Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have keylogger in my laptop, what do I do?


  • This topic is locked This topic is locked
14 replies to this topic

#1 cedrickcapati

cedrickcapati

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 20 September 2013 - 01:52 AM

My accounts got hacked and nobody uses them but me. I have a feeling that a keylogger program is inside my system. How can I detect it and how to cure help me please.



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 4,431 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 AM

Posted 20 September 2013 - 02:39 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#3 cedrickcapati

cedrickcapati
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 20 September 2013 - 09:16 AM

DDS.txt CONTENT
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 
Run by hp at 22:03:06 on 2013-09-20
#Option Extended Search is enabled.
#Option Whitelisting is disabled.
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.63.1033.18.4044.1862 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Garena Plus\ggdllhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Garena Plus\bbtalk\BBtalk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://g.jp.msn.com/HPALL/33
uLocal Page = C:\Windows\System32\blank.htm
uSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uDefault_Page_URL = hxxp://g.jp.msn.com/HPALL/33
mStart Page = hxxp://g.jp.msn.com/HPALL/33
uProxyOverride = <local>
uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
mWinlogon: Shell = explorer.exe
mWinlogon: Userinit = userinit.exe
BHO: AutorunsDisabled - <orphaned>
BHO: WebConnect: {2316c625-b487-4410-a1a5-ff040b65245f} - C:\Program Files (x86)\WebConnect\WebConnectbho.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Garena Plus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe"
uRun: [GarenaPlus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
uRun: [Google Update] "C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mExplorerRun: [830] C:\PROGRA~3\LOCALS~1\Temp\mscsvvkx.com
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: ForceActiveDesktopOn = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableSecureUIAPaths = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ValidateAdminCodeSignatures = dword:0
mPolicies-System: dontdisplaylastusername = dword:0
mPolicies-System: scforceoption = dword:0
mPolicies-System: shutdownwithoutlogon = dword:1
mPolicies-System: undockwithoutlogon = dword:1
mPolicies-System: FilterAdministratorToken = dword:0
mPolicies-System: EnableLinkedConnections = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: %SystemRoot%\system32\PrxerDrv.dll
LSP: %SystemRoot%\system32\mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.11.1
TCP: Interfaces\{5CC9D36B-2570-40C2-A3FF-EA1C3DE8E94D} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E} : NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E} : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\05C44445D4974435C4 : NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\05C44445D4974435C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\14465502E45647 : NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\14465502E45647 : DHCPNameServer = 8.8.8.8 202.86.196.3 203.115.130.72
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\2554440275966496 : NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\2554440275966496 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\341405144594D274D2755405 : NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\341405144594D274D2755405 : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\5303075637F63707562786F65727 : NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\5303075637F63707562786F65727 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\6796F6C6564716 : NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\6796F6C6564716 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\E6F6E296E6475627E65647E286562756E2472797E2F647865627E2F6E656 : NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\E6F6E296E6475627E65647E286562756E2472797E2F647865627E2F6E656 : DHCPNameServer = 192.168.1.1 208.67.222.222
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - <orphaned>
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
SecurityProviders: SecurityProviders = credssp.dll
LSA: Authentication Packages =  msv1_0
LSA: Notification Packages =  scecli
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
x64-mStart Page = hxxp://g.jp.msn.com/HPALL/33
x64-mWinlogon: Shell = explorer.exe
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll
x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
x64-mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
x64-mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ACPI;Microsoft ACPI Driver;C:\Windows\System32\drivers\acpi.sys [2010-11-21 334208]
R0 amdxata;amdxata;C:\Windows\System32\drivers\amdxata.sys [2012-6-5 27008]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-9-20 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-9-20 204880]
R0 atapi;IDE Channel;C:\Windows\System32\drivers\atapi.sys [2009-7-14 24128]
R0 CLFS;Common Log (CLFS);C:\Windows\System32\clfs.sys [2009-7-14 367696]
R0 CNG;CNG;C:\Windows\System32\drivers\cng.sys [2012-7-11 458704]
R0 Compbatt;Microsoft Composite Battery Driver;C:\Windows\System32\drivers\compbatt.sys [2009-7-14 21584]
R0 Disk;Disk Driver;C:\Windows\System32\drivers\disk.sys [2009-7-14 73280]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\System32\drivers\fileinfo.sys [2009-7-14 70224]
R0 FltMgr;FltMgr;C:\Windows\System32\drivers\fltMgr.sys [2010-11-21 289664]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\Windows\System32\drivers\fvevol.sys [2013-4-10 223752]
R0 hwpolicy;Hardware Policy Driver;C:\Windows\System32\drivers\hwpolicy.sys [2010-11-21 14720]
R0 iaStor;Intel AHCI Controller;C:\Windows\System32\drivers\iaStor.sys [2011-8-20 439320]
R0 KSecDD;KSecDD;C:\Windows\System32\drivers\ksecdd.sys [2012-7-11 95600]
R0 KSecPkg;KSecPkg;C:\Windows\System32\drivers\ksecpkg.sys [2012-7-11 151920]
R0 mountmgr;Mount Point Manager;C:\Windows\System32\drivers\mountmgr.sys [2010-11-21 94592]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 msahci;msahci;C:\Windows\System32\drivers\msahci.sys [2010-11-21 31104]
R0 msisadrv;msisadrv;C:\Windows\System32\drivers\msisadrv.sys [2009-7-14 15424]
R0 Mup;Mup;C:\Windows\System32\drivers\mup.sys [2009-7-14 60496]
R0 NDIS;NDIS System Driver;C:\Windows\System32\drivers\ndis.sys [2012-9-12 950128]
R0 partmgr;Partition Manager;C:\Windows\System32\drivers\partmgr.sys [2012-6-5 75120]
R0 pci;PCI Bus Driver;C:\Windows\System32\drivers\pci.sys [2010-11-21 184704]
R0 pcw;Performance Counters for Windows Driver;C:\Windows\System32\drivers\pcw.sys [2009-7-14 50768]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-9-6 56208]
R0 rdyboost;ReadyBoost;C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 spldr;Security Processor Loader Driver;C:\Windows\System32\drivers\spldr.sys [2009-7-14 19008]
R0 Tcpip;TCP/IP Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-8-15 1910208]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\Windows\System32\drivers\vdrvroot.sys [2009-7-14 36432]
R0 volmgr;Volume Manager Driver;C:\Windows\System32\drivers\volmgr.sys [2010-11-21 71552]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\System32\drivers\volmgrx.sys [2010-11-21 363392]
R0 volsnap;Storage volumes;C:\Windows\System32\drivers\volsnap.sys [2010-11-21 295808]
R0 Wdf01000;Kernel Mode Driver Frameworks service;C:\Windows\System32\drivers\Wdf01000.sys [2012-11-15 785512]
R1 AFD;Ancillary Function Driver for Winsock;C:\Windows\System32\drivers\afd.sys [2012-6-5 498688]
R1 aswRdr;aswRdr;C:\Windows\System32\drivers\aswRdr2.sys [2013-9-20 72016]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-9-20 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-9-20 378944]
R1 aswTdi;avast! Network Shield Support;C:\Windows\System32\drivers\aswTdi.sys [2013-9-20 64288]
R1 Beep;Beep;C:\Windows\System32\drivers\beep.sys [2009-7-14 6656]
R1 blbdrive;blbdrive;C:\Windows\System32\drivers\blbdrive.sys [2009-7-14 45056]
R1 cdrom;CD-ROM Driver;C:\Windows\System32\drivers\cdrom.sys [2010-11-21 147456]
R1 DfsC;DFS Namespace Client Driver;C:\Windows\System32\drivers\dfsc.sys [2010-11-21 102400]
R1 discache;System Attribute Cache;C:\Windows\System32\drivers\discache.sys [2009-7-14 40448]
R1 Msfs;Msfs;C:\Windows\System32\drivers\msfs.sys [2009-7-14 26112]
R1 mssmbios;Microsoft System Management BIOS Driver;C:\Windows\System32\drivers\mssmbios.sys [2009-7-14 32320]
R1 NetBIOS;NetBIOS Interface;C:\Windows\System32\drivers\netbios.sys [2009-7-14 44544]
R1 NetBT;NetBT;C:\Windows\System32\drivers\netbt.sys [2010-11-21 261632]
R1 nltdi;nltdi;C:\Windows\System32\drivers\nltdi.sys [2007-5-13 89320]
R1 Npfs;Npfs;C:\Windows\System32\drivers\npfs.sys [2009-7-14 44032]
R1 nsiproxy;NSI proxy service driver.;C:\Windows\System32\drivers\nsiproxy.sys [2009-7-14 24576]
R1 Null;Null;C:\Windows\System32\drivers\null.sys [2009-7-14 6144]
R1 Psched;QoS Packet Scheduler;C:\Windows\System32\drivers\pacer.sys [2010-11-21 131584]
R1 rdbss;Redirected Buffering Sub Sysytem;C:\Windows\System32\drivers\rdbss.sys [2010-11-21 309248]
R1 RDPCDD;RDPCDD;C:\Windows\System32\drivers\RDPCDD.sys [2009-7-14 7680]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\System32\drivers\RDPENCDD.sys [2009-7-14 7680]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\Windows\System32\drivers\RDPREFMP.sys [2009-7-14 8192]
R1 SCDEmu;SCDEmu;C:\Windows\System32\drivers\scdemu.sys [2013-3-21 91568]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\System32\drivers\tdx.sys [2010-11-21 119296]
R1 TermDD;Terminal Device Driver;C:\Windows\System32\drivers\termdd.sys [2010-11-21 63360]
R1 VgaSave;VgaSave;C:\Windows\System32\drivers\vga.sys [2009-7-14 29184]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2010-11-21 88576]
R1 WfpLwf;WFP Lightweight Filter;C:\Windows\System32\drivers\wfplwf.sys [2009-7-14 12800]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-5-10 65640]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-7 203776]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-8-20 164816]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-9-20 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-9-20 80816]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 AudioSrv;Windows Audio;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-20 46808]
R2 BFE;Base Filtering Engine;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
R2 BITS;Background Intelligent Transfer Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 btwdins;Bluetooth Service;C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-7-30 951584]
