Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSIL: Crypt-DT[Trj]


  • This topic is locked This topic is locked
22 replies to this topic

#1 dmantek

dmantek

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 09 February 2013 - 06:45 PM

Avast detected this and I need assistance removing this trojan. 

Thanks,

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 09 February 2013 - 07:31 PM


Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-
  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
information and logs
  • In your next post I need the following
    • both reports from DDS
    • report from security check
    • let me know of any problems you may have had
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dmantek

dmantek
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 09 February 2013 - 07:31 PM

I am posting the contents of DDS and attaching ATTACH.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457
Run by CARNEL at 19:33:31 on 2013-02-10
#Option Extended Search is enabled.
#Option Whitelisting is disabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3563.1050 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\Sun\Java\bin\javaw.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Users\CARNEL\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Sun\Java\bin\javaw.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN16982338474795175&ctid=CT3272718
uLocal Page = C:\Windows\System32\blank.htm
uSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = C:\Windows\SysWOW64\blank.htm
mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
mDefault_Page_URL = hxxp://acer.msn.com
mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
mWinlogon: Shell = explorer.exe
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\CARNEL\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Java Updater Module] C:\Windows\Sun\Java\bin\javaw.exe -jar C:\Windows\config\systemprofile\AppData\Local\Google\Update\Manifest\Initial\1e611a00
uRun: [GoogleChromeAutoLaunch_8AE6930BC8CD0544759772C2F5FB636C] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: ForceActiveDesktopOn = dword:0
mPolicies-Explorer: NoRun = dword:0
mPolicies-Explorer: NoControlPanel = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableSecureUIAPaths = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:1
mPolicies-System: ValidateAdminCodeSignatures = dword:0
mPolicies-System: dontdisplaylastusername = dword:0
mPolicies-System: scforceoption = dword:0
mPolicies-System: shutdownwithoutlogon = dword:1
mPolicies-System: undockwithoutlogon = dword:1
mPolicies-System: FilterAdministratorToken = dword:0
mPolicies-Windows\System: DisableCMD = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
LSP: %SystemRoot%\system32\mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{17D7AA5B-60E2-4404-871A-6E72437A60E3} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{17D7AA5B-60E2-4404-871A-6E72437A60E3}\24C616E6361602D4F63786F6E6163772370296D41636 : DHCPNameServer = 10.0.2.1
TCP: Interfaces\{17D7AA5B-60E2-4404-871A-6E72437A60E3}\2656C6B696E6E2660356 : DHCPNameServer = 192.168.2.1
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
AppInit_DLLs= c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
SecurityProviders: SecurityProviders = credssp.dll
LSA: Authentication Packages =  msv1_0
LSA: Notification Packages =  scecli
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
x64-mStart Page = hxxp://acer.msn.com
x64-mLocal Page = C:\Windows\System32\blank.htm
x64-mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mDefault_Page_URL = hxxp://acer.msn.com
x64-mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mWinlogon: Shell = explorer.exe
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll
x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
x64-mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
x64-mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ACPI;Microsoft ACPI Driver;C:\Windows\System32\drivers\acpi.sys [2010-11-20 334208]
R0 amdxata;amdxata;C:\Windows\System32\drivers\amdxata.sys [2011-7-14 27008]
R0 atapi;IDE Channel;C:\Windows\System32\drivers\atapi.sys [2009-7-13 24128]
R0 CLFS;Common Log (CLFS);C:\Windows\System32\clfs.sys [2009-7-13 367696]
R0 CNG;CNG;C:\Windows\System32\drivers\cng.sys [2012-7-12 458704]
R0 Compbatt;Microsoft Composite Battery Driver;C:\Windows\System32\drivers\compbatt.sys [2009-7-13 21584]
R0 Disk;Disk Driver;C:\Windows\System32\drivers\disk.sys [2009-7-13 73280]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\System32\drivers\fileinfo.sys [2009-7-13 70224]
R0 FltMgr;FltMgr;C:\Windows\System32\drivers\fltMgr.sys [2010-11-20 289664]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\Windows\System32\drivers\fvevol.sys [2010-11-20 223248]
R0 hwpolicy;Hardware Policy Driver;C:\Windows\System32\drivers\hwpolicy.sys [2010-11-20 14720]
R0 KSecDD;KSecDD;C:\Windows\System32\drivers\ksecdd.sys [2012-7-12 95600]
R0 KSecPkg;KSecPkg;C:\Windows\System32\drivers\ksecpkg.sys [2012-7-12 151920]
R0 mountmgr;Mount Point Manager;C:\Windows\System32\drivers\mountmgr.sys [2010-11-20 94592]
R0 msahci;msahci;C:\Windows\System32\drivers\msahci.sys [2010-11-20 31104]
R0 msisadrv;msisadrv;C:\Windows\System32\drivers\msisadrv.sys [2009-7-13 15424]
R0 Mup;Mup;C:\Windows\System32\drivers\mup.sys [2009-7-13 60496]
R0 NDIS;NDIS System Driver;C:\Windows\System32\drivers\ndis.sys [2012-9-12 950128]
R0 partmgr;Partition Manager;C:\Windows\System32\drivers\partmgr.sys [2012-5-11 75120]
R0 pci;PCI Bus Driver;C:\Windows\System32\drivers\pci.sys [2010-11-20 184704]
R0 pcw;Performance Counters for Windows Driver;C:\Windows\System32\drivers\pcw.sys [2009-7-13 50768]
R0 rdyboost;ReadyBoost;C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 spldr;Security Processor Loader Driver;C:\Windows\System32\drivers\spldr.sys [2009-7-13 19008]
R0 Tcpip;TCP/IP Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2012-11-16 1914248]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\Windows\System32\drivers\vdrvroot.sys [2009-7-13 36432]
R0 volmgr;Volume Manager Driver;C:\Windows\System32\drivers\volmgr.sys [2010-11-20 71552]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\System32\drivers\volmgrx.sys [2010-11-20 363392]
R0 volsnap;Storage volumes;C:\Windows\System32\drivers\volsnap.sys [2010-11-20 295808]
R0 Wdf01000;Kernel Mode Driver Frameworks service;C:\Windows\System32\drivers\Wdf01000.sys [2012-11-17 785512]
R1 AFD;Ancillary Function Driver for Winsock;C:\Windows\System32\drivers\afd.sys [2012-3-13 498688]
R1 aswRdr;aswRdr;C:\Windows\System32\drivers\aswRdr2.sys [2013-2-10 54072]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-2-10 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-2-10 370288]
R1 aswTdi;avast! Network Shield Support;C:\Windows\System32\drivers\aswTdi.sys [2013-2-10 59728]
R1 Beep;Beep;C:\Windows\System32\drivers\beep.sys [2009-7-13 6656]
R1 blbdrive;blbdrive;C:\Windows\System32\drivers\blbdrive.sys [2009-7-13 45056]
R1 cdrom;CD-ROM Driver;C:\Windows\System32\drivers\cdrom.sys [2010-11-20 147456]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2011-4-25 87600]
R1 DfsC;DFS Namespace Client Driver;C:\Windows\System32\drivers\dfsc.sys [2010-11-20 102400]
R1 discache;System Attribute Cache;C:\Windows\System32\drivers\discache.sys [2009-7-13 40448]
R1 Msfs;Msfs;C:\Windows\System32\drivers\msfs.sys [2009-7-13 26112]
R1 mssmbios;Microsoft System Management BIOS Driver;C:\Windows\System32\drivers\mssmbios.sys [2009-7-13 32320]
R1 NetBIOS;NetBIOS Interface;C:\Windows\System32\drivers\netbios.sys [2009-7-13 44544]
R1 NetBT;NetBT;C:\Windows\System32\drivers\netbt.sys [2010-11-20 261632]
R1 Npfs;Npfs;C:\Windows\System32\drivers\npfs.sys [2009-7-13 44032]
R1 nsiproxy;NSI proxy service driver.;C:\Windows\System32\drivers\nsiproxy.sys [2009-7-13 24576]
R1 Null;Null;C:\Windows\System32\drivers\null.sys [2009-7-13 6144]
R1 Psched;QoS Packet Scheduler;C:\Windows\System32\drivers\pacer.sys [2010-11-20 131584]
R1 rdbss;Redirected Buffering Sub Sysytem;C:\Windows\System32\drivers\rdbss.sys [2010-11-20 309248]
R1 RDPCDD;RDPCDD;C:\Windows\System32\drivers\RDPCDD.sys [2009-7-13 7680]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\System32\drivers\RDPENCDD.sys [2009-7-13 7680]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\Windows\System32\drivers\RDPREFMP.sys [2009-7-13 8192]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\System32\drivers\tdx.sys [2010-11-20 119296]
R1 TermDD;Terminal Device Driver;C:\Windows\System32\drivers\termdd.sys [2010-11-20 63360]
R1 VgaSave;VgaSave;C:\Windows\System32\drivers\vga.sys [2009-7-13 29184]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2010-11-20 88576]
R1 WfpLwf;WFP Lightweight Filter;C:\Windows\System32\drivers\wfplwf.sys [2009-7-13 12800]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-31 204288]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-2-10 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-10 71600]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 AudioSrv;Windows Audio;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-2-10 44808]
R2 BFE;Base Filtering Engine;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 BITS;Background Intelligent Transfer Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 CryptSvc;Cryptographic Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DcomLaunch;DCOM Server Process Launcher;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\CARNEL\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-1-25 107520]
R2 Dhcp;DHCP Client;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 Dnscache;DNS Client;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-10-17 353360]
R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-12-15 872552]
R2 eventlog;Windows Event Log;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 EventSystem;COM+ Event System;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R2 gpsvc;Group Policy Client;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program;C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe [2012-10-9 138192]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs [2009-7-13 27136]
R2 LanmanServer;Server;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 LanmanWorkstation;Workstation;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-10-17 244624]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\System32\drivers\lltdio.sys [2009-7-13 60928]
R2 lmhosts;TCP/IP NetBIOS Helper;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 luafv;UAC File Virtualization;C:\Windows\System32\drivers\luafv.sys [2009-7-13 113152]
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 MpsSvc;Windows Firewall;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 nsi;Network Store Interface Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832]
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 PEAUTH;PEAUTH;C:\Windows\System32\drivers\PEAuth.sys [2009-7-13 651264]
R2 PlugPlay;Plug and Play;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 Power;Power;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 ProfSvc;User Profile Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 RpcEptMapper;RPC Endpoint Mapper;C:\Windows\System32\svchost.exe -k RPCSS [2009-7-13 27136]
R2 RpcSs;Remote Procedure Call (RPC);C:\Windows\System32\svchost.exe -k rpcss [2009-7-13 27136]
R2 rspndr;Link-Layer Topology Discovery Responder;C:\Windows\System32\drivers\rspndr.sys [2009-7-13 76800]
R2 SamSs;Security Accounts Manager;C:\Windows\System32\lsass.exe [2012-3-13 31232]
R2 Schedule;Task Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 secdrv;Security Driver;C:\Windows\System32\drivers\secdrv.sys [2009-7-13 23040]
R2 SENS;System Event Notification Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 ShellHWDetection;Shell Hardware Detection;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 Spooler;Print Spooler;C:\Windows\System32\spoolsv.exe [2012-8-16 559104]
R2 SysMain;Superfetch;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\System32\drivers\tcpipreg.sys [2012-11-16 45568]
R2 Themes;Themes;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 TrkWks;Distributed Link Tracking Client;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 WinDefend;Windows Defender;C:\Windows\System32\svchost.exe -k secsvcs [2009-7-13 27136]
R2 Winmgmt;Windows Management Instrumentation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 Wlansvc;WLAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service;C:\Program Files\Windows Media Player\wmpnetwk.exe [2010-11-20 1525248]
R2 wscsvc;Security Center;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 WSearch;Windows Search;C:\Windows\System32\SearchIndexer.exe [2011-9-21 591872]
R2 wuauserv;Windows Update;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 wudfsvc;Windows Driver Foundation - User-mode Driver Framework;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 AeLookupSvc;Application Experience;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-10-31 10207232]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-10-31 317952]
R3 AmdPPM;AMD Processor Driver;C:\Windows\System32\drivers\amdppm.sys [2009-7-13 60928]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-31 114704]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver;C:\Windows\System32\drivers\BCMWL664.SYS [2011-10-17 4745280]
R3 bowser;Browser Support Driver;C:\Windows\System32\drivers\bowser.sys [2011-7-14 90624]
R3 Browser;Computer Browser;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver;C:\Windows\System32\drivers\CmBatt.sys [2009-7-13 17664]
R3 CompositeBus;Composite Bus Enumerator Driver;C:\Windows\System32\drivers\CompositeBus.sys [2010-11-20 38912]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\System32\drivers\dxgkrnl.sys [2010-11-20 982912]
R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-10-17 142632]
R3 fdPHost;Function Discovery Provider Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 FDResPub;Function Discovery Resource Publication;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2010-11-20 42856]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\Windows\System32\drivers\hdaudbus.sys [2010-11-20 122368]
R3 hidserv;Human Interface Device Access;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 HidUsb;Microsoft HID Class Driver;C:\Windows\System32\drivers\hidusb.sys [2010-11-20 30208]
R3 HomeGroupListener;HomeGroup Listener;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 HomeGroupProvider;HomeGroup Provider;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R3 HTTP;HTTP;C:\Windows\System32\drivers\http.sys [2010-11-20 753664]
R3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\Windows\System32\drivers\i8042prt.sys [2009-7-13 105472]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM);C:\Windows\System32\drivers\RTKVHD64.sys [2011-12-15 3056360]
R3 kbdclass;Keyboard Class Driver;C:\Windows\System32\drivers\kbdclass.sys [2009-7-13 50768]
R3 KeyIso;CNG Key Isolation;C:\Windows\System32\lsass.exe [2012-3-13 31232]
R3 ksthunk;Kernel Streaming Thunks;C:\Windows\System32\drivers\ksthunk.sys [2009-7-13 20992]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-10-17 77424]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\System32\drivers\monitor.sys [2009-7-13 30208]
R3 mouclass;Mouse Class Driver;C:\Windows\System32\drivers\mouclass.sys [2009-7-13 49216]
R3 mouhid;Mouse HID Driver;C:\Windows\System32\drivers\mouhid.sys [2009-7-13 31232]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\System32\drivers\mpsdrv.sys [2009-7-13 77312]
