Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Conduit Redirect and Whitesmoke Virus: Help with Removal


  • This topic is locked This topic is locked
31 replies to this topic

#1 redcurlyqcincy

redcurlyqcincy

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 03 June 2013 - 03:23 PM

Help! I posted on the "Am I infected? What do I do?" Forum a week ago stating that I accidentally downloaded Whitesmoke off of an internet site.  A toolbar and extra search tab automatically opened, my computer slowed down considerably, and google chrome would crash every other page. I googled what was happening (I am not technologically advanced) and I found this site. I posted to get some help, and I have gone through many scans and malware runs. When I ran adware cleaner, it helped. However, it logged me out of my chrome account, and when I would open it up again after restarting my computer, it would say "Your preference file is corrupt or invalid. Google Chrome is unable to recover your settings". A puzzle piece popped up on my 3 line settings button on chrome, saying that "Another program on your computer added an extension that may change the way chrome works: Enable Extension or Remove from Chrome". I clicked remove, and if I stayed logged out of my chrome account, it (seemingly) fixed things. However, when I would try to sign back into my google chrome account, the WS search engine tab automatically pops up again along with it reinstalled onto my extensions settings. I tried to unsitall chrome and then reinstall multiple times, but to no avail. The only time it does not pop back up again is if I run the adware cleaner, reboot, and then NOT sign in to my google chrome account. However, because it says "Another program on your computer added an extension that may change the way chrome works: Enable Extension or Remove from Chrome" I believe that whatever it is, it is on my computer itself. I need help in finding it and getting rid of it for good so that I can not only log back onto my chrome account and not have WS popping up every time, but also not worry about passwords and sensitive information being leaked. I am providing the link to my previous post on Bleeping Computer regarding this topic: http://www.bleepingcomputer.com/forums/t/496149/conduit-redirect-and-whitesmoke-along-with-java-pop-ups-and-such/

Please help! Thanks! 
 