R2 CryptSvc;Cryptographic Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R2 DcomLaunch;DCOM Server Process Launcher;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-14 27136]
R2 Dhcp;DHCP Client;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R2 Dnscache;DNS Client;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
R2 eventlog;Windows Event Log;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R2 EventSystem;COM+ Event System;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R2 gpsvc;Group Policy Client;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-20 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-8-20 2372096]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 LanmanServer;Server;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 LanmanWorkstation;Workstation;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service;C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-6-17 73728]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\System32\drivers\lltdio.sys [2009-7-14 60928]
R2 lmhosts;TCP/IP NetBIOS Helper;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R2 LMS;Intel® Management and Security Application Local Management Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2011-8-20 326168]
R2 luafv;UAC File Virtualization;C:\Windows\System32\drivers\luafv.sys [2009-7-14 113152]
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 MpsSvc;Windows Firewall;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
R2 MsMpSvc;Microsoft Antimalware Service;C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-7-18 23816]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R2 nlsvc;NetLimiter;C:\Program Files\NetLimiter 2 Pro\nlsvc.exe [2007-5-13 867840]
R2 nsi;Network Store Interface Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 PEAUTH;PEAUTH;C:\Windows\System32\drivers\PEAuth.sys [2009-7-14 651264]
R2 PlugPlay;Plug and Play;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-14 27136]
R2 Power;Power;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-14 27136]
R2 ProfSvc;User Profile Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 RpcEptMapper;RPC Endpoint Mapper;C:\Windows\System32\svchost.exe -k RPCSS [2009-7-14 27136]
R2 RpcSs;Remote Procedure Call (RPC);C:\Windows\System32\svchost.exe -k rpcss [2009-7-14 27136]
R2 rspndr;Link-Layer Topology Discovery Responder;C:\Windows\System32\drivers\rspndr.sys [2009-7-14 76800]
R2 SamSs;Security Accounts Manager;C:\Windows\System32\lsass.exe [2012-6-5 31232]
R2 Schedule;Task Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 secdrv;Security Driver;C:\Windows\System32\drivers\secdrv.sys [2009-7-14 23040]
R2 SENS;System Event Notification Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 ShellHWDetection;Shell Hardware Detection;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 Spooler;Print Spooler;C:\Windows\System32\spoolsv.exe [2012-8-16 559104]
R2 STacSV;Audio Service;C:\Program Files\IDT\WDM\stacsv64.exe [2011-8-20 296448]
R2 stisvc;Windows Image Acquisition (WIA);C:\Windows\System32\svchost.exe -k imgsvc [2009-7-14 27136]
R2 SysMain;Superfetch;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\System32\drivers\tcpipreg.sys [2012-11-15 45568]
R3 AeLookupSvc;Application Experience;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-4-8 8281600]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-4-7 293376]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver;C:\Windows\System32\drivers\BCMWL664.SYS [2011-8-20 3065408]
R3 bowser;Browser Support Driver;C:\Windows\System32\drivers\bowser.sys [2011-5-15 90624]
R3 Browser;Computer Browser;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver;C:\Windows\System32\drivers\CmBatt.sys [2009-7-14 17664]
R3 CompositeBus;Composite Bus Enumerator Driver;C:\Windows\System32\drivers\CompositeBus.sys [2010-11-21 38912]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\System32\drivers\dxgkrnl.sys [2013-5-15 983400]
R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R3 fastfat;FAT12/16/32 File System Driver;C:\Windows\System32\drivers\fastfat.sys [2009-7-14 204800]
R3 fdPHost;Function Discovery Provider Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R3 FDResPub;Function Discovery Resource Publication;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2010-11-21 42856]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\Windows\System32\drivers\hdaudbus.sys [2010-11-21 122368]
R3 HidUsb;Microsoft HID Class Driver;C:\Windows\System32\drivers\hidusb.sys [2010-11-21 30208]
R3 HomeGroupProvider;HomeGroup Provider;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R3 hpqwmiex;HP Software Framework Service;C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-9-6 1001376]
R3 HTTP;HTTP;C:\Windows\System32\drivers\http.sys [2010-11-21 753664]
R3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\Windows\System32\drivers\i8042prt.sys [2009-7-14 105472]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-1-8 12262688]
R3 intelppm;Intel Processor Driver;C:\Windows\System32\drivers\intelppm.sys [2009-7-14 62464]
R3 kbdclass;Keyboard Class Driver;C:\Windows\System32\drivers\kbdclass.sys [2009-7-14 50768]
R3 KeyIso;CNG Key Isolation;C:\Windows\System32\lsass.exe [2012-6-5 31232]
R3 ksthunk;Kernel Streaming Thunks;C:\Windows\System32\drivers\ksthunk.sys [2009-7-14 20992]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-20 56344]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\System32\drivers\monitor.sys [2009-7-14 30208]
R3 mouclass;Mouse Class Driver;C:\Windows\System32\drivers\mouclass.sys [2009-7-14 49216]
R3 mouhid;Mouse HID Driver;C:\Windows\System32\drivers\mouhid.sys [2009-7-14 31232]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\System32\drivers\mpsdrv.sys [2009-7-14 77312]
R3 mrxsmb;SMB MiniRedirector Wrapper and Engine;C:\Windows\System32\drivers\mrxsmb.sys [2012-6-5 158208]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\System32\drivers\mrxsmb10.sys [2012-6-5 288768]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\System32\drivers\mrxsmb20.sys [2012-6-5 128000]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\System32\drivers\nwifi.sys [2009-7-14 318976]
R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\Windows\System32\drivers\ndistapi.sys [2009-7-14 24064]
R3 Ndisuio;NDIS Usermode I/O Protocol;C:\Windows\System32\drivers\ndisuio.sys [2010-11-21 56832]
R3 NdisWan;Remote Access NDIS WAN Driver;C:\Windows\System32\drivers\ndiswan.sys [2010-11-21 164352]
R3 NDProxy;NDIS Proxy;C:\Windows\System32\drivers\ndproxy.sys [2010-11-21 57856]
R3 Netman;Network Connections;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R3 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
R3 Ntfs;Ntfs;C:\Windows\System32\drivers\ntfs.sys [2013-4-24 1656680]
R3 PolicyAgent;IPsec Policy Agent;C:\Windows\System32\svchost.exe -k NetworkServiceNetworkRestricted [2009-7-14 27136]
R3 PptpMiniport;WAN Miniport (PPTP);C:\Windows\System32\drivers\raspptp.sys [2010-11-21 111104]
R3 RasAgileVpn;WAN Miniport (IKEv2);C:\Windows\System32\drivers\agilevpn.sys [2009-7-14 60416]
R3 Rasl2tp;WAN Miniport (L2TP);C:\Windows\System32\drivers\rasl2tp.sys [2010-11-21 129536]
R3 RasMan;Remote Access Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R3 RasPppoe;Remote Access PPPOE Driver;C:\Windows\System32\drivers\raspppoe.sys [2009-7-14 92672]
R3 RasSstp;WAN Miniport (SSTP);C:\Windows\System32\drivers\rassstp.sys [2009-7-14 83968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-1 565352]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
R3 srv;Server SMB 1.xxx Driver;C:\Windows\System32\drivers\srv.sys [2012-6-5 467456]
R3 srv2;Server SMB 2.xxx Driver;C:\Windows\System32\drivers\srv2.sys [2012-6-5 410112]
R3 srvnet;srvnet;C:\Windows\System32\drivers\srvnet.sys [2012-6-5 168448]
R3 SSDPSRV;SSDP Discovery;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
R3 SstpSvc;Secure Socket Tunneling Protocol Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R3 STHDA;IDT High Definition Audio CODEC;C:\Windows\System32\drivers\stwrt64.sys [2011-8-20 520192]
R3 swenum;Software Bus Driver;C:\Windows\System32\drivers\swenum.sys [2009-7-14 12496]
R3 SynTP;Synaptics TouchPad Driver;C:\Windows\System32\drivers\SynTP.sys [2010-12-17 1403440]
R3 tap0901;TAP-Win32 Adapter V9;C:\Windows\System32\drivers\tap0901.sys [2013-1-5 31232]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\Windows\System32\drivers\tunnel.sys [2010-11-21 125440]
R3 umbus;UMBus Enumerator Driver;C:\Windows\System32\drivers\umbus.sys [2010-11-21 48640]
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\Windows\System32\drivers\usbccgp.sys [2012-6-5 98816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\Windows\System32\drivers\usbehci.sys [2012-6-5 52736]
R3 usbhub;Microsoft USB Standard Hub Driver;C:\Windows\System32\drivers\usbhub.sys [2012-6-5 343040]
R3 usbvideo;USB Video Device (WDM);C:\Windows\System32\drivers\usbvideo.sys [2010-11-21 184960]
R3 vwifibus;Virtual WiFi Bus Driver;C:\Windows\System32\drivers\vwifibus.sys [2009-7-14 24576]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\Windows\System32\drivers\wmiacpi.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 sppsvc;Software Protection;C:\Windows\System32\sppsvc.exe [2010-11-21 3524608]
S3 1394ohci;1394 OHCI Compliant Host Controller;C:\Windows\System32\drivers\1394ohci.sys [2010-11-21 229888]
S3 AcpiPmi;ACPI Power Meter Driver;C:\Windows\System32\drivers\acpipmi.sys [2010-11-21 12800]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-30 257416]
S3 adp94xx;adp94xx;C:\Windows\System32\drivers\adp94xx.sys [2009-6-11 491088]
S3 adpahci;adpahci;C:\Windows\System32\drivers\adpahci.sys [2009-7-14 339536]
S3 adpu320;adpu320;C:\Windows\System32\drivers\adpu320.sys [2009-7-14 182864]
S3 agp440;Intel AGP Bus Filter;C:\Windows\System32\drivers\AGP440.sys [2009-7-14 61008]
S3 ALG;Application Layer Gateway Service;C:\Windows\System32\alg.exe [2009-7-14 79360]
S3 aliide;aliide;C:\Windows\System32\drivers\aliide.sys [2009-7-14 15440]
S3 amdide;amdide;C:\Windows\System32\drivers\amdide.sys [2009-7-14 15440]
S3 AmdK8;AMD K8 Processor Driver;C:\Windows\System32\drivers\amdk8.sys [2009-7-14 64512]
S3 AmdPPM;AMD Processor Driver;C:\Windows\System32\drivers\amdppm.sys [2009-7-14 60928]
S3 amdsata;amdsata;C:\Windows\System32\drivers\amdsata.sys [2012-6-5 107904]
S3 amdsbs;amdsbs;C:\Windows\System32\drivers\amdsbs.sys [2009-6-11 194128]
S3 AppID;AppID Driver;C:\Windows\System32\drivers\appid.sys [2010-11-21 61440]
S3 AppIDSvc;Application Identity;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 Appinfo;Application Information;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 arc;arc;C:\Windows\System32\drivers\arc.sys [2009-7-14 87632]
