still :/
    This particular error message isn't a problem with your own code and is not particular to any specific project you're currently working on. Instead, it looks to be a problem with your current installation. I notice that you've using the Express Edition, but your installed program listings from earlier also included "Microsoft Visual Studio Ultimate 2012". Where did you get it from? Since that particular edition of Visual Studio usually costs many thousands of pounds, I'm guessing it's not directly purchased??? There are several legitimate sources of this edition for free or reduced prices (some schools and employers give it away for free for example - hence why I'm asking where it came from), but it's also possible that it's a cracked version. If it was downloaded off the internet, that's almost certainly the source of your troubles with the Express Edition. In such a situation, I would advise you to completely uninstall every single edition of Visual Studio you currently have, then put back on just the Express Edition. You don't need the Ultimate Edition anyway. The only bits it adds is lots of stuff for corporate networks, bits for working in large teams with hundreds of programmers, advanced unit testing modules for automated testing of large programs, etc.

    The reality is that you don't need any of this stuff. The Express Edition will do everything you need it to. Most importantly though, you need it to work. Hence why I think you should uninstall all of the Visual Studio stuff you currently have and just reinstall the Express Edition. Hopefully that will resolve your issue.

    Richard
    malis2007 says thanks for this.

  3. #23

    Re: [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes

    hey there, thanks for your help. :)
    i did already uninstalled all the programming stuff in found in the programs and features list and reinstalled vb2010 express before posting the previous reply.
    but i still have the problem(i mean it occurs but not in all projects) for example,
    this project(mine<made it in my own compute yesterday>) works when i debug it:
    MathG
    but this project(someone else made it and needed my help with) doesn't work for me while debugging(as it gives me the error i had shown you before):
    Rconfort

    Thanks alot guys for your help.

  4. #24
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,836

    Re: [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes

    Let's see fresh DDS logs. Please do the following:
    • Disable any script blocker and then double-click dds.scr to run.
    • Shortly after two logs will appear, DDS.txt & Attach.txt
    • The logs will automatically be saved to your desktop.
    • Copy the contents of both logs & post in your next reply


    Thank you.
    malis2007 says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #25

    Re: [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes

    i only have a file called "dds.com" is it the same as "dds.scr"? :/

    DDS.txt log file:

    ========================================================================================