R3 mrxsmb;SMB MiniRedirector Wrapper and Engine;C:\Windows\System32\drivers\mrxsmb.sys [2011-7-14 158208]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\System32\drivers\mrxsmb10.sys [2011-9-21 288768]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\System32\drivers\mrxsmb20.sys [2011-7-14 128000]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\System32\drivers\nwifi.sys [2009-7-13 318976]
R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\Windows\System32\drivers\ndistapi.sys [2009-7-13 24064]
R3 Ndisuio;NDIS Usermode I/O Protocol;C:\Windows\System32\drivers\ndisuio.sys [2010-11-20 56832]
R3 NdisWan;Remote Access NDIS WAN Driver;C:\Windows\System32\drivers\ndiswan.sys [2010-11-20 164352]
R3 NDProxy;NDIS Proxy;C:\Windows\System32\drivers\ndproxy.sys [2010-11-20 57856]
R3 Netman;Network Connections;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 Ntfs;Ntfs;C:\Windows\System32\drivers\ntfs.sys [2012-10-10 1659760]
R3 NTIDrvr;NTIDrvr;C:\Windows\System32\drivers\NTIDrvr.sys [2011-10-17 18432]
R3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 PolicyAgent;IPsec Policy Agent;C:\Windows\System32\svchost.exe -k NetworkServiceNetworkRestricted [2009-7-13 27136]
R3 PptpMiniport;WAN Miniport (PPTP);C:\Windows\System32\drivers\raspptp.sys [2010-11-20 111104]
R3 RasAgileVpn;WAN Miniport (IKEv2);C:\Windows\System32\drivers\agilevpn.sys [2009-7-13 60416]
R3 Rasl2tp;WAN Miniport (L2TP);C:\Windows\System32\drivers\rasl2tp.sys [2010-11-20 129536]
R3 RasPppoe;Remote Access PPPOE Driver;C:\Windows\System32\drivers\raspppoe.sys [2009-7-13 92672]
R3 RasSstp;WAN Miniport (SSTP);C:\Windows\System32\drivers\rassstp.sys [2009-7-13 83968]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 srv;Server SMB 1.xxx Driver;C:\Windows\System32\drivers\srv.sys [2011-7-14 467456]
R3 srv2;Server SMB 2.xxx Driver;C:\Windows\System32\drivers\srv2.sys [2011-7-14 410112]
R3 srvnet;srvnet;C:\Windows\System32\drivers\srvnet.sys [2011-7-14 168448]
R3 SSDPSRV;SSDP Discovery;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R3 stisvc;Windows Image Acquisition (WIA);C:\Windows\System32\svchost.exe -k imgsvc [2009-7-13 27136]
R3 swenum;Software Bus Driver;C:\Windows\System32\drivers\swenum.sys [2009-7-13 12496]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\Windows\System32\drivers\tunnel.sys [2010-11-20 125440]
R3 UBHelper;UBHelper;C:\Windows\System32\drivers\UBHelper.sys [2011-10-17 17408]
R3 umbus;UMBus Enumerator Driver;C:\Windows\System32\drivers\umbus.sys [2010-11-20 48640]
R3 upnphost;UPnP Device Host;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\Windows\System32\drivers\usbccgp.sys [2011-7-14 98816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\Windows\System32\drivers\usbehci.sys [2011-7-14 52736]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-12-15 53376]
R3 usbhub;Microsoft USB Standard Hub Driver;C:\Windows\System32\drivers\usbhub.sys [2011-7-14 343040]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\Windows\System32\drivers\usbohci.sys [2011-7-14 25600]
R3 usbvideo;USB Video Device (WDM);C:\Windows\System32\drivers\usbvideo.sys [2010-11-20 184960]
R3 vwifibus;Virtual WiFi Bus Driver;C:\Windows\System32\drivers\vwifibus.sys [2009-7-13 24576]
R3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\Windows\System32\drivers\wmiacpi.sys [2009-7-13 14336]
R3 WudfPf;User Mode Driver Frameworks Platform Driver;C:\Windows\System32\drivers\WUDFPf.sys [2012-11-17 87040]
R4 udfs;udfs;C:\Windows\System32\drivers\udfs.sys [2010-11-20 328192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2012-11-14 568832]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-20 136176]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 sppsvc;Software Protection;C:\Windows\System32\sppsvc.exe [2010-11-20 3524608]
S3 1394ohci;1394 OHCI Compliant Host Controller;C:\Windows\System32\drivers\1394ohci.sys [2010-11-20 229888]
S3 AcpiPmi;ACPI Power Meter Driver;C:\Windows\System32\drivers\acpipmi.sys [2010-11-20 12800]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-2 251248]
S3 adp94xx;adp94xx;C:\Windows\System32\drivers\adp94xx.sys [2009-6-10 491088]
S3 adpahci;adpahci;C:\Windows\System32\drivers\adpahci.sys [2009-7-13 339536]
S3 adpu320;adpu320;C:\Windows\System32\drivers\adpu320.sys [2009-7-13 182864]
S3 agp440;Intel AGP Bus Filter;C:\Windows\System32\drivers\AGP440.sys [2009-7-13 61008]
S3 ALG;Application Layer Gateway Service;C:\Windows\System32\alg.exe [2009-7-13 79360]
S3 aliide;aliide;C:\Windows\System32\drivers\aliide.sys [2009-7-13 15440]
S3 amdide;amdide;C:\Windows\System32\drivers\amdide.sys [2009-7-13 15440]
S3 AmdK8;AMD K8 Processor Driver;C:\Windows\System32\drivers\amdk8.sys [2009-7-13 64512]
S3 amdsata;amdsata;C:\Windows\System32\drivers\amdsata.sys [2011-7-14 107904]
S3 amdsbs;amdsbs;C:\Windows\System32\drivers\amdsbs.sys [2009-6-10 194128]
S3 AppID;AppID Driver;C:\Windows\System32\drivers\appid.sys [2010-11-20 61440]
S3 AppIDSvc;Application Identity;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 Appinfo;Application Information;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 arc;arc;C:\Windows\System32\drivers\arc.sys [2009-7-13 87632]
S3 arcsas;arcsas;C:\Windows\System32\drivers\arcsas.sys [2009-7-13 97856]
S3 aspnet_state;ASP.NET State Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-3-18 44376]
S3 AsyncMac;RAS Asynchronous Media Driver;C:\Windows\System32\drivers\asyncmac.sys [2009-7-13 23040]
S3 AxInstSV;ActiveX Installer (AxInstSV);C:\Windows\System32\svchost.exe -k AxInstSVGroup [2009-7-13 27136]
S3 b06bdrv;Broadcom NetXtreme II VBD;C:\Windows\System32\drivers\bxvbda.sys [2009-6-10 468480]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2009-6-10 270848]
S3 BDESVC;BitLocker Drive Encryption Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\System32\drivers\BrFiltLo.sys [2009-7-13 18432]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\System32\drivers\BrFiltUp.sys [2009-7-13 8704]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\System32\drivers\BrSerId.sys [2009-7-13 286720]
S3 BrSerWdm;Brother WDM Serial driver;C:\Windows\System32\drivers\BrSerWdm.sys [2009-7-13 47104]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\System32\drivers\BrUsbMdm.sys [2009-7-13 14976]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\System32\drivers\BrUsbSer.sys [2009-7-13 14720]
S3 BTHMODEM;Bluetooth Serial Communications Driver;C:\Windows\System32\drivers\bthmodem.sys [2009-7-13 72192]
S3 bthserv;Bluetooth Support Service;C:\Windows\System32\svchost.exe -k bthsvcs [2009-7-13 27136]
S3 CertPropSvc;Certificate Propagation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 circlass;Consumer IR Devices;C:\Windows\System32\drivers\circlass.sys [2009-7-13 45568]
S3 cmdide;cmdide;C:\Windows\System32\drivers\cmdide.sys [2009-7-13 17488]
S3 COMSysApp;COM+ System Application;C:\Windows\System32\dllhost.exe [2009-7-13 9728]
S3 defragsvc;Disk Defragmenter;C:\Windows\System32\svchost.exe -k defragsvc [2009-7-13 27136]
S3 dot3svc;Wired AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 drmkaud;Microsoft Trusted Audio Drivers;C:\Windows\System32\drivers\drmkaud.sys [2009-7-13 5632]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\Windows\System32\drivers\evbda.sys [2009-6-10 3286016]
S3 EFS;Encrypting File System (EFS);C:\Windows\System32\lsass.exe [2012-3-13 31232]
S3 ehRecvr;Windows Media Center Receiver Service;C:\Windows\ehome\ehrecvr.exe [2010-11-20 696832]
S3 ehSched;Windows Media Center Scheduler Service;C:\Windows\ehome\ehsched.exe [2009-7-13 127488]
S3 elxstor;elxstor;C:\Windows\System32\drivers\elxstor.sys [2009-6-10 530496]
S3 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\System32\drivers\errdev.sys [2009-7-13 9728]
S3 exfat;exFAT File System Driver;C:\Windows\System32\drivers\exfat.sys [2009-7-13 195072]
S3 fastfat;FAT12/16/32 File System Driver;C:\Windows\System32\drivers\fastfat.sys [2009-7-13 204800]
S3 Fax;Fax;C:\Windows\System32\FXSSVC.exe [2010-11-20 689152]
S3 fdc;Floppy Disk Controller Driver;C:\Windows\System32\drivers\fdc.sys [2009-7-13 29696]
S3 Filetrace;Filetrace;C:\Windows\System32\drivers\filetrace.sys [2009-7-13 34304]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service;C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-12-15 655624]
S3 flpydisk;Floppy Disk Driver;C:\Windows\System32\drivers\flpydisk.sys [2009-7-13 24576]
S3 FsDepends;File System Dependency Minifilter;C:\Windows\System32\drivers\fsdepends.sys [2009-7-13 55376]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\Windows\System32\drivers\GAGP30KX.SYS [2009-7-13 65088]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-20 136176]
S3 gusvc;Google Software Updater;C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-6-20 194032]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\System32\drivers\hcw85cir.sys [2009-7-13 31232]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\HdAudio.sys [2010-11-20 350208]
S3 HidBatt;HID UPS Battery Driver;C:\Windows\System32\drivers\hidbatt.sys [2009-7-13 26624]
S3 HidBth;Microsoft Bluetooth HID Miniport;C:\Windows\System32\drivers\hidbth.sys [2009-7-13 100864]
S3 HidIr;Microsoft Infrared HID Driver;C:\Windows\System32\drivers\hidir.sys [2009-7-13 46592]
S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 HpSAMD;HpSAMD;C:\Windows\System32\drivers\HpSAMD.sys [2010-11-20 78720]
S3 iaStorV;iaStorV;C:\Windows\System32\drivers\iaStorV.sys [2011-7-14 410496]
S3 idsvc;Windows CardSpace;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2010-11-20 856400]
S3 iirsp;iirsp;C:\Windows\System32\drivers\iirsp.sys [2009-7-13 44112]
S3 intelide;intelide;C:\Windows\System32\drivers\intelide.sys [2009-7-13 16960]
S3 intelppm;Intel Processor Driver;C:\Windows\System32\drivers\intelppm.sys [2009-7-13 62464]
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 IpFilterDriver;IP Traffic Filter Driver;C:\Windows\System32\drivers\ipfltdrv.sys [2010-11-20 82944]
S3 IPMIDRV;IPMIDRV;C:\Windows\System32\drivers\IPMIDrv.sys [2010-11-20 78848]
S3 IPNAT;IP Network Address Translator;C:\Windows\System32\drivers\ipnat.sys [2009-7-13 116224]
S3 IRENUM;IR Bus Enumerator;C:\Windows\System32\drivers\irenum.sys [2009-7-13 17920]
S3 isapnp;isapnp;C:\Windows\System32\drivers\isapnp.sys [2009-7-13 20544]
S3 iScsiPrt;iScsiPort Driver;C:\Windows\System32\drivers\msiscsi.sys [2010-11-20 273792]
S3 kbdhid;Keyboard HID Driver;C:\Windows\System32\drivers\kbdhid.sys [2010-11-20 33280]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-13 27136]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 LSI_FC;LSI_FC;C:\Windows\System32\drivers\lsi_fc.sys [2009-7-13 114752]
S3 LSI_SAS;LSI_SAS;C:\Windows\System32\drivers\lsi_sas.sys [2009-7-13 106560]
S3 LSI_SAS2;LSI_SAS2;C:\Windows\System32\drivers\lsi_sas2.sys [2009-7-13 65600]
S3 LSI_SCSI;LSI_SCSI;C:\Windows\System32\drivers\lsi_scsi.sys [2009-7-13 115776]
S3 megasas;megasas;C:\Windows\System32\drivers\megasas.sys [2009-6-10 35392]
S3 MegaSR;MegaSR;C:\Windows\System32\drivers\MegaSR.sys [2009-7-13 284736]
S3 Modem;Modem;C:\Windows\System32\drivers\modem.sys [2009-7-13 40448]
S3 mpio;mpio;C:\Windows\System32\drivers\mpio.sys [2010-11-20 155008]
S3 MRxDAV;WebDav Client Redirector Driver;C:\Windows\System32\drivers\mrxdav.sys [2010-11-20 140800]
S3 msdsm;msdsm;C:\Windows\System32\drivers\msdsm.sys [2010-11-20 140672]
S3 MSDTC;Distributed Transaction Coordinator;C:\Windows\System32\msdtc.exe [2009-7-13 141824]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\Windows\System32\drivers\mshidkmdf.sys [2009-7-13 8192]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 msiserver;Windows Installer;C:\Windows\System32\msiexec.exe [2010-11-20 128000]
S3 MSKSSRV;Microsoft Streaming Service Proxy;C:\Windows\System32\drivers\mskssrv.sys [2009-7-13 11136]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;C:\Windows\System32\drivers\mspclock.sys [2009-7-13 7168]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;C:\Windows\System32\drivers\mspqm.sys [2009-7-13 6784]
S3 MsRPC;MsRPC;C:\Windows\System32\drivers\msrpc.sys [2010-11-20 366976]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;C:\Windows\System32\drivers\mstee.sys [2009-7-13 8064]
S3 MTConfig;Microsoft Input Configuration Driver;C:\Windows\System32\drivers\MTConfig.sys [2009-7-13 15360]
S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 NdisCap;NDIS Capture LightWeight Filter;C:\Windows\System32\drivers\ndiscap.sys [2009-7-13 35328]
S3 Netlogon;Netlogon;C:\Windows\System32\lsass.exe [2012-3-13 31232]
S3 nfrd960;nfrd960;C:\Windows\System32\drivers\nfrd960.sys [2009-7-13 51264]
S3 nv_agp;NVIDIA nForce AGP Bus Filter;C:\Windows\System32\drivers\NV_AGP.SYS [2009-7-13 122960]
S3 nvraid;nvraid;C:\Windows\System32\drivers\nvraid.sys [2011-7-14 148352]
S3 nvstor;nvstor;C:\Windows\System32\drivers\nvstor.sys [2011-7-14 166272]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy);C:\Windows\System32\drivers\ohci1394.sys [2009-7-13 72832]
S3 ose;Office  Source Engine;C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 149352]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Parport;Parallel port driver;C:\Windows\System32\drivers\parport.sys [2009-7-13 97280]
S3 pciide;pciide;C:\Windows\System32\drivers\pciide.sys [2009-7-13 12352]
S3 pcmcia;pcmcia;C:\Windows\System32\drivers\pcmcia.sys [2009-7-13 220752]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-13 20992]
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
S3 Processor;Processor Driver;C:\Windows\System32\drivers\processr.sys [2009-7-13 60416]
S3 ProtectedStorage;Protected Storage;C:\Windows\System32\lsass.exe [2012-3-13 31232]
S3 ql2300;ql2300;C:\Windows\System32\drivers\ql2300.sys [2009-6-10 1524816]
S3 ql40xx;ql40xx;C:\Windows\System32\drivers\ql40xx.sys [2009-7-13 128592]
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 QWAVEdrv;QWAVE driver;C:\Windows\System32\drivers\qwavedrv.sys [2009-7-13 46592]
S3 RasAcd;Remote Access Auto Connection Driver;C:\Windows\System32\drivers\rasacd.sys [2009-7-13 14848]
S3 RasAuto;Remote Access Auto Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 RasMan;Remote Access Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\Windows\System32\drivers\rdpbus.sys [2009-7-13 24064]
S3 RDPWD;RDP Winstation Driver;C:\Windows\System32\drivers\rdpwd.sys [2012-6-14 210944]
S3 RemoteRegistry;Remote Registry;C:\Windows\System32\svchost.exe -k regsvc [2009-7-13 27136]
S3 RpcLocator;Remote Procedure Call (RPC) Locator;C:\Windows\System32\Locator.exe [2009-7-13 10240]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-10-17 250984]
S3 sbp2port;sbp2port;C:\Windows\System32\drivers\sbp2port.sys [2010-11-20 103808]
S3 SCardSvr;Smart Card;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 scfilter;Smart card PnP Class Filter Driver;C:\Windows\System32\drivers\scfilter.sys [2010-11-20 29696]
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 SDRSVC;Windows Backup;C:\Windows\System32\svchost.exe -k SDRSVC [2009-7-13 27136]
S3 seclogon;Secondary Logon;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 SensrSvc;Adaptive Brightness;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 Serenum;Serenum Filter Driver;C:\Windows\System32\drivers\serenum.sys [2009-7-13 23552]
S3 Serial;Serial;C:\Windows\System32\drivers\serial.sys [2009-7-13 94208]
S3 sermouse;Serial Mouse Driver;C:\Windows\System32\drivers\sermouse.sys [2009-7-13 26624]