S3 arcsas;arcsas;C:\Windows\System32\drivers\arcsas.sys [2009-7-14 97856]
S3 AsyncMac;RAS Asynchronous Media Driver;C:\Windows\System32\drivers\asyncmac.sys [2009-7-14 23040]
S3 AxInstSV;ActiveX Installer (AxInstSV);C:\Windows\System32\svchost.exe -k AxInstSVGroup [2009-7-14 27136]
S3 b06bdrv;Broadcom NetXtreme II VBD;C:\Windows\System32\drivers\bxvbda.sys [2009-6-11 468480]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2009-6-11 270848]
S3 BDESVC;BitLocker Drive Encryption Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\System32\drivers\BrFiltLo.sys [2009-7-14 18432]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\System32\drivers\BrFiltUp.sys [2009-7-14 8704]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\System32\drivers\BrSerId.sys [2009-7-14 286720]
S3 BrSerWdm;Brother WDM Serial driver;C:\Windows\System32\drivers\BrSerWdm.sys [2009-7-14 47104]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\System32\drivers\BrUsbMdm.sys [2009-7-14 14976]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\System32\drivers\BrUsbSer.sys [2009-7-14 14720]
S3 BthEnum;Bluetooth Request Block Driver;C:\Windows\System32\drivers\bthenum.sys [2009-7-14 41984]
S3 BTHMODEM;Bluetooth Modem Communications Driver;C:\Windows\System32\drivers\bthmodem.sys [2009-7-14 72192]
S3 BthPan;Bluetooth Device (Personal Area Network);C:\Windows\System32\drivers\bthpan.sys [2009-7-14 118784]
S3 BTHPORT;Bluetooth Port Driver;C:\Windows\System32\drivers\bthport.sys [2012-8-16 552960]
S3 bthserv;Bluetooth Support Service;C:\Windows\System32\svchost.exe -k bthsvcs [2009-7-14 27136]
S3 BTHUSB;Bluetooth Radio USB Driver;C:\Windows\System32\drivers\BTHUSB.SYS [2012-6-5 80384]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-8-20 344616]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\System32\drivers\btwaudio.sys [2011-8-20 102952]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\System32\drivers\btwavdt.sys [2011-8-20 135720]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-8-20 39464]
S3 btwrchid;btwrchid;C:\Windows\System32\drivers\btwrchid.sys [2011-8-20 21544]
S3 circlass;Consumer IR Devices;C:\Windows\System32\drivers\circlass.sys [2009-7-14 45568]
S3 cmdide;cmdide;C:\Windows\System32\drivers\cmdide.sys [2009-7-14 17488]
S3 COMSysApp;COM+ System Application;C:\Windows\System32\dllhost.exe [2009-7-14 9728]
S3 defragsvc;Disk Defragmenter;C:\Windows\System32\svchost.exe -k defragsvc [2009-7-14 27136]
S3 dot3svc;Wired AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 drmkaud;Microsoft Trusted Audio Drivers;C:\Windows\System32\drivers\drmkaud.sys [2009-7-14 5632]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\Windows\System32\drivers\evbda.sys [2009-6-11 3286016]
S3 EFS;Encrypting File System (EFS);C:\Windows\System32\lsass.exe [2012-6-5 31232]
S3 elxstor;elxstor;C:\Windows\System32\drivers\elxstor.sys [2009-6-11 530496]
S3 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\System32\drivers\errdev.sys [2009-7-14 9728]
S3 exfat;exFAT File System Driver;C:\Windows\System32\drivers\exfat.sys [2009-7-14 195072]
S3 fdc;Floppy Disk Controller Driver;C:\Windows\System32\drivers\fdc.sys [2009-7-14 29696]
S3 Filetrace;Filetrace;C:\Windows\System32\drivers\filetrace.sys [2009-7-14 34304]
S3 flpydisk;Floppy Disk Driver;C:\Windows\System32\drivers\flpydisk.sys [2009-7-14 24576]
S3 FsDepends;File System Dependency Minifilter;C:\Windows\System32\drivers\fsdepends.sys [2009-7-14 55376]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\Windows\System32\drivers\GAGP30KX.SYS [2009-7-14 65088]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\System32\drivers\hcw85cir.sys [2009-7-14 31232]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\HdAudio.sys [2010-11-21 350208]
S3 HidBatt;HID UPS Battery Driver;C:\Windows\System32\drivers\hidbatt.sys [2009-7-14 26624]
S3 HidBth;Microsoft Bluetooth HID Miniport;C:\Windows\System32\drivers\hidbth.sys [2009-7-14 100864]
S3 HidIr;Microsoft Infrared HID Driver;C:\Windows\System32\drivers\hidir.sys [2009-7-14 46592]
S3 hidserv;Human Interface Device Access;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 HomeGroupListener;HomeGroup Listener;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-16 1071160]
S3 HpSAMD;HpSAMD;C:\Windows\System32\drivers\HpSAMD.sys [2010-11-21 78720]
S3 iaStorV;Intel RAID Controller Windows 7;C:\Windows\System32\drivers\iaStorV.sys [2012-6-5 410496]
S3 idsvc;Windows CardSpace;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2010-11-21 856400]
S3 iirsp;iirsp;C:\Windows\System32\drivers\iirsp.sys [2009-7-14 44112]
S3 intelide;intelide;C:\Windows\System32\drivers\intelide.sys [2009-7-14 16960]
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 IpFilterDriver;IP Traffic Filter Driver;C:\Windows\System32\drivers\ipfltdrv.sys [2010-11-21 82944]
S3 IPMIDRV;IPMIDRV;C:\Windows\System32\drivers\IPMIDrv.sys [2010-11-21 78848]
S3 IPNAT;IP Network Address Translator;C:\Windows\System32\drivers\ipnat.sys [2009-7-14 116224]
S3 IRENUM;IR Bus Enumerator;C:\Windows\System32\drivers\irenum.sys [2009-7-14 17920]
S3 isapnp;isapnp;C:\Windows\System32\drivers\isapnp.sys [2009-7-14 20544]
S3 iScsiPrt;iScsiPort Driver;C:\Windows\System32\drivers\msiscsi.sys [2010-11-21 273792]
S3 kbdhid;Keyboard HID Driver;C:\Windows\System32\drivers\kbdhid.sys [2010-11-21 33280]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-14 27136]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 LSI_FC;LSI_FC;C:\Windows\System32\drivers\lsi_fc.sys [2009-7-14 114752]
S3 LSI_SAS;LSI_SAS;C:\Windows\System32\drivers\lsi_sas.sys [2009-7-14 106560]
S3 LSI_SAS2;LSI_SAS2;C:\Windows\System32\drivers\lsi_sas2.sys [2009-7-14 65600]
S3 LSI_SCSI;LSI_SCSI;C:\Windows\System32\drivers\lsi_scsi.sys [2009-7-14 115776]
S3 megasas;megasas;C:\Windows\System32\drivers\megasas.sys [2009-6-11 35392]
S3 MegaSR;MegaSR;C:\Windows\System32\drivers\MegaSR.sys [2009-7-14 284736]
S3 Modem;Modem;C:\Windows\System32\drivers\modem.sys [2009-7-14 40448]
S3 mpio;mpio;C:\Windows\System32\drivers\mpio.sys [2010-11-21 155008]
S3 MRxDAV;WebDav Client Redirector Driver;C:\Windows\System32\drivers\mrxdav.sys [2010-11-21 140800]
S3 msdsm;msdsm;C:\Windows\System32\drivers\msdsm.sys [2010-11-21 140672]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\Windows\System32\drivers\mshidkmdf.sys [2009-7-14 8192]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 msiserver;Windows Installer;C:\Windows\System32\msiexec.exe [2010-11-21 128000]
S3 MSKSSRV;Microsoft Streaming Service Proxy;C:\Windows\System32\drivers\mskssrv.sys [2009-7-14 11136]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;C:\Windows\System32\drivers\mspclock.sys [2009-7-14 7168]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;C:\Windows\System32\drivers\mspqm.sys [2009-7-14 6784]
S3 MsRPC;MsRPC;C:\Windows\System32\drivers\msrpc.sys [2010-11-21 366976]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;C:\Windows\System32\drivers\mstee.sys [2009-7-14 8064]
S3 MTConfig;Microsoft Input Configuration Driver;C:\Windows\System32\drivers\MTConfig.sys [2009-7-14 15360]
S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
S3 NdisCap;NDIS Capture LightWeight Filter;C:\Windows\System32\drivers\ndiscap.sys [2009-7-14 35328]
S3 Netlogon;Netlogon;C:\Windows\System32\lsass.exe [2012-6-5 31232]
S3 nfrd960;nfrd960;C:\Windows\System32\drivers\nfrd960.sys [2009-7-14 51264]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 nv_agp;NVIDIA nForce AGP Bus Filter;C:\Windows\System32\drivers\NV_AGP.SYS [2009-7-14 122960]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver;C:\Windows\System32\drivers\nvm62x64.sys [2009-6-11 408960]
S3 nvraid;nvraid;C:\Windows\System32\drivers\nvraid.sys [2012-6-5 148352]
S3 nvstor;nvstor;C:\Windows\System32\drivers\nvstor.sys [2012-6-5 166272]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy);C:\Windows\System32\drivers\ohci1394.sys [2009-7-14 72832]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
S3 Parport;Parallel port driver;C:\Windows\System32\drivers\parport.sys [2009-7-14 97280]
S3 pciide;pciide;C:\Windows\System32\drivers\pciide.sys [2009-7-14 12352]
S3 pcmcia;pcmcia;C:\Windows\System32\drivers\pcmcia.sys [2009-7-14 220752]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-14 20992]
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
S3 Processor;Processor Driver;C:\Windows\System32\drivers\processr.sys [2009-7-14 60416]
S3 ProtectedStorage;Protected Storage;C:\Windows\System32\lsass.exe [2012-6-5 31232]
S3 ql2300;ql2300;C:\Windows\System32\drivers\ql2300.sys [2009-6-11 1524816]
S3 ql40xx;ql40xx;C:\Windows\System32\drivers\ql40xx.sys [2009-7-14 128592]
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 QWAVEdrv;QWAVE driver;C:\Windows\System32\drivers\qwavedrv.sys [2009-7-14 46592]
S3 RasAcd;Remote Access Auto Connection Driver;C:\Windows\System32\drivers\rasacd.sys [2009-7-14 14848]
S3 RasAuto;Remote Access Auto Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\Windows\System32\drivers\rdpbus.sys [2009-7-14 24064]
S3 RDPWD;RDP Winstation Driver;C:\Windows\System32\drivers\rdpwd.sys [2012-6-15 210944]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\Windows\System32\drivers\rfcomm.sys [2009-7-14 158720]
S3 RimUsb;BlackBerry Smartphone;C:\Windows\System32\drivers\RimUsb_AMD64.sys [2007-5-14 27520]
S3 RpcLocator;Remote Procedure Call (RPC) Locator;C:\Windows\System32\Locator.exe [2009-7-14 10240]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-8-20 335464]
S3 sbp2port;sbp2port;C:\Windows\System32\drivers\sbp2port.sys [2010-11-21 103808]
S3 scfilter;Smart card PnP Class Filter Driver;C:\Windows\System32\drivers\scfilter.sys [2010-11-21 29696]
S3 sdbus;sdbus;C:\Windows\System32\drivers\sdbus.sys [2010-11-21 109056]
S3 SDRSVC;Windows Backup;C:\Windows\System32\svchost.exe -k SDRSVC [2009-7-14 27136]
S3 SensrSvc;Adaptive Brightness;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 Serenum;Serenum Filter Driver;C:\Windows\System32\drivers\serenum.sys [2009-7-14 23552]
S3 Serial;Serial;C:\Windows\System32\drivers\serial.sys [2009-7-14 94208]
S3 sermouse;Serial Mouse Driver;C:\Windows\System32\drivers\sermouse.sys [2009-7-14 26624]
S3 SessionEnv;Remote Desktop Configuration;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 sffdisk;SFF Storage Class Driver;C:\Windows\System32\drivers\sffdisk.sys [2009-7-14 14336]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\System32\drivers\sffp_mmc.sys [2009-7-14 13824]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\Windows\System32\drivers\sffp_sd.sys [2010-11-21 14336]
S3 sfloppy;High-Capacity Floppy Disk Drive;C:\Windows\System32\drivers\sfloppy.sys [2009-7-14 16896]
S3 SharedAccess;Internet Connection Sharing (ICS);C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 SiSRaid2;SiSRaid2;C:\Windows\System32\drivers\sisraid2.sys [2009-6-11 43584]