DDS LOG
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by SarahKaising at 15:52:28 on 2013-06-03
#Option Extended Search is enabled.
#Option Whitelisting is disabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3819.2207 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Users\SarahKaising\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\SarahKaising\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uLocal Page = C:\Windows\System32\blank.htm
uSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
mLocal Page = C:\Windows\SysWOW64\blank.htm
mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uProxyOverride = *.local
uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
mWinlogon: Shell = explorer.exe
mWinlogon: Userinit = userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
uRun: [Facebook Update] "C:\Users\SarahKaising\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Spotify Web Helper] "C:\Users\SarahKaising\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spotify] "C:\Users\SarahKaising\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-System: DisableRegistryTools = dword:0
uPolicies-System: DisableTaskMgr = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: ForceActiveDesktopOn = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:1
mPolicies-System: EnableLUA = dword:1
mPolicies-System: EnableSecureUIAPaths = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:1
mPolicies-System: ValidateAdminCodeSignatures = dword:0
mPolicies-System: dontdisplaylastusername = dword:0
mPolicies-System: scforceoption = dword:0
mPolicies-System: shutdownwithoutlogon = dword:1
mPolicies-System: undockwithoutlogon = dword:1
mPolicies-System: FilterAdministratorToken = dword:0
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: %SystemRoot%\system32\mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
TCP: NameServer = 192.168.200.1
TCP: Interfaces\{DE75096F-60FB-47B7-806A-11C9470E2DC3} : DHCPNameServer = 192.168.200.1
TCP: Interfaces\{DE75096F-60FB-47B7-806A-11C9470E2DC3}\253434F574575637473213 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DE75096F-60FB-47B7-806A-11C9470E2DC3}\5393830247562727163656 : DHCPNameServer = 192.168.200.1
TCP: Interfaces\{DE75096F-60FB-47B7-806A-11C9470E2DC3}\E6564777F627B623 : DHCPNameServer = 192.168.1.1
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
SSODL: WebCheck - <orphaned>
SecurityProviders: SecurityProviders = credssp.dll
LSA: Authentication Packages =  msv1_0
LSA: Notification Packages =  scecli
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\System32\cmd.exe /D /C start C:\Windows\System32\ie4uinit.exe -ClearIconCache
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
x64-mStart Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
x64-mLocal Page = C:\Windows\System32\blank.htm
x64-mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
x64-mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mWinlogon: Shell = explorer.exe
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll
x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
x64-mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\System32\cmd.exe /D /C start C:\Windows\System32\ie4uinit.exe -ClearIconCache
x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ACPI;Microsoft ACPI Driver;C:\Windows\System32\drivers\acpi.sys [2011-8-17 334208]
R0 amdxata;amdxata;C:\Windows\System32\drivers\amdxata.sys [2011-8-12 27008]
R0 atapi;IDE Channel;C:\Windows\System32\drivers\atapi.sys [2009-7-13 24128]
R0 CLFS;Common Log (CLFS);C:\Windows\System32\clfs.sys [2009-7-13 367696]
R0 CNG;CNG;C:\Windows\System32\drivers\cng.sys [2012-8-10 458704]
R0 Compbatt;Microsoft Composite Battery Driver;C:\Windows\System32\drivers\compbatt.sys [2009-7-13 21584]
R0 Disk;Disk Driver;C:\Windows\System32\drivers\disk.sys [2009-7-13 73280]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\System32\drivers\fileinfo.sys [2009-7-13 70224]
R0 FltMgr;FltMgr;C:\Windows\System32\drivers\fltMgr.sys [2011-8-17 289664]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\Windows\System32\drivers\fvevol.sys [2013-4-9 223752]
R0 hwpolicy;Hardware Policy Driver;C:\Windows\System32\drivers\hwpolicy.sys [2011-8-17 14720]
R0 KSecDD;KSecDD;C:\Windows\System32\drivers\ksecdd.sys [2012-8-10 95600]
R0 KSecPkg;KSecPkg;C:\Windows\System32\drivers\ksecpkg.sys [2012-8-10 151920]
R0 mountmgr;Mount Point Manager;C:\Windows\System32\drivers\mountmgr.sys [2011-8-17 94592]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 msahci;msahci;C:\Windows\System32\drivers\msahci.sys [2011-8-17 31104]
R0 msisadrv;msisadrv;C:\Windows\System32\drivers\msisadrv.sys [2009-7-13 15424]
R0 Mup;Mup;C:\Windows\System32\drivers\mup.sys [2009-7-13 60496]
R0 NDIS;NDIS System Driver;C:\Windows\System32\drivers\ndis.sys [2013-3-20 950128]
R0 partmgr;Partition Manager;C:\Windows\System32\drivers\partmgr.sys [2012-8-10 75120]
R0 pci;PCI Bus Driver;C:\Windows\System32\drivers\pci.sys [2011-8-17 184704]
R0 pcw;Performance Counters for Windows Driver;C:\Windows\System32\drivers\pcw.sys [2009-7-13 50768]
R0 rdyboost;ReadyBoost;C:\Windows\System32\drivers\rdyboost.sys [2011-8-17 213888]
R0 spldr;Security Processor Loader Driver;C:\Windows\System32\drivers\spldr.sys [2009-7-13 19008]
R0 Tcpip;TCP/IP Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-2-13 1913192]
R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2011-7-19 65072]
R0 TfSysMon;TfSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2011-7-19 74824]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\Windows\System32\drivers\vdrvroot.sys [2009-7-13 36432]
R0 volmgr;Volume Manager Driver;C:\Windows\System32\drivers\volmgr.sys [2011-8-17 71552]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\System32\drivers\volmgrx.sys [2011-8-17 363392]
R0 volsnap;Storage volumes;C:\Windows\System32\drivers\volsnap.sys [2011-8-17 295808]
R0 Wdf01000;Kernel Mode Driver Frameworks service;C:\Windows\System32\drivers\Wdf01000.sys [2012-12-8 785512]
R1 AFD;Ancillary Function Driver for Winsock;C:\Windows\System32\drivers\afd.sys [2012-2-16 498688]
R1 Beep;Beep;C:\Windows\System32\drivers\beep.sys [2009-7-13 6656]
R1 blbdrive;blbdrive;C:\Windows\System32\drivers\blbdrive.sys [2009-7-13 45056]
R1 cdrom;CD-ROM Driver;C:\Windows\System32\drivers\cdrom.sys [2011-8-17 147456]
R1 DfsC;DFS Namespace Client Driver;C:\Windows\System32\drivers\dfsc.sys [2011-8-17 102400]
R1 discache;System Attribute Cache;C:\Windows\System32\drivers\discache.sys [2009-7-13 40448]
R1 Msfs;Msfs;C:\Windows\System32\drivers\msfs.sys [2009-7-13 26112]
R1 mssmbios;Microsoft System Management BIOS Driver;C:\Windows\System32\drivers\mssmbios.sys [2009-7-13 32320]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-1-17 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-1-17 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-1-17 62584]
R1 NetBIOS;NetBIOS Interface;C:\Windows\System32\drivers\netbios.sys [2009-7-13 44544]
R1 NetBT;NetBT;C:\Windows\System32\drivers\netbt.sys [2011-8-17 261632]
R1 Npfs;Npfs;C:\Windows\System32\drivers\npfs.sys [2009-7-13 44032]
R1 nsiproxy;NSI proxy service driver.;C:\Windows\System32\drivers\nsiproxy.sys [2009-7-13 24576]
R1 Null;Null;C:\Windows\System32\drivers\null.sys [2009-7-13 6144]
R1 Psched;QoS Packet Scheduler;C:\Windows\System32\drivers\pacer.sys [2011-8-17 131584]
R1 rdbss;Redirected Buffering Sub Sysytem;C:\Windows\System32\drivers\rdbss.sys [2011-8-17 309248]
R1 RDPCDD;RDPCDD;C:\Windows\System32\drivers\RDPCDD.sys [2009-7-13 7680]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\System32\drivers\RDPENCDD.sys [2009-7-13 7680]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\Windows\System32\drivers\RDPREFMP.sys [2009-7-13 8192]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\System32\drivers\tdx.sys [2011-8-17 119296]
R1 TermDD;Terminal Device Driver;C:\Windows\System32\drivers\termdd.sys [2011-8-17 63360]
R1 VgaSave;VgaSave;C:\Windows\System32\drivers\vga.sys [2009-7-13 29184]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2011-8-17 88576]
R1 WfpLwf;WFP Lightweight Filter;C:\Windows\System32\drivers\wfplwf.sys [2009-7-13 12800]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-5-11 65640]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-17 203776]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-11-18 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 Apple Mobile Device;Apple Mobile Device;C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-8-11 55184]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 AudioSrv;Windows Audio;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 BFE;Base Filtering Engine;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 BITS;Background Intelligent Transfer Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 Bonjour Service;Bonjour Service;C:\Program Files\Bonjour\mDNSResponder.exe [2011-8-31 462184]
R2 CryptSvc;Cryptographic Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-1-17 198784]
R2 DcomLaunch;DCOM Server Process Launcher;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 Dhcp;DHCP Client;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 Dnscache;DNS Client;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-1-17 310864]
R2 EFS;Encrypting File System (EFS);C:\Windows\System32\lsass.exe [2012-1-31 31232]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-1-17 868224]
R2 eventlog;Windows Event Log;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 EventSystem;COM+ Event System;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 gpsvc;Group Policy Client;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs [2009-7-13 27136]
R2 LanmanServer;Server;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 LanmanWorkstation;Workstation;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\System32\drivers\lltdio.sys [2009-7-13 60928]
R2 lmhosts;TCP/IP NetBIOS Helper;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 luafv;UAC File Virtualization;C:\Windows\System32\drivers\luafv.sys [2009-7-13 113152]
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 MpsSvc;Windows Firewall;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 MsMpSvc;Microsoft Antimalware Service;C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-1-27 22056]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 nsi;Network Store Interface Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-11 257344]
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 PEAUTH;PEAUTH;C:\Windows\System32\drivers\PEAuth.sys [2009-7-13 651264]
R2 PlugPlay;Plug and Play;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 Power;Power;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 ProfSvc;User Profile Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 RpcEptMapper;RPC Endpoint Mapper;C:\Windows\System32\svchost.exe -k RPCSS [2009-7-13 27136]
R2 RpcSs;Remote Procedure Call (RPC);C:\Windows\System32\svchost.exe -k rpcss [2009-7-13 27136]
R2 rspndr;Link-Layer Topology Discovery Responder;C:\Windows\System32\drivers\rspndr.sys [2009-7-13 76800]
R2 SamSs;Security Accounts Manager;C:\Windows\System32\lsass.exe [2012-1-31 31232]
R2 Schedule;Task Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 secdrv;Security Driver;C:\Windows\System32\drivers\secdrv.sys [2009-7-13 23040]
R2 SENS;System Event Notification Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 ShellHWDetection;Shell Hardware Detection;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 Spooler;Print Spooler;C:\Windows\System32\spoolsv.exe [2012-8-15 559104]
R2 stisvc;Windows Image Acquisition (WIA);C:\Windows\System32\svchost.exe -k imgsvc [2009-7-13 27136]
R2 SysMain;Superfetch;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\System32\drivers\tcpipreg.sys [2013-3-20 45568]
R2 Themes;Themes;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 ThreatFire;ThreatFire;C:\Program Files (x86)\ThreatFire\TFService.exe service --> C:\Program Files (x86)\ThreatFire\TFService.exe service [?]
R2 TrkWks;Distributed Link Tracking Client;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-1-17 243232]
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 Winmgmt;Windows Management Instrumentation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 Wlansvc;WLAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-9-21 2286976]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service;C:\Program Files\Windows Media Player\wmpnetwk.exe [2011-8-17 1525248]
R2 wscsvc;Security Center;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 WSearch;Windows Search;C:\Windows\System32\SearchIndexer.exe [2011-8-6 591872]
R2 wuauserv;Windows Update;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 YahooAUService;Yahoo! Updater;C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-9 602392]
R3 AeLookupSvc;Application Experience;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-2-2 46136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-1-17 8013312]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-1-17 287232]
R3 AmdPPM;AMD Processor Driver;C:\Windows\System32\drivers\amdppm.sys [2009-7-13 60928]
R3 Appinfo;Application Information;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\System32\drivers\athrx.sys [2011-1-17 2229608]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-1-17 115216]
R3 bowser;Browser Support Driver;C:\Windows\System32\drivers\bowser.sys [2011-8-6 90624]
R3 Browser;Computer Browser;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver;C:\Windows\System32\drivers\CmBatt.sys [2009-7-13 17664]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\CHDRT64.sys [2011-1-17 1495680]
R3 CompositeBus;Composite Bus Enumerator Driver;C:\Windows\System32\drivers\CompositeBus.sys [2011-8-17 38912]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\System32\drivers\dxgkrnl.sys [2013-5-15 983400]
R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-1-17 138024]
R3 fdPHost;Function Discovery Provider Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 FDResPub;Function Discovery Resource Publication;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R3 GEARAspiWDM;GEAR ASPI Filter Driver;C:\Windows\System32\drivers\GEARAspiWDM.sys [2012-10-8 33240]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\Windows\System32\drivers\hdaudbus.sys [2011-8-17 122368]
R3 HomeGroupListener;HomeGroup Listener;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 HomeGroupProvider;HomeGroup Provider;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R3 HTTP;HTTP;C:\Windows\System32\drivers\http.sys [2011-8-17 753664]
R3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\Windows\System32\drivers\i8042prt.sys [2009-7-13 105472]
R3 iPod Service;iPod Service;C:\Program Files\iPod\bin\iPodService.exe [2012-12-12 641504]
R3 kbdclass;Keyboard Class Driver;C:\Windows\System32\drivers\kbdclass.sys [2009-7-13 50768]
R3 KeyIso;CNG Key Isolation;C:\Windows\System32\lsass.exe [2012-1-31 31232]
R3 ksthunk;Kernel Streaming Thunks;C:\Windows\System32\drivers\ksthunk.sys [2009-7-13 20992]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-1-17 76912]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\System32\drivers\monitor.sys [2009-7-13 30208]
R3 mouclass;Mouse Class Driver;C:\Windows\System32\drivers\mouclass.sys [2009-7-13 49216]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\System32\drivers\mpsdrv.sys [2009-7-13 77312]
R3 mrxsmb;SMB MiniRedirector Wrapper and Engine;C:\Windows\System32\drivers\mrxsmb.sys [2011-8-12 158208]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\System32\drivers\mrxsmb10.sys [2011-8-12 288768]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\System32\drivers\mrxsmb20.sys [2011-8-12 128000]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\System32\drivers\nwifi.sys [2009-7-13 318976]
R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\Windows\System32\drivers\ndistapi.sys [2009-7-13 24064]
R3 Ndisuio;NDIS Usermode I/O Protocol;C:\Windows\System32\drivers\ndisuio.sys [2011-8-17 56832]
R3 NdisWan;Remote Access NDIS WAN Driver;C:\Windows\System32\drivers\ndiswan.sys [2011-8-17 164352]
R3 NDProxy;NDIS Proxy;C:\Windows\System32\drivers\ndproxy.sys [2011-8-17 57856]
R3 Netman;Network Connections;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 Ntfs;Ntfs;C:\Windows\System32\drivers\ntfs.sys [2013-4-23 1656680]
R3 NTIDrvr;NTIDrvr;C:\Windows\System32\drivers\NTIDrvr.sys [2011-1-17 18432]
R3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 PolicyAgent;IPsec Policy Agent;C:\Windows\System32\svchost.exe -k NetworkServiceNetworkRestricted [2009-7-13 27136]
R3 PptpMiniport;WAN Miniport (PPTP);C:\Windows\System32\drivers\raspptp.sys [2011-8-17 111104]
R3 RasAgileVpn;WAN Miniport (IKEv2);C:\Windows\System32\drivers\agilevpn.sys [2009-7-13 60416]
R3 Rasl2tp;WAN Miniport (L2TP);C:\Windows\System32\drivers\rasl2tp.sys [2011-8-17 129536]
R3 RasPppoe;Remote Access PPPOE Driver;C:\Windows\System32\drivers\raspppoe.sys [2009-7-13 92672]
R3 RasSstp;WAN Miniport (SSTP);C:\Windows\System32\drivers\rassstp.sys [2009-7-13 83968]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 srv;Server SMB 1.xxx Driver;C:\Windows\System32\drivers\srv.sys [2011-8-6 467456]
R3 srv2;Server SMB 2.xxx Driver;C:\Windows\System32\drivers\srv2.sys [2011-8-6 410112]
R3 srvnet;srvnet;C:\Windows\System32\drivers\srvnet.sys [2011-8-6 168448]
R3 SSDPSRV;SSDP Discovery;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R3 swenum;Software Bus Driver;C:\Windows\System32\drivers\swenum.sys [2009-7-13 12496]
R3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2011-7-19 41888]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\Windows\System32\drivers\tunnel.sys [2011-8-17 125440]
R3 UBHelper;UBHelper;C:\Windows\System32\drivers\UBHelper.sys [2011-1-17 17408]
R3 umbus;UMBus Enumerator Driver;C:\Windows\System32\drivers\umbus.sys [2011-8-17 48640]
R3 upnphost;UPnP Device Host;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\Windows\System32\drivers\usbccgp.sys [2011-8-12 98816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\Windows\System32\drivers\usbehci.sys [2011-8-12 52736]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-2-2 38528]
R3 usbhub;Microsoft USB Standard Hub Driver;C:\Windows\System32\drivers\usbhub.sys [2011-8-12 343040]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\Windows\System32\drivers\usbohci.sys [2011-8-12 25600]
R3 usbvideo;USB Video Device (WDM);C:\Windows\System32\drivers\usbvideo.sys [2011-8-17 184960]
R3 vwifibus;Virtual WiFi Bus Driver;C:\Windows\System32\drivers\vwifibus.sys [2009-7-13 24576]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
R3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\Windows\System32\drivers\wmiacpi.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-6-1 116648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 sppsvc;Software Protection;C:\Windows\System32\sppsvc.exe [2011-8-17 3524608]
S3 1394ohci;1394 OHCI Compliant Host Controller;C:\Windows\System32\drivers\1394ohci.sys [2011-8-17 229888]
S3 AcpiPmi;ACPI Power Meter Driver;C:\Windows\System32\drivers\acpipmi.sys [2011-8-17 12800]
S3 adp94xx;adp94xx;C:\Windows\System32\drivers\adp94xx.sys [2009-6-10 491088]
S3 adpahci;adpahci;C:\Windows\System32\drivers\adpahci.sys [2009-7-13 339536]
S3 adpu320;adpu320;C:\Windows\System32\drivers\adpu320.sys [2009-7-13 182864]
S3 agp440;Intel AGP Bus Filter;C:\Windows\System32\drivers\AGP440.sys [2009-7-13 61008]
S3 ALG;Application Layer Gateway Service;C:\Windows\System32\alg.exe [2009-7-13 79360]
S3 aliide;aliide;C:\Windows\System32\drivers\aliide.sys [2009-7-13 15440]
S3 amdide;amdide;C:\Windows\System32\drivers\amdide.sys [2009-7-13 15440]
S3 AmdK8;AMD K8 Processor Driver;C:\Windows\System32\drivers\amdk8.sys [2009-7-13 64512]
S3 amdsata;amdsata;C:\Windows\System32\drivers\amdsata.sys [2011-8-12 107904]
S3 amdsbs;amdsbs;C:\Windows\System32\drivers\amdsbs.sys [2009-6-10 194128]
S3 AppID;AppID Driver;C:\Windows\System32\drivers\appid.sys [2011-8-17 61440]
S3 AppIDSvc;Application Identity;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 arc;arc;C:\Windows\System32\drivers\arc.sys [2009-7-13 87632]
S3 arcsas;arcsas;C:\Windows\System32\drivers\arcsas.sys [2009-7-13 97856]
S3 AsyncMac;RAS Asynchronous Media Driver;C:\Windows\System32\drivers\asyncmac.sys [2009-7-13 23040]
S3 AxInstSV;ActiveX Installer (AxInstSV);C:\Windows\System32\svchost.exe -k AxInstSVGroup [2009-7-13 27136]
S3 b06bdrv;Broadcom NetXtreme II VBD;C:\Windows\System32\drivers\bxvbda.sys [2009-6-10 468480]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2009-6-10 270848]
S3 BDESVC;BitLocker Drive Encryption Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\System32\drivers\BrFiltLo.sys [2009-7-13 18432]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\System32\drivers\BrFiltUp.sys [2009-7-13 8704]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\System32\drivers\BrSerId.sys [2009-7-13 286720]
S3 BrSerWdm;Brother WDM Serial driver;C:\Windows\System32\drivers\BrSerWdm.sys [2009-7-13 47104]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\System32\drivers\BrUsbMdm.sys [2009-7-13 14976]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\System32\drivers\BrUsbSer.sys [2009-7-13 14720]
S3 BTHMODEM;Bluetooth Serial Communications Driver;C:\Windows\System32\drivers\bthmodem.sys [2009-7-13 72192]
S3 bthserv;Bluetooth Support Service;C:\Windows\System32\svchost.exe -k bthsvcs [2009-7-13 27136]
S3 CertPropSvc;Certificate Propagation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 circlass;Consumer IR Devices;C:\Windows\System32\drivers\circlass.sys [2009-7-13 45568]
S3 cmdide;cmdide;C:\Windows\System32\drivers\cmdide.sys [2009-7-13 17488]
S3 COMSysApp;COM+ System Application;C:\Windows\System32\dllhost.exe [2009-7-13 9728]
S3 defragsvc;Disk Defragmenter;C:\Windows\System32\svchost.exe -k defragsvc [2009-7-13 27136]
S3 dot3svc;Wired AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 drmkaud;Microsoft Trusted Audio Drivers;C:\Windows\System32\drivers\drmkaud.sys [2009-7-13 5632]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\Windows\System32\drivers\evbda.sys [2009-6-10 3286016]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-27 172912]
S3 ehRecvr;Windows Media Center Receiver Service;C:\Windows\ehome\ehrecvr.exe [2011-8-17 696832]
S3 ehSched;Windows Media Center Scheduler Service;C:\Windows\ehome\ehsched.exe [2009-7-13 127488]
S3 elxstor;elxstor;C:\Windows\System32\drivers\elxstor.sys [2009-6-10 530496]
S3 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\System32\drivers\errdev.sys [2009-7-13 9728]
S3 exfat;exFAT File System Driver;C:\Windows\System32\drivers\exfat.sys [2009-7-13 195072]
S3 fastfat;FAT12/16/32 File System Driver;C:\Windows\System32\drivers\fastfat.sys [2009-7-13 204800]
S3 Fax;Fax;C:\Windows\System32\FXSSVC.exe [2011-8-17 689152]