S3 SessionEnv;Remote Desktop Configuration;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 sffdisk;SFF Storage Class Driver;C:\Windows\System32\drivers\sffdisk.sys [2009-7-13 14336]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\System32\drivers\sffp_mmc.sys [2009-7-13 13824]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\Windows\System32\drivers\sffp_sd.sys [2010-11-20 14336]
S3 sfloppy;High-Capacity Floppy Disk Drive;C:\Windows\System32\drivers\sfloppy.sys [2009-7-13 16896]
S3 SiSRaid2;SiSRaid2;C:\Windows\System32\drivers\sisraid2.sys [2009-6-10 43584]
S3 SiSRaid4;SiSRaid4;C:\Windows\System32\drivers\sisraid4.sys [2009-7-13 80464]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\System32\drivers\smb.sys [2009-7-13 93184]
S3 SNMPTRAP;SNMP Trap;C:\Windows\System32\snmptrap.exe [2009-7-13 14336]
S3 sppuinotify;SPP Notification Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 SstpSvc;Secure Socket Tunneling Protocol Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 stexstor;stexstor;C:\Windows\System32\drivers\stexstor.sys [2009-7-13 24656]
S3 swprv;Microsoft Software Shadow Copy Provider;C:\Windows\System32\svchost.exe -k swprv [2009-7-13 27136]
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 TCPIP6;Microsoft IPv6 Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2012-11-16 1914248]
S3 TDPIPE;TDPIPE;C:\Windows\System32\drivers\tdpipe.sys [2009-7-13 15872]
S3 TDTCP;TDTCP;C:\Windows\System32\drivers\tdtcp.sys [2012-3-15 23552]
S3 TermService;Remote Desktop Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 THREADORDER;Thread Ordering Server;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2010-11-20 194048]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\Windows\System32\drivers\tssecsrv.sys [2010-11-20 39424]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 uagp35;Microsoft AGPv3.5 Filter;C:\Windows\System32\drivers\UAGP35.SYS [2009-7-13 64080]
S3 UI0Detect;Interactive Services Detection;C:\Windows\System32\UI0Detect.exe [2009-7-13 40960]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\System32\drivers\ULIAGPKX.SYS [2009-7-13 64592]
S3 UmPass;Microsoft UMPass Driver;C:\Windows\System32\drivers\umpass.sys [2009-7-13 9728]
S3 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\System32\drivers\usbcir.sys [2009-7-13 100352]
S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\System32\drivers\usbprint.sys [2009-7-13 25088]
S3 usbscan;USB Scanner Driver;C:\Windows\System32\drivers\usbscan.sys [2009-7-13 41984]
S3 USBSTOR;USB Mass Storage Driver;C:\Windows\System32\drivers\USBSTOR.SYS [2011-7-14 91648]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\Windows\System32\drivers\usbuhci.sys [2011-7-14 30720]
S3 VaultSvc;Credential Manager;C:\Windows\System32\lsass.exe [2012-3-13 31232]
S3 vds;Virtual Disk;C:\Windows\System32\vds.exe [2010-11-20 533504]
S3 vga;vga;C:\Windows\System32\drivers\vgapnp.sys [2009-7-13 29184]
S3 vhdmp;vhdmp;C:\Windows\System32\drivers\vhdmp.sys [2010-11-20 215936]
S3 viaide;viaide;C:\Windows\System32\drivers\viaide.sys [2009-7-13 17488]
S3 vsmraid;vsmraid;C:\Windows\System32\drivers\vsmraid.sys [2009-6-10 161872]
S3 VSS;Volume Shadow Copy;C:\Windows\System32\VSSVC.exe [2010-11-20 1600512]
S3 W32Time;Windows Time;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\System32\drivers\wacompen.sys [2009-7-13 27776]
S3 WANARP;Remote Access IP ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2010-11-20 88576]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-13 1255736]
S3 wbengine;Block Level Backup Engine Service;C:\Windows\System32\wbengine.exe [2010-11-20 1504256]
S3 WbioSrvc;Windows Biometric Service;C:\Windows\System32\svchost.exe -k WbioSvcGroup [2009-7-13 27136]
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 WcsPlugInService;Windows Color System;C:\Windows\System32\svchost.exe -k wcssvc [2009-7-13 27136]
S3 Wd;Wd;C:\Windows\System32\drivers\wd.sys [2009-7-13 21056]
S3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WebClient;WebClient;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 Wecsvc;Windows Event Collector;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup [2009-7-13 27136]
S3 WIMMount;WIMMount;C:\Windows\System32\drivers\wimmount.sys [2009-7-13 22096]
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 wlidsvc;Windows Live ID Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-3-28 2292096]
S3 wmiApSrv;WMI Performance Adapter;C:\Windows\System32\wbem\WmiApSrv.exe [2009-7-13 203264]
S3 WPCSvc;Parental Controls;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
S3 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WUDFRd;WUDFRd;C:\Windows\System32\drivers\WUDFRd.sys [2012-11-17 198656]
S3 WwanSvc;WWAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
S4 AffinegyService;AffinegyService;C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [2012-3-12 562592]
S4 cdfs;CD/DVD File System Reader;C:\Windows\System32\drivers\cdfs.sys [2009-7-13 92160]
S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86;C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-7-13 66384]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-13 89920]
S4 crcdisk;Crcdisk Filter Driver;C:\Windows\System32\drivers\crcdisk.sys [2009-7-13 24144]
S4 Mcx2Svc;Media Center Extender Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S4 NetMsmqActivator;Net.Msmq Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
S4 NetPipeActivator;Net.Pipe Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
S4 NetTcpActivator;Net.Tcp Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S4 RemoteAccess;Routing and Remote Access;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S4 SharedAccess;Internet Connection Sharing (ICS);C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S4 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S4 TapiSrv;Telephony;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
S4 ws2ifsl;Winsock IFS Driver;C:\Windows\System32\drivers\ws2ifsl.sys [2009-7-13 21504]
.
=============== File Associations ===============
.
FileExt: .bat: batfile="%1" %*
FileExt: .cmd: cmdfile="%1" %*
FileExt: .com: comfile="%1" %*
FileExt: .exe: exefile="%1" %*
FileExt: .pif: piffile="%1" %*
FileExt: .scr: scrfile="%1" /S
FileExt: .reg: regfile=regedit.exe "%1"
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .chm: chm.file="C:\Windows\hh.exe" %1
FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: AcroRD32.exe: Read="C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" "%1"
ShellExec: ehshell.exe: open="C:\Windows\eHome\ehshell.exe" "%1"
ShellExec: iexplore.exe: open="C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
ShellExec: MovieMaker.exe: Open="C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
ShellExec: mspaint.exe: edit="C:\Windows\System32\mspaint.exe" "%1"
ShellExec: notepad.exe: edit=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: notepad.exe: open=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: photoviewer.dll: open=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: photoviewer.dll: print=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: WLXPhotoViewer.dll: open="C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"
ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"
ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"
.
=============== Created Last 60 ================
.
2013-02-10 21:33:29    25232    ----a-w-    C:\Windows\System32\drivers\aswFsBlk.sys
2013-02-10 21:33:28    370288    ----a-w-    C:\Windows\System32\drivers\aswSP.sys
2013-02-10 21:33:23    54072    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-02-10 21:33:22    59728    ----a-w-    C:\Windows\System32\drivers\aswTdi.sys
2013-02-10 21:33:20    984144    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-02-10 21:33:18    71600    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-02-10 21:32:49    41224    ----a-w-    C:\Windows\avastSS.scr
2013-02-10 21:32:48    227648    ----a-w-    C:\Windows\SysWow64\aswBoot.exe
2013-02-10 18:30:31    --------    d-----w-    C:\Users\CARNEL\AppData\Roaming\Malwarebytes
2013-02-10 18:30:14    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-02-10 18:29:50    --------    d-----w-    C:\Users\CARNEL\AppData\Local\Programs
2013-02-10 18:18:16    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D0827710-1ABC-4360-B0B3-001F6426B92E}\offreg.dll
2013-02-10 17:56:38    8199504    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-02-10 17:56:30    9161176    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D0827710-1ABC-4360-B0B3-001F6426B92E}\mpengine.dll
2013-02-10 17:05:11    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{C7A279AE-14FB-4560-A8F2-93BF39FBD8C1}
2013-02-10 02:53:02    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{775C0360-5455-425A-BAD3-59F7ED4094B3}
2013-02-07 10:03:14    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{DA201778-AB02-409B-9F27-E9C610F9B2D3}
2013-02-07 00:55:02    --------    d-----w-    C:\Program Files (x86)\Conduit
2013-02-07 00:54:28    --------    d-----w-    C:\Users\CARNEL\AppData\Local\Conduit
2013-02-07 00:54:03    --------    d-----w-    C:\Users\CARNEL\AppData\Local\Deal Vault
2013-02-07 00:53:55    --------    d-----w-    C:\Users\CARNEL\AppData\Local\CRE
2013-02-05 23:00:23    737072    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-02-05 22:59:47    2876528    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-05 22:59:35    42776    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-05 22:59:30    539984    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-02-02 23:46:04    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{335B027F-83E1-4580-B3A3-423A85107420}
2013-01-30 14:49:59    --------    d-----w-    C:\Users\CARNEL\AppData\Local\MPlayer
2013-01-30 12:33:57    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{7CB7EDCD-EBD2-435C-8A93-26382D8D5944}
2013-01-29 23:50:55    --------    d-----w-    C:\Users\CARNEL\AppData\Local\Software
2013-01-29 23:37:46    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{B5B19581-2ADE-4E68-8D2A-F3E765ECA56A}
2013-01-29 23:27:11    737072    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-01-29 23:26:44    2876528    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-01-29 23:26:32    42776    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-01-29 23:26:24    539984    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-01-28 11:43:39    --------    d-----w-    C:\Program Files (x86)\MSXML 4.0
2013-01-28 11:41:53    0    ----a-w-    C:\autoexec.bat
2013-01-28 11:40:45    --------    d-----w-    C:\ProgramData\Quick PC Booster
2013-01-28 11:40:45    --------    d-----w-    C:\ProgramData\PC Optimizer Pro
2013-01-28 02:06:16    --------    d-----w-    C:\Program Files\Enigma Software Group
2013-01-28 02:05:53    --------    d-----w-    C:\Windows\FD8557D5681D4C75940A00C69A51265E.TMP
2013-01-28 02:05:51    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-01-25 23:28:20    --------    d-----w-    C:\Program Files (x86)\Mplayer
2013-01-25 23:27:57    --------    d-----w-    C:\Windows\SysWow64\AI_RecycleBin
2013-01-25 23:27:55    --------    d-----w-    C:\ProgramData\Strongvault Online Backup
2013-01-25 23:27:37    --------    d-sh--w-    C:\AI_RecycleBin
2013-01-25 23:27:34    --------    d-----w-    C:\Program Files (x86)\DefaultTab
2013-01-25 23:27:32    --------    d-----w-    C:\Users\CARNEL\AppData\Roaming\Strongvault
2013-01-25 23:27:19    --------    d-----w-    C:\Users\CARNEL\AppData\Roaming\DefaultTab
2013-01-25 23:27:18    --------    d-----w-    C:\ProgramData\Yahoo!
2013-01-25 23:27:03    --------    d-----w-    C:\Program Files (x86)\Yahoo!
2013-01-25 23:26:49    --------    d-----w-    C:\Users\CARNEL\AppData\Local\The Weather Channel
2013-01-25 23:25:15    --------    d-----w-    C:\ProgramData\APN
2013-01-24 23:25:52    285328    ----a-w-    C:\Windows\System32\aswBoot.exe
2013-01-24 23:24:47    --------    d-----w-    C:\ProgramData\AVAST Software
2013-01-24 23:24:47    --------    d-----w-    C:\Program Files\AVAST Software
2013-01-23 22:59:25    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{8E0A97DF-A6F1-4261-8138-DC1E1862C866}
2013-01-21 00:27:21    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{2F624F1C-C646-4E74-A2E2-9A3176F041A8}
2013-01-20 00:56:03    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{41FC8984-EECD-45A3-9688-80007812602B}
2013-01-17 01:17:50    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{B31BA99A-48FB-4EFB-A1B7-14399074729A}
2013-01-16 10:44:03    914432    ----a-w-    C:\Windows\7z.dll
2013-01-16 10:43:59    227840    ----a-w-    C:\Windows\7zG.exe
2013-01-16 10:43:48    --------    d-----w-    C:\Program Files (x86)\Mozilla Firefox
2013-01-16 10:43:42    --------    d-----w-    C:\Users\CARNEL\AppData\Roaming\SpecialSavings
2013-01-16 10:43:42    --------    d-----w-    C:\Users\CARNEL\AppData\Roaming\Mozilla
2013-01-16 10:43:21    --------    d-----w-    C:\ProgramData\Babylon
2013-01-16 10:43:20    --------    d-----w-    C:\Users\CARNEL\AppData\Roaming\Babylon
2013-01-16 10:43:01    --------    d-----w-    C:\Windows\SysWow64\searchplugins
2013-01-16 10:43:01    --------    d-----w-    C:\Windows\SysWow64\Extensions
2013-01-16 10:42:46    --------    d-----w-    C:\Users\CARNEL\AppData\Roaming\PerformerSoft
2013-01-16 10:42:44    19632    ----a-w-    C:\Windows\System32\roboot64.exe
2013-01-16 10:42:39    --------    d-----w-    C:\ProgramData\Tarma Installer
2013-01-16 10:42:30    --------    d-----w-    C:\Program Files (x86)\File Scout
2013-01-16 02:06:16    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{BC5A651C-A44A-4B07-AFD4-1582B98C93AC}
2013-01-16 01:41:38    622    ------w-    C:\Windows\SysWow64\update.reg
2013-01-16 01:41:38    --------    d-----w-    C:\Windows\Sun
2013-01-16 01:41:38    --------    d-----w-    C:\Windows\config
2013-01-14 14:12:14    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{77BD541C-127F-4AD0-BF08-ACDCFF3A1901}
2013-01-14 00:09:27    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{FC9F11A8-0B09-400C-8930-08E0AE0560FD}
2013-01-12 10:54:43    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{57C57C00-EAEB-45C7-8573-47917832BD18}
2013-01-11 00:05:17    750592    ----a-w-    C:\Windows\System32\win32spl.dll
2013-01-11 00:05:17    492032    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-01-11 00:04:42    2002432    ----a-w-    C:\Windows\System32\msxml6.dll
2013-01-11 00:04:42    1882624    ----a-w-    C:\Windows\System32\msxml3.dll
2013-01-11 00:04:41    1389568    ----a-w-    C:\Windows\SysWow64\msxml6.dll
2013-01-11 00:04:40    1236992    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2013-01-11 00:04:37    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-01-11 00:04:37    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-01-11 00:04:34    800768    ----a-w-    C:\Windows\System32\usp10.dll
2013-01-11 00:04:34    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2013-01-11 00:04:19    45568    ----a-w-    C:\Windows\SysWow64\oflc-nz.rs
2013-01-11 00:04:19    45568    ----a-w-    C:\Windows\System32\oflc-nz.rs
2013-01-11 00:04:19    43520    ----a-w-    C:\Windows\System32\csrr.rs
2013-01-11 00:04:18    46592    ----a-w-    C:\Windows\SysWow64\fpb.rs
2013-01-11 00:04:18    46592    ----a-w-    C:\Windows\System32\fpb.rs
2013-01-11 00:04:18    43520    ----a-w-    C:\Windows\SysWow64\csrr.rs
2013-01-11 00:04:17    44544    ----a-w-    C:\Windows\SysWow64\pegibbfc.rs
2013-01-11 00:04:17    44544    ----a-w-    C:\Windows\System32\pegibbfc.rs