S3 SiSRaid4;SiSRaid4;C:\Windows\System32\drivers\sisraid4.sys [2009-7-14 80464]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\System32\drivers\smb.sys [2009-7-14 93184]
S3 SNMPTRAP;SNMP Trap;C:\Windows\System32\snmptrap.exe [2009-7-14 14336]
S3 sppuinotify;SPP Notification Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 stexstor;stexstor;C:\Windows\System32\drivers\stexstor.sys [2009-7-14 24656]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 swprv;Microsoft Software Shadow Copy Provider;C:\Windows\System32\svchost.exe -k swprv [2009-7-14 27136]
S3 taphss;Anchorfree HSS Adapter;C:\Windows\System32\drivers\taphss.sys [2012-8-2 38632]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-1-4 42328]
S3 TCPIP6;Microsoft IPv6 Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-8-15 1910208]
S3 TDPIPE;TDPIPE;C:\Windows\System32\drivers\tdpipe.sys [2009-7-14 15872]
S3 TDTCP;TDTCP;C:\Windows\System32\drivers\tdtcp.sys [2012-6-4 23552]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\Windows\System32\drivers\tssecsrv.sys [2013-8-15 39936]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 uagp35;Microsoft AGPv3.5 Filter;C:\Windows\System32\drivers\UAGP35.SYS [2009-7-14 64080]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\System32\drivers\ULIAGPKX.SYS [2009-7-14 64592]
S3 UmPass;Microsoft UMPass Driver;C:\Windows\System32\drivers\umpass.sys [2009-7-14 9728]
S3 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\System32\drivers\usbcir.sys [2009-7-14 100352]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\Windows\System32\drivers\usbohci.sys [2012-6-5 25600]
S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\System32\drivers\usbprint.sys [2009-7-14 25088]
S3 usbscan;USB Scanner Driver;C:\Windows\System32\drivers\usbscan.sys [2009-7-14 41984]
S3 USBSTOR;USB Mass Storage Driver;C:\Windows\System32\drivers\USBSTOR.SYS [2012-6-5 91648]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\Windows\System32\drivers\usbuhci.sys [2012-6-5 30720]
S3 vga;vga;C:\Windows\System32\drivers\vgapnp.sys [2009-7-14 29184]
S3 vhdmp;vhdmp;C:\Windows\System32\drivers\vhdmp.sys [2010-11-21 215936]
S3 viaide;viaide;C:\Windows\System32\drivers\viaide.sys [2009-7-14 17488]
S3 vsmraid;vsmraid;C:\Windows\System32\drivers\vsmraid.sys [2009-6-11 161872]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\System32\drivers\wacompen.sys [2009-7-14 27776]
S3 WANARP;Remote Access IP ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2010-11-21 88576]
S3 Wd;Wd;C:\Windows\System32\drivers\wd.sys [2009-7-14 21056]
S3 WIMMount;WIMMount;C:\Windows\System32\drivers\wimmount.sys [2009-7-14 22096]
S3 WinUsb;WinUsb;C:\Windows\System32\drivers\winusb.sys [2010-11-21 41984]
S3 WudfPf;User Mode Driver Frameworks Platform Driver;C:\Windows\System32\drivers\WUDFPf.sys [2012-11-15 87040]
S3 WUDFRd;WUDFRd;C:\Windows\System32\drivers\WUDFRd.sys [2012-11-15 198656]
S4 cdfs;CD/DVD File System Reader;C:\Windows\System32\drivers\cdfs.sys [2009-7-14 92160]
S4 CertPropSvc;Certificate Propagation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86;C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-7-14 66384]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-14 89920]
S4 crcdisk;Crcdisk Filter Driver;C:\Windows\System32\drivers\crcdisk.sys [2009-7-14 24144]
S4 Fax;Fax;C:\Windows\System32\FXSSVC.exe [2010-11-21 689152]
S4 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs [2009-7-14 27136]
S4 MSDTC;Distributed Transaction Coordinator;C:\Windows\System32\msdtc.exe [2009-7-14 141824]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-7-14 116560]
S4 RemoteAccess;Routing and Remote Access;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S4 RemoteRegistry;Remote Registry;C:\Windows\System32\svchost.exe -k regsvc [2009-7-14 27136]
S4 SCardSvr;Smart Card;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S4 SCPolicySvc;Smart Card Removal Policy;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S4 seclogon;Secondary Logon;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S4 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S4 udfs;udfs;C:\Windows\System32\drivers\udfs.sys [2010-11-21 328192]
S4 ws2ifsl;Windows Socket 2.0 Non-IFS Service Provider Support Environment;C:\Windows\System32\drivers\ws2ifsl.sys [2009-7-14 21504]
.
=============== File Associations ===============
.
FileExt: .bat: batfile="%1" %*
FileExt: .cmd: cmdfile="%1" %*
FileExt: .com: comfile="%1" %*
FileExt: .exe: exefile="%1" %*
FileExt: .pif: piffile="%1" %*
FileExt: .scr: scrfile="%1" /S
FileExt: .reg: regfile=regedit.exe "%1"
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .chm: chm.file="C:\Windows\hh.exe" %1
FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .vbs: VBSFile="C:\Windows\System32\WScript.exe" "%1" %* [UserChoice]
ShellExec: AcroRD32.exe: Read="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe" "%1"
ShellExec: GarenaMessenger.exe: open="C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" "%1"
ShellExec: MovieMaker.exe: Open="C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
ShellExec: MOVIEMK.exe: open="C:\Program Files\Windows Movie Maker 6.0\MOVIEMK.exe" "%1"
ShellExec: mspaint.exe: edit="C:\Windows\System32\mspaint.exe" "%1"
ShellExec: notepad.exe: edit=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: notepad.exe: open=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: OIS.EXE: Edit=C:\PROGRA~1\MICROS~2\Office14\OIS.EXE /shellEdit "%1"
ShellExec: OIS.EXE: Open=C:\PROGRA~1\MICROS~2\Office14\OIS.EXE /shellOpen "%1"
ShellExec: OIS.EXE: Preview=C:\PROGRA~1\MICROS~2\Office14\OIS.EXE /shellPreview "%1"
ShellExec: Photoshop.exe: edit="C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe" "%1"
ShellExec: Photoshop.exe: open="C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe" "%1"
ShellExec: photoviewer.dll: open=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: photoviewer.dll: print=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: uTorrent.exe: open="C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1"
ShellExec: vegas110.exe: open="C:\Program Files\Sony\Vegas Pro 11.0\vegas110.exe" "%1"
ShellExec: vlc.exe: Open="C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
ShellExec: Winword.exe: edit="C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "%1"
ShellExec: WLXPhotoViewer.dll: open="C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"
ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"
ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"
.
=============== Created Last 60 ================
.
2013-09-19 16:59:15 -------- d-----w- C:\Users\hp\AppData\Roaming\Malwarebytes
2013-09-19 16:58:36 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-19 16:58:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-19 16:58:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-19 16:09:02 33400 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys
2013-09-19 16:08:58 378944 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2013-09-19 16:08:57 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-09-19 16:08:56 64288 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2013-09-19 16:08:56 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-09-19 16:08:53 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-09-19 16:08:53 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-09-19 16:08:34 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-09-19 16:08:32 287840 ----a-w- C:\Windows\System32\aswBoot.exe
2013-09-19 16:07:02 41664 ----a-w- C:\Windows\avastSS.scr
2013-09-19 16:06:16 -------- d-----w- C:\Program Files\AVAST Software
2013-09-19 16:05:20 -------- d-----w- C:\ProgramData\AVAST Software
2013-09-19 15:52:05 965008 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43C52E5B-8B20-425F-8694-206E012E870F}\gapaengine.dll
2013-09-19 15:50:59 9694160 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{114A548F-4CAB-41BB-B0D4-05F51A5C2B8A}\mpengine.dll
2013-09-19 15:16:52 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-09-19 15:16:36 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-09-18 01:01:36 9694160 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EC8BB8F1-28D9-4644-B30D-16E920B011C1}\mpengine.dll
2013-09-17 11:51:19 -------- d-----w- C:\Program Files (x86)\JDownloader
2013-09-17 11:46:49 -------- d-----w- C:\Program Files (x86)\WebConnect
2013-09-17 11:45:46 -------- d-----w- C:\Program Files (x86)\SimilarSites
2013-09-17 11:45:38 -------- d-----w- C:\Users\hp\AppData\Roaming\SimilarSites
2013-09-17 11:08:45 -------- d-----w- C:\Program Files (x86)\TunnelBear
2013-09-12 01:43:28 -------- d-----w- C:\MoTemp
2013-09-11 07:12:11 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-11 07:12:10 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-09-11 07:12:10 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-09-11 07:12:10 768512 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-09-11 07:12:10 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-09-11 07:12:10 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-09-11 07:12:10 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-11 07:12:09 305152 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-09-11 07:12:09 194560 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-09-11 07:12:09 182936 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-09-11 07:12:09 149656 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-09-11 07:12:08 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-09-11 07:12:08 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-09-11 07:12:07 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-09-11 07:12:07 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-09-11 07:12:07 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-11 07:12:06 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-09-11 07:12:05 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-09-11 07:12:05 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-09-11 07:12:05 548864 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2013-09-11 07:12:05 237056 ----a-w- C:\Windows\System32\url.dll
2013-09-11 07:12:05 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-09-11 07:12:05 194560 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-09-11 07:12:04 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-09-11 07:12:04 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-09-11 07:12:04 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-09-11 07:12:04 141312 ----a-w- C:\Program Files\Internet Explorer\jsdebuggeride.dll
2013-09-11 07:12:04 1346560 ----a-w- C:\Windows\System32\urlmon.dll