S3 fdc;Floppy Disk Controller Driver;C:\Windows\System32\drivers\fdc.sys [2009-7-13 29696]
S3 Filetrace;Filetrace;C:\Windows\System32\drivers\filetrace.sys [2009-7-13 34304]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service;C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-2-2 655624]
S3 flpydisk;Floppy Disk Driver;C:\Windows\System32\drivers\flpydisk.sys [2009-7-13 24576]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2011-8-17 42856]
S3 FsDepends;File System Dependency Minifilter;C:\Windows\System32\drivers\fsdepends.sys [2009-7-13 55376]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\Windows\System32\drivers\GAGP30KX.SYS [2009-7-13 65088]
S3 GameConsoleService;GameConsoleService;C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe [2010-4-3 246520]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-6-1 116648]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\System32\drivers\hcw85cir.sys [2009-7-13 31232]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\HdAudio.sys [2011-8-17 350208]
S3 HidBatt;HID UPS Battery Driver;C:\Windows\System32\drivers\hidbatt.sys [2009-7-13 26624]
S3 HidBth;Microsoft Bluetooth HID Miniport;C:\Windows\System32\drivers\hidbth.sys [2009-7-13 100864]
S3 HidIr;Microsoft Infrared HID Driver;C:\Windows\System32\drivers\hidir.sys [2009-7-13 46592]
S3 hidserv;Human Interface Device Access;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 HidUsb;Microsoft HID Class Driver;C:\Windows\System32\drivers\hidusb.sys [2011-8-17 30208]
S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 HpSAMD;HpSAMD;C:\Windows\System32\drivers\HpSAMD.sys [2011-8-17 78720]
S3 iaStorV;Intel RAID Controller Windows 7;C:\Windows\System32\drivers\iaStorV.sys [2011-8-12 410496]
S3 idsvc;Windows CardSpace;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2011-8-17 856400]
S3 iirsp;iirsp;C:\Windows\System32\drivers\iirsp.sys [2009-7-13 44112]
S3 intelide;intelide;C:\Windows\System32\drivers\intelide.sys [2009-7-13 16960]
S3 intelppm;Intel Processor Driver;C:\Windows\System32\drivers\intelppm.sys [2009-7-13 62464]
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 IpFilterDriver;IP Traffic Filter Driver;C:\Windows\System32\drivers\ipfltdrv.sys [2011-8-17 82944]
S3 IPMIDRV;IPMIDRV;C:\Windows\System32\drivers\IPMIDrv.sys [2011-8-17 78848]
S3 IPNAT;IP Network Address Translator;C:\Windows\System32\drivers\ipnat.sys [2009-7-13 116224]
S3 IRENUM;IR Bus Enumerator;C:\Windows\System32\drivers\irenum.sys [2009-7-13 17920]
S3 isapnp;isapnp;C:\Windows\System32\drivers\isapnp.sys [2009-7-13 20544]
S3 iScsiPrt;iScsiPort Driver;C:\Windows\System32\drivers\msiscsi.sys [2011-8-17 273792]
S3 kbdhid;Keyboard HID Driver;C:\Windows\System32\drivers\kbdhid.sys [2011-8-17 33280]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-13 27136]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 LSI_FC;LSI_FC;C:\Windows\System32\drivers\lsi_fc.sys [2009-7-13 114752]
S3 LSI_SAS;LSI_SAS;C:\Windows\System32\drivers\lsi_sas.sys [2009-7-13 106560]
S3 LSI_SAS2;LSI_SAS2;C:\Windows\System32\drivers\lsi_sas2.sys [2009-7-13 65600]
S3 LSI_SCSI;LSI_SCSI;C:\Windows\System32\drivers\lsi_scsi.sys [2009-7-13 115776]
S3 megasas;megasas;C:\Windows\System32\drivers\megasas.sys [2009-6-10 35392]
S3 MegaSR;MegaSR;C:\Windows\System32\drivers\MegaSR.sys [2009-7-13 284736]
S3 Modem;Modem;C:\Windows\System32\drivers\modem.sys [2009-7-13 40448]
S3 mouhid;Mouse HID Driver;C:\Windows\System32\drivers\mouhid.sys [2009-7-13 31232]
S3 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\System32\drivers\mpio.sys [2011-8-17 155008]
S3 MRxDAV;WebDav Client Redirector Driver;C:\Windows\System32\drivers\mrxdav.sys [2011-8-17 140800]
S3 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\System32\drivers\msdsm.sys [2011-8-17 140672]
S3 MSDTC;Distributed Transaction Coordinator;C:\Windows\System32\msdtc.exe [2009-7-13 141824]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\Windows\System32\drivers\mshidkmdf.sys [2009-7-13 8192]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 msiserver;Windows Installer;C:\Windows\System32\msiexec.exe [2011-8-17 128000]
S3 MSKSSRV;Microsoft Streaming Service Proxy;C:\Windows\System32\drivers\mskssrv.sys [2009-7-13 11136]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;C:\Windows\System32\drivers\mspclock.sys [2009-7-13 7168]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;C:\Windows\System32\drivers\mspqm.sys [2009-7-13 6784]
S3 MsRPC;MsRPC;C:\Windows\System32\drivers\msrpc.sys [2011-8-17 366976]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;C:\Windows\System32\drivers\mstee.sys [2009-7-13 8064]
S3 MTConfig;Microsoft Input Configuration Driver;C:\Windows\System32\drivers\MTConfig.sys [2009-7-13 15360]
S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 NdisCap;NDIS Capture LightWeight Filter;C:\Windows\System32\drivers\ndiscap.sys [2009-7-13 35328]
S3 Netlogon;Netlogon;C:\Windows\System32\lsass.exe [2012-1-31 31232]
S3 nfrd960;nfrd960;C:\Windows\System32\drivers\nfrd960.sys [2009-7-13 51264]
S3 nv_agp;NVIDIA nForce AGP Bus Filter;C:\Windows\System32\drivers\NV_AGP.SYS [2009-7-13 122960]
S3 nvraid;nvraid;C:\Windows\System32\drivers\nvraid.sys [2011-8-12 148352]
S3 nvstor;nvstor;C:\Windows\System32\drivers\nvstor.sys [2011-8-12 166272]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy);C:\Windows\System32\drivers\ohci1394.sys [2009-7-13 72832]
S3 ose;Office  Source Engine;C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 149352]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Parport;Parallel port driver;C:\Windows\System32\drivers\parport.sys [2009-7-13 97280]
S3 pciide;pciide;C:\Windows\System32\drivers\pciide.sys [2009-7-13 12352]
S3 pcmcia;pcmcia;C:\Windows\System32\drivers\pcmcia.sys [2009-7-13 220752]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-13 20992]
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
S3 Processor;Processor Driver;C:\Windows\System32\drivers\processr.sys [2009-7-13 60416]
S3 ProtectedStorage;Protected Storage;C:\Windows\System32\lsass.exe [2012-1-31 31232]
S3 ql2300;ql2300;C:\Windows\System32\drivers\ql2300.sys [2009-6-10 1524816]
S3 ql40xx;ql40xx;C:\Windows\System32\drivers\ql40xx.sys [2009-7-13 128592]
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 QWAVEdrv;QWAVE driver;C:\Windows\System32\drivers\qwavedrv.sys [2009-7-13 46592]
S3 RasAcd;Remote Access Auto Connection Driver;C:\Windows\System32\drivers\rasacd.sys [2009-7-13 14848]
S3 RasAuto;Remote Access Auto Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 RasMan;Remote Access Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\Windows\System32\drivers\rdpbus.sys [2009-7-13 24064]
S3 RDPWD;RDP Winstation Driver;C:\Windows\System32\drivers\rdpwd.sys [2012-8-10 210944]
S3 RemoteRegistry;Remote Registry;C:\Windows\System32\svchost.exe -k regsvc [2009-7-13 27136]
S3 RpcLocator;Remote Procedure Call (RPC) Locator;C:\Windows\System32\Locator.exe [2009-7-13 10240]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-17 246376]
S3 sbp2port;SBP-2 Transport/Protocol Bus Driver;C:\Windows\System32\drivers\sbp2port.sys [2011-8-17 103808]
S3 SCardSvr;Smart Card;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 scfilter;Smart card PnP Class Filter Driver;C:\Windows\System32\drivers\scfilter.sys [2011-8-17 29696]
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 SDRSVC;Windows Backup;C:\Windows\System32\svchost.exe -k SDRSVC [2009-7-13 27136]
S3 seclogon;Secondary Logon;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 SensrSvc;Adaptive Brightness;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 Serenum;Serenum Filter Driver;C:\Windows\System32\drivers\serenum.sys [2009-7-13 23552]
S3 Serial;Serial;C:\Windows\System32\drivers\serial.sys [2009-7-13 94208]
S3 sermouse;Serial Mouse Driver;C:\Windows\System32\drivers\sermouse.sys [2009-7-13 26624]
S3 SessionEnv;Remote Desktop Configuration;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 sffdisk;SFF Storage Class Driver;C:\Windows\System32\drivers\sffdisk.sys [2009-7-13 14336]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\System32\drivers\sffp_mmc.sys [2009-7-13 13824]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\Windows\System32\drivers\sffp_sd.sys [2011-8-17 14336]
S3 sfloppy;High-Capacity Floppy Disk Drive;C:\Windows\System32\drivers\sfloppy.sys [2009-7-13 16896]
S3 SharedAccess;Internet Connection Sharing (ICS);C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 SiSRaid2;SiSRaid2;C:\Windows\System32\drivers\sisraid2.sys [2009-6-10 43584]
S3 SiSRaid4;SiSRaid4;C:\Windows\System32\drivers\sisraid4.sys [2009-7-13 80464]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\System32\drivers\smb.sys [2009-7-13 93184]
S3 SNMPTRAP;SNMP Trap;C:\Windows\System32\snmptrap.exe [2009-7-13 14336]
S3 sppuinotify;SPP Notification Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 SstpSvc;Secure Socket Tunneling Protocol Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 stexstor;stexstor;C:\Windows\System32\drivers\stexstor.sys [2009-7-13 24656]
S3 swprv;Microsoft Software Shadow Copy Provider;C:\Windows\System32\svchost.exe -k swprv [2009-7-13 27136]
S3 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TapiSrv;Telephony;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 TCPIP6;Microsoft IPv6 Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-2-13 1913192]
S3 TDPIPE;TDPIPE;C:\Windows\System32\drivers\tdpipe.sys [2009-7-13 15872]
S3 TDTCP;TDTCP;C:\Windows\System32\drivers\tdtcp.sys [2012-3-14 23552]
S3 TermService;Remote Desktop Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 THREADORDER;Thread Ordering Server;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2011-8-17 194048]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\Windows\System32\drivers\tssecsrv.sys [2011-8-17 39424]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-17 59392]
S3 uagp35;Microsoft AGPv3.5 Filter;C:\Windows\System32\drivers\UAGP35.SYS [2009-7-13 64080]
S3 UI0Detect;Interactive Services Detection;C:\Windows\System32\UI0Detect.exe [2009-7-13 40960]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\System32\drivers\ULIAGPKX.SYS [2009-7-13 64592]
S3 UmPass;Microsoft UMPass Driver;C:\Windows\System32\drivers\umpass.sys [2009-7-13 9728]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\System32\drivers\usbcir.sys [2009-7-13 100352]
S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\System32\drivers\usbprint.sys [2009-7-13 25088]
S3 usbscan;USB Scanner Driver;C:\Windows\System32\drivers\usbscan.sys [2009-7-13 41984]
S3 USBSTOR;USB Mass Storage Driver;C:\Windows\System32\drivers\USBSTOR.SYS [2011-8-12 91648]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\Windows\System32\drivers\usbuhci.sys [2011-8-12 30720]
S3 VaultSvc;Credential Manager;C:\Windows\System32\lsass.exe [2012-1-31 31232]
S3 vds;Virtual Disk;C:\Windows\System32\vds.exe [2011-8-17 533504]
S3 vga;vga;C:\Windows\System32\drivers\vgapnp.sys [2009-7-13 29184]
S3 vhdmp;vhdmp;C:\Windows\System32\drivers\vhdmp.sys [2011-8-17 215936]
S3 viaide;viaide;C:\Windows\System32\drivers\viaide.sys [2009-7-13 17488]
S3 vsmraid;vsmraid;C:\Windows\System32\drivers\vsmraid.sys [2009-6-10 161872]
S3 VSS;Volume Shadow Copy;C:\Windows\System32\VSSVC.exe [2011-8-17 1600512]
S3 W32Time;Windows Time;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\System32\drivers\wacompen.sys [2009-7-13 27776]
S3 WANARP;Remote Access IP ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2011-8-17 88576]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-9 1255736]
S3 wbengine;Block Level Backup Engine Service;C:\Windows\System32\wbengine.exe [2011-8-17 1504256]
S3 WbioSrvc;Windows Biometric Service;C:\Windows\System32\svchost.exe -k WbioSvcGroup [2009-7-13 27136]
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 WcsPlugInService;Windows Color System;C:\Windows\System32\svchost.exe -k wcssvc [2009-7-13 27136]
S3 Wd;Wd;C:\Windows\System32\drivers\wd.sys [2009-7-13 21056]
S3 WebClient;WebClient;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 Wecsvc;Windows Event Collector;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup [2009-7-13 27136]
S3 WIMMount;WIMMount;C:\Windows\System32\drivers\wimmount.sys [2009-7-13 22096]
S3 WinDefend;Windows Defender;C:\Windows\System32\svchost.exe -k secsvcs [2009-7-13 27136]
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 wmiApSrv;WMI Performance Adapter;C:\Windows\System32\wbem\WmiApSrv.exe [2009-7-13 203264]
S3 WPCSvc;Parental Controls;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
S3 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WudfPf;User Mode Driver Frameworks Platform Driver;C:\Windows\System32\drivers\WUDFPf.sys [2012-12-7 87040]
S3 WUDFRd;WUDFRd;C:\Windows\System32\drivers\WUDFRd.sys [2012-12-7 198656]
S3 wudfsvc;Windows Driver Foundation - User-mode Driver Framework;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WwanSvc;WWAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
S4 cdfs;CD/DVD File System Reader;C:\Windows\System32\drivers\cdfs.sys [2009-7-13 92160]
S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86;C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-7-13 66384]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-13 89920]
S4 crcdisk;Crcdisk Filter Driver;C:\Windows\System32\drivers\crcdisk.sys [2009-7-13 24144]
S4 Mcx2Svc;Media Center Extender Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-7-13 116560]
S4 RemoteAccess;Routing and Remote Access;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S4 udfs;udfs;C:\Windows\System32\drivers\udfs.sys [2011-8-17 328192]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
S4 ws2ifsl;Winsock IFS Driver;C:\Windows\System32\drivers\ws2ifsl.sys [2009-7-13 21504]
.
=============== File Associations ===============
.
FileExt: .bat: batfile="%1" %*
FileExt: .cmd: cmdfile="%1" %*
FileExt: .com: comfile="%1" %*
FileExt: .exe: exefile="%1" %*
FileExt: .pif: piffile="%1" %*
FileExt: .scr: scrfile="%1" /S
FileExt: .reg: regfile=regedit.exe "%1"
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .chm: chm.file="C:\Windows\hh.exe" %1
FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: AcroRD32.exe: Read="C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" "%1"
ShellExec: ehshell.exe: open="C:\Windows\eHome\ehshell.exe" "%1"
ShellExec: eSobi.exe: open="C:\Program Files (x86)\eSobi\eSobi2\eSobi.exe" /e "%1"
ShellExec: iexplore.exe: open="C:\Program Files\Internet Explorer\iexplore.exe" %1
ShellExec: iTunes.exe: open="C:\Program Files (x86)\iTunes\iTunes.exe" /open "%L"
ShellExec: iTunes.exe: play="C:\Program Files (x86)\iTunes\iTunes.exe" /play "%L"
ShellExec: MovieMaker.exe: Open="C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
ShellExec: mspaint.exe: edit="C:\Windows\System32\mspaint.exe" "%1"
ShellExec: notepad.exe: edit=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: notepad.exe: open=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: photoviewer.dll: open=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: photoviewer.dll: print=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: WLXPhotoViewer.dll: open="C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"
ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"
ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"
.
=============== Created Last 60 ================
.
2013-06-03 02:12:07 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5935EE58-8835-4A72-91DF-443E6CF249D8}\mpengine.dll
2013-06-02 00:18:03 -------- d-----w- C:\ProgramData\boost_interprocess
2013-06-01 21:48:38 -------- d-----w- C:\Users\SarahKaising\AppData\Local\Deployment
2013-06-01 21:48:38 -------- d-----w- C:\Users\SarahKaising\AppData\Local\Apps
2013-06-01 20:01:36 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2013-06-01 20:01:00 263584 ----a-w- C:\Windows\SysWow64\javaws.exe
2013-06-01 20:00:47 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-01 20:00:47 174496 ----a-w- C:\Windows\SysWow64\javaw.exe
2013-06-01 20:00:46 174496 ----a-w- C:\Windows\SysWow64\java.exe
2013-06-01 19:57:06 9460464 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-01 19:52:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-01 19:52:08 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-01 19:51:57 -------- d-----w- C:\Windows\System32\Macromed
2013-05-30 15:02:07 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe
2013-05-29 21:31:59 -------- d-----w- C:\Windows\ERUNT
2013-05-29 21:31:16 -------- d-----w- C:\JRT
2013-05-29 01:29:07 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-05-28 19:46:15 -------- d-----w- C:\Users\SarahKaising\AppData\Roaming\Malwarebytes
2013-05-28 19:45:39 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-28 19:45:35 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-28 19:45:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-28 19:44:38 -------- d-----w- C:\Users\SarahKaising\AppData\Local\Programs
2013-05-28 03:03:56 -------- d-----w- C:\Users\SarahKaising\AppData\Local\CrashDumps
2013-05-28 01:27:23 -------- d-----w- C:\Users\SarahKaising\AppData\Local\NPE
2013-05-28 01:27:23 -------- d-----w- C:\ProgramData\Norton
2013-05-27 23:50:11 -------- d-----w- C:\Users\SarahKaising\AppData\Local\CRE
2013-05-21 22:28:04 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A246476D-3A7D-4668-98C8-09A3E3049FCC}\gapaengine.dll
2013-05-15 14:11:59 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-15 14:11:58 391168 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-05-15 14:11:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-15 14:11:56 526336 ----a-w- C:\Windows\System32\ieui.dll
2013-05-15 14:11:56 278528 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-05-15 14:11:56 217600 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-05-15 14:11:55 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2013-05-15 14:11:55 51712 ----a-w- C:\Windows\System32\ie4uinit.exe
2013-05-15 14:11:55 356352 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-05-15 14:11:55 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-05-15 14:11:54 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-15 14:11:54 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-15 14:11:54 235520 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-05-15 14:11:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-15 14:11:53 39936 ----a-w- C:\Windows\System32\iernonce.dll
2013-05-15 14:11:53 33280 ----a-w- C:\Windows\SysWow64\iernonce.dll
2013-05-15 14:11:52 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-15 14:11:52 493056 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-05-15 14:11:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-15 14:11:52 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-15 14:11:51 603136 ----a-w- C:\Windows\System32\msfeeds.dll
2013-05-15 14:11:51 2647552 ----a-w- C:\Windows\System32\iertutil.dll
2013-05-15 14:11:51 2046976 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-05-15 14:11:50 770608 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-05-15 14:11:49 775232 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2013-05-15 14:11:49 1130496 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-05-15 14:11:48 1365504 ----a-w- C:\Windows\System32\urlmon.dll
2013-05-15 14:11:47 855552 ----a-w- C:\Windows\System32\jscript.dll
2013-05-15 14:11:47 690688 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-05-15 14:11:45 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-15 14:11:44 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-15 14:11:43 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-05-15 14:11:43 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-05-15 14:11:42 53248 ----a-w- C:\Windows\System32\jsproxy.dll
2013-05-15 14:11:42 39424 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-05-15 14:11:41 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-15 14:11:40 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-05-15 14:11:36 14323712 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-05-15 14:11:33 19231232 ----a-w- C:\Windows\System32\mshtml.dll
2013-05-15 14:11:31 15404032 ----a-w- C:\Windows\System32\ieframe.dll
2013-05-15 14:11:29 13760512 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-05-15 13:30:27 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 13:30:27 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 13:30:27 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 13:30:22 78680 ----a-w- C:\Windows\System32\mcupdate_AuthenticAMD.dll
2013-05-15 13:30:21 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-15 13:30:20 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-15 13:30:06 14172672 ----a-w- C:\Windows\System32\shell32.dll
2013-05-15 13:30:04 197120 ----a-w- C:\Windows\System32\shdocvw.dll
2013-05-15 13:30:04 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 13:30:04 12872704 ----a-w- C:\Windows\SysWow64\shell32.dll
2013-05-15 13:30:03 180224 ----a-w- C:\Windows\SysWow64\shdocvw.dll
2013-05-15 13:30:03 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 13:30:03 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 13:30:02 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 13:29:49 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-23 19:01:52 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 00:29:47 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-04-10 00:29:46 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-04-10 00:29:45 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-04-10 00:29:45 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-04-10 00:29:45 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-04-10 00:29:44 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-04-10 00:29:29 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-10 00:29:26 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-10 00:29:24 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 00:29:24 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 00:29:23 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-10 00:29:22 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-10 00:29:22 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-07 16:09:20 -------- d-----w- C:\Program Files (x86)\Common Files\Skype
.
==================== Find6M  ====================
.
2013-06-01 20:00:13 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-01 20:00:13 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-03-22 14:05:20 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-20 14:35:25 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-03-20 14:35:24 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-01-20 20:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 20:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
.
============= FINISH: 15:54:25.84 ===============
 