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: BrowserJavaVersion: 10.60.2
    Run by ali at 19:56:34 on 2014-07-05
    Microsoft Windows 7 Home Premium 6.1.7601.1.1256.20.1033.18.6069.3937 [GMT 2:00]
    .
    AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
    FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\FBAgent.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\CISVC.EXE
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
    C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Users\ali\AppData\Local\MEDIAF~2\MFUSNM~1.EXE
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    C:\Users\ali\AppData\Local\MediaFire Desktop\mf_watch.exe
    C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
    C:\Users\ali\AppData\Local\MediaFire Desktop\mf_hub.exe
    C:\Users\ali\AppData\Local\MediaFire Desktop\mf_interface.exe
    C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    C:\Users\ali\AppData\Local\MediaFire Desktop\MediaFire Desktop.exe
    C:\Users\ali\AppData\Local\MediaFire Desktop\mf_dialogs.exe
    C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Users\ali\AppData\Local\MediaFire Desktop\mf_filetransfer.exe
    C:\Users\ali\AppData\Local\MediaFire Desktop\mf_browser.exe
    C:\Users\ali\AppData\Local\MediaFire Desktop\mf_central_control.exe
    C:\Users\ali\AppData\Local\MediaFire Desktop\mf_monitor.exe
    C:\Windows\explorer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mDefault_Page_URL = hxxp://www.google.com
    BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    EB: {3142C289-F319-47F5-A594-A827028714C9} - <orphaned>
    uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
    uRun: [MediaFire Tray] C:\Users\ali\AppData\Local\MediaFire Desktop\mf_watch.exe
    mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    uPolicies-Explorer: NoDriveAutoRun- = dword:0
    uPolicies-Explorer: NoDriveTypeAutoRun- = dword:0
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:253
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:253
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveAutoRun- = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun- = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1374545831534
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1374021286188
    TCP: NameServer = 41.128.225.225 41.128.225.226
    TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586} : NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
    TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586} : DHCPNameServer = 41.128.225.225 41.128.225.226
    TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}\16C696 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}\353343E4 : NameServer = 208.67.222.123,208.67.220.123,192.168.1.1
    TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}\353343E4 : DHCPNameServer = 192.168.43.1
    TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}\C696E6B6 : DHCPNameServer = 41.128.225.225 41.128.225.226
    TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}\D416C69637 : DHCPNameServer = 197.199.255.254 217.52.47.130
    TCP: Interfaces\{8A68948D-B161-4ED7-8BBE-9F3776C9E0DF}\16C696 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{D13B58AE-512F-4510-A695-2D1472BC76B5}\16C696 : DHCPNameServer = 213.131.66.248 213.131.65.20
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
    x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    Hosts: 127.0.0.1 ads.mcafee.com
    Hosts: 127.0.0.1 directads.mcafee.com
    Hosts: 127.0.0.1 analytics.microsoft.com
    Hosts: 127.0.0.1 metrics.bitdefender.com
    Hosts: 127.0.0.1 metrics.mcafee.com
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\y3qdajn6.default-1404230161963\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\y3qdajn6.default-1404230161963\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_139.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-9-17 62136]
    R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2013-6-24 56016]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2010-8-16 24680]
    R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-9-17 44120]
    R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-7-5 62392]
    R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-11-20 379520]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-9-12 1337752]
    R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-6-18 180136]
    R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-7-5 360592]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-30 1809720]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-30 860472]
    R2 MF NTFS Monitor;MediaFire NTFS Monitor;C:\Users\ali\AppData\Local\MEDIAF~2\MFUSNM~1.EXE [2014-7-5 456504]
    R2 mfmonitor;mfmonitor;C:\Windows\System32\drivers\mfmonitor_x64.sys [2014-7-5 20696]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-7-1 14984480]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-17 13832]
    R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-20 2314240]
    R3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-5-3 44032]
    R3 bcbtums;Bluetooth USB LD Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-8-9 170712]
    R3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2013-8-9 166104]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-11-20 35104]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-7-21 129024]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-11-8 249584]
    R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-11-8 77040]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-20 56344]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-30 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-30 122584]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-30 63704]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-7-1 39712]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
    S3 ERmvrDrv;ESET standalone malware removal tool kernel-mode driver;C:\Windows\System32\drivers\ERKRmvrDrv.sys [2013-8-12 44120]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-6-19 57840]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
    S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-2-6 32152]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-30 111616]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-24 19456]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 ST330;ST330;C:\Windows\System32\drivers\st330.sys [2011-3-22 47616]
    S3 STBUS;STBUS;C:\Windows\System32\drivers\stbus.sys [2011-3-22 24576]
    S3 STETH;SpeedTouch Ethernet Adapter NT Driver;C:\Windows\System32\drivers\steth.sys [2011-3-22 58880]
    S3 stppp;Speedtouch PPP Adapter Adapter;C:\Windows\System32\drivers\stppp.sys [2012-4-14 54272]
    S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-1-10 42184]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-30 56832]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2012-4-3 117040]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-4 1255736]
    S4 BcmBtRSupport;Bluetooth Driver Management Service;C:\Windows\System32\BtwRSupportService.exe [2013-8-9 2252504]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
    S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
    .
    =============== File Associations ===============
    .
    ShellExec: FRONTPG.EXE: edit=C:\PROGRA~2\Office10\FRONTPG.EXE
    .
    =============== Created Last 30 ================
    .
    2019-10-09 08:40:57 -------- d-----w- C:\Users\ali\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
    2014-07-05 16:34:02 -------- d-----r- C:\Users\ali\MediaFire
    2014-07-05 16:33:18 -------- d--h--w- C:\Users\ali\.mediafire
    2014-07-05 12:45:05 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6FFDEDA4-C3B7-4C46-934A-0918F961918D}\offreg.dll