2013-01-11 00:04:17    40960    ----a-w-    C:\Windows\SysWow64\cob-au.rs
2013-01-11 00:04:17    40960    ----a-w-    C:\Windows\System32\cob-au.rs
2013-01-11 00:04:16    30720    ----a-w-    C:\Windows\SysWow64\usk.rs
2013-01-11 00:04:16    30720    ----a-w-    C:\Windows\System32\usk.rs
2013-01-11 00:04:16    15360    ----a-w-    C:\Windows\SysWow64\djctq.rs
2013-01-11 00:04:16    15360    ----a-w-    C:\Windows\System32\djctq.rs
2013-01-11 00:04:15    21504    ----a-w-    C:\Windows\SysWow64\grb.rs
2013-01-11 00:04:15    21504    ----a-w-    C:\Windows\System32\grb.rs
2013-01-11 00:04:15    20480    ----a-w-    C:\Windows\System32\pegi.rs
2013-01-11 00:04:14    20480    ----a-w-    C:\Windows\SysWow64\pegi.rs
2013-01-11 00:04:14    20480    ----a-w-    C:\Windows\System32\pegi-pt.rs
2013-01-11 00:04:13    441856    ----a-w-    C:\Windows\System32\Wpc.dll
2013-01-11 00:04:13    20480    ----a-w-    C:\Windows\SysWow64\pegi-pt.rs
2013-01-11 00:04:12    308736    ----a-w-    C:\Windows\SysWow64\Wpc.dll
2013-01-11 00:04:12    2746368    ----a-w-    C:\Windows\System32\gameux.dll
2013-01-11 00:04:12    2576384    ----a-w-    C:\Windows\SysWow64\gameux.dll
2013-01-11 00:04:05    51712    ----a-w-    C:\Windows\SysWow64\esrb.rs
2013-01-11 00:04:05    51712    ----a-w-    C:\Windows\System32\esrb.rs
2013-01-11 00:04:05    23552    ----a-w-    C:\Windows\System32\oflc.rs
2013-01-11 00:04:05    20480    ----a-w-    C:\Windows\System32\pegi-fi.rs
2013-01-11 00:04:04    55296    ----a-w-    C:\Windows\System32\cero.rs
2013-01-11 00:04:04    23552    ----a-w-    C:\Windows\SysWow64\oflc.rs
2013-01-11 00:04:04    20480    ----a-w-    C:\Windows\SysWow64\pegi-fi.rs
2013-01-11 00:04:03    55296    ----a-w-    C:\Windows\SysWow64\cero.rs
2013-01-11 00:02:28    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-01-11 00:02:26    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2013-01-11 00:02:25    1161216    ----a-w-    C:\Windows\System32\kernel32.dll
2013-01-11 00:02:24    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2013-01-11 00:02:24    1114112    ----a-w-    C:\Windows\SysWow64\kernel32.dll
2013-01-11 00:02:23    338432    ----a-w-    C:\Windows\System32\conhost.exe
2013-01-11 00:02:23    243200    ----a-w-    C:\Windows\System32\wow64.dll
2013-01-11 00:02:23    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-01-11 00:02:23    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2013-01-11 00:02:23    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-01-11 00:02:23    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2013-01-11 00:02:22    5120    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-01-11 00:02:22    5120    ---ha-w-    C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-11 00:02:22    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-01-11 00:02:22    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-11 00:02:21    6144    ---ha-w-    C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-11 00:02:21    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-11 00:02:21    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-11 00:02:21    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-11 00:02:20    4608    ---ha-w-    C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-11 00:02:20    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-11 00:02:20    4096    ---ha-w-    C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-11 00:02:20    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-11 00:02:20    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-11 00:02:19    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-01-11 00:02:19    4096    ---ha-w-    C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-11 00:02:19    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-01-11 00:02:18    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-11 00:02:18    3584    ---ha-w-    C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-11 00:02:18    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-01-11 00:02:18    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-11 00:02:17    4608    ---ha-w-    C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-11 00:02:17    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-11 00:02:17    3584    ---ha-w-    C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-11 00:02:16    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-11 00:02:16    3584    ---ha-w-    C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-11 00:02:15    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-01-11 00:02:15    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-01-11 00:02:15    3584    ---ha-w-    C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-11 00:02:15    3584    ---ha-w-    C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-11 00:02:14    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-11 00:02:14    4096    ---ha-w-    C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-11 00:02:13    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-11 00:02:13    3584    ---ha-w-    C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-11 00:02:13    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-01-11 00:02:13    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-11 00:02:12    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-11 00:02:12    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-01-11 00:02:12    3584    ---ha-w-    C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-11 00:02:12    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-11 00:02:11    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-01-11 00:02:11    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-11 00:02:11    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-11 00:02:10    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-01-11 00:02:10    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-11 00:02:10    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-11 00:02:10    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-11 00:02:09    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-01-11 00:02:09    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-11 00:02:09    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-11 00:02:08    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-11 00:02:08    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-11 00:02:08    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-01-11 00:02:07    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-01-11 00:02:07    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-11 00:02:07    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-01-11 00:02:06    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-01-11 00:02:05    4096    ---ha-w-    C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-11 00:02:05    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-01-11 00:02:04    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-11 00:02:03    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-01-11 00:01:01    68608    ----a-w-    C:\Windows\System32\taskhost.exe
2013-01-11 00:00:59    3149824    ----a-w-    C:\Windows\System32\win32k.sys
2013-01-10 23:51:16    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{3DC3D739-7BB6-430D-93FD-21C85AB1A5EF}
2013-01-06 12:25:43    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{24923E29-6369-4CC0-BF72-D97F60C94FFF}
2013-01-05 17:01:02    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{71B3CDE3-363E-45E9-AE1A-A78F5B371F01}
2013-01-05 03:10:43    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{E29F31B5-E811-4DA7-8E95-B1F4569CD21C}
2012-12-24 00:37:27    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{F5275E29-7F37-41DE-8877-ABF84A6EFABF}
2012-12-23 12:25:31    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{FF658510-3761-4BB9-8D1E-88C49D87C3B0}
2012-12-23 00:12:05    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{7F504C96-1248-479D-A845-685F6DD3EEA0}
2012-12-22 12:10:26    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2012-12-22 12:10:26    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2012-12-22 12:10:25    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2012-12-22 12:10:25    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2012-12-15 01:39:11    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{0F4112E5-5ABC-4A60-AF4B-DB63E6848B78}
2012-12-15 00:48:38    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2012-12-15 00:48:38    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2012-12-15 00:48:37    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2012-12-15 00:48:37    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2012-12-15 00:48:37    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2012-12-15 00:48:37    304640    ----a-w-    C:\Program Files\Internet Explorer\IEShims.dll
2012-12-15 00:48:37    182816    ----a-w-    C:\Program Files\Internet Explorer\sqmapi.dll
2012-12-15 00:48:37    149552    ----a-w-    C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-12-15 00:48:36    194048    ----a-w-    C:\Program Files (x86)\Internet Explorer\IEShims.dll
2012-12-15 00:48:36    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2012-12-15 00:48:35    757296    ----a-w-    C:\Program Files (x86)\Internet Explorer\iexplore.exe
2012-12-15 00:48:35    248320    ----a-w-    C:\Windows\System32\ieui.dll
2012-12-15 00:48:35    237056    ----a-w-    C:\Windows\System32\url.dll
2012-12-15 00:48:35    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2012-12-15 00:48:35    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2012-12-15 00:48:35    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2012-12-15 00:48:34    763424    ----a-w-    C:\Program Files\Internet Explorer\iexplore.exe
2012-12-15 00:48:34    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2012-12-15 00:48:34    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2012-12-15 00:48:34    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2012-12-15 00:48:34    1346048    ----a-w-    C:\Windows\System32\urlmon.dll
2012-12-15 00:48:34    1103872    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2012-12-15 00:48:33    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2012-12-15 00:48:33    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2012-12-15 00:48:33    548864    ----a-w-    C:\Program Files\Internet Explorer\ieproxy.dll
2012-12-15 00:48:33    194560    ----a-w-    C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2012-12-15 00:48:32    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2012-12-15 00:48:32    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2012-12-15 00:48:31    85504    ----a-w-    C:\Windows\System32\jsproxy.dll
2012-12-15 00:48:30    816640    ----a-w-    C:\Windows\System32\jscript.dll
2012-12-15 00:48:30    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2012-12-15 00:48:30    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2012-12-15 00:48:30    2144768    ----a-w-    C:\Windows\System32\iertutil.dll
2012-12-15 00:48:30    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2012-12-15 00:48:30    1793024    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2012-12-15 00:48:29    887296    ----a-w-    C:\Program Files\Internet Explorer\iedvtool.dll
2012-12-15 00:48:29    678912    ----a-w-    C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-12-15 00:48:29    65024    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2012-12-15 00:48:29    499200    ----a-w-    C:\Program Files\Internet Explorer\jsdbgui.dll
2012-12-15 00:48:29    387584    ----a-w-    C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2012-12-15 00:48:27    12320256    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2012-12-15 00:48:25    17811968    ----a-w-    C:\Windows\System32\mshtml.dll
2012-12-15 00:48:24    9738240    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2012-12-15 00:48:24    10925568    ----a-w-    C:\Windows\System32\ieframe.dll
2012-12-14 02:32:30    2048    ----a-w-    C:\Windows\System32\tzres.dll
2012-12-14 02:32:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2012-12-14 02:30:24    478208    ----a-w-    C:\Windows\System32\dpnet.dll
2012-12-14 02:30:24    376832    ----a-w-    C:\Windows\SysWow64\dpnet.dll
.
==================== Find6M  ====================
.
2013-02-09 10:25:06    74096    ------w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-09 10:25:06    697712    ------w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-17 06:28:58    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-01-12 02:22:10    67599240    ----a-w-    C:\Windows\System32\MRT.exe
2012-11-30 04:45:10    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2012-10-16 08:38:37    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52    561664    ----a-w-    C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13    55296    ----a-w-    C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13    226816    ----a-w-    C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31    44032    ----a-w-    C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31    193536    ----a-w-    C:\Windows\SysWow64\dhcpcore6.dll
2012-10-03 17:56:54    1914248    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21    70656    ----a-w-    C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21    303104    ----a-w-    C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17    246272    ----a-w-    C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17    18944    ----a-w-    C:\Windows\System32\netevent.dll
2012-10-03 17:44:16    216576    ----a-w-    C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16    569344    ----a-w-    C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24    18944    ----a-w-    C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24    175104    ----a-w-    C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23    156672    ----a-w-    C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26    45568    ----a-w-    C:\Windows\System32\drivers\tcpipreg.sys
2012-09-25 22:47:43    78336    ----a-w-    C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17    95744    ----a-w-    C:\Windows\System32\synceng.dll
2012-08-31 18:19:35    1659760    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45    5559664    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02    3968880    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02    3914096    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2012-08-29 00:24:56    477168    ------w-    C:\Windows\SysWow64\npdeployJava1.dll
2012-08-29 00:24:53    473072    ------w-    C:\Windows\SysWow64\deployJava1.dll
2012-08-29 00:10:12    157680    ------w-    C:\Windows\SysWow64\javaws.exe
2012-08-29 00:10:07    149488    ------w-    C:\Windows\SysWow64\javaw.exe
2012-08-29 00:09:57    149488    ------w-    C:\Windows\SysWow64\java.exe
2012-08-24 18:05:07    220160    ----a-w-    C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48    172544    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2012-08-22 18:12:40    950128    ----a-w-    C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40    376688    ----a-w-    C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33    288624    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00    245760    ----a-w-    C:\Windows\System32\OxpsConverter.exe
.
============= FINISH: 19:34:26.25 ===============
 