2013-09-11 07:12:04 1104896 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-09-11 07:12:03 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-09-11 07:12:03 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-09-11 07:12:03 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-09-11 07:12:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-11 07:12:03 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-09-11 07:12:03 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-11 07:12:03 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-09-11 07:12:02 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2013-09-11 07:12:02 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2013-09-11 07:12:02 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-09-11 07:12:02 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2013-09-11 07:12:02 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2013-09-11 07:12:02 104448 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-09-11 07:12:01 12335104 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-09-11 07:12:00 17833472 ----a-w- C:\Windows\System32\mshtml.dll
2013-09-11 07:11:59 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-09-11 07:11:59 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-09-10 19:54:18 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-10 19:54:14 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-09-10 19:54:14 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-09-10 19:54:12 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-09-10 19:54:12 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-09-10 19:54:10 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-09-10 19:54:10 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-09-10 19:54:10 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-09-10 19:54:10 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-09-10 19:54:10 1161216 ----a-w- C:\Windows\System32\kernel32.dll
2013-09-10 19:54:10 112640 ----a-w- C:\Windows\System32\smss.exe
2013-09-10 19:54:10 1114112 ----a-w- C:\Windows\SysWow64\kernel32.dll
2013-09-10 19:54:09 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-09-10 19:54:09 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-09-10 19:54:09 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-09-10 19:54:09 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 19:54:09 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 19:54:09 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-09-10 19:54:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-09-10 19:54:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-09-10 19:54:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-09-10 19:54:09 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-09-10 19:54:08 5120 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-09-10 19:54:08 5120 ---ha-w- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-09-10 19:54:08 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-09-10 19:54:08 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 19:54:08 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 19:54:08 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 19:54:08 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 19:54:08 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 19:54:08 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 19:54:08 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 19:54:08 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 19:54:08 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 19:54:08 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 19:54:08 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 19:54:08 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 19:54:08 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 19:54:08 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 19:54:08 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 19:54:08 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 19:54:08 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 19:54:08 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-09-10 19:54:08 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 19:54:08 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 19:54:08 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 19:54:08 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-09-10 19:54:08 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-09-10 19:54:08 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 19:54:07 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-09-10 19:54:07 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 19:54:07 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 19:54:07 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 19:54:07 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 19:54:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 19:54:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 19:54:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-09-10 19:54:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-09-10 19:54:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 19:54:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 19:54:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 19:54:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 19:54:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 19:54:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 19:54:07 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-09-10 19:54:07 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 19:54:07 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 19:54:07 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 19:54:07 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 19:54:07 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 19:54:07 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 19:54:07 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 19:54:06 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-09-10 19:54:06 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-09-10 19:54:06 6656 ----a-w- C:\Windows\System32\apisetschema.dll
2013-09-10 19:54:06 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 19:54:06 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 19:54:06 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-09-10 19:54:06 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-09-10 19:54:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-09-10 19:54:06 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-09-10 19:31:30 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-09-10 19:31:21 14172672 ----a-w- C:\Windows\System32\shell32.dll
2013-09-10 19:31:17 12872704 ----a-w- C:\Windows\SysWow64\shell32.dll
2013-09-10 19:31:16 197120 ----a-w- C:\Windows\System32\shdocvw.dll
2013-09-10 19:31:16 180224 ----a-w- C:\Windows\SysWow64\shdocvw.dll
2013-09-05 19:46:31 -------- d-----w- C:\Program Files (x86)\Xenocode
2013-09-05 19:46:23 -------- d-----w- C:\Windows\XSxS
2013-09-05 19:45:50 -------- d-----w- C:\ProgramData\AskPartnerNetwork
2013-09-05 19:45:50 -------- d-----w- C:\Program Files (x86)\AskPartnerNetwork
2013-09-05 19:45:17 -------- d-----w- C:\ProgramData\APN
2013-09-05 19:45:12 -------- d-----w- C:\ProgramData\YTD Video Downloader
2013-09-05 19:45:06 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
2013-09-05 19:17:04 -------- d-----w- C:\Users\hp\AppData\Roaming\PACE Anti-Piracy
2013-09-05 19:17:04 -------- d-----w- C:\Users\hp\AppData\Local\PACE Anti-Piracy
2013-09-05 19:17:04 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2013-09-05 19:17:04 -------- d-----w- C:\Program Files\Common Files\PACE Anti-Piracy
2013-09-05 19:00:19 56208 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2013-09-05 19:00:19 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2013-09-05 19:00:19 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2013-09-05 19:00:19 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2013-09-05 19:00:19 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2013-09-05 19:00:15 -------- d-----w- C:\Program Files (x86)\My Company Name
2013-09-04 16:41:40 -------- d-sh--w- C:\Windows\SysWow64\QWKPMC
2013-08-26 12:10:32 -------- d-----w- C:\Users\hp\AppData\Roaming\TeamViewer
2013-08-26 11:38:10 -------- d-----r- C:\Users\hp\Dropbox
2013-08-26 11:34:17 -------- d-----w- C:\Users\hp\AppData\Roaming\Dropbox
2013-08-16 15:14:19 -------- d-----w- C:\Program Files (x86)\Screaming Bee
2013-08-14 22:59:44 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-14 22:59:44 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-14 22:59:44 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-14 22:59:44 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-14 22:59:44 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-14 22:59:44 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-14 22:59:44 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-14 22:59:44 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-14 22:56:19 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-14 22:56:16 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-08-14 16:37:23 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-08-14 16:37:23 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-08-14 16:36:43 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-14 16:36:42 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-14 16:36:36 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-08-14 16:36:36 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-08-14 00:00:44 24286400 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2013-08-13 23:53:56 18634944 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2013-08-09 03:14:57 -------- d-----w- C:\Users\hp\AppData\Roaming\Locktime
2013-08-09 03:14:13 -------- d-----w- C:\ProgramData\Locktime
2013-08-09 03:14:01 -------- d-----w- C:\Program Files\NetLimiter 2 Pro
2013-08-09 02:47:20 -------- d-----w- C:\Users\hp\AppData\Local\vghd
2013-07-23 11:28:34 7394472 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OSETUP.DLL
.
==================== Find6M  ====================
.
2013-09-14 00:41:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-14 00:41:09 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-01 09:08:54 79143768 ----a-w- C:\Windows\System32\MRT.exe
2013-08-02 01:48:11 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-06-18 13:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-18 13:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-09 23:08:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-09 23:34:01 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-04-03 00:54:24 46280 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys
2013-04-02 22:51:57 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll
.
============= FINISH: 22:05:13.01 ===============