    2014-07-05 12:36:44 -------- d-----w- C:\Program Files (x86)\MediaFire Desktop
    2014-07-05 12:36:24 20696 ----a-w- C:\Windows\System32\drivers\mfmonitor_x64.sys
    2014-07-05 12:36:01 -------- d-----w- C:\Users\ali\AppData\Local\MediaFire Desktop
    2014-07-05 12:35:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Exploit
    2014-07-05 04:41:32 -------- d-----w- C:\Program Files (x86)\MathG
    2014-07-05 01:36:03 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6FFDEDA4-C3B7-4C46-934A-0918F961918D}\mpengine.dll
    2014-07-05 01:23:48 -------- d-----w- C:\Windows\Migration
    2014-07-05 01:04:01 24429168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
    2014-07-04 13:59:36 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
    2014-07-04 13:59:36 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
    2014-07-04 13:59:32 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
    2014-07-04 13:56:25 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
    2014-07-04 01:34:09 -------- dcsh--w- C:\$RECYCLE.BIN
    2014-07-04 01:29:49 -------- d-----w- C:\Users\ali\AppData\Local\temp
    2014-07-04 01:16:46 98816 ----a-w- C:\Windows\sed.exe
    2014-07-04 01:16:46 256000 ----a-w- C:\Windows\PEV.exe
    2014-07-04 01:16:46 208896 ----a-w- C:\Windows\MBR.exe
    2014-07-04 01:16:42 -------- dc----w- C:\ComboFix
    2014-07-03 17:59:14 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
    2014-07-03 17:58:24 -------- dc----w- C:\AdwCleaner
    2014-07-02 20:36:42 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
    2014-07-02 19:51:30 -------- d-----w- C:\ProgramData\Malwarebytes Anti-Exploit
    2014-07-02 19:32:07 -------- dc----w- C:\SUPERDelete
    2014-07-02 19:16:22 -------- d-----w- C:\Users\ali\AppData\Local\Innovative Solutions
    2014-07-02 19:16:19 -------- d-----w- C:\Program Files (x86)\Innovative Solutions
    2014-07-02 15:18:15 -------- d-----w- C:\Users\ali\AppData\Local\uGet
    2014-07-02 13:21:50 -------- d-----w- C:\Program Files (x86)\VirusTotalUploader2
    2014-07-02 13:10:57 -------- d-----w- C:\ProgramData\SecTaskMan
    2014-07-02 12:13:46 -------- d-----w- C:\Users\ali\AppData\Local\Skype
    2014-07-01 23:43:04 -------- d-sh--w- C:\Users\ali\AppData\Local\EmieUserList
    2014-07-01 23:43:04 -------- d-sh--w- C:\Users\ali\AppData\Local\EmieSiteList
    2014-07-01 21:56:17 -------- d-----w- C:\Program Files\iPod
    2014-07-01 21:56:15 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-07-01 21:56:15 -------- d-----w- C:\Program Files\iTunes
    2014-07-01 21:56:15 -------- d-----w- C:\Program Files (x86)\iTunes
    2014-07-01 21:17:30 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-07-01 21:17:30 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-07-01 20:47:03 -------- d-----w- C:\Windows\en
    2014-07-01 20:46:36 -------- d-----w- C:\Windows\ar
    2014-07-01 20:43:49 -------- dc----w- C:\NvidiaLogging
    2014-07-01 20:39:00 39712 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
    2014-07-01 20:38:59 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll
    2014-07-01 20:38:59 28448 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
    2014-07-01 20:31:16 6081224 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5d3fa3861cf956b0b\onedrivesetup.exe
    2014-07-01 19:44:36 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2014-07-01 19:08:51 -------- d-----w- C:\Users\ali\AppData\Local\Adobe
    2014-07-01 15:47:54 -------- d-----w- C:\ProgramData\Oracle
    2014-07-01 15:46:53 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-07-01 00:39:19 -------- d-----w- C:\Users\ali\AppData\Roaming\PowerISO
    2014-07-01 00:38:21 129944 ----a-w- C:\Windows\System32\drivers\scdemu.sys
    2014-07-01 00:38:02 -------- d-----w- C:\Program Files\PowerISO
    2014-06-30 23:24:22 6574592 ----a-w- C:\Windows\System32\mstscax.dll
    2014-06-30 23:24:22 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2014-06-30 22:45:59 1402880 -c--a-w- C:\Utilman.exe
    2014-06-30 18:19:25 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-06-30 18:17:42 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-06-30 18:17:42 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-06-30 18:17:42 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-06-30 18:17:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-06-30 17:47:53 -------- d-s---w- C:\Windows\System32\CompatTel
    2014-06-30 17:37:41 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
    2014-06-30 17:37:41 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    2014-06-30 17:37:40 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2014-06-30 17:37:39 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2014-06-30 15:23:51 327168 ----a-w- C:\Windows\System32\mswsock.dll
    2014-06-30 15:23:51 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
    2014-06-30 13:57:00 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
    2014-06-30 13:57:00 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
    2014-06-30 13:53:39 506368 ----a-w- C:\Windows\System32\aepdu.dll
    2014-06-30 13:53:39 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-06-30 13:51:29 1474048 ----a-w- C:\Windows\System32\crypt32.dll
    2014-06-30 13:50:48 202752 ----a-w- C:\Windows\System32\scrrun.dll
    2014-06-30 13:50:48 156160 ----a-w- C:\Windows\System32\cscript.exe
    2014-06-30 13:50:48 150016 ----a-w- C:\Windows\System32\wshom.ocx
    2014-06-30 13:50:48 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
    2014-06-30 13:50:47 168960 ----a-w- C:\Windows\System32\wscript.exe
    2014-06-30 13:50:47 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
    2014-06-30 13:50:47 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
    2014-06-30 13:50:47 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
    2014-06-30 13:48:28 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-06-30 13:48:28 2048 ----a-w- C:\Windows\System32\tzres.dll
    2014-06-30 13:47:05 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
    2014-06-30 13:47:04 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
    2014-06-30 13:45:59 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
    2014-06-30 13:45:59 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
    2014-06-30 13:45:54 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
    2014-06-30 13:45:54 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
    2014-06-30 13:42:28 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-06-30 13:42:27 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2014-06-30 13:42:27 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2014-06-30 13:42:27 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2014-06-30 13:42:26 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2014-06-30 13:42:26 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    2014-06-30 13:42:25 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
    2014-06-30 13:42:24 335360 ----a-w- C:\Windows\System32\msieftp.dll
    2014-06-30 13:42:24 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
    2014-06-18 08:47:57 180136 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
    .
    ==================== Find3M ====================
    .
    2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
    2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
    2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
    2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
    2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
    2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-08-15 09:20:36 2174976 ----a-w- C:\Program Files (x86)\Common Files\atimpenc.dll
    .
    ============= FINISH: 20:00:36.56 ===============