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 09 February 2013 - 07:33 PM




Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
  • Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 dmantek

dmantek
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 09 February 2013 - 07:41 PM

Here is Security Check log. I am working on the other instructions next..

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457
Run by CARNEL at 19:33:31 on 2013-02-10
#Option Extended Search is enabled.
#Option Whitelisting is disabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3563.1050 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\Sun\Java\bin\javaw.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Users\CARNEL\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Sun\Java\bin\javaw.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN16982338474795175&ctid=CT3272718
uLocal Page = C:\Windows\System32\blank.htm
uSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = C:\Windows\SysWOW64\blank.htm
mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
mDefault_Page_URL = hxxp://acer.msn.com
mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
mWinlogon: Shell = explorer.exe
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\CARNEL\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Java Updater Module] C:\Windows\Sun\Java\bin\javaw.exe -jar C:\Windows\config\systemprofile\AppData\Local\Google\Update\Manifest\Initial\1e611a00
uRun: [GoogleChromeAutoLaunch_8AE6930BC8CD0544759772C2F5FB636C] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: ForceActiveDesktopOn = dword:0
mPolicies-Explorer: NoRun = dword:0
mPolicies-Explorer: NoControlPanel = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableSecureUIAPaths = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:1
mPolicies-System: ValidateAdminCodeSignatures = dword:0
mPolicies-System: dontdisplaylastusername = dword:0
mPolicies-System: scforceoption = dword:0
mPolicies-System: shutdownwithoutlogon = dword:1
mPolicies-System: undockwithoutlogon = dword:1
mPolicies-System: FilterAdministratorToken = dword:0
mPolicies-Windows\System: DisableCMD = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
LSP: %SystemRoot%\system32\mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{17D7AA5B-60E2-4404-871A-6E72437A60E3} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{17D7AA5B-60E2-4404-871A-6E72437A60E3}\24C616E6361602D4F63786F6E6163772370296D41636 : DHCPNameServer = 10.0.2.1
TCP: Interfaces\{17D7AA5B-60E2-4404-871A-6E72437A60E3}\2656C6B696E6E2660356 : DHCPNameServer = 192.168.2.1
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
AppInit_DLLs= c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
SecurityProviders: SecurityProviders = credssp.dll
LSA: Authentication Packages =  msv1_0
LSA: Notification Packages =  scecli
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
x64-mStart Page = hxxp://acer.msn.com
x64-mLocal Page = C:\Windows\System32\blank.htm
x64-mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mDefault_Page_URL = hxxp://acer.msn.com
x64-mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mWinlogon: Shell = explorer.exe
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll
x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
x64-mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
x64-mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ACPI;Microsoft ACPI Driver;C:\Windows\System32\drivers\acpi.sys [2010-11-20 334208]
R0 amdxata;amdxata;C:\Windows\System32\drivers\amdxata.sys [2011-7-14 27008]
R0 atapi;IDE Channel;C:\Windows\System32\drivers\atapi.sys [2009-7-13 24128]
R0 CLFS;Common Log (CLFS);C:\Windows\System32\clfs.sys [2009-7-13 367696]
R0 CNG;CNG;C:\Windows\System32\drivers\cng.sys [2012-7-12 458704]
R0 Compbatt;Microsoft Composite Battery Driver;C:\Windows\System32\drivers\compbatt.sys [2009-7-13 21584]
R0 Disk;Disk Driver;C:\Windows\System32\drivers\disk.sys [2009-7-13 73280]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\System32\drivers\fileinfo.sys [2009-7-13 70224]
R0 FltMgr;FltMgr;C:\Windows\System32\drivers\fltMgr.sys [2010-11-20 289664]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\Windows\System32\drivers\fvevol.sys [2010-11-20 223248]
R0 hwpolicy;Hardware Policy Driver;C:\Windows\System32\drivers\hwpolicy.sys [2010-11-20 14720]
R0 KSecDD;KSecDD;C:\Windows\System32\drivers\ksecdd.sys [2012-7-12 95600]
R0 KSecPkg;KSecPkg;C:\Windows\System32\drivers\ksecpkg.sys [2012-7-12 151920]
R0 mountmgr;Mount Point Manager;C:\Windows\System32\drivers\mountmgr.sys [2010-11-20 94592]
R0 msahci;msahci;C:\Windows\System32\drivers\msahci.sys [2010-11-20 31104]
R0 msisadrv;msisadrv;C:\Windows\System32\drivers\msisadrv.sys [2009-7-13 15424]
R0 Mup;Mup;C:\Windows\System32\drivers\mup.sys [2009-7-13 60496]
R0 NDIS;NDIS System Driver;C:\Windows\System32\drivers\ndis.sys [2012-9-12 950128]
R0 partmgr;Partition Manager;C:\Windows\System32\drivers\partmgr.sys [2012-5-11 75120]
R0 pci;PCI Bus Driver;C:\Windows\System32\drivers\pci.sys [2010-11-20 184704]
R0 pcw;Performance Counters for Windows Driver;C:\Windows\System32\drivers\pcw.sys [2009-7-13 50768]
R0 rdyboost;ReadyBoost;C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 spldr;Security Processor Loader Driver;C:\Windows\System32\drivers\spldr.sys [2009-7-13 19008]
R0 Tcpip;TCP/IP Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2012-11-16 1914248]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\Windows\System32\drivers\vdrvroot.sys [2009-7-13 36432]
R0 volmgr;Volume Manager Driver;C:\Windows\System32\drivers\volmgr.sys [2010-11-20 71552]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\System32\drivers\volmgrx.sys [2010-11-20 363392]
R0 volsnap;Storage volumes;C:\Windows\System32\drivers\volsnap.sys [2010-11-20 295808]
R0 Wdf01000;Kernel Mode Driver Frameworks service;C:\Windows\System32\drivers\Wdf01000.sys [2012-11-17 785512]
R1 AFD;Ancillary Function Driver for Winsock;C:\Windows\System32\drivers\afd.sys [2012-3-13 498688]
R1 aswRdr;aswRdr;C:\Windows\System32\drivers\aswRdr2.sys [2013-2-10 54072]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-2-10 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-2-10 370288]
R1 aswTdi;avast! Network Shield Support;C:\Windows\System32\drivers\aswTdi.sys [2013-2-10 59728]
R1 Beep;Beep;C:\Windows\System32\drivers\beep.sys [2009-7-13 6656]
R1 blbdrive;blbdrive;C:\Windows\System32\drivers\blbdrive.sys [2009-7-13 45056]
R1 cdrom;CD-ROM Driver;C:\Windows\System32\drivers\cdrom.sys [2010-11-20 147456]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2011-4-25 87600]
R1 DfsC;DFS Namespace Client Driver;C:\Windows\System32\drivers\dfsc.sys [2010-11-20 102400]
R1 discache;System Attribute Cache;C:\Windows\System32\drivers\discache.sys [2009-7-13 40448]
R1 Msfs;Msfs;C:\Windows\System32\drivers\msfs.sys [2009-7-13 26112]
R1 mssmbios;Microsoft System Management BIOS Driver;C:\Windows\System32\drivers\mssmbios.sys [2009-7-13 32320]
R1 NetBIOS;NetBIOS Interface;C:\Windows\System32\drivers\netbios.sys [2009-7-13 44544]
R1 NetBT;NetBT;C:\Windows\System32\drivers\netbt.sys [2010-11-20 261632]
R1 Npfs;Npfs;C:\Windows\System32\drivers\npfs.sys [2009-7-13 44032]
R1 nsiproxy;NSI proxy service driver.;C:\Windows\System32\drivers\nsiproxy.sys [2009-7-13 24576]
R1 Null;Null;C:\Windows\System32\drivers\null.sys [2009-7-13 6144]
R1 Psched;QoS Packet Scheduler;C:\Windows\System32\drivers\pacer.sys [2010-11-20 131584]
R1 rdbss;Redirected Buffering Sub Sysytem;C:\Windows\System32\drivers\rdbss.sys [2010-11-20 309248]
R1 RDPCDD;RDPCDD;C:\Windows\System32\drivers\RDPCDD.sys [2009-7-13 7680]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\System32\drivers\RDPENCDD.sys [2009-7-13 7680]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\Windows\System32\drivers\RDPREFMP.sys [2009-7-13 8192]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\System32\drivers\tdx.sys [2010-11-20 119296]
R1 TermDD;Terminal Device Driver;C:\Windows\System32\drivers\termdd.sys [2010-11-20 63360]
R1 VgaSave;VgaSave;C:\Windows\System32\drivers\vga.sys [2009-7-13 29184]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2010-11-20 88576]
R1 WfpLwf;WFP Lightweight Filter;C:\Windows\System32\drivers\wfplwf.sys [2009-7-13 12800]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-31 204288]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-2-10 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-10 71600]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 AudioSrv;Windows Audio;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-2-10 44808]
R2 BFE;Base Filtering Engine;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 BITS;Background Intelligent Transfer Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 CryptSvc;Cryptographic Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DcomLaunch;DCOM Server Process Launcher;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\CARNEL\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-1-25 107520]
R2 Dhcp;DHCP Client;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 Dnscache;DNS Client;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-10-17 353360]
R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-12-15 872552]
R2 eventlog;Windows Event Log;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 EventSystem;COM+ Event System;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R2 gpsvc;Group Policy Client;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program;C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe [2012-10-9 138192]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs [2009-7-13 27136]
R2 LanmanServer;Server;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 LanmanWorkstation;Workstation;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-10-17 244624]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\System32\drivers\lltdio.sys [2009-7-13 60928]
R2 lmhosts;TCP/IP NetBIOS Helper;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 luafv;UAC File Virtualization;C:\Windows\System32\drivers\luafv.sys [2009-7-13 113152]
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 MpsSvc;Windows Firewall;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 nsi;Network Store Interface Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832]
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 PEAUTH;PEAUTH;C:\Windows\System32\drivers\PEAuth.sys [2009-7-13 651264]
R2 PlugPlay;Plug and Play;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 Power;Power;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 ProfSvc;User Profile Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 RpcEptMapper;RPC Endpoint Mapper;C:\Windows\System32\svchost.exe -k RPCSS [2009-7-13 27136]
R2 RpcSs;Remote Procedure Call (RPC);C:\Windows\System32\svchost.exe -k rpcss [2009-7-13 27136]
R2 rspndr;Link-Layer Topology Discovery Responder;C:\Windows\System32\drivers\rspndr.sys [2009-7-13 76800]
R2 SamSs;Security Accounts Manager;C:\Windows\System32\lsass.exe [2012-3-13 31232]
R2 Schedule;Task Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 secdrv;Security Driver;C:\Windows\System32\drivers\secdrv.sys [2009-7-13 23040]
R2 SENS;System Event Notification Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 ShellHWDetection;Shell Hardware Detection;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 Spooler;Print Spooler;C:\Windows\System32\spoolsv.exe [2012-8-16 559104]
R2 SysMain;Superfetch;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\System32\drivers\tcpipreg.sys [2012-11-16 45568]
R2 Themes;Themes;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 TrkWks;Distributed Link Tracking Client;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 WinDefend;Windows Defender;C:\Windows\System32\svchost.exe -k secsvcs [2009-7-13 27136]
R2 Winmgmt;Windows Management Instrumentation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 Wlansvc;WLAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service;C:\Program Files\Windows Media Player\wmpnetwk.exe [2010-11-20 1525248]
R2 wscsvc;Security Center;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 WSearch;Windows Search;C:\Windows\System32\SearchIndexer.exe [2011-9-21 591872]
R2 wuauserv;Windows Update;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 wudfsvc;Windows Driver Foundation - User-mode Driver Framework;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 AeLookupSvc;Application Experience;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-10-31 10207232]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-10-31 317952]
R3 AmdPPM;AMD Processor Driver;C:\Windows\System32\drivers\amdppm.sys [2009-7-13 60928]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-31 114704]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver;C:\Windows\System32\drivers\BCMWL664.SYS [2011-10-17 4745280]
R3 bowser;Browser Support Driver;C:\Windows\System32\drivers\bowser.sys [2011-7-14 90624]
R3 Browser;Computer Browser;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver;C:\Windows\System32\drivers\CmBatt.sys [2009-7-13 17664]
R3 CompositeBus;Composite Bus Enumerator Driver;C:\Windows\System32\drivers\CompositeBus.sys [2010-11-20 38912]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\System32\drivers\dxgkrnl.sys [2010-11-20 982912]
R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-10-17 142632]
R3 fdPHost;Function Discovery Provider Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 FDResPub;Function Discovery Resource Publication;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2010-11-20 42856]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\Windows\System32\drivers\hdaudbus.sys [2010-11-20 122368]
R3 hidserv;Human Interface Device Access;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 HidUsb;Microsoft HID Class Driver;C:\Windows\System32\drivers\hidusb.sys [2010-11-20 30208]
R3 HomeGroupListener;HomeGroup Listener;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 HomeGroupProvider;HomeGroup Provider;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R3 HTTP;HTTP;C:\Windows\System32\drivers\http.sys [2010-11-20 753664]
R3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\Windows\System32\drivers\i8042prt.sys [2009-7-13 105472]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM);C:\Windows\System32\drivers\RTKVHD64.sys [2011-12-15 3056360]
R3 kbdclass;Keyboard Class Driver;C:\Windows\System32\drivers\kbdclass.sys [2009-7-13 50768]
R3 KeyIso;CNG Key Isolation;C:\Windows\System32\lsass.exe [2012-3-13 31232]
R3 ksthunk;Kernel Streaming Thunks;C:\Windows\System32\drivers\ksthunk.sys [2009-7-13 20992]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-10-17 77424]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\System32\drivers\monitor.sys [2009-7-13 30208]
R3 mouclass;Mouse Class Driver;C:\Windows\System32\drivers\mouclass.sys [2009-7-13 49216]
R3 mouhid;Mouse HID Driver;C:\Windows\System32\drivers\mouhid.sys [2009-7-13 31232]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\System32\drivers\mpsdrv.sys [2009-7-13 77312]
R3 mrxsmb;SMB MiniRedirector Wrapper and Engine;C:\Windows\System32\drivers\mrxsmb.sys [2011-7-14 158208]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\System32\drivers\mrxsmb10.sys [2011-9-21 288768]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\System32\drivers\mrxsmb20.sys [2011-7-14 128000]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\System32\drivers\nwifi.sys [2009-7-13 318976]
R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\Windows\System32\drivers\ndistapi.sys [2009-7-13 24064]
R3 Ndisuio;NDIS Usermode I/O Protocol;C:\Windows\System32\drivers\ndisuio.sys [2010-11-20 56832]
R3 NdisWan;Remote Access NDIS WAN Driver;C:\Windows\System32\drivers\ndiswan.sys [2010-11-20 164352]
R3 NDProxy;NDIS Proxy;C:\Windows\System32\drivers\ndproxy.sys [2010-11-20 57856]
R3 Netman;Network Connections;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 Ntfs;Ntfs;C:\Windows\System32\drivers\ntfs.sys [2012-10-10 1659760]
R3 NTIDrvr;NTIDrvr;C:\Windows\System32\drivers\NTIDrvr.sys [2011-10-17 18432]
R3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 PolicyAgent;IPsec Policy Agent;C:\Windows\System32\svchost.exe -k NetworkServiceNetworkRestricted [2009-7-13 27136]
R3 PptpMiniport;WAN Miniport (PPTP);C:\Windows\System32\drivers\raspptp.sys [2010-11-20 111104]
R3 RasAgileVpn;WAN Miniport (IKEv2);C:\Windows\System32\drivers\agilevpn.sys [2009-7-13 60416]
R3 Rasl2tp;WAN Miniport (L2TP);C:\Windows\System32\drivers\rasl2tp.sys [2010-11-20 129536]
R3 RasPppoe;Remote Access PPPOE Driver;C:\Windows\System32\drivers\raspppoe.sys [2009-7-13 92672]
R3 RasSstp;WAN Miniport (SSTP);C:\Windows\System32\drivers\rassstp.sys [2009-7-13 83968]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 srv;Server SMB 1.xxx Driver;C:\Windows\System32\drivers\srv.sys [2011-7-14 467456]
R3 srv2;Server SMB 2.xxx Driver;C:\Windows\System32\drivers\srv2.sys [2011-7-14 410112]
R3 srvnet;srvnet;C:\Windows\System32\drivers\srvnet.sys [2011-7-14 168448]
R3 SSDPSRV;SSDP Discovery;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R3 stisvc;Windows Image Acquisition (WIA);C:\Windows\System32\svchost.exe -k imgsvc [2009-7-13 27136]
R3 swenum;Software Bus Driver;C:\Windows\System32\drivers\swenum.sys [2009-7-13 12496]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\Windows\System32\drivers\tunnel.sys [2010-11-20 125440]
R3 UBHelper;UBHelper;C:\Windows\System32\drivers\UBHelper.sys [2011-10-17 17408]
R3 umbus;UMBus Enumerator Driver;C:\Windows\System32\drivers\umbus.sys [2010-11-20 48640]
R3 upnphost;UPnP Device Host;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\Windows\System32\drivers\usbccgp.sys [2011-7-14 98816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\Windows\System32\drivers\usbehci.sys [2011-7-14 52736]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-12-15 53376]
R3 usbhub;Microsoft USB Standard Hub Driver;C:\Windows\System32\drivers\usbhub.sys [2011-7-14 343040]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\Windows\System32\drivers\usbohci.sys [2011-7-14 25600]
R3 usbvideo;USB Video Device (WDM);C:\Windows\System32\drivers\usbvideo.sys [2010-11-20 184960]
R3 vwifibus;Virtual WiFi Bus Driver;C:\Windows\System32\drivers\vwifibus.sys [2009-7-13 24576]
R3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\Windows\System32\drivers\wmiacpi.sys [2009-7-13 14336]
R3 WudfPf;User Mode Driver Frameworks Platform Driver;C:\Windows\System32\drivers\WUDFPf.sys [2012-11-17 87040]
R4 udfs;udfs;C:\Windows\System32\drivers\udfs.sys [2010-11-20 328192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2012-11-14 568832]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-20 136176]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 sppsvc;Software Protection;C:\Windows\System32\sppsvc.exe [2010-11-20 3524608]
S3 1394ohci;1394 OHCI Compliant Host Controller;C:\Windows\System32\drivers\1394ohci.sys [2010-11-20 229888]
S3 AcpiPmi;ACPI Power Meter Driver;C:\Windows\System32\drivers\acpipmi.sys [2010-11-20 12800]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-2 251248]
S3 adp94xx;adp94xx;C:\Windows\System32\drivers\adp94xx.sys [2009-6-10 491088]
S3 adpahci;adpahci;C:\Windows\System32\drivers\adpahci.sys [2009-7-13 339536]
S3 adpu320;adpu320;C:\Windows\System32\drivers\adpu320.sys [2009-7-13 182864]
S3 agp440;Intel AGP Bus Filter;C:\Windows\System32\drivers\AGP440.sys [2009-7-13 61008]
S3 ALG;Application Layer Gateway Service;C:\Windows\System32\alg.exe [2009-7-13 79360]
S3 aliide;aliide;C:\Windows\System32\drivers\aliide.sys [2009-7-13 15440]
S3 amdide;amdide;C:\Windows\System32\drivers\amdide.sys [2009-7-13 15440]
S3 AmdK8;AMD K8 Processor Driver;C:\Windows\System32\drivers\amdk8.sys [2009-7-13 64512]
S3 amdsata;amdsata;C:\Windows\System32\drivers\amdsata.sys [2011-7-14 107904]
S3 amdsbs;amdsbs;C:\Windows\System32\drivers\amdsbs.sys [2009-6-10 194128]
S3 AppID;AppID Driver;C:\Windows\System32\drivers\appid.sys [2010-11-20 61440]
S3 AppIDSvc;Application Identity;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 Appinfo;Application Information;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 arc;arc;C:\Windows\System32\drivers\arc.sys [2009-7-13 87632]
S3 arcsas;arcsas;C:\Windows\System32\drivers\arcsas.sys [2009-7-13 97856]
S3 aspnet_state;ASP.NET State Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-3-18 44376]
S3 AsyncMac;RAS Asynchronous Media Driver;C:\Windows\System32\drivers\asyncmac.sys [2009-7-13 23040]