 Attached File  attach.txt   5.69KB   0 downloads
 
 
 
 
 


Edited by redcurlyqcincy, 03 June 2013 - 04:01 PM.


BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:22 AM

Posted 07 June 2013 - 01:04 AM

Hello redcurlyqcincy and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. smile.png

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


----------Step 4----------------
Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------
In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. smile.png

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"
 

-------> Your topic will be closed if you haven't replied within 3 days! <--------
(If I don't respond within 24 hours, please send me a PM)



-DFB


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 redcurlyqcincy

redcurlyqcincy
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 07 June 2013 - 09:56 AM

Thanks so much for helping me!

Something weird last night happened to my computer, however. It re-booted on its own and updated a lot of things. I thought, before I start doing what you recommend, I re-scanned my computer and am posting my DDS and Attach scans.

 

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.15.2
Run by SarahKaising at 10:42:26 on 2013-06-07
#Option Extended Search is enabled.
#Option Whitelisting is disabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3819.1753 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\SarahKaising\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Users\SarahKaising\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Users\SarahKaising\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uLocal Page = C:\Windows\System32\blank.htm
uSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
mLocal Page = C:\Windows\SysWOW64\blank.htm
mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uProxyOverride = *.local
uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
mWinlogon: Shell = explorer.exe
mWinlogon: Userinit = userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
uRun: [Facebook Update] "C:\Users\SarahKaising\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Spotify Web Helper] "C:\Users\SarahKaising\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spotify] "C:\Users\SarahKaising\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: ForceActiveDesktopOn = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:1
mPolicies-System: EnableLUA = dword:1
mPolicies-System: EnableSecureUIAPaths = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:1
mPolicies-System: ValidateAdminCodeSignatures = dword:0
mPolicies-System: dontdisplaylastusername = dword:0
mPolicies-System: scforceoption = dword:0
mPolicies-System: shutdownwithoutlogon = dword:1
mPolicies-System: undockwithoutlogon = dword:1
mPolicies-System: FilterAdministratorToken = dword:0
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: %SystemRoot%\system32\mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 192.168.200.1
TCP: Interfaces\{DE75096F-60FB-47B7-806A-11C9470E2DC3} : DHCPNameServer = 192.168.200.1
TCP: Interfaces\{DE75096F-60FB-47B7-806A-11C9470E2DC3}\253434F574575637473213 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DE75096F-60FB-47B7-806A-11C9470E2DC3}\5393830247562727163656 : DHCPNameServer = 192.168.200.1
TCP: Interfaces\{DE75096F-60FB-47B7-806A-11C9470E2DC3}\E6564777F627B623 : DHCPNameServer = 192.168.1.1
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
SSODL: WebCheck - <orphaned>
SecurityProviders: SecurityProviders = credssp.dll
LSA: Authentication Packages =  msv1_0
LSA: Notification Packages =  scecli
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\System32\cmd.exe /D /C start C:\Windows\System32\ie4uinit.exe -ClearIconCache
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
x64-mStart Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
x64-mLocal Page = C:\Windows\System32\blank.htm
x64-mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
x64-mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mWinlogon: Shell = explorer.exe
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll
x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
x64-mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\System32\cmd.exe /D /C start C:\Windows\System32\ie4uinit.exe -ClearIconCache
x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ACPI;Microsoft ACPI Driver;C:\Windows\System32\drivers\acpi.sys [2011-8-17 334208]
R0 amdxata;amdxata;C:\Windows\System32\drivers\amdxata.sys [2011-8-12 27008]
R0 atapi;IDE Channel;C:\Windows\System32\drivers\atapi.sys [2009-7-13 24128]
R0 CLFS;Common Log (CLFS);C:\Windows\System32\clfs.sys [2009-7-13 367696]
R0 CNG;CNG;C:\Windows\System32\drivers\cng.sys [2012-8-10 458704]
R0 Compbatt;Microsoft Composite Battery Driver;C:\Windows\System32\drivers\compbatt.sys [2009-7-13 21584]
R0 Disk;Disk Driver;C:\Windows\System32\drivers\disk.sys [2009-7-13 73280]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\System32\drivers\fileinfo.sys [2009-7-13 70224]
R0 FltMgr;FltMgr;C:\Windows\System32\drivers\fltMgr.sys [2011-8-17 289664]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\Windows\System32\drivers\fvevol.sys [2013-4-9 223752]
R0 hwpolicy;Hardware Policy Driver;C:\Windows\System32\drivers\hwpolicy.sys [2011-8-17 14720]
R0 KSecDD;KSecDD;C:\Windows\System32\drivers\ksecdd.sys [2012-8-10 95600]
R0 KSecPkg;KSecPkg;C:\Windows\System32\drivers\ksecpkg.sys [2012-8-10 151920]
R0 mountmgr;Mount Point Manager;C:\Windows\System32\drivers\mountmgr.sys [2011-8-17 94592]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 msahci;msahci;C:\Windows\System32\drivers\msahci.sys [2011-8-17 31104]
R0 msisadrv;msisadrv;C:\Windows\System32\drivers\msisadrv.sys [2009-7-13 15424]
R0 Mup;Mup;C:\Windows\System32\drivers\mup.sys [2009-7-13 60496]
R0 NDIS;NDIS System Driver;C:\Windows\System32\drivers\ndis.sys [2013-3-20 950128]
R0 partmgr;Partition Manager;C:\Windows\System32\drivers\partmgr.sys [2012-8-10 75120]
R0 pci;PCI Bus Driver;C:\Windows\System32\drivers\pci.sys [2011-8-17 184704]
R0 pcw;Performance Counters for Windows Driver;C:\Windows\System32\drivers\pcw.sys [2009-7-13 50768]
R0 rdyboost;ReadyBoost;C:\Windows\System32\drivers\rdyboost.sys [2011-8-17 213888]
R0 spldr;Security Processor Loader Driver;C:\Windows\System32\drivers\spldr.sys [2009-7-13 19008]
R0 Tcpip;TCP/IP Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-2-13 1913192]
R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2011-7-19 65072]
R0 TfSysMon;TfSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2011-7-19 74824]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\Windows\System32\drivers\vdrvroot.sys [2009-7-13 36432]
R0 volmgr;Volume Manager Driver;C:\Windows\System32\drivers\volmgr.sys [2011-8-17 71552]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\System32\drivers\volmgrx.sys [2011-8-17 363392]
R0 volsnap;Storage volumes;C:\Windows\System32\drivers\volsnap.sys [2011-8-17 295808]
R0 Wdf01000;Kernel Mode Driver Frameworks service;C:\Windows\System32\drivers\Wdf01000.sys [2012-12-8 785512]
R1 AFD;Ancillary Function Driver for Winsock;C:\Windows\System32\drivers\afd.sys [2012-2-16 498688]
R1 Beep;Beep;C:\Windows\System32\drivers\beep.sys [2009-7-13 6656]
R1 blbdrive;blbdrive;C:\Windows\System32\drivers\blbdrive.sys [2009-7-13 45056]
R1 cdrom;CD-ROM Driver;C:\Windows\System32\drivers\cdrom.sys [2011-8-17 147456]
R1 DfsC;DFS Namespace Client Driver;C:\Windows\System32\drivers\dfsc.sys [2011-8-17 102400]
R1 discache;System Attribute Cache;C:\Windows\System32\drivers\discache.sys [2009-7-13 40448]
R1 Msfs;Msfs;C:\Windows\System32\drivers\msfs.sys [2009-7-13 26112]
R1 mssmbios;Microsoft System Management BIOS Driver;C:\Windows\System32\drivers\mssmbios.sys [2009-7-13 32320]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-1-17 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-1-17 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-1-17 62584]
R1 NetBIOS;NetBIOS Interface;C:\Windows\System32\drivers\netbios.sys [2009-7-13 44544]
R1 NetBT;NetBT;C:\Windows\System32\drivers\netbt.sys [2011-8-17 261632]
R1 Npfs;Npfs;C:\Windows\System32\drivers\npfs.sys [2009-7-13 44032]
R1 nsiproxy;NSI proxy service driver.;C:\Windows\System32\drivers\nsiproxy.sys [2009-7-13 24576]
R1 Null;Null;C:\Windows\System32\drivers\null.sys [2009-7-13 6144]
R1 Psched;QoS Packet Scheduler;C:\Windows\System32\drivers\pacer.sys [2011-8-17 131584]
R1 rdbss;Redirected Buffering Sub Sysytem;C:\Windows\System32\drivers\rdbss.sys [2011-8-17 309248]
R1 RDPCDD;RDPCDD;C:\Windows\System32\drivers\RDPCDD.sys [2009-7-13 7680]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\System32\drivers\RDPENCDD.sys [2009-7-13 7680]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\Windows\System32\drivers\RDPREFMP.sys [2009-7-13 8192]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\System32\drivers\tdx.sys [2011-8-17 119296]
R1 TermDD;Terminal Device Driver;C:\Windows\System32\drivers\termdd.sys [2011-8-17 63360]
R1 VgaSave;VgaSave;C:\Windows\System32\drivers\vga.sys [2009-7-13 29184]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2011-8-17 88576]
R1 WfpLwf;WFP Lightweight Filter;C:\Windows\System32\drivers\wfplwf.sys [2009-7-13 12800]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-17 203776]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-11-18 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 Apple Mobile Device;Apple Mobile Device;C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-8-11 55184]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 AudioSrv;Windows Audio;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 BFE;Base Filtering Engine;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 BITS;Background Intelligent Transfer Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 Bonjour Service;Bonjour Service;C:\Program Files\Bonjour\mDNSResponder.exe [2011-8-31 462184]
R2 CryptSvc;Cryptographic Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-1-17 198784]
R2 DcomLaunch;DCOM Server Process Launcher;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 Dhcp;DHCP Client;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 Dnscache;DNS Client;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-1-17 310864]
R2 EFS;Encrypting File System (EFS);C:\Windows\System32\lsass.exe [2012-1-31 31232]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-1-17 868224]
R2 eventlog;Windows Event Log;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 EventSystem;COM+ Event System;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 gpsvc;Group Policy Client;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs [2009-7-13 27136]
R2 LanmanServer;Server;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 LanmanWorkstation;Workstation;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\System32\drivers\lltdio.sys [2009-7-13 60928]
R2 lmhosts;TCP/IP NetBIOS Helper;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 luafv;UAC File Virtualization;C:\Windows\System32\drivers\luafv.sys [2009-7-13 113152]
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 MpsSvc;Windows Firewall;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 MsMpSvc;Microsoft Antimalware Service;C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-1-27 22056]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 nsi;Network Store Interface Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-11 257344]
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 PEAUTH;PEAUTH;C:\Windows\System32\drivers\PEAuth.sys [2009-7-13 651264]
R2 PlugPlay;Plug and Play;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 Power;Power;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 ProfSvc;User Profile Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 RpcEptMapper;RPC Endpoint Mapper;C:\Windows\System32\svchost.exe -k RPCSS [2009-7-13 27136]
R2 RpcSs;Remote Procedure Call (RPC);C:\Windows\System32\svchost.exe -k rpcss [2009-7-13 27136]
R2 rspndr;Link-Layer Topology Discovery Responder;C:\Windows\System32\drivers\rspndr.sys [2009-7-13 76800]
R2 SamSs;Security Accounts Manager;C:\Windows\System32\lsass.exe [2012-1-31 31232]
R2 Schedule;Task Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 secdrv;Security Driver;C:\Windows\System32\drivers\secdrv.sys [2009-7-13 23040]
R2 SENS;System Event Notification Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 ShellHWDetection;Shell Hardware Detection;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 Spooler;Print Spooler;C:\Windows\System32\spoolsv.exe [2012-8-15 559104]
R2 stisvc;Windows Image Acquisition (WIA);C:\Windows\System32\svchost.exe -k imgsvc [2009-7-13 27136]
R2 SysMain;Superfetch;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\System32\drivers\tcpipreg.sys [2013-3-20 45568]
R2 Themes;Themes;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 ThreatFire;ThreatFire;C:\Program Files (x86)\ThreatFire\TFService.exe service --> C:\Program Files (x86)\ThreatFire\TFService.exe service [?]
R2 TrkWks;Distributed Link Tracking Client;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-1-17 243232]
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 Winmgmt;Windows Management Instrumentation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 Wlansvc;WLAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-9-21 2286976]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service;C:\Program Files\Windows Media Player\wmpnetwk.exe [2011-8-17 1525248]
R2 wscsvc;Security Center;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 WSearch;Windows Search;C:\Windows\System32\SearchIndexer.exe [2011-8-6 591872]
R2 wuauserv;Windows Update;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 YahooAUService;Yahoo! Updater;C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-9 602392]
R3 AeLookupSvc;Application Experience;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-2-2 46136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-1-17 8013312]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-1-17 287232]
R3 AmdPPM;AMD Processor Driver;C:\Windows\System32\drivers\amdppm.sys [2009-7-13 60928]
R3 Appinfo;Application Information;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\System32\drivers\athrx.sys [2011-1-17 2229608]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-1-17 115216]
R3 bowser;Browser Support Driver;C:\Windows\System32\drivers\bowser.sys [2011-8-6 90624]
R3 Browser;Computer Browser;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver;C:\Windows\System32\drivers\CmBatt.sys [2009-7-13 17664]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\CHDRT64.sys [2011-1-17 1495680]
R3 CompositeBus;Composite Bus Enumerator Driver;C:\Windows\System32\drivers\CompositeBus.sys [2011-8-17 38912]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\System32\drivers\dxgkrnl.sys [2011-8-17 982912]
R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-1-17 138024]
R3 fdPHost;Function Discovery Provider Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 FDResPub;Function Discovery Resource Publication;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R3 GEARAspiWDM;GEAR ASPI Filter Driver;C:\Windows\System32\drivers\GEARAspiWDM.sys [2012-10-8 33240]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\Windows\System32\drivers\hdaudbus.sys [2011-8-17 122368]
R3 HomeGroupListener;HomeGroup Listener;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 HomeGroupProvider;HomeGroup Provider;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R3 HTTP;HTTP;C:\Windows\System32\drivers\http.sys [2011-8-17 753664]
R3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\Windows\System32\drivers\i8042prt.sys [2009-7-13 105472]
R3 iPod Service;iPod Service;C:\Program Files\iPod\bin\iPodService.exe [2012-12-12 641504]
R3 kbdclass;Keyboard Class Driver;C:\Windows\System32\drivers\kbdclass.sys [2009-7-13 50768]
R3 KeyIso;CNG Key Isolation;C:\Windows\System32\lsass.exe [2012-1-31 31232]
R3 ksthunk;Kernel Streaming Thunks;C:\Windows\System32\drivers\ksthunk.sys [2009-7-13 20992]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-1-17 76912]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\System32\drivers\monitor.sys [2009-7-13 30208]
R3 mouclass;Mouse Class Driver;C:\Windows\System32\drivers\mouclass.sys [2009-7-13 49216]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\System32\drivers\mpsdrv.sys [2009-7-13 77312]
R3 mrxsmb;SMB MiniRedirector Wrapper and Engine;C:\Windows\System32\drivers\mrxsmb.sys [2011-8-12 158208]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\System32\drivers\mrxsmb10.sys [2011-8-12 288768]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\System32\drivers\mrxsmb20.sys [2011-8-12 128000]
R3 msiserver;Windows Installer;C:\Windows\System32\msiexec.exe [2011-8-17 128000]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\System32\drivers\nwifi.sys [2009-7-13 318976]
R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\Windows\System32\drivers\ndistapi.sys [2009-7-13 24064]
R3 Ndisuio;NDIS Usermode I/O Protocol;C:\Windows\System32\drivers\ndisuio.sys [2011-8-17 56832]
R3 NdisWan;Remote Access NDIS WAN Driver;C:\Windows\System32\drivers\ndiswan.sys [2011-8-17 164352]
R3 NDProxy;NDIS Proxy;C:\Windows\System32\drivers\ndproxy.sys [2011-8-17 57856]
R3 Netman;Network Connections;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 Ntfs;Ntfs;C:\Windows\System32\drivers\ntfs.sys [2013-4-23 1656680]
R3 NTIDrvr;NTIDrvr;C:\Windows\System32\drivers\NTIDrvr.sys [2011-1-17 18432]
R3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 PolicyAgent;IPsec Policy Agent;C:\Windows\System32\svchost.exe -k NetworkServiceNetworkRestricted [2009-7-13 27136]
R3 PptpMiniport;WAN Miniport (PPTP);C:\Windows\System32\drivers\raspptp.sys [2011-8-17 111104]
R3 RasAgileVpn;WAN Miniport (IKEv2);C:\Windows\System32\drivers\agilevpn.sys [2009-7-13 60416]
R3 Rasl2tp;WAN Miniport (L2TP);C:\Windows\System32\drivers\rasl2tp.sys [2011-8-17 129536]
R3 RasPppoe;Remote Access PPPOE Driver;C:\Windows\System32\drivers\raspppoe.sys [2009-7-13 92672]
R3 RasSstp;WAN Miniport (SSTP);C:\Windows\System32\drivers\rassstp.sys [2009-7-13 83968]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 srv;Server SMB 1.xxx Driver;C:\Windows\System32\drivers\srv.sys [2011-8-6 467456]
R3 srv2;Server SMB 2.xxx Driver;C:\Windows\System32\drivers\srv2.sys [2011-8-6 410112]
R3 srvnet;srvnet;C:\Windows\System32\drivers\srvnet.sys [2011-8-6 168448]
R3 SSDPSRV;SSDP Discovery;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R3 swenum;Software Bus Driver;C:\Windows\System32\drivers\swenum.sys [2009-7-13 12496]
R3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2011-7-19 41888]
R3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2011-8-17 194048]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\Windows\System32\drivers\tunnel.sys [2011-8-17 125440]
R3 UBHelper;UBHelper;C:\Windows\System32\drivers\UBHelper.sys [2011-1-17 17408]
R3 UI0Detect;Interactive Services Detection;C:\Windows\System32\UI0Detect.exe [2009-7-13 40960]
R3 umbus;UMBus Enumerator Driver;C:\Windows\System32\drivers\umbus.sys [2011-8-17 48640]
R3 upnphost;UPnP Device Host;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\Windows\System32\drivers\usbccgp.sys [2011-8-12 98816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\Windows\System32\drivers\usbehci.sys [2011-8-12 52736]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-2-2 38528]
R3 usbhub;Microsoft USB Standard Hub Driver;C:\Windows\System32\drivers\usbhub.sys [2011-8-12 343040]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\Windows\System32\drivers\usbohci.sys [2011-8-12 25600]
R3 usbvideo;USB Video Device (WDM);C:\Windows\System32\drivers\usbvideo.sys [2011-8-17 184960]
R3 vwifibus;Virtual WiFi Bus Driver;C:\Windows\System32\drivers\vwifibus.sys [2009-7-13 24576]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
R3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\Windows\System32\drivers\wmiacpi.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 sppsvc;Software Protection;C:\Windows\System32\sppsvc.exe [2011-8-17 3524608]
S3 1394ohci;1394 OHCI Compliant Host Controller;C:\Windows\System32\drivers\1394ohci.sys [2011-8-17 229888]
S3 AcpiPmi;ACPI Power Meter Driver;C:\Windows\System32\drivers\acpipmi.sys [2011-8-17 12800]
S3 adp94xx;adp94xx;C:\Windows\System32\drivers\adp94xx.sys [2009-6-10 491088]
S3 adpahci;adpahci;C:\Windows\System32\drivers\adpahci.sys [2009-7-13 339536]
S3 adpu320;adpu320;C:\Windows\System32\drivers\adpu320.sys [2009-7-13 182864]
S3 agp440;Intel AGP Bus Filter;C:\Windows\System32\drivers\AGP440.sys [2009-7-13 61008]
S3 ALG;Application Layer Gateway Service;C:\Windows\System32\alg.exe [2009-7-13 79360]
S3 aliide;aliide;C:\Windows\System32\drivers\aliide.sys [2009-7-13 15440]
S3 amdide;amdide;C:\Windows\System32\drivers\amdide.sys [2009-7-13 15440]
S3 AmdK8;AMD K8 Processor Driver;C:\Windows\System32\drivers\amdk8.sys [2009-7-13 64512]
S3 amdsata;amdsata;C:\Windows\System32\drivers\amdsata.sys [2011-8-12 107904]
S3 amdsbs;amdsbs;C:\Windows\System32\drivers\amdsbs.sys [2009-6-10 194128]
S3 AppID;AppID Driver;C:\Windows\System32\drivers\appid.sys [2011-8-17 61440]
S3 AppIDSvc;Application Identity;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 arc;arc;C:\Windows\System32\drivers\arc.sys [2009-7-13 87632]
S3 arcsas;arcsas;C:\Windows\System32\drivers\arcsas.sys [2009-7-13 97856]
S3 AsyncMac;RAS Asynchronous Media Driver;C:\Windows\System32\drivers\asyncmac.sys [2009-7-13 23040]
S3 AxInstSV;ActiveX Installer (AxInstSV);C:\Windows\System32\svchost.exe -k AxInstSVGroup [2009-7-13 27136]
S3 b06bdrv;Broadcom NetXtreme II VBD;C:\Windows\System32\drivers\bxvbda.sys [2009-6-10 468480]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2009-6-10 270848]
S3 BDESVC;BitLocker Drive Encryption Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\System32\drivers\BrFiltLo.sys [2009-7-13 18432]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\System32\drivers\BrFiltUp.sys [2009-7-13 8704]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\System32\drivers\BrSerId.sys [2009-7-13 286720]
S3 BrSerWdm;Brother WDM Serial driver;C:\Windows\System32\drivers\BrSerWdm.sys [2009-7-13 47104]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\System32\drivers\BrUsbMdm.sys [2009-7-13 14976]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\System32\drivers\BrUsbSer.sys [2009-7-13 14720]
S3 BTHMODEM;Bluetooth Serial Communications Driver;C:\Windows\System32\drivers\bthmodem.sys [2009-7-13 72192]
S3 bthserv;Bluetooth Support Service;C:\Windows\System32\svchost.exe -k bthsvcs [2009-7-13 27136]