    ========================================================================================

    Attach.txt log file:

    ========================================================================================

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 15/01/2011 02:30:05 AM
    System Uptime: 05/07/2014 06:30:48 PM (2 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | N53Jq
    Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz | Socket 989 | 1734/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 59.885 GiB free.
    D: is FIXED (NTFS) - 426 GiB total, 70.243 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Bluetooth Device (Personal Area Network)
    Device ID: BTH\MS_BTHPAN\7&2F9FD3E4&0&2
    Manufacturer: Microsoft
    Name: Bluetooth Device (Personal Area Network)
    PNP Device ID: BTH\MS_BTHPAN\7&2F9FD3E4&0&2
    Service: BthPan
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: USB2.0 UVC 2M WebCam
    Device ID: USB\VID_13D3&PID_5122&MI_00\7&458BFA4&0&0000
    Manufacturer: Azureware
    Name: USB2.0 UVC 2M WebCam
    PNP Device ID: USB\VID_13D3&PID_5122&MI_00\7&458BFA4&0&0000
    Service: SNP2UVC
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Bluetooth Device (RFCOMM Protocol TDI)
    Device ID: BTH\MS_RFCOMM\7&2F9FD3E4&0&0
    Manufacturer: Microsoft
    Name: Bluetooth Device (RFCOMM Protocol TDI)
    PNP Device ID: BTH\MS_RFCOMM\7&2F9FD3E4&0&0
    Service: RFCOMM
    .
    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: Bluetooth Hands-free Audio
    Device ID: BTHENUM\{24DF01A9-3E4F-4C9F-9F66-5AA8AB14F8F4}_LOCALMFG&0000\8&15AC57A2&0&000000000000_00000000
    Manufacturer: Broadcom
    Name: Bluetooth Hands-free Audio
    PNP Device ID: BTHENUM\{24DF01A9-3E4F-4C9F-9F66-5AA8AB14F8F4}_LOCALMFG&0000\8&15AC57A2&0&000000000000_00000000
    Service: btwaudio
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
    Device ID: PCI\VEN_1969&DEV_1063&SUBSYS_18201043&REV_C0\FF1CF4B9BCAEC5FF00
    Manufacturer: Atheros
    Name: Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
    PNP Device ID: PCI\VEN_1969&DEV_1063&SUBSYS_18201043&REV_C0\FF1CF4B9BCAEC5FF00
    Service: L1C
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&4240F00&0&01
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&4240F00&0&01
    Service: vwifimp
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
    Service:
    .
    Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Description: Bluetooth Remote Control
    Device ID: BTHENUM\{84A1E9B8-12BA-4A9C-8AB0-A43784E0D149}_LOCALMFG&0000\8&15AC57A2&0&000000000000_00000000
    Manufacturer: Broadcom
    Name: Bluetooth Remote Control
    PNP Device ID: BTHENUM\{84A1E9B8-12BA-4A9C-8AB0-A43784E0D149}_LOCALMFG&0000\8&15AC57A2&0&000000000000_00000000
    Service: btwrchid
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
    Service:
    .
    Class GUID:
    Description:
    Device ID: ROOT\WPD\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\WPD\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP807: 04/07/2014 02:56:08 PM - Update for Microsoft Visual Studio 2012 (KB2781514)
    RP808: 04/07/2014 02:57:04 PM - Visual Studio 2012 Update 3 (KB2707250)
    RP809: 05/07/2014 03:00:14 AM - Windows Update
    RP810: 05/07/2014 03:40:20 AM - Windows Update
    RP811: 05/07/2014 04:40:59 PM - Windows Update
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 127.0.0.1 ads.mcafee.com
    Hosts: 127.0.0.1 directads.mcafee.com
    Hosts: 127.0.0.1 analytics.microsoft.com
    Hosts: 127.0.0.1 metrics.bitdefender.com
    Hosts: 127.0.0.1 metrics.mcafee.com
    Hosts: 127.0.0.1 om.symantec.com
    Hosts: 127.0.0.1 ox-d.majorgeeks.com
    Hosts: 127.0.0.1 ads.bleepingcomputer.com
    Hosts: 127.0.0.1 sdc.mcafee.com
    Hosts: 127.0.0.1 wdcs.trendmicro.com
    Hosts: 127.0.0.1 Spyware Info | Spyware Info
    Hosts: 0.0.0.0 rad.msn.com
    .
    ==== Installed Programs ======================
    .
    بريد Windows Live
    تحديث لـ Microsoft Office Excel 2007 Help (KB963678)
    تحديث لـ Microsoft Office Powerpoint 2007 Help (KB963669)
    تحديث لـ Microsoft Office Word 2007 Help (KB963665)
    دعم تطبيق Apple
    7-Zip 9.22 (x64 edition)
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 14 ActiveX
    Adobe Flash Player 14 Plugin
    Adobe Photoshop CS
    Adobe Photoshop CS5.1 12.1
    Adobe Reader XI (11.0.07)
    Adobe Shockwave Player 12.0
    Alcor Micro USB Card Reader
    Apple Mobile Device Support
    Apple Software Update
    ASUS AI Recovery
    ASUS AP Bank
    ASUS Data Security Manager
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS Live Update
    ASUS MultiFrame
    ASUS Power4Gear Hybrid
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Video Magic
    ASUS Virtual Camera
    ASUS_N3_Series
    ATK Package
    Auslogics Duplicate File Finder
    Boingo Wi-Fi
    Bonjour
    Canon iP2700 series Printer Driver
    ControlDeck
    Cooking Dash
    CyberLink LabelPrint
    CyberLink MediaShow Espresso
    CyberLink PhotoNow
    CyberLink Power2Go
    CyberLink PowerDirector
    CyberLink PowerDVD 9
    D3DX10
    Dropbox
    ESET Smart Security
    ETDWare PS/2-x64 7.0.5.13_WHQL
    Explorer Suite III
    ExpressGate Cloud
    Fast Boot
    FileHippo.com Update Checker
    FileZilla Client 3.9.0-beta2
    Fresco Logic USB3.0 Host Controller
    Game Park Console
    Google Chrome
    Google Earth
    Google Update Helper
    Governor of Poker
    Hotel Dash Suite Success
    iCloud
    Image Resizer for Windows
    Image Resizer for Windows (64 bit)
    Imgur Uploader
    Inno Setup version 5.5.1
    Intel(R) Management Engine Components
    Intel(R) Turbo Boost Technology Monitor
    Internet Download Manager
    IrfanView (remove only)
    iTunes
    Java 7 Update 60
    Java 8 Update 5 (64-bit)
    Java Auto Updater
    Junk Mail filter update
    Luxor 3
    Mahjongg dimensions
    Malwarebytes Anti-Exploit version 1.03.1.1220
    Malwarebytes Anti-Malware version 2.0.2.1012
    MathG version 1.0
    MediaFire Desktop
    MediaFire Express
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft ASP.NET Web Pages 2 Runtime
    Microsoft Help Viewer 1.1
    Microsoft Help Viewer 2.0
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (Arabic) 2007
    Microsoft Office Excel MUI (Arabic) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (Arabic) 2007
    Microsoft Office PowerPoint MUI (Arabic) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (Arabic) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proofing (Arabic) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (Arabic) 2007
    Microsoft Office Shared 64-bit MUI (Arabic) 2007
    Microsoft Office Shared MUI (Arabic) 2007
    Microsoft Office Word MUI (Arabic) 2007
    Microsoft OneDrive
    Microsoft Portable Library Multi-Targeting Pack
    Microsoft SQL Server 2008 (64-bit)
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft SQL Server System CLR Types
    Microsoft Visual Basic 2010 Express - ENU
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Visual Studio Team Foundation Server 2012 Object Model
    Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
    Microsoft Web Developer Tools 2012.2 - Visual Studio 2012
    Movie Maker
    Mozilla Firefox 31.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVC80_x64_v2
    MSVC90_x64
    MSVC90_x86
    MSVCRT
    MSVCRT_amd64
    MSVCRT110
    MSVCRT110_amd64
    Net4Switch
    Notepad++
    NVIDIA 3D Vision Driver 320.49
    NVIDIA Control Panel 320.49
    NVIDIA Display Control Panel
    NVIDIA GeForce Experience 1.6
    NVIDIA Graphics Driver 320.49
    NVIDIA HD Audio Driver 1.3.24.2
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.13.0604
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 7.2.17
    NVIDIA Update Components
    NVIDIA Updatus
    NVIDIA Virtual Audio 1.2.1
    Paint Shop Pro 5.0
    Photo Common
    Photo Gallery
    Plants vs Zombies
    PMB
    PowerISO
    QuickTime 7
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Resource Hacker Version 3.6.0
    Safari
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
    Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)
    SHIELD Streaming
    Skype™ 6.16
    SonicMaster
    Sql Server Customer Experience Improvement Program
    swMSM
    syncables desktop SE
    Unlocker 1.9.2
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition
    USB2.0 UVC 2M WebCam
    VirusTotal Uploader 2.2
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    Visual Studio Extensions for Windows Library for JavaScript
    VLC media player 2.1.3
    WIDCOMM Bluetooth Software
    WinDirStat 1.1.2
    Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinFlash
    WinRAR 5.00 beta 6 (64-bit)
    Wireless Console 3
    XnView 1.99.6
    معرض الصور
    .
    ==== Event Viewer Messages From Past Week ========
    .
    05/07/2014 06:39:44 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    05/07/2014 06:36:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
    05/07/2014 06:32:39 PM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
    05/07/2014 06:32:39 PM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
    05/07/2014 06:32:39 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    05/07/2014 06:31:50 PM, Error: EventLog [6008] - The previous system shutdown at 06:30:25 م on ‏05/‏07/‏2014 was unexpected.
    05/07/2014 06:31:05 PM, Error: Ntfs [137] - The default transaction resource manager on volume D: encountered a non-retryable error and could not start. The data contains the error code.
    04/07/2014 04:57:06 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.102 with the system having network hardware address 54-AE-27-62-51-F3. Network operations on this system may be disrupted as a result.
    04/07/2014 03:29:52 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    04/07/2014 03:29:16 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    03/07/2014 11:27:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
    .
    ==== End Of File ===========================

  6. #26
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,836

    Re: [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes

    Thank you. That is just what I needed. I also thought it might be helpful regarding Microsoft Visual Basic 2010 Express for Richard to see the currently installed programs.