S3 AxInstSV;ActiveX Installer (AxInstSV);C:\Windows\System32\svchost.exe -k AxInstSVGroup [2009-7-13 27136]
S3 b06bdrv;Broadcom NetXtreme II VBD;C:\Windows\System32\drivers\bxvbda.sys [2009-6-10 468480]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2009-6-10 270848]
S3 BDESVC;BitLocker Drive Encryption Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\System32\drivers\BrFiltLo.sys [2009-7-13 18432]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\System32\drivers\BrFiltUp.sys [2009-7-13 8704]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\System32\drivers\BrSerId.sys [2009-7-13 286720]
S3 BrSerWdm;Brother WDM Serial driver;C:\Windows\System32\drivers\BrSerWdm.sys [2009-7-13 47104]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\System32\drivers\BrUsbMdm.sys [2009-7-13 14976]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\System32\drivers\BrUsbSer.sys [2009-7-13 14720]
S3 BTHMODEM;Bluetooth Serial Communications Driver;C:\Windows\System32\drivers\bthmodem.sys [2009-7-13 72192]
S3 bthserv;Bluetooth Support Service;C:\Windows\System32\svchost.exe -k bthsvcs [2009-7-13 27136]
S3 CertPropSvc;Certificate Propagation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 circlass;Consumer IR Devices;C:\Windows\System32\drivers\circlass.sys [2009-7-13 45568]
S3 cmdide;cmdide;C:\Windows\System32\drivers\cmdide.sys [2009-7-13 17488]
S3 COMSysApp;COM+ System Application;C:\Windows\System32\dllhost.exe [2009-7-13 9728]
S3 defragsvc;Disk Defragmenter;C:\Windows\System32\svchost.exe -k defragsvc [2009-7-13 27136]
S3 dot3svc;Wired AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 drmkaud;Microsoft Trusted Audio Drivers;C:\Windows\System32\drivers\drmkaud.sys [2009-7-13 5632]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\Windows\System32\drivers\evbda.sys [2009-6-10 3286016]
S3 EFS;Encrypting File System (EFS);C:\Windows\System32\lsass.exe [2012-3-13 31232]
S3 ehRecvr;Windows Media Center Receiver Service;C:\Windows\ehome\ehrecvr.exe [2010-11-20 696832]
S3 ehSched;Windows Media Center Scheduler Service;C:\Windows\ehome\ehsched.exe [2009-7-13 127488]
S3 elxstor;elxstor;C:\Windows\System32\drivers\elxstor.sys [2009-6-10 530496]
S3 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\System32\drivers\errdev.sys [2009-7-13 9728]
S3 exfat;exFAT File System Driver;C:\Windows\System32\drivers\exfat.sys [2009-7-13 195072]
S3 fastfat;FAT12/16/32 File System Driver;C:\Windows\System32\drivers\fastfat.sys [2009-7-13 204800]
S3 Fax;Fax;C:\Windows\System32\FXSSVC.exe [2010-11-20 689152]
S3 fdc;Floppy Disk Controller Driver;C:\Windows\System32\drivers\fdc.sys [2009-7-13 29696]
S3 Filetrace;Filetrace;C:\Windows\System32\drivers\filetrace.sys [2009-7-13 34304]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service;C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-12-15 655624]
S3 flpydisk;Floppy Disk Driver;C:\Windows\System32\drivers\flpydisk.sys [2009-7-13 24576]
S3 FsDepends;File System Dependency Minifilter;C:\Windows\System32\drivers\fsdepends.sys [2009-7-13 55376]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\Windows\System32\drivers\GAGP30KX.SYS [2009-7-13 65088]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-20 136176]
S3 gusvc;Google Software Updater;C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-6-20 194032]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\System32\drivers\hcw85cir.sys [2009-7-13 31232]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\HdAudio.sys [2010-11-20 350208]
S3 HidBatt;HID UPS Battery Driver;C:\Windows\System32\drivers\hidbatt.sys [2009-7-13 26624]
S3 HidBth;Microsoft Bluetooth HID Miniport;C:\Windows\System32\drivers\hidbth.sys [2009-7-13 100864]
S3 HidIr;Microsoft Infrared HID Driver;C:\Windows\System32\drivers\hidir.sys [2009-7-13 46592]
S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 HpSAMD;HpSAMD;C:\Windows\System32\drivers\HpSAMD.sys [2010-11-20 78720]
S3 iaStorV;iaStorV;C:\Windows\System32\drivers\iaStorV.sys [2011-7-14 410496]
S3 idsvc;Windows CardSpace;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2010-11-20 856400]
S3 iirsp;iirsp;C:\Windows\System32\drivers\iirsp.sys [2009-7-13 44112]
S3 intelide;intelide;C:\Windows\System32\drivers\intelide.sys [2009-7-13 16960]
S3 intelppm;Intel Processor Driver;C:\Windows\System32\drivers\intelppm.sys [2009-7-13 62464]
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 IpFilterDriver;IP Traffic Filter Driver;C:\Windows\System32\drivers\ipfltdrv.sys [2010-11-20 82944]
S3 IPMIDRV;IPMIDRV;C:\Windows\System32\drivers\IPMIDrv.sys [2010-11-20 78848]
S3 IPNAT;IP Network Address Translator;C:\Windows\System32\drivers\ipnat.sys [2009-7-13 116224]
S3 IRENUM;IR Bus Enumerator;C:\Windows\System32\drivers\irenum.sys [2009-7-13 17920]
S3 isapnp;isapnp;C:\Windows\System32\drivers\isapnp.sys [2009-7-13 20544]
S3 iScsiPrt;iScsiPort Driver;C:\Windows\System32\drivers\msiscsi.sys [2010-11-20 273792]
S3 kbdhid;Keyboard HID Driver;C:\Windows\System32\drivers\kbdhid.sys [2010-11-20 33280]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-13 27136]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 LSI_FC;LSI_FC;C:\Windows\System32\drivers\lsi_fc.sys [2009-7-13 114752]
S3 LSI_SAS;LSI_SAS;C:\Windows\System32\drivers\lsi_sas.sys [2009-7-13 106560]
S3 LSI_SAS2;LSI_SAS2;C:\Windows\System32\drivers\lsi_sas2.sys [2009-7-13 65600]
S3 LSI_SCSI;LSI_SCSI;C:\Windows\System32\drivers\lsi_scsi.sys [2009-7-13 115776]
S3 megasas;megasas;C:\Windows\System32\drivers\megasas.sys [2009-6-10 35392]
S3 MegaSR;MegaSR;C:\Windows\System32\drivers\MegaSR.sys [2009-7-13 284736]
S3 Modem;Modem;C:\Windows\System32\drivers\modem.sys [2009-7-13 40448]
S3 mpio;mpio;C:\Windows\System32\drivers\mpio.sys [2010-11-20 155008]
S3 MRxDAV;WebDav Client Redirector Driver;C:\Windows\System32\drivers\mrxdav.sys [2010-11-20 140800]
S3 msdsm;msdsm;C:\Windows\System32\drivers\msdsm.sys [2010-11-20 140672]
S3 MSDTC;Distributed Transaction Coordinator;C:\Windows\System32\msdtc.exe [2009-7-13 141824]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\Windows\System32\drivers\mshidkmdf.sys [2009-7-13 8192]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 msiserver;Windows Installer;C:\Windows\System32\msiexec.exe [2010-11-20 128000]
S3 MSKSSRV;Microsoft Streaming Service Proxy;C:\Windows\System32\drivers\mskssrv.sys [2009-7-13 11136]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;C:\Windows\System32\drivers\mspclock.sys [2009-7-13 7168]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;C:\Windows\System32\drivers\mspqm.sys [2009-7-13 6784]
S3 MsRPC;MsRPC;C:\Windows\System32\drivers\msrpc.sys [2010-11-20 366976]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;C:\Windows\System32\drivers\mstee.sys [2009-7-13 8064]
S3 MTConfig;Microsoft Input Configuration Driver;C:\Windows\System32\drivers\MTConfig.sys [2009-7-13 15360]
S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 NdisCap;NDIS Capture LightWeight Filter;C:\Windows\System32\drivers\ndiscap.sys [2009-7-13 35328]
S3 Netlogon;Netlogon;C:\Windows\System32\lsass.exe [2012-3-13 31232]
S3 nfrd960;nfrd960;C:\Windows\System32\drivers\nfrd960.sys [2009-7-13 51264]
S3 nv_agp;NVIDIA nForce AGP Bus Filter;C:\Windows\System32\drivers\NV_AGP.SYS [2009-7-13 122960]
S3 nvraid;nvraid;C:\Windows\System32\drivers\nvraid.sys [2011-7-14 148352]
S3 nvstor;nvstor;C:\Windows\System32\drivers\nvstor.sys [2011-7-14 166272]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy);C:\Windows\System32\drivers\ohci1394.sys [2009-7-13 72832]
S3 ose;Office  Source Engine;C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 149352]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Parport;Parallel port driver;C:\Windows\System32\drivers\parport.sys [2009-7-13 97280]
S3 pciide;pciide;C:\Windows\System32\drivers\pciide.sys [2009-7-13 12352]
S3 pcmcia;pcmcia;C:\Windows\System32\drivers\pcmcia.sys [2009-7-13 220752]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-13 20992]
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
S3 Processor;Processor Driver;C:\Windows\System32\drivers\processr.sys [2009-7-13 60416]
S3 ProtectedStorage;Protected Storage;C:\Windows\System32\lsass.exe [2012-3-13 31232]
S3 ql2300;ql2300;C:\Windows\System32\drivers\ql2300.sys [2009-6-10 1524816]
S3 ql40xx;ql40xx;C:\Windows\System32\drivers\ql40xx.sys [2009-7-13 128592]
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 QWAVEdrv;QWAVE driver;C:\Windows\System32\drivers\qwavedrv.sys [2009-7-13 46592]
S3 RasAcd;Remote Access Auto Connection Driver;C:\Windows\System32\drivers\rasacd.sys [2009-7-13 14848]
S3 RasAuto;Remote Access Auto Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 RasMan;Remote Access Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\Windows\System32\drivers\rdpbus.sys [2009-7-13 24064]
S3 RDPWD;RDP Winstation Driver;C:\Windows\System32\drivers\rdpwd.sys [2012-6-14 210944]
S3 RemoteRegistry;Remote Registry;C:\Windows\System32\svchost.exe -k regsvc [2009-7-13 27136]
S3 RpcLocator;Remote Procedure Call (RPC) Locator;C:\Windows\System32\Locator.exe [2009-7-13 10240]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-10-17 250984]
S3 sbp2port;sbp2port;C:\Windows\System32\drivers\sbp2port.sys [2010-11-20 103808]
S3 SCardSvr;Smart Card;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 scfilter;Smart card PnP Class Filter Driver;C:\Windows\System32\drivers\scfilter.sys [2010-11-20 29696]
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 SDRSVC;Windows Backup;C:\Windows\System32\svchost.exe -k SDRSVC [2009-7-13 27136]
S3 seclogon;Secondary Logon;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 SensrSvc;Adaptive Brightness;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 Serenum;Serenum Filter Driver;C:\Windows\System32\drivers\serenum.sys [2009-7-13 23552]
S3 Serial;Serial;C:\Windows\System32\drivers\serial.sys [2009-7-13 94208]
S3 sermouse;Serial Mouse Driver;C:\Windows\System32\drivers\sermouse.sys [2009-7-13 26624]
S3 SessionEnv;Remote Desktop Configuration;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 sffdisk;SFF Storage Class Driver;C:\Windows\System32\drivers\sffdisk.sys [2009-7-13 14336]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\System32\drivers\sffp_mmc.sys [2009-7-13 13824]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\Windows\System32\drivers\sffp_sd.sys [2010-11-20 14336]
S3 sfloppy;High-Capacity Floppy Disk Drive;C:\Windows\System32\drivers\sfloppy.sys [2009-7-13 16896]
S3 SiSRaid2;SiSRaid2;C:\Windows\System32\drivers\sisraid2.sys [2009-6-10 43584]
S3 SiSRaid4;SiSRaid4;C:\Windows\System32\drivers\sisraid4.sys [2009-7-13 80464]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\System32\drivers\smb.sys [2009-7-13 93184]
S3 SNMPTRAP;SNMP Trap;C:\Windows\System32\snmptrap.exe [2009-7-13 14336]
S3 sppuinotify;SPP Notification Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 SstpSvc;Secure Socket Tunneling Protocol Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 stexstor;stexstor;C:\Windows\System32\drivers\stexstor.sys [2009-7-13 24656]
S3 swprv;Microsoft Software Shadow Copy Provider;C:\Windows\System32\svchost.exe -k swprv [2009-7-13 27136]
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 TCPIP6;Microsoft IPv6 Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2012-11-16 1914248]
S3 TDPIPE;TDPIPE;C:\Windows\System32\drivers\tdpipe.sys [2009-7-13 15872]
S3 TDTCP;TDTCP;C:\Windows\System32\drivers\tdtcp.sys [2012-3-15 23552]
S3 TermService;Remote Desktop Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 THREADORDER;Thread Ordering Server;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2010-11-20 194048]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\Windows\System32\drivers\tssecsrv.sys [2010-11-20 39424]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 uagp35;Microsoft AGPv3.5 Filter;C:\Windows\System32\drivers\UAGP35.SYS [2009-7-13 64080]
S3 UI0Detect;Interactive Services Detection;C:\Windows\System32\UI0Detect.exe [2009-7-13 40960]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\System32\drivers\ULIAGPKX.SYS [2009-7-13 64592]
S3 UmPass;Microsoft UMPass Driver;C:\Windows\System32\drivers\umpass.sys [2009-7-13 9728]
S3 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\System32\drivers\usbcir.sys [2009-7-13 100352]
S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\System32\drivers\usbprint.sys [2009-7-13 25088]
S3 usbscan;USB Scanner Driver;C:\Windows\System32\drivers\usbscan.sys [2009-7-13 41984]
S3 USBSTOR;USB Mass Storage Driver;C:\Windows\System32\drivers\USBSTOR.SYS [2011-7-14 91648]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\Windows\System32\drivers\usbuhci.sys [2011-7-14 30720]
S3 VaultSvc;Credential Manager;C:\Windows\System32\lsass.exe [2012-3-13 31232]
S3 vds;Virtual Disk;C:\Windows\System32\vds.exe [2010-11-20 533504]
S3 vga;vga;C:\Windows\System32\drivers\vgapnp.sys [2009-7-13 29184]
S3 vhdmp;vhdmp;C:\Windows\System32\drivers\vhdmp.sys [2010-11-20 215936]
S3 viaide;viaide;C:\Windows\System32\drivers\viaide.sys [2009-7-13 17488]
S3 vsmraid;vsmraid;C:\Windows\System32\drivers\vsmraid.sys [2009-6-10 161872]
S3 VSS;Volume Shadow Copy;C:\Windows\System32\VSSVC.exe [2010-11-20 1600512]
S3 W32Time;Windows Time;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\System32\drivers\wacompen.sys [2009-7-13 27776]
S3 WANARP;Remote Access IP ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2010-11-20 88576]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-13 1255736]
S3 wbengine;Block Level Backup Engine Service;C:\Windows\System32\wbengine.exe [2010-11-20 1504256]
S3 WbioSrvc;Windows Biometric Service;C:\Windows\System32\svchost.exe -k WbioSvcGroup [2009-7-13 27136]
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 WcsPlugInService;Windows Color System;C:\Windows\System32\svchost.exe -k wcssvc [2009-7-13 27136]
S3 Wd;Wd;C:\Windows\System32\drivers\wd.sys [2009-7-13 21056]
S3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WebClient;WebClient;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 Wecsvc;Windows Event Collector;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup [2009-7-13 27136]
S3 WIMMount;WIMMount;C:\Windows\System32\drivers\wimmount.sys [2009-7-13 22096]
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 wlidsvc;Windows Live ID Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-3-28 2292096]
S3 wmiApSrv;WMI Performance Adapter;C:\Windows\System32\wbem\WmiApSrv.exe [2009-7-13 203264]
S3 WPCSvc;Parental Controls;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
S3 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WUDFRd;WUDFRd;C:\Windows\System32\drivers\WUDFRd.sys [2012-11-17 198656]
S3 WwanSvc;WWAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
S4 AffinegyService;AffinegyService;C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [2012-3-12 562592]
S4 cdfs;CD/DVD File System Reader;C:\Windows\System32\drivers\cdfs.sys [2009-7-13 92160]
S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86;C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-7-13 66384]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-13 89920]
S4 crcdisk;Crcdisk Filter Driver;C:\Windows\System32\drivers\crcdisk.sys [2009-7-13 24144]
S4 Mcx2Svc;Media Center Extender Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S4 NetMsmqActivator;Net.Msmq Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
S4 NetPipeActivator;Net.Pipe Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
S4 NetTcpActivator;Net.Tcp Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S4 RemoteAccess;Routing and Remote Access;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S4 SharedAccess;Internet Connection Sharing (ICS);C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S4 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S4 TapiSrv;Telephony;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
S4 ws2ifsl;Winsock IFS Driver;C:\Windows\System32\drivers\ws2ifsl.sys [2009-7-13 21504]
.
=============== File Associations ===============
.
FileExt: .bat: batfile="%1" %*
FileExt: .cmd: cmdfile="%1" %*
FileExt: .com: comfile="%1" %*
FileExt: .exe: exefile="%1" %*
FileExt: .pif: piffile="%1" %*
FileExt: .scr: scrfile="%1" /S
FileExt: .reg: regfile=regedit.exe "%1"
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .chm: chm.file="C:\Windows\hh.exe" %1
FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: AcroRD32.exe: Read="C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" "%1"
ShellExec: ehshell.exe: open="C:\Windows\eHome\ehshell.exe" "%1"
ShellExec: iexplore.exe: open="C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
ShellExec: MovieMaker.exe: Open="C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
ShellExec: mspaint.exe: edit="C:\Windows\System32\mspaint.exe" "%1"
ShellExec: notepad.exe: edit=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: notepad.exe: open=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: photoviewer.dll: open=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: photoviewer.dll: print=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: WLXPhotoViewer.dll: open="C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"
ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"
ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"
.
=============== Created Last 60 ================
.
2013-02-10 21:33:29    25232    ----a-w-    C:\Windows\System32\drivers\aswFsBlk.sys
2013-02-10 21:33:28    370288    ----a-w-    C:\Windows\System32\drivers\aswSP.sys
2013-02-10 21:33:23    54072    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-02-10 21:33:22    59728    ----a-w-    C:\Windows\System32\drivers\aswTdi.sys
2013-02-10 21:33:20    984144    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-02-10 21:33:18    71600    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-02-10 21:32:49    41224    ----a-w-    C:\Windows\avastSS.scr
2013-02-10 21:32:48    227648    ----a-w-    C:\Windows\SysWow64\aswBoot.exe
2013-02-10 18:30:31    --------    d-----w-    C:\Users\CARNEL\AppData\Roaming\Malwarebytes
2013-02-10 18:30:14    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-02-10 18:29:50    --------    d-----w-    C:\Users\CARNEL\AppData\Local\Programs
2013-02-10 18:18:16    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D0827710-1ABC-4360-B0B3-001F6426B92E}\offreg.dll
2013-02-10 17:56:38    8199504    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-02-10 17:56:30    9161176    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D0827710-1ABC-4360-B0B3-001F6426B92E}\mpengine.dll
2013-02-10 17:05:11    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{C7A279AE-14FB-4560-A8F2-93BF39FBD8C1}
2013-02-10 02:53:02    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{775C0360-5455-425A-BAD3-59F7ED4094B3}
2013-02-07 10:03:14    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{DA201778-AB02-409B-9F27-E9C610F9B2D3}
2013-02-07 00:55:02    --------    d-----w-    C:\Program Files (x86)\Conduit
2013-02-07 00:54:28    --------    d-----w-    C:\Users\CARNEL\AppData\Local\Conduit
2013-02-07 00:54:03    --------    d-----w-    C:\Users\CARNEL\AppData\Local\Deal Vault
2013-02-07 00:53:55    --------    d-----w-    C:\Users\CARNEL\AppData\Local\CRE
2013-02-05 23:00:23    737072    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-02-05 22:59:47    2876528    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-05 22:59:35    42776    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-05 22:59:30    539984    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-02-02 23:46:04    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{335B027F-83E1-4580-B3A3-423A85107420}
2013-01-30 14:49:59    --------    d-----w-    C:\Users\CARNEL\AppData\Local\MPlayer
2013-01-30 12:33:57    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{7CB7EDCD-EBD2-435C-8A93-26382D8D5944}
2013-01-29 23:50:55    --------    d-----w-    C:\Users\CARNEL\AppData\Local\Software
2013-01-29 23:37:46    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{B5B19581-2ADE-4E68-8D2A-F3E765ECA56A}
2013-01-29 23:27:11    737072    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-01-29 23:26:44    2876528    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-01-29 23:26:32    42776    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-01-29 23:26:24    539984    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-01-28 11:43:39    --------    d-----w-    C:\Program Files (x86)\MSXML 4.0
2013-01-28 11:41:53    0    ----a-w-    C:\autoexec.bat
2013-01-28 11:40:45    --------    d-----w-    C:\ProgramData\Quick PC Booster