Edited by cedrickcapati, 20 September 2013 - 09:23 AM.


#4 cedrickcapati

cedrickcapati
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 20 September 2013 - 09:18 AM

I can't attach the file to be attached, it always fails I don't know why althou I already put it inside a .zip


Edited by cedrickcapati, 20 September 2013 - 09:22 AM.


#5 cedrickcapati

cedrickcapati
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 20 September 2013 - 09:34 AM

ark.txt content

 

 

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-09-20 22:27:57
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE3O 465.76GB
Running: mwcimpf8.exe; Driver: C:\Users\hp\AppData\Local\Temp\uxldipow.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4288:5032]                                     000007fefde70168
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4288:5048]                                     000007fefc072a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4288:5116]                                     000007fefa865124
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4288:1896]                                     000007fefde70168
 
---- Registry - GMER 2.1 ----
 
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                               2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                              2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                       1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                        aswFsBlk
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                              FSFilter Activity Monitor
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                    FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                        avast! mini-filter driver (aswFsBlk)
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                          aswFsBlk Instance
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                        
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude               388400
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                  0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                              2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                             2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                         \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                       aswMonFlt
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                             FSFilter Anti-Virus
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                   FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                       avast! mini-filter driver (aswMonFlt)
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                         
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                         aswMonFlt Instance
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude             320700
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                            \SystemRoot\System32\Drivers\aswrdr2.sys
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                          aswRdr
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                PNP_TDI
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                      tcpip?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                          avast! WFP Redirect driver
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                        
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                        nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                               0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                        1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                         aswRvrt
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                         avast! Revert
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                              3
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                              12282
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                               \Device\Harddisk0\Partition2\Windows
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                 2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                          aswSnx
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                FSFilter Virtualization
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                      FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                          avast! virtualization driver (aswSnx)
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                  2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                            
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                            aswSnx Instance
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                            
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                   137600
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                      0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                             \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                  1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                          1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                           aswSP
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                           avast! Self Protection
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                            
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                              \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                 \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                         \DosDevices\C:\Program Files
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                               \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                       
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                          avast! Network Shield Support
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                PNP_TDI
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                      tcpip?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                          avast! Network Shield TDI driver
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                  13
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                          aswVmm
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                          avast! VM Monitor
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                       32
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                      2
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                               1
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                  "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                avast! Antivirus
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                      ShellSvcGroup
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                            aswMonFlt?RpcSS?
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                 LocalSystem
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                             1
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                            
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf4213b47                        
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf4213b47@9c0298f0274b           0xB6 0x34 0xFE 0x53 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf4213b47@f0e77e535bab           0x77 0x89 0x1C 0xAE ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf4213b47@147411fc20cd           0x58 0xDF 0x84 0xA7 ...
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                   2
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                  2
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                           1
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                            aswFsBlk
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                  FSFilter Activity Monitor
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                        FltMgr?
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                            avast! mini-filter driver (aswFsBlk)
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                    2
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                      
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                              aswFsBlk Instance
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)    
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                   388400
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                      0
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                  2
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                 2
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                          1
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                             \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                           aswMonFlt
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                 FSFilter Anti-Virus
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                       FltMgr?
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                           avast! mini-filter driver (aswMonFlt)
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                     
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                             aswMonFlt Instance
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                 320700
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                    0
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                \SystemRoot\System32\Drivers\aswrdr2.sys
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                     1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                              aswRdr
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                    PNP_TDI
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                          tcpip?
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                              avast! WFP Redirect driver
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                       
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                            
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                            nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                   0
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                            1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                             aswRvrt
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description                                             avast! Revert
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                      
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                  3
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                  12282
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                   \Device\Harddisk0\Partition2\Windows
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                     2
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                              aswSnx
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                    FSFilter Virtualization
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                          FltMgr?
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                              avast! virtualization driver (aswSnx)
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag                                                      2
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                        
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                aswSnx Instance
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)        
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                       137600
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                          0
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                       
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                 \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                    \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                      1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                     1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                              1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                               aswSP
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                               avast! Self Protection
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                        
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                  \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                     \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                             \DosDevices\C:\Program Files
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                   \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                     1
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                              avast! Network Shield Support
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                    PNP_TDI
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                          tcpip?
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                              avast! Network Shield TDI driver
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                      13
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                     1
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                    0
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                              aswVmm
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                              avast! VM Monitor
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                       
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                           32
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                          2
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                   1
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                      "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                    avast! Antivirus
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                          ShellSvcGroup
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                aswMonFlt?RpcSS?
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                          1
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                     LocalSystem
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                 1
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                    Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf4213b47 (not active ControlSet)    
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf4213b47@9c0298f0274b               0xB6 0x34 0xFE 0x53 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf4213b47@f0e77e535bab               0x77 0x89 0x1C 0xAE ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf4213b47@147411fc20cd               0x58 0xDF 0x84 0xA7 ...
 
---- EOF - GMER 2.1 ----


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 4,431 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 AM

Posted 21 September 2013 - 05:30 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#7 cedrickcapati

cedrickcapati
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 21 September 2013 - 07:06 AM

ComboFix.txt Content

 