    1. I just realized that I forgot to have you uninstall Java 7 Update 60 since you have updated to Java 8. Oracle still cannot manage to remove old versions when releasing a new version of Java, leaving what turns into a vulnerability behind. Please uninstall the old Java 7 before proceeding to the next step.

    2. Now. let's take care of the leftover Crypto Obfuscator and another orphan.

    Custom CFScript

    Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.[/size]

    • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:
    Code:
    ClearJavaCache::
    
    DDS::
    EB: {3142C289-F319-47F5-A594-A827028714C9} - <orphaned>
    
    Folder::
    C:\Users\ali\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
    • Save this as CFScript.txt and place it on your desktop.
    • Close any open browsers.
    • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.



    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    malis2007 says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  7. #27

    Re: [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes

    hey before seeing your reply, i started windows update to check for updates.. and so far.. from 8:30 till now.. still like this:
    [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes-0qq9crh-png
    and i think that it froze or something.. is that normal or..?

  8. #28

    Re: [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes

    so far, i found this link: https://connect.microsoft.com/Visual...ime-to-install
    which from it.. i am downloading the (VS2010SP1dvd1.iso) which is 1.482GB in size, and i (think) that i will have to abort the current installation which froze in 66% till now :/
    after that i will install it and then uninstall Java 7 Update 60 and run the combofix thing you asked from me to do :/
    sorry about lateness, and thanks for your efforts. :)

  9. #29

    Re: [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes

    Log.txt file:

    =========================================================

    ComboFix 14-07-03.01 - ali 07/06/2014 2:51.4.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1256.20.1033.18.6069.3755 [GMT 2:00]
    Running from: c:\users\ali\Desktop\ComboFix.exe
    Command switches used :: c:\users\ali\Desktop\CFScript.txt
    AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
    FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
    SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\ali\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
    c:\users\ali\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2\CryptoObfuscator.settings
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-06-06 to 2014-07-06 )))))))))))))))))))))))))))))))
    .
    .
    2014-07-06 01:02 . 2014-07-06 01:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2014-07-06 01:02 . 2014-07-06 01:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2014-07-06 01:02 . 2014-07-06 01:02 -------- d-----w- c:\users\S34N\AppData\Local\temp
    2014-07-06 01:02 . 2014-07-06 01:02 -------- d-----w- c:\users\Public\AppData\Local\temp
    2014-07-06 01:02 . 2014-07-06 01:02 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2014-07-06 01:02 . 2014-07-06 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-07-06 01:02 . 2014-07-06 01:02 -------- d-----w- c:\users\ali\AppData\Local\temp
    2014-07-06 01:02 . 2014-07-06 01:02 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2014-07-06 00:14 . 2014-07-06 00:14 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FFDEDA4-C3B7-4C46-934A-0918F961918D}\offreg.dll
    2014-07-05 22:55 . 2014-07-05 22:55 -------- d-----w- c:\programdata\boost_interprocess
    2014-07-05 17:25 . 2014-07-05 17:25 -------- d-----w- c:\windows\symbols
    2014-07-05 16:34 . 2014-07-05 23:50 -------- d-----r- c:\users\ali\MediaFire
    2014-07-05 16:33 . 2014-07-06 00:48 -------- d--h--w- c:\users\ali\.mediafire
    2014-07-05 12:36 . 2014-07-05 12:36 -------- d-----w- c:\program files (x86)\MediaFire Desktop
    2014-07-05 12:36 . 2014-07-02 18:13 20696 ----a-w- c:\windows\system32\drivers\mfmonitor_x64.sys
    2014-07-05 12:36 . 2014-07-05 12:37 -------- d-----w- c:\users\ali\AppData\Local\MediaFire Desktop
    2014-07-05 12:35 . 2014-07-05 12:35 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Exploit
    2014-07-05 04:41 . 2014-07-05 12:50 -------- d-----w- c:\program files (x86)\MathG
    2014-07-05 01:36 . 2014-06-17 00:57 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FFDEDA4-C3B7-4C46-934A-0918F961918D}\mpengine.dll
    2014-07-05 01:23 . 2014-07-05 01:23 -------- d-----w- c:\windows\Migration
    2014-07-04 13:59 . 2014-07-04 13:59 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2014-07-04 13:59 . 2014-07-04 13:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2014-07-04 13:59 . 2014-07-04 13:59 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
    2014-07-04 13:56 . 2014-07-04 13:56 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
    2014-07-03 17:59 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
    2014-07-03 17:58 . 2014-07-03 19:25 -------- dc----w- C:\AdwCleaner
    2014-07-02 20:36 . 2014-07-03 19:26 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2014-07-02 19:51 . 2014-07-05 17:54 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
    2014-07-02 19:32 . 2014-07-02 19:32 -------- dc----w- C:\SUPERDelete
    2014-07-02 19:16 . 2014-07-02 19:16 -------- d-----w- c:\users\ali\AppData\Local\Innovative Solutions
    2014-07-02 19:16 . 2014-07-02 19:16 -------- d-----w- c:\program files (x86)\Innovative Solutions
    2014-07-02 15:18 . 2014-07-02 15:19 -------- d-----w- c:\users\ali\AppData\Local\uGet
    2014-07-02 13:21 . 2014-07-02 13:21 -------- d-----w- c:\program files (x86)\VirusTotalUploader2
    2014-07-02 13:10 . 2014-07-02 13:20 -------- d-----w- c:\programdata\SecTaskMan
    2014-07-02 12:13 . 2014-07-02 12:13 -------- d-----w- c:\users\ali\AppData\Local\Skype
    2014-07-02 12:13 . 2014-07-02 12:13 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2014-07-01 23:43 . 2014-07-01 23:43 -------- d-sh--w- c:\users\ali\AppData\Local\EmieUserList
    2014-07-01 23:43 . 2014-07-01 23:43 -------- d-sh--w- c:\users\ali\AppData\Local\EmieSiteList
    2014-07-01 21:56 . 2014-07-01 21:56 -------- d-----w- c:\program files\iPod
    2014-07-01 21:56 . 2014-07-01 21:57 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-07-01 21:56 . 2014-07-01 21:57 -------- d-----w- c:\program files\iTunes
    2014-07-01 21:56 . 2014-07-01 21:57 -------- d-----w- c:\program files (x86)\iTunes
    2014-07-01 21:24 . 2014-07-01 21:24 -------- d-----w- c:\program files (x86)\QuickTime
    2014-07-01 21:17 . 2014-07-01 22:00 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-07-01 21:17 . 2014-07-01 22:00 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-07-01 20:47 . 2014-07-01 20:47 -------- d-----w- c:\windows\en
    2014-07-01 20:46 . 2014-07-01 20:46 -------- d-----w- c:\windows\ar
    2014-07-01 20:43 . 2014-07-01 20:43 -------- dc----w- C:\NvidiaLogging
    2014-07-01 20:39 . 2013-05-14 19:28 39712 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
    2014-07-01 20:38 . 2013-05-14 19:27 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
    2014-07-01 20:38 . 2013-05-14 19:27 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
    2014-07-01 20:31 . 2014-07-01 20:31 6081224 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5d3fa3861cf956b0b\onedrivesetup.exe
    2014-07-01 19:45 . 2014-07-01 19:45 -------- d-----w- c:\program files (x86)\Common Files\Java
    2014-07-01 19:44 . 2014-07-01 19:44 313256 ----a-w- c:\windows\system32\javaws.exe
    2014-07-01 19:44 . 2014-07-01 19:44 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2014-07-01 19:44 . 2014-07-01 19:44 191400 ----a-w- c:\windows\system32\javaw.exe
    2014-07-01 19:44 . 2014-07-01 19:44 190888 ----a-w- c:\windows\system32\java.exe
    2014-07-01 19:44 . 2014-07-01 19:44 -------- d-----w- c:\program files\Java
    2014-07-01 19:08 . 2014-07-02 17:56 -------- d-----w- c:\users\ali\AppData\Local\Adobe
    2014-07-01 15:49 . 2014-07-01 15:49 -------- d-----w- c:\users\ali\AppData\Roaming\Oracle
    2014-07-01 15:47 . 2014-07-01 15:48 -------- d-----w- c:\programdata\Oracle
    2014-07-01 00:39 . 2014-07-01 00:39 -------- d-----w- c:\users\ali\AppData\Roaming\PowerISO
    2014-07-01 00:38 . 2014-03-30 06:26 129944 ----a-w- c:\windows\system32\drivers\scdemu.sys
    2014-07-01 00:38 . 2014-07-01 00:38 -------- d-----w- c:\program files\PowerISO
    2014-06-30 23:24 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
    2014-06-30 23:24 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
    2014-06-30 22:45 . 2009-07-14 01:39 1402880 -c--a-w- C:\Utilman.exe
    2014-06-30 18:41 . 2014-05-30 09:49 48640 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
    2014-06-30 18:19 . 2014-07-05 23:53 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-06-30 18:17 . 2014-06-30 18:17 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-06-30 18:17 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-06-30 18:17 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-06-30 18:17 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-06-30 17:47 . 2014-06-30 17:47 -------- d-s---w- c:\windows\system32\CompatTel
    2014-06-30 17:37 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2014-06-30 17:37 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
    2014-06-30 17:37 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
    2014-06-30 17:37 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
    2014-06-30 17:37 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
    2014-06-30 15:23 . 2014-06-30 15:23 327168 ----a-w- c:\windows\system32\mswsock.dll
    2014-06-30 15:23 . 2014-06-30 15:23 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
    2014-06-30 13:57 . 2014-05-08 09:32 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
    2014-06-30 13:57 . 2014-05-08 09:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
    2014-06-30 13:53 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll
    2014-06-30 13:53 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll
    2014-06-30 13:51 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
    2014-06-30 13:50 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
    2014-06-30 13:50 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
    2014-06-30 13:50 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
    2014-06-30 13:50 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
    2014-06-30 13:50 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
    2014-06-30 13:50 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
    2014-06-30 13:50 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
    2014-06-30 13:50 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
    2014-06-30 13:50 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