2013-01-28 11:40:45    --------    d-----w-    C:\ProgramData\PC Optimizer Pro
2013-01-28 02:06:16    --------    d-----w-    C:\Program Files\Enigma Software Group
2013-01-28 02:05:53    --------    d-----w-    C:\Windows\FD8557D5681D4C75940A00C69A51265E.TMP
2013-01-28 02:05:51    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-01-25 23:28:20    --------    d-----w-    C:\Program Files (x86)\Mplayer
2013-01-25 23:27:57    --------    d-----w-    C:\Windows\SysWow64\AI_RecycleBin
2013-01-25 23:27:55    --------    d-----w-    C:\ProgramData\Strongvault Online Backup
2013-01-25 23:27:37    --------    d-sh--w-    C:\AI_RecycleBin
2013-01-25 23:27:34    --------    d-----w-    C:\Program Files (x86)\DefaultTab
2013-01-25 23:27:32    --------    d-----w-    C:\Users\CARNEL\AppData\Roaming\Strongvault
2013-01-25 23:27:19    --------    d-----w-    C:\Users\CARNEL\AppData\Roaming\DefaultTab
2013-01-25 23:27:18    --------    d-----w-    C:\ProgramData\Yahoo!
2013-01-25 23:27:03    --------    d-----w-    C:\Program Files (x86)\Yahoo!
2013-01-25 23:26:49    --------    d-----w-    C:\Users\CARNEL\AppData\Local\The Weather Channel
2013-01-25 23:25:15    --------    d-----w-    C:\ProgramData\APN
2013-01-24 23:25:52    285328    ----a-w-    C:\Windows\System32\aswBoot.exe
2013-01-24 23:24:47    --------    d-----w-    C:\ProgramData\AVAST Software
2013-01-24 23:24:47    --------    d-----w-    C:\Program Files\AVAST Software
2013-01-23 22:59:25    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{8E0A97DF-A6F1-4261-8138-DC1E1862C866}
2013-01-21 00:27:21    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{2F624F1C-C646-4E74-A2E2-9A3176F041A8}
2013-01-20 00:56:03    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{41FC8984-EECD-45A3-9688-80007812602B}
2013-01-17 01:17:50    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{B31BA99A-48FB-4EFB-A1B7-14399074729A}
2013-01-16 10:44:03    914432    ----a-w-    C:\Windows\7z.dll
2013-01-16 10:43:59    227840    ----a-w-    C:\Windows\7zG.exe
2013-01-16 10:43:48    --------    d-----w-    C:\Program Files (x86)\Mozilla Firefox
2013-01-16 10:43:42    --------    d-----w-    C:\Users\CARNEL\AppData\Roaming\SpecialSavings
2013-01-16 10:43:42    --------    d-----w-    C:\Users\CARNEL\AppData\Roaming\Mozilla
2013-01-16 10:43:21    --------    d-----w-    C:\ProgramData\Babylon
2013-01-16 10:43:20    --------    d-----w-    C:\Users\CARNEL\AppData\Roaming\Babylon
2013-01-16 10:43:01    --------    d-----w-    C:\Windows\SysWow64\searchplugins
2013-01-16 10:43:01    --------    d-----w-    C:\Windows\SysWow64\Extensions
2013-01-16 10:42:46    --------    d-----w-    C:\Users\CARNEL\AppData\Roaming\PerformerSoft
2013-01-16 10:42:44    19632    ----a-w-    C:\Windows\System32\roboot64.exe
2013-01-16 10:42:39    --------    d-----w-    C:\ProgramData\Tarma Installer
2013-01-16 10:42:30    --------    d-----w-    C:\Program Files (x86)\File Scout
2013-01-16 02:06:16    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{BC5A651C-A44A-4B07-AFD4-1582B98C93AC}
2013-01-16 01:41:38    622    ------w-    C:\Windows\SysWow64\update.reg
2013-01-16 01:41:38    --------    d-----w-    C:\Windows\Sun
2013-01-16 01:41:38    --------    d-----w-    C:\Windows\config
2013-01-14 14:12:14    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{77BD541C-127F-4AD0-BF08-ACDCFF3A1901}
2013-01-14 00:09:27    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{FC9F11A8-0B09-400C-8930-08E0AE0560FD}
2013-01-12 10:54:43    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{57C57C00-EAEB-45C7-8573-47917832BD18}
2013-01-11 00:05:17    750592    ----a-w-    C:\Windows\System32\win32spl.dll
2013-01-11 00:05:17    492032    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-01-11 00:04:42    2002432    ----a-w-    C:\Windows\System32\msxml6.dll
2013-01-11 00:04:42    1882624    ----a-w-    C:\Windows\System32\msxml3.dll
2013-01-11 00:04:41    1389568    ----a-w-    C:\Windows\SysWow64\msxml6.dll
2013-01-11 00:04:40    1236992    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2013-01-11 00:04:37    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-01-11 00:04:37    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-01-11 00:04:34    800768    ----a-w-    C:\Windows\System32\usp10.dll
2013-01-11 00:04:34    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2013-01-11 00:04:19    45568    ----a-w-    C:\Windows\SysWow64\oflc-nz.rs
2013-01-11 00:04:19    45568    ----a-w-    C:\Windows\System32\oflc-nz.rs
2013-01-11 00:04:19    43520    ----a-w-    C:\Windows\System32\csrr.rs
2013-01-11 00:04:18    46592    ----a-w-    C:\Windows\SysWow64\fpb.rs
2013-01-11 00:04:18    46592    ----a-w-    C:\Windows\System32\fpb.rs
2013-01-11 00:04:18    43520    ----a-w-    C:\Windows\SysWow64\csrr.rs
2013-01-11 00:04:17    44544    ----a-w-    C:\Windows\SysWow64\pegibbfc.rs
2013-01-11 00:04:17    44544    ----a-w-    C:\Windows\System32\pegibbfc.rs
2013-01-11 00:04:17    40960    ----a-w-    C:\Windows\SysWow64\cob-au.rs
2013-01-11 00:04:17    40960    ----a-w-    C:\Windows\System32\cob-au.rs
2013-01-11 00:04:16    30720    ----a-w-    C:\Windows\SysWow64\usk.rs
2013-01-11 00:04:16    30720    ----a-w-    C:\Windows\System32\usk.rs
2013-01-11 00:04:16    15360    ----a-w-    C:\Windows\SysWow64\djctq.rs
2013-01-11 00:04:16    15360    ----a-w-    C:\Windows\System32\djctq.rs
2013-01-11 00:04:15    21504    ----a-w-    C:\Windows\SysWow64\grb.rs
2013-01-11 00:04:15    21504    ----a-w-    C:\Windows\System32\grb.rs
2013-01-11 00:04:15    20480    ----a-w-    C:\Windows\System32\pegi.rs
2013-01-11 00:04:14    20480    ----a-w-    C:\Windows\SysWow64\pegi.rs
2013-01-11 00:04:14    20480    ----a-w-    C:\Windows\System32\pegi-pt.rs
2013-01-11 00:04:13    441856    ----a-w-    C:\Windows\System32\Wpc.dll
2013-01-11 00:04:13    20480    ----a-w-    C:\Windows\SysWow64\pegi-pt.rs
2013-01-11 00:04:12    308736    ----a-w-    C:\Windows\SysWow64\Wpc.dll
2013-01-11 00:04:12    2746368    ----a-w-    C:\Windows\System32\gameux.dll
2013-01-11 00:04:12    2576384    ----a-w-    C:\Windows\SysWow64\gameux.dll
2013-01-11 00:04:05    51712    ----a-w-    C:\Windows\SysWow64\esrb.rs
2013-01-11 00:04:05    51712    ----a-w-    C:\Windows\System32\esrb.rs
2013-01-11 00:04:05    23552    ----a-w-    C:\Windows\System32\oflc.rs
2013-01-11 00:04:05    20480    ----a-w-    C:\Windows\System32\pegi-fi.rs
2013-01-11 00:04:04    55296    ----a-w-    C:\Windows\System32\cero.rs
2013-01-11 00:04:04    23552    ----a-w-    C:\Windows\SysWow64\oflc.rs
2013-01-11 00:04:04    20480    ----a-w-    C:\Windows\SysWow64\pegi-fi.rs
2013-01-11 00:04:03    55296    ----a-w-    C:\Windows\SysWow64\cero.rs
2013-01-11 00:02:28    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-01-11 00:02:26    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2013-01-11 00:02:25    1161216    ----a-w-    C:\Windows\System32\kernel32.dll
2013-01-11 00:02:24    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2013-01-11 00:02:24    1114112    ----a-w-    C:\Windows\SysWow64\kernel32.dll
2013-01-11 00:02:23    338432    ----a-w-    C:\Windows\System32\conhost.exe
2013-01-11 00:02:23    243200    ----a-w-    C:\Windows\System32\wow64.dll
2013-01-11 00:02:23    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-01-11 00:02:23    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2013-01-11 00:02:23    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-01-11 00:02:23    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2013-01-11 00:02:22    5120    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-01-11 00:02:22    5120    ---ha-w-    C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-11 00:02:22    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-01-11 00:02:22    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-11 00:02:21    6144    ---ha-w-    C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-11 00:02:21    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-11 00:02:21    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-11 00:02:21    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-11 00:02:20    4608    ---ha-w-    C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-11 00:02:20    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-11 00:02:20    4096    ---ha-w-    C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-11 00:02:20    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-11 00:02:20    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-11 00:02:19    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-01-11 00:02:19    4096    ---ha-w-    C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-11 00:02:19    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-01-11 00:02:18    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-11 00:02:18    3584    ---ha-w-    C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-11 00:02:18    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-01-11 00:02:18    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-11 00:02:17    4608    ---ha-w-    C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-11 00:02:17    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-11 00:02:17    3584    ---ha-w-    C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-11 00:02:16    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-11 00:02:16    3584    ---ha-w-    C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-11 00:02:15    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-01-11 00:02:15    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-01-11 00:02:15    3584    ---ha-w-    C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-11 00:02:15    3584    ---ha-w-    C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-11 00:02:14    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-11 00:02:14    4096    ---ha-w-    C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-11 00:02:13    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-11 00:02:13    3584    ---ha-w-    C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-11 00:02:13    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-01-11 00:02:13    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-11 00:02:12    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-11 00:02:12    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-01-11 00:02:12    3584    ---ha-w-    C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-11 00:02:12    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-11 00:02:11    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-01-11 00:02:11    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-11 00:02:11    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-11 00:02:10    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-01-11 00:02:10    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-11 00:02:10    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-11 00:02:10    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-11 00:02:09    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-01-11 00:02:09    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-11 00:02:09    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-11 00:02:08    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-11 00:02:08    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-11 00:02:08    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-01-11 00:02:07    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-01-11 00:02:07    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-11 00:02:07    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-01-11 00:02:06    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-01-11 00:02:05    4096    ---ha-w-    C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-11 00:02:05    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-01-11 00:02:04    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-11 00:02:03    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-01-11 00:01:01    68608    ----a-w-    C:\Windows\System32\taskhost.exe
2013-01-11 00:00:59    3149824    ----a-w-    C:\Windows\System32\win32k.sys
2013-01-10 23:51:16    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{3DC3D739-7BB6-430D-93FD-21C85AB1A5EF}
2013-01-06 12:25:43    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{24923E29-6369-4CC0-BF72-D97F60C94FFF}
2013-01-05 17:01:02    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{71B3CDE3-363E-45E9-AE1A-A78F5B371F01}
2013-01-05 03:10:43    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{E29F31B5-E811-4DA7-8E95-B1F4569CD21C}
2012-12-24 00:37:27    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{F5275E29-7F37-41DE-8877-ABF84A6EFABF}
2012-12-23 12:25:31    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{FF658510-3761-4BB9-8D1E-88C49D87C3B0}
2012-12-23 00:12:05    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{7F504C96-1248-479D-A845-685F6DD3EEA0}
2012-12-22 12:10:26    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2012-12-22 12:10:26    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2012-12-22 12:10:25    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2012-12-22 12:10:25    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2012-12-15 01:39:11    --------    d-----w-    C:\Users\CARNEL\AppData\Local\{0F4112E5-5ABC-4A60-AF4B-DB63E6848B78}
2012-12-15 00:48:38    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2012-12-15 00:48:38    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2012-12-15 00:48:37    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2012-12-15 00:48:37    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2012-12-15 00:48:37    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2012-12-15 00:48:37    304640    ----a-w-    C:\Program Files\Internet Explorer\IEShims.dll
2012-12-15 00:48:37    182816    ----a-w-    C:\Program Files\Internet Explorer\sqmapi.dll
2012-12-15 00:48:37    149552    ----a-w-    C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-12-15 00:48:36    194048    ----a-w-    C:\Program Files (x86)\Internet Explorer\IEShims.dll
2012-12-15 00:48:36    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2012-12-15 00:48:35    757296    ----a-w-    C:\Program Files (x86)\Internet Explorer\iexplore.exe
2012-12-15 00:48:35    248320    ----a-w-    C:\Windows\System32\ieui.dll
2012-12-15 00:48:35    237056    ----a-w-    C:\Windows\System32\url.dll
2012-12-15 00:48:35    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2012-12-15 00:48:35    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2012-12-15 00:48:35    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2012-12-15 00:48:34    763424    ----a-w-    C:\Program Files\Internet Explorer\iexplore.exe
2012-12-15 00:48:34    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2012-12-15 00:48:34    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2012-12-15 00:48:34    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2012-12-15 00:48:34    1346048    ----a-w-    C:\Windows\System32\urlmon.dll
2012-12-15 00:48:34    1103872    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2012-12-15 00:48:33    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2012-12-15 00:48:33    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2012-12-15 00:48:33    548864    ----a-w-    C:\Program Files\Internet Explorer\ieproxy.dll
2012-12-15 00:48:33    194560    ----a-w-    C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2012-12-15 00:48:32    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2012-12-15 00:48:32    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2012-12-15 00:48:31    85504    ----a-w-    C:\Windows\System32\jsproxy.dll
2012-12-15 00:48:30    816640    ----a-w-    C:\Windows\System32\jscript.dll
2012-12-15 00:48:30    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2012-12-15 00:48:30    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2012-12-15 00:48:30    2144768    ----a-w-    C:\Windows\System32\iertutil.dll
2012-12-15 00:48:30    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2012-12-15 00:48:30    1793024    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2012-12-15 00:48:29    887296    ----a-w-    C:\Program Files\Internet Explorer\iedvtool.dll
2012-12-15 00:48:29    678912    ----a-w-    C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-12-15 00:48:29    65024    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2012-12-15 00:48:29    499200    ----a-w-    C:\Program Files\Internet Explorer\jsdbgui.dll
2012-12-15 00:48:29    387584    ----a-w-    C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2012-12-15 00:48:27    12320256    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2012-12-15 00:48:25    17811968    ----a-w-    C:\Windows\System32\mshtml.dll
2012-12-15 00:48:24    9738240    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2012-12-15 00:48:24    10925568    ----a-w-    C:\Windows\System32\ieframe.dll
2012-12-14 02:32:30    2048    ----a-w-    C:\Windows\System32\tzres.dll
2012-12-14 02:32:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2012-12-14 02:30:24    478208    ----a-w-    C:\Windows\System32\dpnet.dll
2012-12-14 02:30:24    376832    ----a-w-    C:\Windows\SysWow64\dpnet.dll
.
==================== Find6M  ====================
.
2013-02-09 10:25:06    74096    ------w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-09 10:25:06    697712    ------w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-17 06:28:58    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-01-12 02:22:10    67599240    ----a-w-    C:\Windows\System32\MRT.exe
2012-11-30 04:45:10    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2012-10-16 08:38:37    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52    561664    ----a-w-    C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13    55296    ----a-w-    C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13    226816    ----a-w-    C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31    44032    ----a-w-    C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31    193536    ----a-w-    C:\Windows\SysWow64\dhcpcore6.dll
2012-10-03 17:56:54    1914248    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21    70656    ----a-w-    C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21    303104    ----a-w-    C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17    246272    ----a-w-    C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17    18944    ----a-w-    C:\Windows\System32\netevent.dll
2012-10-03 17:44:16    216576    ----a-w-    C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16    569344    ----a-w-    C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24    18944    ----a-w-    C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24    175104    ----a-w-    C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23    156672    ----a-w-    C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26    45568    ----a-w-    C:\Windows\System32\drivers\tcpipreg.sys
2012-09-25 22:47:43    78336    ----a-w-    C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17    95744    ----a-w-    C:\Windows\System32\synceng.dll
2012-08-31 18:19:35    1659760    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45    5559664    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02    3968880    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02    3914096    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2012-08-29 00:24:56    477168    ------w-    C:\Windows\SysWow64\npdeployJava1.dll
2012-08-29 00:24:53    473072    ------w-    C:\Windows\SysWow64\deployJava1.dll
2012-08-29 00:10:12    157680    ------w-    C:\Windows\SysWow64\javaws.exe
2012-08-29 00:10:07    149488    ------w-    C:\Windows\SysWow64\javaw.exe
2012-08-29 00:09:57    149488    ------w-    C:\Windows\SysWow64\java.exe
2012-08-24 18:05:07    220160    ----a-w-    C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48    172544    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2012-08-22 18:12:40    950128    ----a-w-    C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40    376688    ----a-w-    C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33    288624    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00    245760    ----a-w-    C:\Windows\System32\OxpsConverter.exe
.
============= FINISH: 19:34:26.25 ===============