S3 CertPropSvc;Certificate Propagation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 circlass;Consumer IR Devices;C:\Windows\System32\drivers\circlass.sys [2009-7-13 45568]
S3 cmdide;cmdide;C:\Windows\System32\drivers\cmdide.sys [2009-7-13 17488]
S3 COMSysApp;COM+ System Application;C:\Windows\System32\dllhost.exe [2009-7-13 9728]
S3 defragsvc;Disk Defragmenter;C:\Windows\System32\svchost.exe -k defragsvc [2009-7-13 27136]
S3 dot3svc;Wired AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 drmkaud;Microsoft Trusted Audio Drivers;C:\Windows\System32\drivers\drmkaud.sys [2009-7-13 5632]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\Windows\System32\drivers\evbda.sys [2009-6-10 3286016]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-27 172912]
S3 ehRecvr;Windows Media Center Receiver Service;C:\Windows\ehome\ehrecvr.exe [2011-8-17 696832]
S3 ehSched;Windows Media Center Scheduler Service;C:\Windows\ehome\ehsched.exe [2009-7-13 127488]
S3 elxstor;elxstor;C:\Windows\System32\drivers\elxstor.sys [2009-6-10 530496]
S3 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\System32\drivers\errdev.sys [2009-7-13 9728]
S3 exfat;exFAT File System Driver;C:\Windows\System32\drivers\exfat.sys [2009-7-13 195072]
S3 fastfat;FAT12/16/32 File System Driver;C:\Windows\System32\drivers\fastfat.sys [2009-7-13 204800]
S3 Fax;Fax;C:\Windows\System32\FXSSVC.exe [2011-8-17 689152]
S3 fdc;Floppy Disk Controller Driver;C:\Windows\System32\drivers\fdc.sys [2009-7-13 29696]
S3 Filetrace;Filetrace;C:\Windows\System32\drivers\filetrace.sys [2009-7-13 34304]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service;C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-2-2 655624]
S3 flpydisk;Floppy Disk Driver;C:\Windows\System32\drivers\flpydisk.sys [2009-7-13 24576]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2011-8-17 42856]
S3 FsDepends;File System Dependency Minifilter;C:\Windows\System32\drivers\fsdepends.sys [2009-7-13 55376]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\Windows\System32\drivers\GAGP30KX.SYS [2009-7-13 65088]
S3 GameConsoleService;GameConsoleService;C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe [2010-4-3 246520]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\System32\drivers\hcw85cir.sys [2009-7-13 31232]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\HdAudio.sys [2011-8-17 350208]
S3 HidBatt;HID UPS Battery Driver;C:\Windows\System32\drivers\hidbatt.sys [2009-7-13 26624]
S3 HidBth;Microsoft Bluetooth HID Miniport;C:\Windows\System32\drivers\hidbth.sys [2009-7-13 100864]
S3 HidIr;Microsoft Infrared HID Driver;C:\Windows\System32\drivers\hidir.sys [2009-7-13 46592]
S3 hidserv;Human Interface Device Access;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 HidUsb;Microsoft HID Class Driver;C:\Windows\System32\drivers\hidusb.sys [2011-8-17 30208]
S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 HpSAMD;HpSAMD;C:\Windows\System32\drivers\HpSAMD.sys [2011-8-17 78720]
S3 iaStorV;Intel RAID Controller Windows 7;C:\Windows\System32\drivers\iaStorV.sys [2011-8-12 410496]
S3 idsvc;Windows CardSpace;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2011-8-17 856400]
S3 iirsp;iirsp;C:\Windows\System32\drivers\iirsp.sys [2009-7-13 44112]
S3 intelide;intelide;C:\Windows\System32\drivers\intelide.sys [2009-7-13 16960]
S3 intelppm;Intel Processor Driver;C:\Windows\System32\drivers\intelppm.sys [2009-7-13 62464]
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 IpFilterDriver;IP Traffic Filter Driver;C:\Windows\System32\drivers\ipfltdrv.sys [2011-8-17 82944]
S3 IPMIDRV;IPMIDRV;C:\Windows\System32\drivers\IPMIDrv.sys [2011-8-17 78848]
S3 IPNAT;IP Network Address Translator;C:\Windows\System32\drivers\ipnat.sys [2009-7-13 116224]
S3 IRENUM;IR Bus Enumerator;C:\Windows\System32\drivers\irenum.sys [2009-7-13 17920]
S3 isapnp;isapnp;C:\Windows\System32\drivers\isapnp.sys [2009-7-13 20544]
S3 iScsiPrt;iScsiPort Driver;C:\Windows\System32\drivers\msiscsi.sys [2011-8-17 273792]
S3 kbdhid;Keyboard HID Driver;C:\Windows\System32\drivers\kbdhid.sys [2011-8-17 33280]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-13 27136]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 LSI_FC;LSI_FC;C:\Windows\System32\drivers\lsi_fc.sys [2009-7-13 114752]
S3 LSI_SAS;LSI_SAS;C:\Windows\System32\drivers\lsi_sas.sys [2009-7-13 106560]
S3 LSI_SAS2;LSI_SAS2;C:\Windows\System32\drivers\lsi_sas2.sys [2009-7-13 65600]
S3 LSI_SCSI;LSI_SCSI;C:\Windows\System32\drivers\lsi_scsi.sys [2009-7-13 115776]
S3 megasas;megasas;C:\Windows\System32\drivers\megasas.sys [2009-6-10 35392]
S3 MegaSR;MegaSR;C:\Windows\System32\drivers\MegaSR.sys [2009-7-13 284736]
S3 Modem;Modem;C:\Windows\System32\drivers\modem.sys [2009-7-13 40448]
S3 mouhid;Mouse HID Driver;C:\Windows\System32\drivers\mouhid.sys [2009-7-13 31232]
S3 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\System32\drivers\mpio.sys [2011-8-17 155008]
S3 MRxDAV;WebDav Client Redirector Driver;C:\Windows\System32\drivers\mrxdav.sys [2011-8-17 140800]
S3 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\System32\drivers\msdsm.sys [2011-8-17 140672]
S3 MSDTC;Distributed Transaction Coordinator;C:\Windows\System32\msdtc.exe [2009-7-13 141824]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\Windows\System32\drivers\mshidkmdf.sys [2009-7-13 8192]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 MSKSSRV;Microsoft Streaming Service Proxy;C:\Windows\System32\drivers\mskssrv.sys [2009-7-13 11136]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;C:\Windows\System32\drivers\mspclock.sys [2009-7-13 7168]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;C:\Windows\System32\drivers\mspqm.sys [2009-7-13 6784]
S3 MsRPC;MsRPC;C:\Windows\System32\drivers\msrpc.sys [2011-8-17 366976]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;C:\Windows\System32\drivers\mstee.sys [2009-7-13 8064]
S3 MTConfig;Microsoft Input Configuration Driver;C:\Windows\System32\drivers\MTConfig.sys [2009-7-13 15360]
S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 NdisCap;NDIS Capture LightWeight Filter;C:\Windows\System32\drivers\ndiscap.sys [2009-7-13 35328]
S3 Netlogon;Netlogon;C:\Windows\System32\lsass.exe [2012-1-31 31232]
S3 nfrd960;nfrd960;C:\Windows\System32\drivers\nfrd960.sys [2009-7-13 51264]
S3 nv_agp;NVIDIA nForce AGP Bus Filter;C:\Windows\System32\drivers\NV_AGP.SYS [2009-7-13 122960]
S3 nvraid;nvraid;C:\Windows\System32\drivers\nvraid.sys [2011-8-12 148352]
S3 nvstor;nvstor;C:\Windows\System32\drivers\nvstor.sys [2011-8-12 166272]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy);C:\Windows\System32\drivers\ohci1394.sys [2009-7-13 72832]
S3 ose;Office  Source Engine;C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 149352]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Parport;Parallel port driver;C:\Windows\System32\drivers\parport.sys [2009-7-13 97280]
S3 pciide;pciide;C:\Windows\System32\drivers\pciide.sys [2009-7-13 12352]
S3 pcmcia;pcmcia;C:\Windows\System32\drivers\pcmcia.sys [2009-7-13 220752]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-13 20992]
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
S3 Processor;Processor Driver;C:\Windows\System32\drivers\processr.sys [2009-7-13 60416]
S3 ProtectedStorage;Protected Storage;C:\Windows\System32\lsass.exe [2012-1-31 31232]
S3 ql2300;ql2300;C:\Windows\System32\drivers\ql2300.sys [2009-6-10 1524816]
S3 ql40xx;ql40xx;C:\Windows\System32\drivers\ql40xx.sys [2009-7-13 128592]
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 QWAVEdrv;QWAVE driver;C:\Windows\System32\drivers\qwavedrv.sys [2009-7-13 46592]
S3 RasAcd;Remote Access Auto Connection Driver;C:\Windows\System32\drivers\rasacd.sys [2009-7-13 14848]
S3 RasAuto;Remote Access Auto Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 RasMan;Remote Access Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\Windows\System32\drivers\rdpbus.sys [2009-7-13 24064]
S3 RDPWD;RDP Winstation Driver;C:\Windows\System32\drivers\rdpwd.sys [2012-8-10 210944]
S3 RemoteRegistry;Remote Registry;C:\Windows\System32\svchost.exe -k regsvc [2009-7-13 27136]
S3 RpcLocator;Remote Procedure Call (RPC) Locator;C:\Windows\System32\Locator.exe [2009-7-13 10240]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-17 246376]
S3 sbp2port;SBP-2 Transport/Protocol Bus Driver;C:\Windows\System32\drivers\sbp2port.sys [2011-8-17 103808]
S3 SCardSvr;Smart Card;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 scfilter;Smart card PnP Class Filter Driver;C:\Windows\System32\drivers\scfilter.sys [2011-8-17 29696]
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 SDRSVC;Windows Backup;C:\Windows\System32\svchost.exe -k SDRSVC [2009-7-13 27136]
S3 seclogon;Secondary Logon;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 SensrSvc;Adaptive Brightness;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 Serenum;Serenum Filter Driver;C:\Windows\System32\drivers\serenum.sys [2009-7-13 23552]
S3 Serial;Serial;C:\Windows\System32\drivers\serial.sys [2009-7-13 94208]
S3 sermouse;Serial Mouse Driver;C:\Windows\System32\drivers\sermouse.sys [2009-7-13 26624]
S3 SessionEnv;Remote Desktop Configuration;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 sffdisk;SFF Storage Class Driver;C:\Windows\System32\drivers\sffdisk.sys [2009-7-13 14336]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\System32\drivers\sffp_mmc.sys [2009-7-13 13824]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\Windows\System32\drivers\sffp_sd.sys [2011-8-17 14336]
S3 sfloppy;High-Capacity Floppy Disk Drive;C:\Windows\System32\drivers\sfloppy.sys [2009-7-13 16896]
S3 SharedAccess;Internet Connection Sharing (ICS);C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 SiSRaid2;SiSRaid2;C:\Windows\System32\drivers\sisraid2.sys [2009-6-10 43584]
S3 SiSRaid4;SiSRaid4;C:\Windows\System32\drivers\sisraid4.sys [2009-7-13 80464]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\System32\drivers\smb.sys [2009-7-13 93184]
S3 SNMPTRAP;SNMP Trap;C:\Windows\System32\snmptrap.exe [2009-7-13 14336]
S3 sppuinotify;SPP Notification Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 SstpSvc;Secure Socket Tunneling Protocol Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 stexstor;stexstor;C:\Windows\System32\drivers\stexstor.sys [2009-7-13 24656]
S3 swprv;Microsoft Software Shadow Copy Provider;C:\Windows\System32\svchost.exe -k swprv [2009-7-13 27136]
S3 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TapiSrv;Telephony;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 TCPIP6;Microsoft IPv6 Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-2-13 1913192]
S3 TDPIPE;TDPIPE;C:\Windows\System32\drivers\tdpipe.sys [2009-7-13 15872]
S3 TDTCP;TDTCP;C:\Windows\System32\drivers\tdtcp.sys [2012-3-14 23552]
S3 TermService;Remote Desktop Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 THREADORDER;Thread Ordering Server;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\Windows\System32\drivers\tssecsrv.sys [2011-8-17 39424]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-17 59392]
S3 uagp35;Microsoft AGPv3.5 Filter;C:\Windows\System32\drivers\UAGP35.SYS [2009-7-13 64080]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\System32\drivers\ULIAGPKX.SYS [2009-7-13 64592]
S3 UmPass;Microsoft UMPass Driver;C:\Windows\System32\drivers\umpass.sys [2009-7-13 9728]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\System32\drivers\usbcir.sys [2009-7-13 100352]
S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\System32\drivers\usbprint.sys [2009-7-13 25088]
S3 usbscan;USB Scanner Driver;C:\Windows\System32\drivers\usbscan.sys [2009-7-13 41984]
S3 USBSTOR;USB Mass Storage Driver;C:\Windows\System32\drivers\USBSTOR.SYS [2011-8-12 91648]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\Windows\System32\drivers\usbuhci.sys [2011-8-12 30720]
S3 VaultSvc;Credential Manager;C:\Windows\System32\lsass.exe [2012-1-31 31232]
S3 vds;Virtual Disk;C:\Windows\System32\vds.exe [2011-8-17 533504]
S3 vga;vga;C:\Windows\System32\drivers\vgapnp.sys [2009-7-13 29184]
S3 vhdmp;vhdmp;C:\Windows\System32\drivers\vhdmp.sys [2011-8-17 215936]
S3 viaide;viaide;C:\Windows\System32\drivers\viaide.sys [2009-7-13 17488]
S3 vsmraid;vsmraid;C:\Windows\System32\drivers\vsmraid.sys [2009-6-10 161872]
S3 VSS;Volume Shadow Copy;C:\Windows\System32\VSSVC.exe [2011-8-17 1600512]
S3 W32Time;Windows Time;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\System32\drivers\wacompen.sys [2009-7-13 27776]
S3 WANARP;Remote Access IP ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2011-8-17 88576]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-9 1255736]
S3 wbengine;Block Level Backup Engine Service;C:\Windows\System32\wbengine.exe [2011-8-17 1504256]
S3 WbioSrvc;Windows Biometric Service;C:\Windows\System32\svchost.exe -k WbioSvcGroup [2009-7-13 27136]
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 WcsPlugInService;Windows Color System;C:\Windows\System32\svchost.exe -k wcssvc [2009-7-13 27136]
S3 Wd;Wd;C:\Windows\System32\drivers\wd.sys [2009-7-13 21056]
S3 WebClient;WebClient;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 Wecsvc;Windows Event Collector;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup [2009-7-13 27136]
S3 WIMMount;WIMMount;C:\Windows\System32\drivers\wimmount.sys [2009-7-13 22096]
S3 WinDefend;Windows Defender;C:\Windows\System32\svchost.exe -k secsvcs [2009-7-13 27136]
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 wmiApSrv;WMI Performance Adapter;C:\Windows\System32\wbem\WmiApSrv.exe [2009-7-13 203264]
S3 WPCSvc;Parental Controls;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
S3 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WudfPf;User Mode Driver Frameworks Platform Driver;C:\Windows\System32\drivers\WUDFPf.sys [2012-12-7 87040]
S3 WUDFRd;WUDFRd;C:\Windows\System32\drivers\WUDFRd.sys [2012-12-7 198656]
S3 wudfsvc;Windows Driver Foundation - User-mode Driver Framework;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WwanSvc;WWAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
S4 cdfs;CD/DVD File System Reader;C:\Windows\System32\drivers\cdfs.sys [2009-7-13 92160]
S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86;C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-7-13 66384]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-13 89920]
S4 crcdisk;Crcdisk Filter Driver;C:\Windows\System32\drivers\crcdisk.sys [2009-7-13 24144]
S4 Mcx2Svc;Media Center Extender Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-7-13 116560]
S4 RemoteAccess;Routing and Remote Access;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S4 udfs;udfs;C:\Windows\System32\drivers\udfs.sys [2011-8-17 328192]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
S4 ws2ifsl;Winsock IFS Driver;C:\Windows\System32\drivers\ws2ifsl.sys [2009-7-13 21504]
.
=============== File Associations ===============
.
FileExt: .bat: batfile="%1" %*
FileExt: .cmd: cmdfile="%1" %*
FileExt: .com: comfile="%1" %*
FileExt: .exe: exefile="%1" %*
FileExt: .pif: piffile="%1" %*
FileExt: .scr: scrfile="%1" /S
FileExt: .reg: regfile=regedit.exe "%1"
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .chm: chm.file="C:\Windows\hh.exe" %1
FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: AcroRD32.exe: Read="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "%1"
ShellExec: ehshell.exe: open="C:\Windows\eHome\ehshell.exe" "%1"
ShellExec: eSobi.exe: open="C:\Program Files (x86)\eSobi\eSobi2\eSobi.exe" /e "%1"
ShellExec: iexplore.exe: open="C:\Program Files\Internet Explorer\iexplore.exe" %1
ShellExec: iTunes.exe: open="C:\Program Files (x86)\iTunes\iTunes.exe" /open "%L"
ShellExec: iTunes.exe: play="C:\Program Files (x86)\iTunes\iTunes.exe" /play "%L"
ShellExec: MovieMaker.exe: Open="C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
ShellExec: mspaint.exe: edit="C:\Windows\System32\mspaint.exe" "%1"
ShellExec: notepad.exe: edit=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: notepad.exe: open=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: photoviewer.dll: open=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: photoviewer.dll: print=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: WLXPhotoViewer.dll: open="C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"
ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"
ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"
.
=============== Created Last 60 ================
.
2013-06-07 14:39:15 964552 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E3C0942-A578-4A86-BF1D-F7A2D2B064C6}\gapaengine.dll
2013-06-07 14:38:46 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EB55027F-59C4-4BF7-A714-0245E49D8AAF}\mpengine.dll
2013-06-07 14:26:06 972264 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3825F861-B411-2D7B-AC4D-FD994D2F087A}\GapaEngine.dll
2013-06-07 14:22:10 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-07 14:22:10 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 14:22:09 391168 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-06-07 14:22:08 526336 ----a-w- C:\Windows\System32\ieui.dll
2013-06-07 14:22:08 278528 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-06-07 14:22:08 217600 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-06-07 14:22:07 51712 ----a-w- C:\Windows\System32\ie4uinit.exe
2013-06-07 14:22:07 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-06-07 14:22:06 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2013-06-07 14:22:06 356352 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-06-07 14:22:05 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-07 14:22:05 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-07 14:22:05 39936 ----a-w- C:\Windows\System32\iernonce.dll
2013-06-07 14:22:05 33280 ----a-w- C:\Windows\SysWow64\iernonce.dll
2013-06-07 14:22:05 235520 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-06-07 14:22:04 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 14:22:04 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-07 14:22:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-07 14:22:04 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-07 14:22:03 603136 ----a-w- C:\Windows\System32\msfeeds.dll
2013-06-07 14:22:03 493056 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-06-07 14:22:02 2647552 ----a-w- C:\Windows\System32\iertutil.dll
2013-06-07 14:22:02 2046976 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-06-07 14:22:00 770608 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-06-07 14:21:59 775232 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2013-06-07 14:21:59 1130496 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-06-07 14:21:57 1365504 ----a-w- C:\Windows\System32\urlmon.dll
2013-06-07 14:21:56 855552 ----a-w- C:\Windows\System32\jscript.dll
2013-06-07 14:21:56 690688 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-06-07 14:21:54 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-07 14:21:54 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-07 14:21:52 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-07 14:21:52 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-07 14:21:50 53248 ----a-w- C:\Windows\System32\jsproxy.dll
2013-06-07 14:21:50 39424 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-06-07 14:21:50 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-07 14:21:48 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-06-07 14:21:44 14323712 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-06-07 14:21:35 19231232 ----a-w- C:\Windows\System32\mshtml.dll
2013-06-07 14:21:32 15404032 ----a-w- C:\Windows\System32\ieframe.dll
2013-06-07 14:21:28 13760512 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-06-07 01:23:53 9317456 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-02 00:18:03 -------- d-----w- C:\ProgramData\boost_interprocess
2013-06-01 21:48:38 -------- d-----w- C:\Users\SarahKaising\AppData\Local\Deployment
2013-06-01 21:48:38 -------- d-----w- C:\Users\SarahKaising\AppData\Local\Apps
2013-06-01 19:51:57 -------- d-----w- C:\Windows\System32\Macromed
2013-05-29 21:31:59 -------- d-----w- C:\Windows\ERUNT
2013-05-29 21:31:16 -------- d-----w- C:\JRT
2013-05-29 01:29:07 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-05-28 19:46:15 -------- d-----w- C:\Users\SarahKaising\AppData\Roaming\Malwarebytes
2013-05-28 19:45:39 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-28 19:45:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-28 19:44:38 -------- d-----w- C:\Users\SarahKaising\AppData\Local\Programs
2013-05-28 03:03:56 -------- d-----w- C:\Users\SarahKaising\AppData\Local\CrashDumps
2013-05-28 01:27:23 -------- d-----w- C:\Users\SarahKaising\AppData\Local\NPE
2013-05-28 01:27:23 -------- d-----w- C:\ProgramData\Norton
2013-05-27 23:50:11 -------- d-----w- C:\Users\SarahKaising\AppData\Local\CRE
2013-05-10 17:49:23 -------- d-----w- C:\Program Files (x86)\Coupons
2013-04-24 13:30:39 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4321A126-479D-4B9B-ADB7-B2A8D3897743}\gapaengine.dll
2013-04-23 19:01:52 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 00:29:47 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-04-10 00:29:46 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-04-10 00:29:45 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-04-10 00:29:45 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-04-10 00:29:45 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-04-10 00:29:44 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-04-10 00:29:33 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-10 00:29:29 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-10 00:29:26 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-10 00:29:24 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 00:29:24 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 00:29:23 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-10 00:29:22 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-10 00:29:22 43520 ----a-w- C:\Windows\System32\csrsrv.dll
.
==================== Find6M  ====================
.
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-22 14:05:20 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-20 14:35:25 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-03-20 14:35:24 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-03-02 01:49:24 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-02 01:49:23 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-01-20 20:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 20:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
.
============= FINISH: 10:44:07.83 ===============
 