    2014-06-30 13:48 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-06-30 13:48 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2014-06-30 13:47 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
    2014-06-30 13:47 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
    2014-06-30 13:45 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
    2014-06-30 13:45 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
    2014-06-30 13:45 . 2013-07-03 04:05 76800 ----a-w- c:\windows\system32\drivers\hidclass.sys
    2014-06-30 13:45 . 2013-07-03 04:05 32896 ----a-w- c:\windows\system32\drivers\hidparse.sys
    2014-06-30 13:42 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
    2014-06-30 13:42 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
    2014-06-30 13:42 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
    2014-06-30 13:42 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
    2014-06-30 13:42 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
    2014-06-30 13:42 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
    2014-06-30 13:42 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
    2014-06-30 13:42 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
    2014-06-30 13:42 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
    2014-06-18 08:47 . 2014-06-09 08:41 180136 ----a-w- c:\windows\system32\drivers\idmwfp.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-07-06 00:03 . 2012-04-22 20:04 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
    2014-07-05 12:36 . 2014-07-05 12:36 1409 ----a-w- c:\windows\Fonts\OpenSans-Regular.fot
    2014-07-05 12:36 . 2014-07-05 12:36 1409 ----a-w- c:\windows\Fonts\OpenSans-Light.fot
    2014-07-05 12:36 . 2014-07-05 12:36 1409 ----a-w- c:\windows\Fonts\OpenSans-Bold.fot
    2014-07-04 12:31 . 2013-05-29 13:51 2014272 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
    2014-06-01 15:17 . 2011-02-04 17:05 95414520 ----a-w- c:\windows\system32\MRT.exe
    2012-08-15 09:20 . 2012-08-15 09:20 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2014-07-01 20:31 223432 ----a-w- c:\users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2014-07-01 20:31 223432 ----a-w- c:\users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2014-07-01 20:31 223432 ----a-w- c:\users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-06-13 23:00 130736 ----a-w- c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-06-13 23:00 130736 ----a-w- c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-06-13 23:00 130736 ----a-w- c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-06-13 23:00 130736 ----a-w- c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-07-04 3841616]
    "MediaFire Tray"="c:\users\ali\AppData\Local\MediaFire Desktop\mf_watch.exe" [2014-07-02 3089224]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-06-04 382608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 MF NTFS Monitor;MediaFire NTFS Monitor;c:\users\ali\AppData\Local\MEDIAF~2\MFUSNM~1.EXE;c:\users\ali\AppData\Local\MEDIAF~2\MFUSNM~1.EXE [x]
    R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
    R3 ERmvrDrv;ESET standalone malware removal tool kernel-mode driver;c:\windows\system32\drivers\ERKRmvrDrv.sys;c:\windows\SYSNATIVE\drivers\ERKRmvrDrv.sys [x]
    R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
    R3 hzrDrvDmd;Hazard Shield demand driver;c:\program files\Hazard Shield\hzrDriver2.sys;c:\program files\Hazard Shield\hzrDriver2.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
    R3 ST330;ST330;c:\windows\system32\DRIVERS\st330.sys;c:\windows\SYSNATIVE\DRIVERS\st330.sys [x]
    R3 STBUS;STBUS;c:\windows\system32\DRIVERS\stbus.sys;c:\windows\SYSNATIVE\DRIVERS\stbus.sys [x]
    R3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\DRIVERS\steth.sys;c:\windows\SYSNATIVE\DRIVERS\steth.sys [x]
    R3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\DRIVERS\stppp.sys;c:\windows\SYSNATIVE\DRIVERS\stppp.sys [x]
    R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
    R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
    R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
    R4 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R4 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\645E.tmp;c:\windows\SYSNATIVE\645E.tmp [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
    R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
    R4 reparse;reparse;c:\windows\system32\DRIVERS\cbreparse.sys;c:\windows\SYSNATIVE\DRIVERS\cbreparse.sys [x]
    R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
    S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys;c:\windows\SYSNATIVE\Drivers\fsbts.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
    S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
    S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
    S2 mfmonitor;mfmonitor;c:\windows\system32\DRIVERS\mfmonitor_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mfmonitor_x64.sys [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
    S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
    S3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
    S3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
    S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
    S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-07-01 18:33 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 07:31]
    .
    2014-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 07:31]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2014-07-01 20:31 262344 ----a-w- c:\users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2014-07-01 20:31 262344 ----a-w- c:\users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2014-07-01 20:31 262344 ----a-w- c:\users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconError]
    @="{5EE8C634-CDC0-453D-9731-DF0B19F4E807}"
    [HKEY_CLASSES_ROOT\CLSID\{5EE8C634-CDC0-453D-9731-DF0B19F4E807}]
    2014-07-02 18:13 89600 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon3_8bdd0.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconReadOnly]
    @="{7995D0FC-769B-4197-AEC0-991921CB99E1}"
    [HKEY_CLASSES_ROOT\CLSID\{7995D0FC-769B-4197-AEC0-991921CB99E1}]
    2014-07-02 18:13 89088 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon5_8bdd0.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSynched]
    @="{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}"
    [HKEY_CLASSES_ROOT\CLSID\{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}]
    2014-07-02 18:13 84992 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon_8bdd0.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSyncing]
    @="{C4D81971-6B13-4173-AB21-F83AD20CCC04}"
    [HKEY_CLASSES_ROOT\CLSID\{C4D81971-6B13-4173-AB21-F83AD20CCC04}]
    2014-07-02 18:13 86528 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon2_8bdd0.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-06-13 23:00 164016 ----a-w- c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-06-13 23:00 164016 ----a-w- c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-06-13 23:00 164016 ----a-w- c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-06-13 23:00 164016 ----a-w- c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2014-04-21 10:02 25112 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MediaFireIconLock]
    @="{759F3E92-F4E8-4953-8315-238B8B17E0F3}"
    [HKEY_CLASSES_ROOT\CLSID\{759F3E92-F4E8-4953-8315-238B8B17E0F3}]
    2014-07-02 18:13 84992 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon4_8bdd0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
    "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mDefault_Page_URL = hxxp://www.google.com
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    TCP: DhcpNameServer = 41.128.225.225 41.128.225.226
    TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}: NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
    TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}\353343E4: NameServer = 208.67.222.123,208.67.220.123,192.168.1.1
    FF - ProfilePath - c:\users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\y3qdajn6.default-1404230161963\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellIconOverlayIdentifiers-{A8D448F4-0431-45AC-9F5E-E1B434AB2249} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\645E.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_139_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_139_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_139_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_139_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_139.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.14"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_139.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_139.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_139.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2014-07-06 03:07:42
    ComboFix-quarantined-files.txt 2014-07-06 01:07
    ComboFix2.txt 2014-07-04 01:46
    .
    Pre-Run: 65,396,936,704 bytes free
    Post-Run: 67,199,746,048 bytes free
    .
    - - End Of File - - E8379953C792AEE13351763CE4404AEA