ComboFix 13-09-19.01 - hp 09/21/2013  19:19:50.1.4 - x64

Microsoft Windows 7 Home Basic   6.1.7601.1.1252.63.1033.18.4044.2563 [GMT 8:00]
Running from: c:\users\hp\Desktop\VO\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Local Settings\Temp
c:\windows\SysWow64\QWKPMC\AKV.exe
c:\windows\SysWow64\QWKPMC\TGT.001
c:\windows\SysWow64\QWKPMC\TGT.002
c:\windows\SysWow64\QWKPMC\TGT.004
c:\windows\SysWow64\QWKPMC\TGT.005
c:\windows\SysWow64\QWKPMC\TGT.008
c:\windows\SysWow64\QWKPMC\TGT.009
c:\windows\XSxS
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-21 to 2013-09-21  )))))))))))))))))))))))))))))))
.
.
2013-09-20 23:49 . 2013-09-15 16:50 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8DE4D61-E032-4351-AB87-844D9053F775}\mpengine.dll
2013-09-19 16:59 . 2013-09-19 16:59 -------- d-----w- c:\users\hp\AppData\Roaming\Malwarebytes
2013-09-19 16:58 . 2013-09-19 16:58 -------- d-----w- c:\programdata\Malwarebytes
2013-09-19 16:58 . 2013-09-20 13:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-19 16:58 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-19 16:09 . 2013-08-30 07:48 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-09-19 16:08 . 2013-08-30 07:48 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-09-19 16:08 . 2013-08-30 07:48 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-09-19 16:08 . 2013-08-30 07:48 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-09-19 16:08 . 2013-08-30 07:48 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-19 16:08 . 2013-08-30 07:48 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-19 16:08 . 2013-08-30 07:48 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-19 16:08 . 2013-08-30 07:48 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-19 16:08 . 2013-08-30 07:47 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-09-19 16:07 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr
2013-09-19 16:06 . 2013-09-19 16:06 -------- d-----w- c:\program files\AVAST Software
2013-09-19 16:05 . 2013-09-19 16:06 -------- d-----w- c:\programdata\AVAST Software
2013-09-19 15:52 . 2013-09-04 13:58 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43C52E5B-8B20-425F-8694-206E012E870F}\gapaengine.dll
2013-09-19 15:50 . 2013-09-15 16:50 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-19 15:16 . 2013-09-19 15:16 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-09-19 15:16 . 2013-09-19 15:17 -------- d-----w- c:\program files\Microsoft Security Client
2013-09-18 01:01 . 2013-09-05 05:32 9694160 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC8BB8F1-28D9-4644-B30D-16E920B011C1}\mpengine.dll
2013-09-17 11:51 . 2013-09-19 14:25 -------- d-----w- c:\program files (x86)\JDownloader
2013-09-17 11:46 . 2013-09-21 07:41 -------- d-----w- c:\program files (x86)\WebConnect
2013-09-17 11:45 . 2013-09-17 11:45 -------- d-----w- c:\program files (x86)\SimilarSites
2013-09-17 11:45 . 2013-09-17 11:45 -------- d-----w- c:\users\hp\AppData\Roaming\SimilarSites
2013-09-17 11:08 . 2013-09-17 15:10 -------- d-----w- c:\program files (x86)\TunnelBear
2013-09-12 01:43 . 2013-09-12 01:43 -------- d-----w- C:\MoTemp
2013-09-11 07:11 . 2013-07-31 13:42 10926080 ----a-w- c:\windows\system32\ieframe.dll
2013-09-10 19:31 . 2013-08-08 01:20 3155456 ----a-w- c:\windows\system32\win32k.sys
2013-09-10 19:31 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-09-10 19:31 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-09-05 19:46 . 2013-09-05 19:46 -------- d-----w- c:\program files (x86)\Xenocode
2013-09-05 19:45 . 2013-09-05 19:45 -------- d-----w- c:\programdata\AskPartnerNetwork
2013-09-05 19:45 . 2013-09-05 19:45 -------- d-----w- c:\program files (x86)\AskPartnerNetwork
2013-09-05 19:45 . 2013-09-05 19:45 -------- d-----w- c:\programdata\APN
2013-09-05 19:45 . 2013-09-05 19:45 -------- d-----w- c:\programdata\YTD Video Downloader
2013-09-05 19:45 . 2013-09-05 19:45 -------- d-----w- c:\program files (x86)\GreenTree Applications
2013-09-05 19:17 . 2013-09-05 19:17 -------- d-----w- c:\users\hp\AppData\Roaming\PACE Anti-Piracy
2013-09-05 19:17 . 2013-09-05 19:17 -------- d-----w- c:\users\hp\AppData\Local\PACE Anti-Piracy
2013-09-05 19:17 . 2013-09-05 19:17 -------- d-----w- c:\programdata\PACE Anti-Piracy
2013-09-05 19:17 . 2013-09-05 19:17 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2013-09-05 19:00 . 2013-09-05 19:00 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2013-09-05 19:00 . 2013-09-05 19:00 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2013-09-05 19:00 . 2011-11-02 19:01 56208 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2013-09-05 19:00 . 2011-10-16 19:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2013-09-05 19:00 . 2011-10-16 19:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2013-09-05 19:00 . 2013-09-05 19:00 -------- d-----w- c:\program files (x86)\My Company Name
2013-09-04 16:41 . 2013-09-21 11:31 -------- d-sh--w- c:\windows\SysWow64\QWKPMC
2013-08-26 12:10 . 2013-08-26 12:16 -------- d-----w- c:\users\hp\AppData\Roaming\TeamViewer
2013-08-26 11:38 . 2013-09-04 14:26 -------- d-----r- c:\users\hp\Dropbox
2013-08-26 11:34 . 2013-09-05 02:44 -------- d-----w- c:\users\hp\AppData\Roaming\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 16:42 . 2012-12-29 17:08 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-20 16:42 . 2012-12-29 17:08 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-01 09:08 . 2012-06-12 04:01 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-02 01:48 . 2013-09-10 19:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-14 16:36 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 16:36 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 16:37 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 16:37 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-14 22:59 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 16:36 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 22:59 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 22:59 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 22:59 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 16:36 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 22:59 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 22:59 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 22:59 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 22:59 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-14 22:56 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Garena Plus"="c:\program files (x86)\Garena Plus\GarenaMessenger.exe" [2013-09-05 9846576]
"GarenaPlus"="c:\program files (x86)\Garena Plus\GarenaMessenger.exe" [2013-09-05 9846576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-07 336384]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-08-20 1601488]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver; [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport; [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 huawei_enumerator;huawei_enumerator; [x]
R3 hwusbdev;Huawei DataCard USB PNP Device; [x]
R3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys;c:\windows\SYSNATIVE\DRIVERS\nbdrv.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 slb;slb;c:\aeriagames\ScarletBlade\avital\scarlb64.sys;c:\aeriagames\ScarletBlade\avital\scarlb64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys;c:\windows\SYSNATIVE\drivers\nltdi.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 04:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-29 16:42]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-686667189-1181226332-2319783531-1000Core.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08 14:19]
.
2013-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-686667189-1181226332-2319783531-1000UA.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08 14:19]
.
2013-09-05 c:\windows\Tasks\HPCeeScheduleForHP-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-09-16 c:\windows\Tasks\HPCeeScheduleForhp.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-08 391704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-18 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: %SystemRoot%\system32\PrxerDrv.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}: NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\05C44445D4974435C4: NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\14465502E45647: NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\2554440275966496: NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\341405144594D274D2755405: NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\5303075637F63707562786F65727: NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\6796F6C6564716: NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\E6F6E296E6475627E65647E286562756E2472797E2F647865627E2F6E656: NameServer = 4.2.2.4
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Explorer_Run-830 - c:\progra~3\LOCALS~1\Temp\mscsvvkx.com
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:da,92,54,b9,b1,d5,55,66,00,ab,01,a0,ad,04,ba,a5,e1,d1,e1,5e,c8,
   07,ef,db,04,5d,e4,68,36,9e,42,ec,07,76,c1,dd,b0,1d,5b,92,1e,f3,f1,3b,41,2b,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:da,92,54,b9,b1,d5,55,66,00,ab,01,a0,ad,04,ba,a5,e1,d1,e1,5e,c8,
   07,ef,db,04,5d,e4,68,36,9e,42,ec,07,76,c1,dd,b0,1d,5b,92,1e,f3,f1,3b,41,2b,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Garena Plus\ggdllhost.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-09-21  19:50:50 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-21 11:50
.
Pre-Run: 13,995,380,736 bytes free
Post-Run: 13,376,028,672 bytes free
.
- - End Of File - - CD0D20C1F14F673C6C7B677B5AFCAC6B


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 4,431 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 AM

Posted 23 September 2013 - 04:26 AM

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either avas! or MSE.


My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#9 cedrickcapati

cedrickcapati
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 23 September 2013 - 05:18 AM

Okay I already uninstalled MSE, so is my system clean? or do you recommend other things to do?



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 4,431 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 AM

Posted 23 September 2013 - 07:59 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

Attached Files


My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#11 cedrickcapati

cedrickcapati
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 23 September 2013 - 09:19 AM