Attached File  attach.txt   6.8KB   0 downloads

 



#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:22 AM

Posted 07 June 2013 - 12:02 PM

Please go ahead and post the other logs I've requested


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#5 redcurlyqcincy

redcurlyqcincy
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 07 June 2013 - 05:44 PM

TDSS Rootkill

 

18:40:55.0932 5744  TDSS rootkit removing tool 2.8.16.0 Mar 21 2013 15:53:02
18:40:58.0352 5744  ============================================================
18:40:58.0352 5744  Current date / time: 2013/06/07 18:40:58.0352
18:40:58.0352 5744  SystemInfo:
18:40:58.0352 5744 
18:40:58.0352 5744  OS Version: 6.1.7601 ServicePack: 1.0
18:40:58.0352 5744  Product type: Workstation
18:40:58.0352 5744  ComputerName: SARAHKAISING-PC
18:40:58.0352 5744  UserName: SarahKaising
18:40:58.0352 5744  Windows directory: C:\Windows
18:40:58.0352 5744  System windows directory: C:\Windows
18:40:58.0352 5744  Running under WOW64
18:40:58.0352 5744  Processor architecture: Intel x64
18:40:58.0352 5744  Number of processors: 2
18:40:58.0352 5744  Page size: 0x1000
18:40:58.0352 5744  Boot type: Normal boot
18:40:58.0352 5744  ============================================================
18:41:14.0975 5744  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:41:14.0985 5744  ============================================================
18:41:14.0985 5744  \Device\Harddisk0\DR0:
18:41:14.0985 5744  MBR partitions:
18:41:14.0985 5744  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
18:41:14.0985 5744  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x1B392800
18:41:14.0985 5744  ============================================================
18:41:15.0005 5744  C: <-> \Device\Harddisk0\DR0\Partition2
18:41:15.0005 5744  ============================================================
18:41:15.0005 5744  Initialize success
18:41:15.0005 5744  ============================================================
18:42:03.0231 5576  ============================================================
18:42:03.0231 5576  Scan started
18:42:03.0231 5576  Mode: Manual;
18:42:03.0231 5576  ============================================================
18:42:03.0921 5576  ================ Scan system memory ========================
18:42:03.0921 5576  System memory - ok
18:42:03.0931 5576  ================ Scan services =============================
18:42:04.0142 5576  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:42:04.0152 5576  1394ohci - ok
18:42:04.0172 5576  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:42:04.0182 5576  ACPI - ok
18:42:04.0212 5576  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:42:04.0212 5576  AcpiPmi - ok
18:42:04.0272 5576  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:42:04.0282 5576  adp94xx - ok
18:42:04.0312 5576  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:42:04.0312 5576  adpahci - ok
18:42:04.0332 5576  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:42:04.0342 5576  adpu320 - ok
18:42:04.0382 5576  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:42:04.0382 5576  AeLookupSvc - ok
18:42:04.0432 5576  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:42:04.0442 5576  AFD - ok
18:42:04.0492 5576  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:42:04.0492 5576  agp440 - ok
18:42:04.0542 5576  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:42:04.0542 5576  ALG - ok
18:42:04.0572 5576  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:42:04.0572 5576  aliide - ok
18:42:04.0612 5576  [ CF4D1EBE8FEC994A0DF69149ED27E417 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:42:04.0622 5576  AMD External Events Utility - ok
18:42:04.0662 5576  AMD FUEL Service - ok
18:42:04.0722 5576  [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
18:42:04.0722 5576  AMD Reservation Manager - ok
18:42:04.0772 5576  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:42:04.0772 5576  amdide - ok
18:42:04.0812 5576  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
18:42:04.0812 5576  amdiox64 - ok
18:42:04.0866 5576  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:42:04.0869 5576  AmdK8 - ok
18:42:05.0146 5576  [ 375AC85E1130EAA1EAEB62DDD22B0EFB ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:42:05.0376 5576  amdkmdag - ok
18:42:05.0416 5576  [ DAEB3F2BB2095B95B98BE6CEC99D02E7 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
18:42:05.0426 5576  amdkmdap - ok
18:42:05.0466 5576  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:42:05.0466 5576  AmdPPM - ok
18:42:05.0526 5576  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:42:05.0526 5576  amdsata - ok
18:42:05.0556 5576  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:42:05.0556 5576  amdsbs - ok
18:42:05.0586 5576  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:42:05.0586 5576  amdxata - ok
18:42:05.0656 5576  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:42:05.0656 5576  AppID - ok
18:42:05.0696 5576  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:42:05.0696 5576  AppIDSvc - ok
18:42:05.0726 5576  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
18:42:05.0726 5576  Appinfo - ok
18:42:05.0866 5576  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:42:05.0866 5576  Apple Mobile Device - ok
18:42:05.0916 5576  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:42:05.0916 5576  arc - ok
18:42:05.0936 5576  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:42:05.0946 5576  arcsas - ok
18:42:05.0976 5576  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:42:05.0976 5576  AsyncMac - ok
18:42:06.0046 5576  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:42:06.0046 5576  atapi - ok
18:42:06.0146 5576  [ E642491F64E58CD5BC8FB8B347DCF65F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
18:42:06.0186 5576  athr - ok
18:42:06.0256 5576  [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:42:06.0256 5576  AtiHDAudioService - ok
18:42:06.0336 5576  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:42:06.0346 5576  AudioEndpointBuilder - ok
18:42:06.0366 5576  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:42:06.0376 5576  AudioSrv - ok
18:42:06.0446 5576  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:42:06.0456 5576  AxInstSV - ok
18:42:06.0496 5576  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
18:42:06.0506 5576  b06bdrv - ok
18:42:06.0556 5576  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:42:06.0566 5576  b57nd60a - ok
18:42:06.0626 5576  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:42:06.0636 5576  BDESVC - ok
18:42:06.0646 5576  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:42:06.0646 5576  Beep - ok
18:42:06.0726 5576  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:42:06.0746 5576  BFE - ok
18:42:06.0786 5576  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
18:42:06.0796 5576  BITS - ok
18:42:06.0846 5576  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:42:06.0846 5576  blbdrive - ok
18:42:06.0926 5576  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:42:06.0926 5576  Bonjour Service - ok
18:42:06.0976 5576  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:42:06.0986 5576  bowser - ok
18:42:07.0026 5576  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:42:07.0026 5576  BrFiltLo - ok
18:42:07.0046 5576  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:42:07.0056 5576  BrFiltUp - ok
18:42:07.0086 5576  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:42:07.0086 5576  Browser - ok
18:42:07.0126 5576  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:42:07.0126 5576  Brserid - ok
18:42:07.0156 5576  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:42:07.0156 5576  BrSerWdm - ok
18:42:07.0186 5576  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:42:07.0186 5576  BrUsbMdm - ok
18:42:07.0216 5576  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:42:07.0216 5576  BrUsbSer - ok
18:42:07.0256 5576  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:42:07.0256 5576  BTHMODEM - ok
18:42:07.0306 5576  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:42:07.0316 5576  bthserv - ok
18:42:07.0336 5576  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:42:07.0336 5576  cdfs - ok
18:42:07.0406 5576  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
18:42:07.0406 5576  cdrom - ok
18:42:07.0466 5576  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:42:07.0466 5576  CertPropSvc - ok
18:42:07.0516 5576  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:42:07.0516 5576  circlass - ok
18:42:07.0556 5576  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:42:07.0556 5576  CLFS - ok
18:42:07.0646 5576  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:42:07.0646 5576  clr_optimization_v2.0.50727_32 - ok
18:42:07.0696 5576  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:42:07.0696 5576  clr_optimization_v2.0.50727_64 - ok
18:42:07.0786 5576  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:42:07.0796 5576  clr_optimization_v4.0.30319_32 - ok
18:42:07.0826 5576  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:42:07.0826 5576  clr_optimization_v4.0.30319_64 - ok
18:42:07.0876 5576  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:42:07.0876 5576  CmBatt - ok
18:42:07.0896 5576  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:42:07.0896 5576  cmdide - ok
18:42:07.0956 5576  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
18:42:07.0966 5576  CNG - ok
18:42:08.0056 5576  [ 9F005CED6A6A11AECC536FDAA17E7A04 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
18:42:08.0076 5576  CnxtHdAudService - ok
18:42:08.0116 5576  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:42:08.0116 5576  Compbatt - ok
18:42:08.0156 5576  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:42:08.0156 5576  CompositeBus - ok
18:42:08.0176 5576  COMSysApp - ok
18:42:08.0206 5576  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:42:08.0206 5576  crcdisk - ok
18:42:08.0266 5576  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:42:08.0266 5576  CryptSvc - ok
18:42:08.0416 5576  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:42:08.0426 5576  cvhsvc - ok
18:42:08.0466 5576  [ 9D0D050170D47E778B624A28C90F23DE ] CxAudMsg        C:\Windows\system32\CxAudMsg64.exe
18:42:08.0466 5576  CxAudMsg - ok
18:42:08.0546 5576  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:42:08.0566 5576  DcomLaunch - ok
18:42:08.0596 5576  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:42:08.0606 5576  defragsvc - ok
18:42:08.0656 5576  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:42:08.0656 5576  DfsC - ok
18:42:08.0726 5576  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:42:08.0736 5576  Dhcp - ok
18:42:08.0776 5576  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:42:08.0776 5576  discache - ok
18:42:08.0816 5576  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:42:08.0816 5576  Disk - ok
18:42:08.0856 5576  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:42:08.0856 5576  Dnscache - ok
18:42:08.0906 5576  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:42:08.0906 5576  dot3svc - ok
18:42:08.0936 5576  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:42:08.0946 5576  DPS - ok
18:42:08.0976 5576  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:42:08.0976 5576  drmkaud - ok
18:42:09.0067 5576  [ 53E4843E1CD3653E665DAA32241F8F8B ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
18:42:09.0077 5576  DsiWMIService - ok
18:42:09.0139 5576  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:42:09.0149 5576  DXGKrnl - ok
18:42:09.0179 5576  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:42:09.0189 5576  EapHost - ok
18:42:09.0329 5576  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
18:42:09.0369 5576  ebdrv - ok
18:42:09.0409 5576  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
18:42:09.0409 5576  EFS - ok
18:42:09.0469 5576  [ 03E6888DA1A85ACF14AC2A3C328A9E62 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
18:42:09.0469 5576  EgisTec Ticket Service - ok
18:42:09.0549 5576  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:42:09.0569 5576  ehRecvr - ok
18:42:09.0599 5576  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:42:09.0599 5576  ehSched - ok
18:42:09.0669 5576  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:42:09.0679 5576  elxstor - ok
18:42:09.0789 5576  [ 8E12D885D17EC5FA4F52D2C6E953E285 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
18:42:09.0809 5576  ePowerSvc - ok
18:42:09.0839 5576  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:42:09.0839 5576  ErrDev - ok
18:42:09.0889 5576  [ 9D8739A2A2173C9D27C499A3FC6EDA3F ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
18:42:09.0899 5576  ETD - ok
18:42:09.0959 5576  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:42:09.0969 5576  EventSystem - ok
18:42:09.0999 5576  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:42:09.0999 5576  exfat - ok
18:42:10.0043 5576  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:42:10.0053 5576  fastfat - ok
18:42:10.0113 5576  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:42:10.0123 5576  Fax - ok
18:42:10.0153 5576  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:42:10.0153 5576  fdc - ok
18:42:10.0213 5576  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:42:10.0213 5576  fdPHost - ok
18:42:10.0223 5576  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:42:10.0233 5576  FDResPub - ok
18:42:10.0253 5576  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:42:10.0263 5576  FileInfo - ok
18:42:10.0273 5576  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:42:10.0283 5576  Filetrace - ok
18:42:10.0363 5576  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:42:10.0373 5576  FLEXnet Licensing Service - ok
18:42:10.0393 5576  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:42:10.0403 5576  flpydisk - ok
18:42:10.0453 5576  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:42:10.0463 5576  FltMgr - ok
18:42:10.0553 5576  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
18:42:10.0563 5576  FontCache - ok
18:42:10.0623 5576  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:42:10.0623 5576  FontCache3.0.0.0 - ok
18:42:10.0653 5576  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:42:10.0663 5576  FsDepends - ok
18:42:10.0703 5576  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:42:10.0703 5576  Fs_Rec - ok
18:42:10.0763 5576  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:42:10.0763 5576  fvevol - ok
18:42:10.0813 5576  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:42:10.0813 5576  gagp30kx - ok
18:42:10.0903 5576  [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
18:42:10.0913 5576  GameConsoleService - ok
18:42:10.0963 5576  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:42:10.0973 5576  GEARAspiWDM - ok
18:42:11.0023 5576  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:42:11.0033 5576  gpsvc - ok
18:42:11.0123 5576  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
18:42:11.0123 5576  GREGService - ok
18:42:11.0153 5576  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:42:11.0163 5576  hcw85cir - ok
18:42:11.0203 5576  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:42:11.0213 5576  HdAudAddService - ok
18:42:11.0243 5576  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:42:11.0243 5576  HDAudBus - ok
18:42:11.0273 5576  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:42:11.0273 5576  HidBatt - ok
18:42:11.0303 5576  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:42:11.0303 5576  HidBth - ok
18:42:11.0323 5576  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:42:11.0333 5576  HidIr - ok
18:42:11.0363 5576  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
18:42:11.0363 5576  hidserv - ok
18:42:11.0423 5576  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
18:42:11.0433 5576  HidUsb - ok
18:42:11.0473 5576  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:42:11.0523 5576  hkmsvc - ok
18:42:11.0743 5576  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:42:11.0753 5576  HomeGroupListener - ok
18:42:11.0803 5576  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:42:11.0813 5576  HomeGroupProvider - ok
18:42:11.0853 5576  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:42:11.0863 5576  HpSAMD - ok
18:42:11.0933 5576  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:42:11.0943 5576  HTTP - ok
18:42:11.0983 5576  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:42:11.0983 5576  hwpolicy - ok
18:42:12.0043 5576  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:42:12.0043 5576  i8042prt - ok
18:42:12.0093 5576  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:42:12.0103 5576  iaStorV - ok
18:42:12.0163 5576  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:42:12.0183 5576  idsvc - ok
18:42:12.0213 5576  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:42:12.0213 5576  iirsp - ok
18:42:12.0273 5576  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:42:12.0283 5576  IKEEXT - ok
18:42:12.0323 5576  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:42:12.0323 5576  intelide - ok
18:42:12.0343 5576  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:42:12.0343 5576  intelppm - ok
18:42:12.0373 5576  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:42:12.0383 5576  IPBusEnum - ok
18:42:12.0423 5576  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:42:12.0423 5576  IpFilterDriver - ok
18:42:12.0493 5576  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:42:12.0503 5576  iphlpsvc - ok
18:42:12.0543 5576  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:42:12.0543 5576  IPMIDRV - ok
18:42:12.0573 5576  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:42:12.0573 5576  IPNAT - ok
18:42:12.0643 5576  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:42:12.0653 5576  iPod Service - ok
18:42:12.0683 5576  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:42:12.0683 5576  IRENUM - ok
18:42:12.0693 5576  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:42:12.0703 5576  isapnp - ok
18:42:12.0733 5576  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:42:12.0743 5576  iScsiPrt - ok
18:42:12.0793 5576  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
18:42:12.0793 5576  kbdclass - ok
18:42:12.0823 5576  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:42:12.0823 5576  kbdhid - ok
18:42:12.0853 5576  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
18:42:12.0853 5576  KeyIso - ok
18:42:12.0903 5576  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:42:12.0903 5576  KSecDD - ok
18:42:12.0923 5576  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:42:12.0923 5576  KSecPkg - ok
18:42:12.0953 5576  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:42:12.0963 5576  ksthunk - ok
18:42:13.0003 5576  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:42:13.0013 5576  KtmRm - ok
18:42:13.0053 5576  [ 0E154DA6CA9105354A07D0C576804037 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
18:42:13.0063 5576  L1C - ok
18:42:13.0133 5576  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:42:13.0143 5576  LanmanServer - ok
18:42:13.0193 5576  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:42:13.0193 5576  LanmanWorkstation - ok
18:42:13.0243 5576  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:42:13.0253 5576  lltdio - ok
18:42:13.0293 5576  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:42:13.0293 5576  lltdsvc - ok
18:42:13.0323 5576  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:42:13.0323 5576  lmhosts - ok
18:42:13.0363 5576  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:42:13.0363 5576  LSI_FC - ok
18:42:13.0403 5576  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:42:13.0403 5576  LSI_SAS - ok
18:42:13.0433 5576  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:42:13.0433 5576  LSI_SAS2 - ok
18:42:13.0453 5576  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:42:13.0463 5576  LSI_SCSI - ok
18:42:13.0483 5576  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:42:13.0483 5576  luafv - ok
18:42:13.0533 5576  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:42:13.0543 5576  Mcx2Svc - ok
18:42:13.0563 5576  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:42:13.0563 5576  megasas - ok
18:42:13.0603 5576  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:42:13.0603 5576  MegaSR - ok
18:42:13.0653 5576  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:42:13.0653 5576  MMCSS - ok
18:42:13.0683 5576  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:42:13.0683 5576  Modem - ok
18:42:13.0723 5576  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:42:13.0723 5576  monitor - ok
18:42:13.0773 5576  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
18:42:13.0773 5576  mouclass - ok
18:42:13.0813 5576  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:42:13.0813 5576  mouhid - ok
18:42:13.0853 5576  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:42:13.0853 5576  mountmgr - ok
18:42:13.0913 5576  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
18:42:13.0923 5576  MpFilter - ok
18:42:13.0963 5576  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:42:13.0973 5576  mpio - ok
18:42:14.0003 5576  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:42:14.0013 5576  mpsdrv - ok
18:42:14.0073 5576  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:42:14.0093 5576  MpsSvc - ok
18:42:14.0143 5576  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:42:14.0143 5576  MRxDAV - ok
18:42:14.0183 5576  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:42:14.0193 5576  mrxsmb - ok
18:42:14.0213 5576  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:42:14.0223 5576  mrxsmb10 - ok
18:42:14.0243 5576  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:42:14.0253 5576  mrxsmb20 - ok
18:42:14.0293 5576  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:42:14.0303 5576  msahci - ok
18:42:14.0333 5576  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:42:14.0333 5576  msdsm - ok
18:42:14.0363 5576  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:42:14.0373 5576  MSDTC - ok
18:42:14.0423 5576  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:42:14.0433 5576  Msfs - ok
18:42:14.0463 5576  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:42:14.0463 5576  mshidkmdf - ok
18:42:14.0503 5576  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:42:14.0503 5576  msisadrv - ok
18:42:14.0533 5576  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:42:14.0543 5576  MSiSCSI - ok
18:42:14.0543 5576  msiserver - ok
18:42:14.0593 5576  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:42:14.0593 5576  MSKSSRV - ok
18:42:14.0683 5576  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:42:14.0683 5576  MsMpSvc - ok
18:42:14.0703 5576  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:42:14.0703 5576  MSPCLOCK - ok
18:42:14.0753 5576  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:42:14.0753 5576  MSPQM - ok
18:42:14.0813 5576  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:42:14.0823 5576  MsRPC - ok
18:42:14.0863 5576  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:42:14.0873 5576  mssmbios - ok
18:42:14.0883 5576  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:42:14.0893 5576  MSTEE - ok
18:42:14.0903 5576  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:42:14.0903 5576  MTConfig - ok
18:42:14.0933 5576  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:42:14.0943 5576  Mup - ok
18:42:14.0973 5576  [ 9B1EAC6FAF6F37305E822F5588DC8056 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
18:42:14.0973 5576  mwlPSDFilter - ok
18:42:14.0993 5576  [ AD55C1524B296280ED9C6E0D730D35DA ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
18:42:14.0993 5576  mwlPSDNServ - ok
18:42:15.0013 5576  [ 2B599E6EC8843637BDD62E7F8F3BA201 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
18:42:15.0023 5576  mwlPSDVDisk - ok
18:42:15.0085 5576  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:42:15.0095 5576  napagent - ok
18:42:15.0155 5576  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:42:15.0155 5576  NativeWifiP - ok
18:42:15.0255 5576  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:42:15.0265 5576  NDIS - ok