  10. #30
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,836

    Re: [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes

    Excellent. ComboFix nicely took care of the leftover files and it appears we have also taken care of the adware/browser hijacks that were on your computer.

    Let's take care of removing the tools used. Please download Delfix from here.

    Ensure the following boxes are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Click Run

    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
    malis2007 says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  11. #31

    [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes

    DelFix.txt Log:

    # DelFix v10.7 - Logfile created 06/07/2014 at 20:55:10
    # Updated 27/04/2014 by Xplode
    # Username : ali - ALI
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

    ~ Removing disinfection tools ...

    Deleted : C:\Qoobox
    Deleted : C:\Combofix
    Deleted : C:\AdwCleaner
    Deleted : C:\Program Files (x86)\Trend Micro\Hijackthis
    Deleted : C:\ComboFix.txt
    Deleted : C:\sc-cleaner.txt
    Deleted : C:\TDSSKiller.2.8.18.0_12.08.2013_13.52.36_log.txt
    Deleted : C:\TDSSKiller.3.0.0.39_30.06.2014_22.17.18_log.txt
    Deleted : C:\Users\ali\Desktop\adwcleaner_3.214.exe
    Deleted : C:\Users\ali\Desktop\ComboFix.exe
    Deleted : C:\Users\ali\Desktop\dds.com
    Deleted : C:\Users\ali\Desktop\dds.txt
    Deleted : C:\Users\ali\Desktop\JRT.exe
    Deleted : C:\Users\ali\Desktop\log.txt
    Deleted : C:\Users\ali\Desktop\SecurityCheck.exe
    Deleted : C:\Users\ali\Desktop\TFC.exe
    Deleted : C:\Windows\grep.exe
    Deleted : C:\Windows\PEV.exe
    Deleted : C:\Windows\NIRCMD.exe
    Deleted : C:\Windows\MBR.exe
    Deleted : C:\Windows\SED.exe
    Deleted : C:\Windows\SWREG.exe
    Deleted : C:\Windows\SWSC.exe
    Deleted : C:\Windows\SWXCACLS.exe
    Deleted : C:\Windows\Zip.exe
    Deleted : HKLM\SOFTWARE\OldTimer Tools
    Deleted : HKLM\SOFTWARE\AdwCleaner
    Deleted : HKLM\SOFTWARE\Soeperman Enterprises Ltd.
    Deleted : HKLM\SOFTWARE\Swearware
    Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
    Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

    ~ Creating registry backup ... OK

    ~ Cleaning system restore ...

    Deleted : RP #815 [Removed Skype™ 6.16 | 07/06/2014 17:50:10]

    New restore point created !

    ########## - EOF - ##########

  12. #32
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,836

    Re: [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes

    Perfect, malis2007. There are some amazing people in the security community who provide free specialized tools for our use.

    1. As to your mouse, in doing a bit of reading, note the following suggestion: Be sure that the mouse is not on a reflective surface as such a surface may cause pointer drift or jump to the screen edge. An example of a non-reflective surface would be a fabric pad.

    2. I almost forgot to mention -- when consulting with Richard, he pointed out that the Windows Update errors that were shown in your first DDS log are generally due to update the Internet Explorer language packs. The IE11 language packs are available here: Download Internet Explorer 11 Language Packs for Windows 7 and Windows Server 2008 R2 from Official Microsoft Download Center.

    3. Please refer to the Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?".

    Also see Answers to common security questions - Best Practices - Anti-Virus and Anti-Malware Software by quietman7.

    I hope the problem with Visual Studio has been resolved. Please let us know if you have any questions.
    malis2007 says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  13. #33
    Tekno Venus's Avatar
    Join Date
    Jul 2012
    Location
    UK
    Age
    20
    Posts
    5,941
    • specs System Specs
      • Manufacturer:
        Custom Built
      • Motherboard:
        ASUS Z170I ITX
      • CPU:
        Intel Core i7 6700K
      • Memory:
        16GB DDR4
      • Hard Drives:
        500GB Samsung 850 EVO, 2TB Seagate HDD
      • Power Supply:
        450W Corsair SFX
      • Case:
        Silverstone SG13 ITX
      • Cooling:
        Corsair H60i
      • Display:
        Dell U2715H - 2160x1440 27 inch
      • Operating System:
        Windows 10 Pro x64

    Re: [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes

    Quote Originally Posted by malis2007 View Post
    but this project(someone else made it and needed my help with) doesn't work for me while debugging(as it gives me the error i had shown you before):
    Rconfort

    Thanks alot guys for your help.
    Just tried it on my own copy of Visual Studio 2013 Ultimate and it compiled fine.
    malis2007 says thanks for this.


  14. #34

    Re: [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes

    i faced this error:
    [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes-n0lcavo-png
    while installing the "Download Internet Explorer 11 Language Packs for Windows 7 and Windows Server 2008 R2 from Official Microsoft Download Center".

    Just asking.., is it fine having ESET smart Security 7, malwarebytes anti-malware and "Spybot" with them as well?

    And about that project debugging error.., i am still facing it. (i use vb 2010)
    [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes-lf3m3r6-png
    Thanks all for your help.

  15. #35
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,836

    Re: [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes

    Regarding the updates, I think it would be best if you created a new topic in the Windows Update Forum, following the instructions in Windows Update Forum Posting Instructions. That way your topic won't get lost in this forum.
    malis2007 says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  16. #36

    Re: [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes

    Alright, thanks all for your help. i'll come back again as soon as i face a security problem(i guess).
    and btw, am i finished now with the scanning?
    i mean.. is all(from logs) looks fine? :/

  17. #37
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,836

    Re: [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes

    Yes, malis2007, from a security standpoint, we are finished with the scanning. Although there is never a guarantee, I did not seen anything in the last logs posted and the online scan also showed no infection. So, yes, it looks fine.
    malis2007 says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Page 2 of 2 First 12

Similar Threads

  1. New Computer = Audio Spikes, High Latency, Heavy lags.
    By N30 in forum Windows 7 | Windows Vista
    Replies: 4
    Last Post: 05-19-2014, 01:58 PM
  2. Win7 home premium update problems
    By ozieostrige in forum Windows Update
    Replies: 2
    Last Post: 01-11-2014, 04:30 AM
  3. Brain Development Lags in ADHD Kids
    By JMH in forum News You Can Use
    Replies: 1
    Last Post: 07-30-2012, 07:27 PM
  4. Why Windows 8 Is a Huge Gamble for Microsoft
    By zigzag3143 in forum Microsoft News
    Replies: 1
    Last Post: 05-12-2012, 11:28 PM

Log in

Log in