ComboFix.txt Content
 

ComboFix 13-09-22.01 - hp 09/23/2013  21:38:56.2.4 - x64
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.63.1033.18.4044.2680 [GMT 8:00]
Running from: c:\users\hp\Desktop\VO\ComboFix.exe
Command switches used :: c:\users\hp\Desktop\VO\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AskPartnerNetwork
c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\1031.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\1033.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\1034.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\1036.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\1040.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\1041.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\1043.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\1045.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\1049.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\2070.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\[email protected]
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\AskToolbarInstaller-12.3.0_SGT-V7.msi
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}\Toolbar.crx
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\ToolbarCR.crx
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\Update.xml
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\program files\AskPartnerNetwork\Toolbar\SO.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}\config.xml
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml
c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\ask-search.xml
c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\SGT-V7\config.xml
c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
c:\program files (x86)\GreenTree Applications
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\COPYING.Apachev2
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\COPYING.LGPLv2
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\COPYING.LGPLv3
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\FFMPEG.EXE
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1025.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1026.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1029.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1030.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1031.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1032.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1033.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1034.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1035.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1036.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1038.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1040.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1043.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1044.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1045.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1048.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1049.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1050.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1051.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1052.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1053.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1055.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1059.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1060.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res1061.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res2052.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res2070.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res2074.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Lang\res9999.ini
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\librtmp.dll
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\libvlc.dll
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\libvlccore.dll
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\LICENSE
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\manual.bat
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\access\.svn\all-wcprops
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\access\.svn\entries
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\access\.svn\prop-base\libfilesystem_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\access\.svn\text-base\libfilesystem_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\access\libfilesystem_plugin.dll
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_filter\.svn\all-wcprops
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_filter\.svn\entries
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_filter\.svn\prop-base\libaudio_format_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_filter\.svn\prop-base\libtrivial_channel_mixer_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_filter\.svn\prop-base\libugly_resampler_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_filter\.svn\text-base\libaudio_format_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_filter\.svn\text-base\libtrivial_channel_mixer_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_filter\.svn\text-base\libugly_resampler_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_filter\libaudio_format_plugin.dll
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_filter\libugly_resampler_plugin.dll
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_mixer\.svn\all-wcprops
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_mixer\.svn\entries
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_mixer\.svn\prop-base\libfloat_mixer_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_mixer\.svn\prop-base\libinteger_mixer_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_mixer\.svn\text-base\libfloat_mixer_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_mixer\.svn\text-base\libinteger_mixer_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_mixer\libfloat_mixer_plugin.dll
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_mixer\libinteger_mixer_plugin.dll
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_output\.svn\all-wcprops
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_output\.svn\entries
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_output\.svn\prop-base\libdirectsound_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_output\.svn\text-base\libdirectsound_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\audio_output\libdirectsound_plugin.dll
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\codec\.svn\all-wcprops
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\codec\.svn\entries
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\codec\.svn\prop-base\libavcodec_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\codec\.svn\text-base\libavcodec_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\codec\libavcodec_plugin.dll
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\plugins.dat
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_filter\.svn\all-wcprops
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_filter\.svn\entries
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_filter\.svn\prop-base\libswscale_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_filter\.svn\text-base\libswscale_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_filter\libswscale_plugin.dll
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\.svn\all-wcprops
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\.svn\entries
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\.svn\prop-base\libdirect3d_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\.svn\prop-base\libdrawable_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\.svn\prop-base\libvmem_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\.svn\prop-base\libwingdi_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\.svn\text-base\libdirect3d_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\.svn\text-base\libdrawable_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\.svn\text-base\libvmem_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\.svn\text-base\libwingdi_plugin.dll.svn-base
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\libdirect3d_plugin.dll
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\libdrawable_plugin.dll
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\libvmem_plugin.dll
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\plugins\video_output\libwingdi_plugin.dll
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\scripts.yds
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\Uninstall.exe
c:\program files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe
c:\program files (x86)\SimilarSites
c:\program files (x86)\uTorrentControl2
c:\program files (x86)\uTorrentControl2\GottenAppsContextMenu.xml
c:\program files (x86)\uTorrentControl2\ldrtbuTo0.dll
c:\program files (x86)\uTorrentControl2\ldrtbuTor.dll
c:\program files (x86)\uTorrentControl2\OtherAppsContextMenu.xml
c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll
c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
c:\program files (x86)\uTorrentControl2\SharedAppsContextMenu.xml
c:\program files (x86)\uTorrentControl2\tbuTo0.dll
c:\program files (x86)\uTorrentControl2\tbuTor.dll
c:\program files (x86)\uTorrentControl2\toolbar.cfg
c:\program files (x86)\uTorrentControl2\ToolbarContextMenu.xml
c:\program files (x86)\uTorrentControl2\uninstall.exe
c:\program files (x86)\uTorrentControl2\uTorrentControl2ToolbarHelper.exe
c:\program files (x86)\uTorrentControl2\uTorrentControl2ToolbarHelper1.exe
c:\programdata\APN
c:\programdata\AskPartnerNetwork
c:\programdata\AskPartnerNetwork\Toolbar\SGT-V7\CRX\ToolbarCR.crx
c:\programdata\AskPartnerNetwork\Toolbar\SGT-V7\Updater\Config\Config.31.2.0.0-3.xml
c:\programdata\AskPartnerNetwork\Toolbar\SGT-V7\Updater\Response\Response.31.2.0.0-12.xml
c:\programdata\AskPartnerNetwork\Toolbar\SGT-V7\Updater\Response\Response.31.2.0.0-13.xml
c:\programdata\YTD Video Downloader
c:\programdata\YTD Video Downloader\savedItems.ysi
c:\programdata\YTD Video Downloader\scripts0.yds
c:\users\hp\AppData\Roaming\SimilarSites
c:\windows\SysWow64\QWKPMC
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_APNMCP
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-23 to 2013-09-23  )))))))))))))))))))))))))))))))
.
.
2013-09-19 16:59 . 2013-09-19 16:59 -------- d-----w- c:\users\hp\AppData\Roaming\Malwarebytes
2013-09-19 16:58 . 2013-09-19 16:58 -------- d-----w- c:\programdata\Malwarebytes
2013-09-19 16:58 . 2013-09-20 13:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-19 16:58 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-19 16:09 . 2013-08-30 07:48 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-09-19 16:08 . 2013-08-30 07:48 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-09-19 16:08 . 2013-08-30 07:48 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-09-19 16:08 . 2013-08-30 07:48 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-09-19 16:08 . 2013-08-30 07:48 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-19 16:08 . 2013-08-30 07:48 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-19 16:08 . 2013-08-30 07:48 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-19 16:08 . 2013-08-30 07:48 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-19 16:08 . 2013-08-30 07:47 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-09-19 16:07 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr
2013-09-19 16:06 . 2013-09-19 16:06 -------- d-----w- c:\program files\AVAST Software
2013-09-19 16:05 . 2013-09-19 16:06 -------- d-----w- c:\programdata\AVAST Software
2013-09-18 01:01 . 2013-09-05 05:32 9694160 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC8BB8F1-28D9-4644-B30D-16E920B011C1}\mpengine.dll
2013-09-17 11:51 . 2013-09-19 14:25 -------- d-----w- c:\program files (x86)\JDownloader
2013-09-17 11:08 . 2013-09-17 15:10 -------- d-----w- c:\program files (x86)\TunnelBear
2013-09-12 01:43 . 2013-09-12 01:43 -------- d-----w- C:\MoTemp
2013-09-11 07:11 . 2013-07-31 13:42 10926080 ----a-w- c:\windows\system32\ieframe.dll
2013-09-10 19:31 . 2013-08-08 01:20 3155456 ----a-w- c:\windows\system32\win32k.sys
2013-09-10 19:31 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-09-10 19:31 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-09-05 19:46 . 2013-09-05 19:46 -------- d-----w- c:\program files (x86)\Xenocode
2013-09-05 19:17 . 2013-09-05 19:17 -------- d-----w- c:\users\hp\AppData\Roaming\PACE Anti-Piracy
2013-09-05 19:17 . 2013-09-05 19:17 -------- d-----w- c:\users\hp\AppData\Local\PACE Anti-Piracy
2013-09-05 19:17 . 2013-09-05 19:17 -------- d-----w- c:\programdata\PACE Anti-Piracy
2013-09-05 19:17 . 2013-09-05 19:17 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2013-09-05 19:00 . 2013-09-05 19:00 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2013-09-05 19:00 . 2013-09-05 19:00 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2013-09-05 19:00 . 2011-11-02 19:01 56208 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2013-09-05 19:00 . 2011-10-16 19:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2013-09-05 19:00 . 2011-10-16 19:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2013-09-05 19:00 . 2013-09-05 19:00 -------- d-----w- c:\program files (x86)\My Company Name
2013-08-26 12:10 . 2013-08-26 12:16 -------- d-----w- c:\users\hp\AppData\Roaming\TeamViewer
2013-08-26 11:38 . 2013-09-04 14:26 -------- d-----r- c:\users\hp\Dropbox
2013-08-26 11:34 . 2013-09-05 02:44 -------- d-----w- c:\users\hp\AppData\Roaming\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 16:42 . 2012-12-29 17:08 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-20 16:42 . 2012-12-29 17:08 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-01 09:08 . 2012-06-12 04:01 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-02 01:48 . 2013-09-10 19:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-14 16:36 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 16:36 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 16:37 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 16:37 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-14 22:59 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 16:36 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 22:59 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 22:59 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 22:59 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 16:36 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 22:59 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 22:59 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 22:59 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 22:59 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-14 22:56 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Garena Plus"="c:\program files (x86)\Garena Plus\GarenaMessenger.exe" [2013-09-05 9846576]
"GarenaPlus"="c:\program files (x86)\Garena Plus\GarenaMessenger.exe" [2013-09-05 9846576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-07 336384]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"830"="c:\progra~3\LOCALS~1\Temp\mscsvvkx.com" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver; [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport; [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 huawei_enumerator;huawei_enumerator; [x]
R3 hwusbdev;Huawei DataCard USB PNP Device; [x]
R3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys;c:\windows\SYSNATIVE\DRIVERS\nbdrv.sys [x]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 slb;slb;c:\aeriagames\ScarletBlade\avital\scarlb64.sys;c:\aeriagames\ScarletBlade\avital\scarlb64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys;c:\windows\SYSNATIVE\drivers\nltdi.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 04:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-29 16:42]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-686667189-1181226332-2319783531-1000Core.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08 14:19]
.
2013-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-686667189-1181226332-2319783531-1000UA.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08 14:19]
.
2013-09-05 c:\windows\Tasks\HPCeeScheduleForHP-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-09-21 c:\windows\Tasks\HPCeeScheduleForhp.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-08 391704]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: %SystemRoot%\system32\PrxerDrv.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}: NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\05C44445D4974435C4: NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\14465502E45647: NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\2554440275966496: NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\341405144594D274D2755405: NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\5303075637F63707562786F65727: NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\6796F6C6564716: NameServer = 4.2.2.4
TCP: Interfaces\{70B83E6F-8FAD-47B2-BD26-DFFE967D6D4E}\E6F6E296E6475627E65647E286562756E2472797E2F647865627E2F6E656: NameServer = 4.2.2.4
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll
Wow6432Node-HKLM-Run-ApnTBMon - c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-uTorrentControl2 Toolbar - c:\program files (x86)\uTorrentControl2\uninstall.exe
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:da,92,54,b9,b1,d5,55,66,00,ab,01,a0,ad,04,ba,a5,e1,d1,e1,5e,c8,
   07,ef,db,04,5d,e4,68,36,9e,42,ec,07,76,c1,dd,b0,1d,5b,92,1e,f3,f1,3b,41,2b,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:da,92,54,b9,b1,d5,55,66,00,ab,01,a0,ad,04,ba,a5,e1,d1,e1,5e,c8,
   07,ef,db,04,5d,e4,68,36,9e,42,ec,07,76,c1,dd,b0,1d,5b,92,1e,f3,f1,3b,41,2b,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Garena Plus\ggdllhost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-09-23  22:08:04 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-23 14:07
ComboFix2.txt  2013-09-21 11:50
.
Pre-Run: 97,336,008,704 bytes free
Post-Run: 114,139,316,224 bytes free
.
- - End Of File - - CDEFC675A32BC90A799869B206F72D90


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 4,431 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 AM

Posted 23 September 2013 - 09:23 AM

Then we need the MBAM log as well


My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#13 cedrickcapati

cedrickcapati
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 23 September 2013 - 10:48 AM

MBAM log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.20.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
hp :: HP-HP [administrator]
 
9/23/2013 10:15:06 PM
mbam-log-2013-09-23 (22-15-06).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 425756
Time elapsed: 1 hour(s), 52 minute(s), 35 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 4
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\WEBCONNECT (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 3
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0S1S1T0E1J1L1H1R -> Quarantined and deleted successfully.
HKCU\Software\WebConnect|iid (PUP.Optional.WebConnect.A) -> Data: def_WebConnect -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|830 (Trojan.Agent.Gen) -> Data: C:\PROGRA~3\LOCALS~1\Temp\mscsvvkx.com -> Delete on reboot.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\Program Files (x86)\WebConnect (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully.
 
Files Detected: 14
C:\Program Files (x86)\Adobe\Adobe Bridge CS6\AMTLib.dll (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe (PUP.Optional.ASKToolbar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebConnect\WebConnect.Common.dll (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\SysWOW64\QWKPMC\AKV.exe.vir (Trojan.Ardamax) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\SysWOW64\QWKPMC\TGT.001.vir (Trojan.Ardamax) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\SysWOW64\QWKPMC\TGT.002.vir (PUP.Ardamax) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebConnect\ieakfmpjhljbpbfpldjkddkjmmgjmgon.crx (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebConnect\Microsoft.Win32.TaskScheduler.dll (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebConnect\sqlite3.exe (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebConnect\updateWebConnect.InstallState (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebConnect\WebConnect.ico (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebConnect\WebConnectUninstall.exe (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully.
 
(end)


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 4,431 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 AM

Posted 23 September 2013 - 10:51 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 4,431 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 AM

Posted 26 September 2013 - 06:47 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users