18:42:15.0305 5576  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:42:15.0305 5576  NdisCap - ok
18:42:15.0345 5576  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:42:15.0345 5576  NdisTapi - ok
18:42:15.0385 5576  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:42:15.0395 5576  Ndisuio - ok
18:42:15.0435 5576  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:42:15.0435 5576  NdisWan - ok
18:42:15.0475 5576  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:42:15.0475 5576  NDProxy - ok
18:42:15.0525 5576  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:42:15.0525 5576  NetBIOS - ok
18:42:15.0565 5576  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:42:15.0575 5576  NetBT - ok
18:42:15.0595 5576  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
18:42:15.0595 5576  Netlogon - ok
18:42:15.0655 5576  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:42:15.0665 5576  Netman - ok
18:42:15.0695 5576  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:42:15.0705 5576  netprofm - ok
18:42:15.0755 5576  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:42:15.0755 5576  NetTcpPortSharing - ok
18:42:15.0805 5576  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:42:15.0815 5576  nfrd960 - ok
18:42:15.0865 5576  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:42:15.0875 5576  NisDrv - ok
18:42:15.0915 5576  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
18:42:15.0925 5576  NisSrv - ok
18:42:15.0995 5576  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:42:16.0005 5576  NlaSvc - ok
18:42:16.0135 5576  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
18:42:16.0175 5576  NOBU - ok
18:42:16.0195 5576  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:42:16.0195 5576  Npfs - ok
18:42:16.0225 5576  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:42:16.0225 5576  nsi - ok
18:42:16.0255 5576  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:42:16.0255 5576  nsiproxy - ok
18:42:16.0345 5576  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:42:16.0365 5576  Ntfs - ok
18:42:16.0445 5576  [ 8F59A2506AF43F96F5397B3C79938AE9 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
18:42:16.0675 5576  NTI IScheduleSvc - ok
18:42:16.0725 5576  [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
18:42:16.0745 5576  NTIDrvr - ok
18:42:16.0805 5576  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:42:16.0845 5576  Null - ok
18:42:17.0015 5576  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:42:17.0015 5576  nvraid - ok
18:42:17.0075 5576  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:42:17.0075 5576  nvstor - ok
18:42:17.0105 5576  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:42:17.0115 5576  nv_agp - ok
18:42:17.0135 5576  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:42:17.0135 5576  ohci1394 - ok
18:42:17.0215 5576  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:42:17.0215 5576  ose - ok
18:42:17.0425 5576  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:42:17.0515 5576  osppsvc - ok
18:42:17.0545 5576  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:42:17.0555 5576  p2pimsvc - ok
18:42:17.0595 5576  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:42:17.0605 5576  p2psvc - ok
18:42:17.0635 5576  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:42:17.0645 5576  Parport - ok
18:42:17.0685 5576  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:42:17.0685 5576  partmgr - ok
18:42:17.0715 5576  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:42:17.0715 5576  PcaSvc - ok
18:42:17.0745 5576  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:42:17.0745 5576  pci - ok
18:42:17.0775 5576  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:42:17.0775 5576  pciide - ok
18:42:17.0825 5576  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:42:17.0825 5576  pcmcia - ok
18:42:17.0845 5576  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:42:17.0845 5576  pcw - ok
18:42:17.0885 5576  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:42:17.0905 5576  PEAUTH - ok
18:42:17.0985 5576  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:42:17.0995 5576  PerfHost - ok
18:42:18.0096 5576  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:42:18.0116 5576  pla - ok
18:42:18.0166 5576  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:42:18.0176 5576  PlugPlay - ok
18:42:18.0216 5576  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:42:18.0216 5576  PNRPAutoReg - ok
18:42:18.0246 5576  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:42:18.0256 5576  PNRPsvc - ok
18:42:18.0306 5576  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:42:18.0316 5576  PolicyAgent - ok
18:42:18.0356 5576  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:42:18.0366 5576  Power - ok
18:42:18.0416 5576  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:42:18.0426 5576  PptpMiniport - ok
18:42:18.0446 5576  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:42:18.0456 5576  Processor - ok
18:42:18.0496 5576  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:42:18.0506 5576  ProfSvc - ok
18:42:18.0516 5576  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:42:18.0516 5576  ProtectedStorage - ok
18:42:18.0566 5576  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:42:18.0576 5576  Psched - ok
18:42:18.0646 5576  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:42:18.0666 5576  ql2300 - ok
18:42:18.0706 5576  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:42:18.0706 5576  ql40xx - ok
18:42:18.0736 5576  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:42:18.0746 5576  QWAVE - ok
18:42:18.0766 5576  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:42:18.0766 5576  QWAVEdrv - ok
18:42:18.0796 5576  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:42:18.0796 5576  RasAcd - ok
18:42:18.0856 5576  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:42:18.0866 5576  RasAgileVpn - ok
18:42:18.0896 5576  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:42:18.0896 5576  RasAuto - ok
18:42:18.0936 5576  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:42:18.0946 5576  Rasl2tp - ok
18:42:18.0986 5576  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:42:18.0996 5576  RasMan - ok
18:42:19.0026 5576  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:42:19.0026 5576  RasPppoe - ok
18:42:19.0066 5576  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:42:19.0066 5576  RasSstp - ok
18:42:19.0116 5576  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:42:19.0116 5576  rdbss - ok
18:42:19.0136 5576  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:42:19.0146 5576  rdpbus - ok
18:42:19.0166 5576  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:42:19.0166 5576  RDPCDD - ok
18:42:19.0216 5576  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:42:19.0216 5576  RDPENCDD - ok
18:42:19.0236 5576  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:42:19.0246 5576  RDPREFMP - ok
18:42:19.0296 5576  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:42:19.0306 5576  RDPWD - ok
18:42:19.0356 5576  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:42:19.0366 5576  rdyboost - ok
18:42:19.0396 5576  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:42:19.0406 5576  RemoteAccess - ok
18:42:19.0446 5576  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:42:19.0446 5576  RemoteRegistry - ok
18:42:19.0486 5576  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:42:19.0496 5576  RpcEptMapper - ok
18:42:19.0526 5576  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:42:19.0536 5576  RpcLocator - ok
18:42:19.0576 5576  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
18:42:19.0586 5576  RpcSs - ok
18:42:19.0648 5576  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:42:19.0648 5576  rspndr - ok
18:42:19.0708 5576  [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
18:42:19.0718 5576  RSUSBSTOR - ok
18:42:19.0738 5576  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
18:42:19.0748 5576  SamSs - ok
18:42:19.0778 5576  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:42:19.0788 5576  sbp2port - ok
18:42:19.0878 5576  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:42:19.0938 5576  SCardSvr - ok
18:42:19.0988 5576  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:42:19.0988 5576  scfilter - ok
18:42:20.0048 5576  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:42:20.0068 5576  Schedule - ok
18:42:20.0108 5576  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:42:20.0118 5576  SCPolicySvc - ok
18:42:20.0158 5576  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:42:20.0168 5576  SDRSVC - ok
18:42:20.0218 5576  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:42:20.0218 5576  secdrv - ok
18:42:20.0258 5576  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:42:20.0268 5576  seclogon - ok
18:42:20.0298 5576  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
18:42:20.0298 5576  SENS - ok
18:42:20.0338 5576  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:42:20.0338 5576  SensrSvc - ok
18:42:20.0358 5576  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:42:20.0358 5576  Serenum - ok
18:42:20.0388 5576  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:42:20.0398 5576  Serial - ok
18:42:20.0418 5576  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:42:20.0418 5576  sermouse - ok
18:42:20.0488 5576  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:42:20.0498 5576  SessionEnv - ok
18:42:20.0538 5576  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:42:20.0538 5576  sffdisk - ok
18:42:20.0558 5576  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:42:20.0568 5576  sffp_mmc - ok
18:42:20.0578 5576  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:42:20.0578 5576  sffp_sd - ok
18:42:20.0598 5576  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:42:20.0608 5576  sfloppy - ok
18:42:20.0668 5576  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
18:42:20.0678 5576  Sftfs - ok
18:42:20.0768 5576  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:42:20.0778 5576  sftlist - ok
18:42:20.0828 5576  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:42:20.0838 5576  Sftplay - ok
18:42:20.0858 5576  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:42:20.0868 5576  Sftredir - ok
18:42:20.0898 5576  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
18:42:20.0898 5576  Sftvol - ok
18:42:20.0938 5576  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:42:20.0948 5576  sftvsa - ok
18:42:21.0008 5576  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:42:21.0018 5576  SharedAccess - ok
18:42:21.0068 5576  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:42:21.0078 5576  ShellHWDetection - ok
18:42:21.0128 5576  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:42:21.0128 5576  SiSRaid2 - ok
18:42:21.0138 5576  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:42:21.0138 5576  SiSRaid4 - ok
18:42:21.0238 5576  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:42:21.0248 5576  SkypeUpdate - ok
18:42:21.0308 5576  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:42:21.0308 5576  Smb - ok
18:42:21.0368 5576  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:42:21.0368 5576  SNMPTRAP - ok
18:42:21.0388 5576  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:42:21.0388 5576  spldr - ok
18:42:21.0438 5576  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
18:42:21.0458 5576  Spooler - ok
18:42:21.0598 5576  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:42:21.0648 5576  sppsvc - ok
18:42:21.0698 5576  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:42:21.0698 5576  sppuinotify - ok
18:42:21.0748 5576  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:42:21.0758 5576  srv - ok
18:42:21.0798 5576  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:42:21.0808 5576  srv2 - ok
18:42:21.0818 5576  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:42:21.0828 5576  srvnet - ok
18:42:21.0878 5576  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:42:21.0878 5576  SSDPSRV - ok
18:42:21.0898 5576  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:42:21.0898 5576  SstpSvc - ok
18:42:21.0928 5576  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:42:21.0928 5576  stexstor - ok
18:42:21.0988 5576  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:42:21.0998 5576  stisvc - ok
18:42:22.0058 5576  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:42:22.0098 5576  swenum - ok
18:42:22.0238 5576  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:42:22.0258 5576  swprv - ok
18:42:22.0348 5576  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:42:22.0368 5576  SysMain - ok
18:42:22.0408 5576  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:42:22.0408 5576  TabletInputService - ok
18:42:22.0458 5576  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:42:22.0458 5576  TapiSrv - ok
18:42:22.0488 5576  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:42:22.0498 5576  TBS - ok
18:42:22.0588 5576  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:42:22.0618 5576  Tcpip - ok
18:42:22.0668 5576  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:42:22.0688 5576  TCPIP6 - ok
18:42:22.0748 5576  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:42:22.0748 5576  tcpipreg - ok
18:42:22.0798 5576  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:42:22.0808 5576  TDPIPE - ok
18:42:22.0848 5576  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:42:22.0848 5576  TDTCP - ok
18:42:22.0898 5576  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:42:22.0898 5576  tdx - ok
18:42:22.0938 5576  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:42:22.0948 5576  TermDD - ok
18:42:22.0998 5576  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:42:23.0008 5576  TermService - ok
18:42:23.0058 5576  [ FA5BFB71E561D279EDAE7E118435C1C9 ] TfFsMon         C:\Windows\system32\drivers\TfFsMon.sys
18:42:23.0058 5576  TfFsMon - ok
18:42:23.0108 5576  [ FA8400D74345EC4BF10E476CA0AAA2DF ] TfNetMon        C:\Windows\system32\drivers\TfNetMon.sys
18:42:23.0118 5576  TfNetMon - ok
18:42:23.0168 5576  [ F11AA1A704A4C027E5E8E0F355523834 ] TfSysMon        C:\Windows\system32\drivers\TfSysMon.sys
18:42:23.0178 5576  TfSysMon - ok
18:42:23.0198 5576  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:42:23.0208 5576  Themes - ok
18:42:23.0218 5576  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:42:23.0228 5576  THREADORDER - ok
18:42:23.0258 5576  ThreatFire - ok
18:42:23.0298 5576  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:42:23.0298 5576  TrkWks - ok
18:42:23.0368 5576  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:42:23.0368 5576  TrustedInstaller - ok
18:42:23.0398 5576  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:42:23.0408 5576  tssecsrv - ok
18:42:23.0448 5576  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:42:23.0458 5576  TsUsbFlt - ok
18:42:23.0508 5576  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:42:23.0518 5576  tunnel - ok
18:42:23.0548 5576  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:42:23.0558 5576  uagp35 - ok
18:42:23.0568 5576  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
18:42:23.0568 5576  UBHelper - ok
18:42:23.0628 5576  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:42:23.0638 5576  udfs - ok
18:42:23.0678 5576  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:42:23.0688 5576  UI0Detect - ok
18:42:23.0718 5576  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:42:23.0728 5576  uliagpkx - ok
18:42:23.0778 5576  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
18:42:23.0788 5576  umbus - ok
18:42:23.0828 5576  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:42:23.0838 5576  UmPass - ok
18:42:23.0908 5576  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
18:42:23.0918 5576  Updater Service - ok
18:42:23.0968 5576  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:42:23.0968 5576  upnphost - ok
18:42:24.0018 5576  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
18:42:24.0028 5576  USBAAPL64 - ok
18:42:24.0058 5576  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:42:24.0068 5576  usbccgp - ok
18:42:24.0118 5576  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:42:24.0118 5576  usbcir - ok
18:42:24.0148 5576  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:42:24.0148 5576  usbehci - ok
18:42:24.0178 5576  [ DC2B306861F42EEEB92EF525F4119F08 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
18:42:24.0188 5576  usbfilter - ok
18:42:24.0228 5576  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:42:24.0228 5576  usbhub - ok
18:42:24.0278 5576  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
18:42:24.0278 5576  usbohci - ok
18:42:24.0338 5576  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:42:24.0338 5576  usbprint - ok
18:42:24.0368 5576  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:42:24.0378 5576  usbscan - ok
18:42:24.0388 5576  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
18:42:24.0398 5576  USBSTOR - ok
18:42:24.0438 5576  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:42:24.0438 5576  usbuhci - ok
18:42:24.0478 5576  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
18:42:24.0488 5576  usbvideo - ok
18:42:24.0508 5576  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:42:24.0518 5576  UxSms - ok
18:42:24.0528 5576  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:42:24.0528 5576  VaultSvc - ok
18:42:24.0568 5576  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:42:24.0568 5576  vdrvroot - ok
18:42:24.0628 5576  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:42:24.0638 5576  vds - ok
18:42:24.0668 5576  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:42:24.0668 5576  vga - ok
18:42:24.0688 5576  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:42:24.0688 5576  VgaSave - ok
18:42:24.0728 5576  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:42:24.0728 5576  vhdmp - ok
18:42:24.0758 5576  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:42:24.0758 5576  viaide - ok
18:42:24.0788 5576  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:42:24.0788 5576  volmgr - ok
18:42:24.0838 5576  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:42:24.0848 5576  volmgrx - ok
18:42:24.0878 5576  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:42:24.0878 5576  volsnap - ok
18:42:24.0928 5576  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:42:24.0928 5576  vsmraid - ok
18:42:25.0008 5576  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:42:25.0038 5576  VSS - ok
18:42:25.0058 5576  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:42:25.0058 5576  vwifibus - ok
18:42:25.0088 5576  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:42:25.0098 5576  vwififlt - ok
18:42:25.0148 5576  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:42:25.0148 5576  vwifimp - ok
18:42:25.0188 5576  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:42:25.0198 5576  W32Time - ok
18:42:25.0228 5576  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:42:25.0228 5576  WacomPen - ok
18:42:25.0288 5576  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:42:25.0298 5576  WANARP - ok
18:42:25.0308 5576  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:42:25.0308 5576  Wanarpv6 - ok
18:42:25.0398 5576  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:42:25.0408 5576  WatAdminSvc - ok
18:42:25.0498 5576  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:42:25.0518 5576  wbengine - ok
18:42:25.0558 5576  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:42:25.0568 5576  WbioSrvc - ok
18:42:25.0608 5576  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:42:25.0618 5576  wcncsvc - ok
18:42:25.0638 5576  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:42:25.0648 5576  WcsPlugInService - ok
18:42:25.0668 5576  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:42:25.0678 5576  Wd - ok
18:42:25.0728 5576  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:42:25.0738 5576  Wdf01000 - ok
18:42:25.0768 5576  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:42:25.0778 5576  WdiServiceHost - ok
18:42:25.0788 5576  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:42:25.0788 5576  WdiSystemHost - ok
18:42:25.0838 5576  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:42:25.0848 5576  WebClient - ok
18:42:25.0858 5576  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:42:25.0868 5576  Wecsvc - ok
18:42:25.0898 5576  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:42:25.0898 5576  wercplsupport - ok
18:42:25.0948 5576  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:42:25.0958 5576  WerSvc - ok
18:42:25.0998 5576  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:42:25.0998 5576  WfpLwf - ok
18:42:26.0052 5576  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:42:26.0055 5576  WIMMount - ok
18:42:26.0076 5576  WinDefend - ok
18:42:26.0090 5576  WinHttpAutoProxySvc - ok
18:42:26.0160 5576  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:42:26.0170 5576  Winmgmt - ok
18:42:26.0260 5576  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:42:26.0290 5576  WinRM - ok
18:42:26.0360 5576  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:42:26.0380 5576  Wlansvc - ok
18:42:26.0430 5576  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:42:26.0440 5576  wlcrasvc - ok
18:42:26.0560 5576  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:42:26.0600 5576  wlidsvc - ok
18:42:26.0650 5576  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:42:26.0650 5576  WmiAcpi - ok
18:42:26.0680 5576  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:42:26.0690 5576  wmiApSrv - ok
18:42:26.0710 5576  WMPNetworkSvc - ok
18:42:26.0740 5576  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:42:26.0750 5576  WPCSvc - ok
18:42:26.0790 5576  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:42:26.0800 5576  WPDBusEnum - ok
18:42:26.0840 5576  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:42:26.0850 5576  ws2ifsl - ok
18:42:26.0860 5576  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
18:42:26.0870 5576  wscsvc - ok
18:42:26.0880 5576  WSearch - ok
18:42:27.0000 5576  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:42:27.0040 5576  wuauserv - ok
18:42:27.0086 5576  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:42:27.0089 5576  WudfPf - ok
18:42:27.0132 5576  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:42:27.0132 5576  WUDFRd - ok
18:42:27.0172 5576  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:42:27.0182 5576  wudfsvc - ok
18:42:27.0272 5576  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:42:27.0272 5576  WwanSvc - ok
18:42:27.0392 5576  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:42:27.0402 5576  YahooAUService - ok
18:42:27.0442 5576  ================ Scan global ===============================
18:42:27.0472 5576  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:42:27.0512 5576  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:42:27.0522 5576  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:42:27.0552 5576  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:42:27.0592 5576  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:42:27.0602 5576  [Global] - ok
18:42:27.0602 5576  ================ Scan MBR ==================================
18:42:27.0622 5576  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:42:27.0842 5576  \Device\Harddisk0\DR0 - ok
18:42:27.0842 5576  ================ Scan VBR ==================================
18:42:27.0852 5576  [ 6830B5EFE78370B00C644F3DB8F45D9A ] \Device\Harddisk0\DR0\Partition1
18:42:27.0852 5576  \Device\Harddisk0\DR0\Partition1 - ok
18:42:27.0872 5576  [ AE598392AD159608254668F2C5324335 ] \Device\Harddisk0\DR0\Partition2
18:42:27.0872 5576  \Device\Harddisk0\DR0\Partition2 - ok
18:42:27.0882 5576  ============================================================
18:42:27.0882 5576  Scan finished
18:42:27.0882 5576  ============================================================
18:42:27.0902 2456  Detected object count: 0
18:42:27.0902 2456  Actual detected object count: 0
18:42:36.0437 2748  Deinitialize success
 