#6 dmantek

dmantek
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 09 February 2013 - 07:42 PM

oops, Security Check log here:

 

 Results of screen317's Security Check version 0.99.57  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 35  
 Java™ 6 Update 3  
 Java version out of Date! 
 Adobe Reader XI  
 Google Chrome 24.0.1312.57  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 4% 
````````````````````End of Log`````````````````````` 


#7 dmantek

dmantek
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 09 February 2013 - 07:48 PM

Adwcleaner contents:

 

# AdwCleaner v2.111 - Logfile created 02/10/2013 at 19:59:45
# Updated 05/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : CARNEL - CARNEL-PC
# Boot Mode : Normal
# Running from : C:\Users\CARNEL\Desktop\adwcleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
Found : DefaultTabSearch
Found : DefaultTabUpdate
 
***** [Files / Folders] *****
 
File Found : C:\Users\CARNEL\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\DefaultTab
Folder Found : C:\Program Files (x86)\file scout
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\CARNEL\AppData\Local\Conduit
Folder Found : C:\Users\CARNEL\AppData\Local\Deal Vault
Folder Found : C:\Users\CARNEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidbbndgjnlaclnmhkdimcdjiebjpdel
Folder Found : C:\Users\CARNEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Found : C:\Users\CARNEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb
Folder Found : C:\Users\CARNEL\AppData\Local\Software
Folder Found : C:\Users\CARNEL\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\CARNEL\AppData\LocalLow\Conduit
Folder Found : C:\Users\CARNEL\AppData\LocalLow\PriceGong
Folder Found : C:\Users\CARNEL\AppData\Roaming\Babylon
Folder Found : C:\Users\CARNEL\AppData\Roaming\DefaultTab
Folder Found : C:\Users\CARNEL\AppData\Roaming\PerformerSoft
Folder Found : C:\Users\CARNEL\AppData\Roaming\SpecialSavings
 
***** [Registry] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\SpecialSavings
Key Found : HKCU\Software\wecarereminder
Key Found : HKCU\Software\59578bd0e53ebd44
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3272718
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault-InternalInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault-InternalInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Wow6432Node\59578bd0e53ebd44
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aidbbndgjnlaclnmhkdimcdjiebjpdel
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-3960672791-1401378676-1917338590-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-3960672791-1401378676-1917338590-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@vshsolutions.com]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16457
 
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN16982338474795175&ctid=CT3272718
 
-\\ Google Chrome v24.0.1312.57
 
File : C:\Users\CARNEL\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Found [l.30] : icon_url = "hxxp://search.conduit.com/fav.ico",
Found [l.33] : keyword = "search.conduit.com",
Found [l.36] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN17699911002720596&ctid=CT3272718",
 
*************************
 
AdwCleaner[R1].txt - [7552 octets] - [10/02/2013 19:59:45]
 
########## EOF - C:\AdwCleaner[R1].txt - [7612 octets] ##########


#8 dmantek

dmantek
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 09 February 2013 - 07:59 PM

content from adwcleaner.txt:

 

# AdwCleaner v2.111 - Logfile created 02/10/2013 at 20:07:50
# Updated 05/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : CARNEL - CARNEL-PC
# Boot Mode : Normal
# Running from : C:\Users\CARNEL\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : DefaultTabSearch
Stopped & Deleted : DefaultTabUpdate
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Users\CARNEL\AppData\Local\Temp\Zynga
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Program Files (x86)\file scout
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\CARNEL\AppData\Local\Conduit
Folder Deleted : C:\Users\CARNEL\AppData\Local\Deal Vault
Folder Deleted : C:\Users\CARNEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidbbndgjnlaclnmhkdimcdjiebjpdel
Folder Deleted : C:\Users\CARNEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\CARNEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb
Folder Deleted : C:\Users\CARNEL\AppData\Local\Software
Folder Deleted : C:\Users\CARNEL\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\CARNEL\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\CARNEL\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\CARNEL\AppData\Roaming\Babylon
Folder Deleted : C:\Users\CARNEL\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\CARNEL\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\CARNEL\AppData\Roaming\SpecialSavings
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\SpecialSavings
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\59578bd0e53ebd44
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3272718
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault-InternalInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault-InternalInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\59578bd0e53ebd44
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aidbbndgjnlaclnmhkdimcdjiebjpdel
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@vshsolutions.com]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16457
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN16982338474795175&ctid=CT3272718 --> hxxp://www.google.com
 
-\\ Google Chrome v24.0.1312.57
 
File : C:\Users\CARNEL\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.30] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.33] : keyword = "search.conduit.com",
Deleted [l.36] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN17[...]
 
*************************
 
AdwCleaner[R1].txt - [7673 octets] - [10/02/2013 19:59:45]
AdwCleaner[S1].txt - [7507 octets] - [10/02/2013 20:07:50]
 
########## EOF - C:\AdwCleaner[S1].txt - [7567 octets] ##########


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 09 February 2013 - 08:03 PM


Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

  • Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 dmantek

dmantek
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 09 February 2013 - 09:19 PM

Hello Gringo. Here is the log from COMBOFIX. I will reboot and let you know how it goes.
 
 
ComboFix 13-02-07.02 - CARNEL 02/10/2013  20:32:52.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3563.1936 [GMT -5:00]
Running from: c:\users\CARNEL\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-11 to 2013-02-11  )))))))))))))))))))))))))))))))
.
.
2013-02-11 02:26 . 2013-02-11 02:26    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-11 01:35 . 2013-02-11 01:35    76232    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0827710-1ABC-4360-B0B3-001F6426B92E}\offreg.dll
2013-02-10 21:33 . 2012-10-30 23:51    25232    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-02-10 21:33 . 2012-10-30 23:51    370288    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-02-10 21:33 . 2012-10-15 16:59    54072    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-02-10 21:33 . 2012-10-30 23:51    59728    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-02-10 21:33 . 2012-10-30 23:51    984144    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-02-10 21:33 . 2012-10-30 23:51    71600    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-02-10 21:32 . 2012-10-30 23:51    41224    ----a-w-    c:\windows\avastSS.scr
2013-02-10 21:32 . 2012-10-30 23:50    227648    ----a-w-    c:\windows\SysWow64\aswBoot.exe
2013-02-10 18:30 . 2013-02-10 18:30    --------    d-----w-    c:\users\CARNEL\AppData\Roaming\Malwarebytes
2013-02-10 18:30 . 2013-02-10 18:30    --------    d-----w-    c:\programdata\Malwarebytes
2013-02-10 18:29 . 2013-02-10 18:29    --------    d-----w-    c:\users\CARNEL\AppData\Local\Programs
2013-02-10 17:56 . 2013-01-18 17:15    9161176    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0827710-1ABC-4360-B0B3-001F6426B92E}\mpengine.dll
2013-02-07 00:53 . 2013-02-07 00:53    --------    d-----w-    c:\users\CARNEL\AppData\Local\CRE
2013-02-05 23:00 . 2013-02-05 23:00    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-02-05 22:59 . 2013-02-05 22:59    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-05 22:59 . 2013-02-05 22:59    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-05 22:59 . 2013-02-05 22:59    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-01-30 14:49 . 2013-01-30 14:49    --------    d-----w-    c:\users\CARNEL\AppData\Local\MPlayer
2013-01-29 23:27 . 2013-01-29 23:27    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-01-29 23:26 . 2013-02-09 10:31    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-01-29 23:26 . 2013-02-09 10:31    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-01-29 23:26 . 2013-02-09 10:31    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-01-28 11:43 . 2013-01-28 11:43    --------    d-----w-    c:\program files (x86)\MSXML 4.0
2013-01-28 11:40 . 2013-01-28 11:40    --------    d-----w-    c:\programdata\Quick PC Booster
2013-01-28 11:40 . 2013-01-28 11:40    --------    d-----w-    c:\programdata\PC Optimizer Pro
2013-01-28 02:06 . 2013-01-28 02:06    --------    d-----w-    c:\program files\Enigma Software Group
2013-01-28 02:05 . 2013-02-10 14:00    --------    d-----w-    c:\windows\FD8557D5681D4C75940A00C69A51265E.TMP
2013-01-28 02:05 . 2013-01-28 02:05    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
2013-01-25 23:28 . 2013-02-07 19:58    --------    d-----w-    c:\program files (x86)\Mplayer
2013-01-25 23:27 . 2013-02-10 19:49    --------    d-----w-    c:\windows\SysWow64\AI_RecycleBin
2013-01-25 23:27 . 2013-02-10 19:49    --------    d-----w-    c:\programdata\Strongvault Online Backup
2013-01-25 23:27 . 2013-02-10 19:49    --------    d-----w-    C:\AI_RecycleBin
2013-01-25 23:27 . 2013-01-25 23:27    --------    d-----w-    c:\users\CARNEL\AppData\Roaming\Strongvault
2013-01-25 23:27 . 2013-02-10 20:28    --------    d-----w-    c:\programdata\Yahoo!
2013-01-25 23:27 . 2013-01-25 23:27    --------    d-----w-    c:\program files (x86)\Yahoo!
2013-01-25 23:26 . 2013-01-25 23:27    --------    d-----w-    c:\users\CARNEL\AppData\Local\The Weather Channel
2013-01-24 23:25 . 2012-10-30 23:50    285328    ----a-w-    c:\windows\system32\aswBoot.exe
2013-01-24 23:24 . 2013-02-10 21:32    --------    d-----w-    c:\programdata\AVAST Software
2013-01-24 23:24 . 2013-02-10 21:32    --------    d-----w-    c:\program files\AVAST Software
2013-01-16 10:44 . 2013-01-16 10:44    914432    ----a-w-    c:\windows\7z.dll
2013-01-16 10:43 . 2013-01-16 10:43    227840    ----a-w-    c:\windows\7zG.exe
2013-01-16 10:43 . 2013-01-16 10:43    --------    d-----w-    c:\windows\SysWow64\searchplugins
2013-01-16 10:43 . 2013-01-16 10:43    --------    d-----w-    c:\windows\SysWow64\Extensions
2013-01-16 10:42 . 2012-12-19 20:53    19632    ----a-w-    c:\windows\system32\roboot64.exe
2013-01-16 01:41 . 2013-01-16 10:43    --------    d-----w-    c:\windows\Sun
2013-01-16 01:41 . 2013-01-16 01:41    622    ------w-    c:\windows\SysWow64\update.reg
2013-01-16 01:41 . 2013-01-16 01:41    --------    d-----w-    c:\windows\config
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-09 10:25 . 2012-05-03 00:26    697712    ------w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-09 10:25 . 2011-10-18 01:33    74096    ------w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-17 06:28 . 2010-11-21 03:27    273840    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-12 02:22 . 2012-06-28 01:29    67599240    ----a-w-    c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-22 12:10    46080    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 12:10    367616    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 12:10    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 12:10    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-11 00:04    441856    ----a-w-    c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-11 00:04    2746368    ----a-w-    c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-11 00:04    308736    ----a-w-    c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-11 00:04    2576384    ----a-w-    c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-11 00:04    30720    ----a-w-    c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-11 00:04    43520    ----a-w-    c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-11 00:04    23552    ----a-w-    c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-11 00:04    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-11 00:04    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-11 00:04    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-11 00:04    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-11 00:04    20480    ----a-w-    c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-11 00:04    46592    ----a-w-    c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-11 00:04    40960    ----a-w-    c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-11 00:04    15360    ----a-w-    c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-11 00:04    21504    ----a-w-    c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-11 00:04    55296    ----a-w-    c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-11 00:04    51712    ----a-w-    c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-11 00:04    43520    ----a-w-    c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-11 00:04    30720    ----a-w-    c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-11 00:04    45568    ----a-w-    c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-11 00:04    44544    ----a-w-    c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-11 00:04    20480    ----a-w-    c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-11 00:04    23552    ----a-w-    c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-11 00:04    20480    ----a-w-    c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-11 00:04    46592    ----a-w-    c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-11 00:04    20480    ----a-w-    c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-11 00:04    21504    ----a-w-    c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-11 00:04    40960    ----a-w-    c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-11 00:04    15360    ----a-w-    c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-11 00:04    51712    ----a-w-    c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-11 00:04    55296    ----a-w-    c:\windows\SysWow64\cero.rs
2012-11-30 05:45 . 2013-01-11 00:02    362496    ----a-w-    c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-11 00:02    243200    ----a-w-    c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-11 00:02    13312    ----a-w-    c:\windows\system32\wow64cpu.dll
2012-11-30 05:45 . 2013-01-11 00:02    215040    ----a-w-    c:\windows\system32\winsrv.dll
2012-11-30 05:43 . 2013-01-11 00:02    16384    ----a-w-    c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-11 00:02    424448    ----a-w-    c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-11 00:02    1161216    ----a-w-    c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    5120    ---ha-w-    c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:54 . 2013-01-11 00:02    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2012-11-30 04:53 . 2013-01-11 00:02    274944    ----a-w-    c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-11 00:02    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    4608    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    5120    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_8AE6930BC8CD0544759772C2F5FB636C"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-13 1255736]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-04-25 87600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-12 204288]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-17 53376]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-05 22:58    1607120    ----a-w-    c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 10:25]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-20 20:02]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-20 20:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50    133400    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-15 2779024]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-10  21:30:17
ComboFix-quarantined-files.txt  2013-02-11 02:30
.
Pre-Run: 432,785,510,400 bytes free
Post-Run: 433,242,828,800 bytes free
.
- - End Of File - - E72DABEDB4632680AD54D98570CBBFC6


#11 dmantek

dmantek
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 09 February 2013 - 09:24 PM

well, no more pop up with error. But please review logs and confirm there is nothing else wrong.



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 09 February 2013 - 10:26 PM



Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:
ClearJavaCache::

Folder::
c:\programdata\PC Optimizer Pro
c:\programdata\Quick PC Booster
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 12 February 2013 - 01:16 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 dmantek

dmantek
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 12 February 2013 - 04:05 PM

ok. i will do that now



#15 dmantek

dmantek
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 12 February 2013 - 04:26 PM

report from ComboFix:

 

ComboFix 13-02-07.02 - CARNEL 02/13/2013  16:26:35.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3563.1725 [GMT -5:00]
Running from: c:\users\CARNEL\Desktop\ComboFix.exe
Command switches used :: c:\users\CARNEL\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PC Optimizer Pro
c:\programdata\Quick PC Booster
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-13 to 2013-02-13  )))))))))))))))))))))))))))))))
.
.
2013-02-13 21:35 . 2013-02-13 21:35    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-13 16:17 . 2013-02-13 16:17    76232    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{22FA7269-6310-41DD-905D-C399E15EFEFD}\offreg.dll
2013-02-13 16:16 . 2013-01-18 17:15    9161176    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{22FA7269-6310-41DD-905D-C399E15EFEFD}\mpengine.dll
2013-02-10 21:33 . 2012-10-30 23:51    25232    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-02-10 21:33 . 2012-10-30 23:51    370288    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-02-10 21:33 . 2012-10-15 16:59    54072    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-02-10 21:33 . 2012-10-30 23:51    59728    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-02-10 21:33 . 2012-10-30 23:51    984144    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-02-10 21:33 . 2012-10-30 23:51    71600    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-02-10 21:32 . 2012-10-30 23:51    41224    ----a-w-    c:\windows\avastSS.scr
2013-02-10 21:32 . 2012-10-30 23:50    227648    ----a-w-    c:\windows\SysWow64\aswBoot.exe
2013-02-10 18:30 . 2013-02-10 18:30    --------    d-----w-    c:\users\CARNEL\AppData\Roaming\Malwarebytes
2013-02-10 18:30 . 2013-02-10 18:30    --------    d-----w-    c:\programdata\Malwarebytes
2013-02-10 18:29 . 2013-02-10 18:29    --------    d-----w-    c:\users\CARNEL\AppData\Local\Programs
2013-02-07 00:53 . 2013-02-07 00:53    --------    d-----w-    c:\users\CARNEL\AppData\Local\CRE
2013-02-05 23:00 . 2013-02-05 23:00    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-02-05 22:59 . 2013-02-05 22:59    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-05 22:59 . 2013-02-05 22:59    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-05 22:59 . 2013-02-05 22:59    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-01-30 14:49 . 2013-01-30 14:49    --------    d-----w-    c:\users\CARNEL\AppData\Local\MPlayer
2013-01-29 23:27 . 2013-01-29 23:27    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-01-29 23:26 . 2013-02-09 10:31    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-01-29 23:26 . 2013-02-09 10:31    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-01-29 23:26 . 2013-02-09 10:31    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-01-28 11:43 . 2013-01-28 11:43    --------    d-----w-    c:\program files (x86)\MSXML 4.0
2013-01-28 02:06 . 2013-01-28 02:06    --------    d-----w-    c:\program files\Enigma Software Group
2013-01-28 02:05 . 2013-02-10 14:00    --------    d-----w-    c:\windows\FD8557D5681D4C75940A00C69A51265E.TMP
2013-01-28 02:05 . 2013-01-28 02:05    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
2013-01-25 23:28 . 2013-02-07 19:58    --------    d-----w-    c:\program files (x86)\Mplayer
2013-01-25 23:27 . 2013-02-10 19:49    --------    d-----w-    c:\windows\SysWow64\AI_RecycleBin
2013-01-25 23:27 . 2013-02-10 19:49    --------    d-----w-    c:\programdata\Strongvault Online Backup
2013-01-25 23:27 . 2013-02-10 19:49    --------    d-----w-    C:\AI_RecycleBin
2013-01-25 23:27 . 2013-01-25 23:27    --------    d-----w-    c:\users\CARNEL\AppData\Roaming\Strongvault
2013-01-25 23:27 . 2013-02-10 20:28    --------    d-----w-    c:\programdata\Yahoo!
2013-01-25 23:27 . 2013-01-25 23:27    --------    d-----w-    c:\program files (x86)\Yahoo!
2013-01-25 23:26 . 2013-01-25 23:27    --------    d-----w-    c:\users\CARNEL\AppData\Local\The Weather Channel
2013-01-24 23:25 . 2012-10-30 23:50    285328    ----a-w-    c:\windows\system32\aswBoot.exe
2013-01-24 23:24 . 2013-02-10 21:32    --------    d-----w-    c:\programdata\AVAST Software
2013-01-24 23:24 . 2013-02-10 21:32    --------    d-----w-    c:\program files\AVAST Software
2013-01-16 10:44 . 2013-01-16 10:44    914432    ----a-w-    c:\windows\7z.dll
2013-01-16 10:43 . 2013-01-16 10:43    227840    ----a-w-    c:\windows\7zG.exe
2013-01-16 10:43 . 2013-01-16 10:43    --------    d-----w-    c:\windows\SysWow64\searchplugins
2013-01-16 10:43 . 2013-01-16 10:43    --------    d-----w-    c:\windows\SysWow64\Extensions
2013-01-16 10:42 . 2012-12-19 20:53    19632    ----a-w-    c:\windows\system32\roboot64.exe
2013-01-16 01:41 . 2013-01-16 10:43    --------    d-----w-    c:\windows\Sun
2013-01-16 01:41 . 2013-01-16 01:41    622    ------w-    c:\windows\SysWow64\update.reg
2013-01-16 01:41 . 2013-01-16 01:41    --------    d-----w-    c:\windows\config
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-11 12:59 . 2012-05-03 00:26    697712    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-11 12:59 . 2011-10-18 01:33    74096    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-17 06:28 . 2010-11-21 03:27    273840    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-12 02:22 . 2012-06-28 01:29    67599240    ----a-w-    c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-22 12:10    46080    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 12:10    367616    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 12:10    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 12:10    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-11 00:04    441856    ----a-w-    c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-11 00:04    2746368    ----a-w-    c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-11 00:04    308736    ----a-w-    c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-11 00:04    2576384    ----a-w-    c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-11 00:04    30720    ----a-w-    c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-11 00:04    43520    ----a-w-    c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-11 00:04    23552    ----a-w-    c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-11 00:04    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-11 00:04    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-11 00:04    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-11 00:04    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-11 00:04    20480    ----a-w-    c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-11 00:04    46592    ----a-w-    c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-11 00:04    40960    ----a-w-    c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-11 00:04    15360    ----a-w-    c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-11 00:04    21504    ----a-w-    c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-11 00:04    55296    ----a-w-    c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-11 00:04    51712    ----a-w-    c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-11 00:04    43520    ----a-w-    c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-11 00:04    30720    ----a-w-    c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-11 00:04    45568    ----a-w-    c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-11 00:04    44544    ----a-w-    c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-11 00:04    20480    ----a-w-    c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-11 00:04    23552    ----a-w-    c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-11 00:04    20480    ----a-w-    c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-11 00:04    46592    ----a-w-    c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-11 00:04    20480    ----a-w-    c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-11 00:04    21504    ----a-w-    c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-11 00:04    40960    ----a-w-    c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-11 00:04    15360    ----a-w-    c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-11 00:04    51712    ----a-w-    c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-11 00:04    55296    ----a-w-    c:\windows\SysWow64\cero.rs
2012-11-30 05:45 . 2013-01-11 00:02    362496    ----a-w-    c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-11 00:02    243200    ----a-w-    c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-11 00:02    13312    ----a-w-    c:\windows\system32\wow64cpu.dll
2012-11-30 05:45 . 2013-01-11 00:02    215040    ----a-w-    c:\windows\system32\winsrv.dll
2012-11-30 05:43 . 2013-01-11 00:02    16384    ----a-w-    c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-11 00:02    424448    ----a-w-    c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-11 00:02    1161216    ----a-w-    c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    5120    ---ha-w-    c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:54 . 2013-01-11 00:02    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2012-11-30 04:53 . 2013-01-11 00:02    274944    ----a-w-    c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-11 00:02    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    4608    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    5120    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-11 00:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_8AE6930BC8CD0544759772C2F5FB636C"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-13 1255736]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-04-25 87600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-12 204288]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-17 53376]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-05 22:58    1607120    ----a-w-    c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 12:59]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-20 20:02]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-20 20:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50    133400    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-15 2779024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-13  16:38:24
ComboFix-quarantined-files.txt  2013-02-13 21:38
ComboFix2.txt  2013-02-11 02:30
.
Pre-Run: 431,604,264,960 bytes free
Post-Run: 433,153,478,656 bytes free
.
- - End Of File - - 0363B35EC2843A25C46C09085F1308ED





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users