more to come...........



#6 redcurlyqcincy

redcurlyqcincy
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 07 June 2013 - 06:27 PM

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.07.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
SarahKaising :: SARAHKAISING-PC [administrator]

6/7/2013 6:56:29 PM
mbar-log-2013-06-07 (18-56-29).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 243279
Time elapsed: 20 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\SarahKaising\AppData\Local\Temp\oi_JNmh1kCk32\chrome_search.exe (Trojan.Agent) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16576

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 4004409344, free: 1735532544

Downloaded database version: v2013.06.07.10
Downloaded database version: v2013.05.22.01
Initializing...
------------ Kernel report ------------
     06/07/2013 18:56:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\system32\drivers\TfFsMon.sys
\SystemRoot\system32\drivers\TfSysMon.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\??\C:\Windows\system32\drivers\TfNetMon.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80042e9350
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800416b060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80042e9350, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80042ea040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80042e9350, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800416b060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DFA1FF46

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 31457280

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 31459328  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 31664128  Numsec = 456730624

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Infected: c:\Users\SarahKaising\AppData\Local\Temp\oi_JNmh1kCk32\chrome_search.exe --> [Trojan.Agent]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_31459328_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished



#7 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:22 AM

Posted 07 June 2013 - 08:25 PM

Do you have the ComboFix log as well?


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#8 redcurlyqcincy

redcurlyqcincy
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 08 June 2013 - 03:33 PM

ComboFix 13-06-08.01 - SarahKaising 06/08/2013  11:27:05.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3819.1788 [GMT -4:00]
Running from: c:\users\SarahKaising\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\SARAHK~1\AppData\Local\Temp\A7B.tmp
c:\users\SarahKaising\AppData\Local\Temp\A7B.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-08 to 2013-06-08  )))))))))))))))))))))))))))))))
.
.
2013-06-08 15:47 . 2013-06-08 15:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-07 22:51 . 2013-06-07 22:51 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-06-07 14:21 . 2013-04-05 07:53 775232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-06-02 00:18 . 2013-06-08 14:55 -------- d-----w- c:\programdata\boost_interprocess
2013-06-01 21:48 . 2013-06-01 23:08 -------- d-----w- c:\users\SarahKaising\AppData\Local\Deployment
2013-06-01 21:48 . 2013-06-01 21:48 -------- d-----w- c:\users\SarahKaising\AppData\Local\Apps
2013-06-01 19:51 . 2013-06-01 19:51 -------- d-----w- c:\windows\system32\Macromed
2013-05-29 21:31 . 2013-05-29 21:31 -------- d-----w- c:\windows\ERUNT
2013-05-29 21:31 . 2013-06-07 01:21 -------- d-----w- C:\JRT
2013-05-28 19:46 . 2013-05-28 19:46 -------- d-----w- c:\users\SarahKaising\AppData\Roaming\Malwarebytes
2013-05-28 19:45 . 2013-05-28 19:45 -------- d-----w- c:\programdata\Malwarebytes
2013-05-28 19:45 . 2013-06-07 01:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-28 19:44 . 2013-05-28 19:44 -------- d-----w- c:\users\SarahKaising\AppData\Local\Programs
2013-05-28 03:03 . 2013-06-04 19:37 -------- d-----w- c:\users\SarahKaising\AppData\Local\CrashDumps
2013-05-28 01:27 . 2013-05-28 01:39 -------- d-----w- c:\users\SarahKaising\AppData\Local\NPE
2013-05-28 01:27 . 2013-05-28 01:28 -------- d-----w- c:\programdata\Norton
2013-05-27 23:50 . 2013-05-27 23:50 -------- d-----w- c:\users\SarahKaising\AppData\Local\CRE
2013-05-10 17:49 . 2013-06-07 01:21 -------- d-----w- c:\program files (x86)\Coupons
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-10 02:36 . 2010-06-24 19:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2011-09-16 22:59 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-12 14:45 . 2013-04-23 19:01 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-22 14:09 . 2013-03-22 14:09 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-22 14:09 . 2013-03-22 14:09 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-22 14:09 . 2013-03-22 14:09 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-22 14:09 . 2013-03-22 14:09 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-22 14:09 . 2013-03-22 14:09 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-22 14:09 . 2013-03-22 14:09 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-22 14:09 . 2013-03-22 14:09 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-22 14:09 . 2013-03-22 14:09 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-22 14:09 . 2013-03-22 14:09 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-22 14:09 . 2013-03-22 14:09 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-22 14:09 . 2013-03-22 14:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-22 14:09 . 2013-03-22 14:09 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-22 14:09 . 2013-03-22 14:09 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-22 14:09 . 2013-03-22 14:09 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-22 14:09 . 2013-03-22 14:09 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-22 14:09 . 2013-03-22 14:09 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-22 14:09 . 2013-03-22 14:09 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-22 14:09 . 2013-03-22 14:09 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-22 14:09 . 2013-03-22 14:09 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-22 14:09 . 2013-03-22 14:09 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-22 14:09 . 2013-03-22 14:09 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-22 14:09 . 2013-03-22 14:09 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-22 14:09 . 2013-03-22 14:09 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-22 14:09 . 2013-03-22 14:09 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-22 14:09 . 2013-03-22 14:09 441856 ----a-w- c:\windows\system32\html.iec
2013-03-22 14:09 . 2013-03-22 14:09 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-22 14:09 . 2013-03-22 14:09 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-22 14:09 . 2013-03-22 14:09 235008 ----a-w- c:\windows\system32\url.dll
2013-03-22 14:09 . 2013-03-22 14:09 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-22 14:09 . 2013-03-22 14:09 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-22 14:09 . 2013-03-22 14:09 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-22 14:09 . 2013-03-22 14:09 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-22 14:09 . 2013-03-22 14:09 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-22 14:09 . 2013-03-22 14:09 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-22 14:09 . 2013-03-22 14:09 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-22 14:09 . 2013-03-22 14:09 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-22 14:09 . 2013-03-22 14:09 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-22 14:09 . 2013-03-22 14:09 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-22 14:09 . 2013-03-22 14:09 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-22 14:09 . 2013-03-22 14:09 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-22 14:09 . 2013-03-22 14:09 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-22 14:09 . 2013-03-22 14:09 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-22 14:09 . 2013-03-22 14:09 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-22 14:09 . 2013-03-22 14:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-22 14:09 . 2013-03-22 14:09 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-22 14:09 . 2013-03-22 14:09 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-22 14:09 . 2013-03-22 14:09 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-22 14:09 . 2013-03-22 14:09 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-22 14:09 . 2013-03-22 14:09 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-22 14:05 . 2013-03-22 14:05 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-22 14:05 . 2013-03-22 14:05 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-22 14:05 . 2013-03-22 14:05 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-22 14:05 . 2013-03-22 14:05 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-22 14:05 . 2013-03-22 14:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-22 14:05 . 2013-03-22 14:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-22 14:05 . 2013-03-22 14:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-22 14:05 . 2013-03-22 14:05 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-22 14:05 . 2013-03-22 14:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-22 14:05 . 2013-03-22 14:05 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-22 14:05 . 2013-03-22 14:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-22 14:05 . 2013-03-22 14:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-22 14:05 . 2013-03-22 14:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-22 14:05 . 2013-03-22 14:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-22 14:05 . 2013-03-22 14:05 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-22 14:05 . 2013-03-22 14:05 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-22 14:05 . 2013-03-22 14:05 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-03-22 14:05 . 2013-03-22 14:05 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-22 14:05 . 2013-03-22 14:05 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-22 14:05 . 2013-03-22 14:05 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-22 14:05 . 2013-03-22 14:05 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-03-22 14:05 . 2013-03-22 14:05 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-03-22 14:05 . 2013-03-22 14:05 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-03-22 14:05 . 2013-03-22 14:05 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-03-22 14:05 . 2013-03-22 14:05 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-22 14:05 . 2013-03-22 14:05 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-03-22 14:05 . 2013-03-22 14:05 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-22 14:05 . 2013-03-22 14:05 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-03-22 14:05 . 2013-03-22 14:05 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-03-22 14:05 . 2013-03-22 14:05 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-03-22 14:05 . 2013-03-22 14:05 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-03-22 14:05 . 2013-03-22 14:05 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-03-22 14:05 . 2013-03-22 14:05 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-03-22 14:05 . 2013-03-22 14:05 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-03-22 14:05 . 2013-03-22 14:05 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-03-22 14:05 . 2013-03-22 14:05 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-03-22 14:05 . 2013-03-22 14:05 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-03-22 14:05 . 2013-03-22 14:05 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-03-22 14:05 . 2013-03-22 14:05 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-03-22 14:05 . 2013-03-22 14:05 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-03-22 14:05 . 2013-03-22 14:05 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-03-22 14:05 . 2013-03-22 14:05 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-03-22 14:05 . 2013-03-22 14:05 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-03-22 14:05 . 2013-03-22 14:05 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-03-22 14:05 . 2013-03-22 14:05 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-22 14:05 . 2013-03-22 14:05 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-03-22 14:05 . 2013-03-22 14:05 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-03-22 14:05 . 2013-03-22 14:05 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\SarahKaising\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-11 138096]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Spotify Web Helper"="c:\users\SarahKaising\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-04 1105408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Spotify"="c:\users\SarahKaising\AppData\Roaming\Spotify\Spotify.exe" [2013-05-04 4573184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 201584]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2010-11-12 296768]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-12-31 1029200]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 336384]
"MDS_Menu"="c:\program files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2010-12-10 177448]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2011-02-22 378128]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys;c:\windows\SYSNATIVE\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys;c:\windows\SYSNATIVE\drivers\TfSysMon.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys;c:\windows\SYSNATIVE\drivers\TfNetMon.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3726318915-3219820487-2007679332-1001Core.job
- c:\users\SarahKaising\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-02 02:02]
.
2013-06-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3726318915-3219820487-2007679332-1001UA.job
- c:\users\SarahKaising\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-02 02:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-29 860040]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.200.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ThreatFire\TFService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2013-06-08  12:07:41 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-08 16:07
.
Pre-Run: 167,209,312,256 bytes free
Post-Run: 167,361,880,064 bytes free
.
- - End Of File - - 22A1BE9B7975D1D54D2BB614AE26ECDF
 

 

When I downloaded combofix, ran it, and rebooted it, everything on my computer was messed up. I tried to open internet explorer, chrome, anything else and it told me that some sort of mistake happened, and that it was shutting it down. I shut the computer down, and when I turned it back on again, the things that shut down where deleted from my pc, and the internet started to work again, but very, very slowly. While I was doing the Combofix, multiple things popped up like security notifications and prompts to delete certain security programs. The overall PC seems to be working slower than before. Not an improvement.



#9 redcurlyqcincy

redcurlyqcincy
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 08 June 2013 - 03:42 PM

The only reason I can post on here right now is because a box popped up and said that this is a secure internet connection. Every time I try to navigate away from that it says it is insecure and slows to a crawl so that I never get there. PLEASE HELP. It is worse than before.



#10 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:22 AM

Posted 08 June 2013 - 03:46 PM

When I downloaded combofix, ran it, and rebooted it, everything on my computer was messed up. I tried to open internet explorer, chrome, anything else and it told me that some sort of mistake happened, and that it was shutting it down. I shut the computer down, and when I turned it back on again, the things that shut down where deleted from my pc, and the internet started to work again, but very, very slowly. While I was doing the Combofix, multiple things popped up like security notifications and prompts to delete certain security programs. The overall PC seems to be working slower than before. Not an improvement.

If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

 

Juding by your log, ComboFix didn't delete or modify anything that would have caused your peformance to get worse.

 

Let's take a deeper look at what malware may be on your system:

 

----------Step 1----------------
We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Run Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

----------Step 2----------------
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


----------Step 3----------------
Please post the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#11 redcurlyqcincy

redcurlyqcincy
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 08 June 2013 - 04:08 PM

OTL logfile created on: 6/8/2013 4:51:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\SarahKaising\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.73 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 54.05% Memory free
7.46 Gb Paging File | 5.58 Gb Available in Paging File | 74.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.79 Gb Total Space | 155.78 Gb Free Space | 71.53% Space Free | Partition Type: NTFS
 
Computer Name: SARAHKAISING-PC | User Name: SarahKaising | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/08 16:50:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SarahKaising\Desktop\OTL.exe
PRC - [2013/05/04 00:15:42 | 004,573,184 | ---- | M] (Spotify Ltd) -- C:\Users\SarahKaising\AppData\Roaming\Spotify\spotify.exe
PRC - [2013/05/04 00:15:21 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\SarahKaising\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
PRC - [2010/12/31 08:05:26 | 001,029,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/12/31 08:05:26 | 000,310,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/12/31 08:05:26 | 000,289,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/12/23 18:46:44 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2010/12/23 18:46:40 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2010/12/10 02:25:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2010/11/11 21:21:52 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/11/11 21:21:36 | 000,296,768 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/09/27 23:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2010/09/17 20:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/09/17 20:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/05/04 00:15:22 | 024,985,600 | ---- | M] () -- C:\Users\SarahKaising\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/23 18:46:40 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2010/12/23 18:46:38 | 000,210,312 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2010/11/11 21:22:22 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/12/16 19:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010/11/18 20:14:36 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/11/09 09:55:50 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/29 14:22:12 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/17 09:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2011/02/02 02:24:38 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/31 08:05:26 | 000,310,864 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/11/11 21:21:52 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/09/27 22:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/06/01 19:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/03 19:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/07 18:51:33 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 13:57:58 | 000,074,824 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2011/02/22 13:57:56 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2011/02/22 13:57:54 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2011/01/17 20:02:58 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/01/17 20:02:58 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/01/17 20:02:58 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/01/11 03:01:32 | 001,495,680 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/16 19:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/12 02:23:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/09 10:34:04 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/09 09:18:54 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/27 03:24:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/07/08 23:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/06/17 05:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/11 06:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/28 16:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/04/19 22:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010/02/18 13:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3726318915-3219820487-2007679332-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKU\S-1-5-21-3726318915-3219820487-2007679332-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3726318915-3219820487-2007679332-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_enUS450
IE - HKU\S-1-5-21-3726318915-3219820487-2007679332-1001\..\SearchScopes\{85270C95-CCC6-4432-805C-4C32B33B54C2}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=291C51E7-C175-4D4B-886D-E6779AE11A20&apn_sauid=5E5E8A49-948B-4312-9749-259FF90CB145
IE - HKU\S-1-5-21-3726318915-3219820487-2007679332-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3726318915-3219820487-2007679332-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\SarahKaising\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2013/01/08 10:34:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins
 
[2012/09/04 13:09:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SarahKaising\AppData\Roaming\Mozilla\Extensions
[2012/09/04 13:09:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SarahKaising\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2012/09/04 13:09:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SarahKaising\AppData\Roaming\Mozilla\Sunbird\Profiles\daejwyju.default\extensions
 
O1 HOSTS File: ([2013/06/08 11:59:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3726318915-3219820487-2007679332-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKU\S-1-5-21-3726318915-3219820487-2007679332-1001..\Run: [Facebook Update] C:\Users\SarahKaising\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3726318915-3219820487-2007679332-1001..\Run: [Spotify] C:\Users\SarahKaising\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3726318915-3219820487-2007679332-1001..\Run: [Spotify Web Helper] C:\Users\SarahKaising\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3726318915-3219820487-2007679332-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3726318915-3219820487-2007679332-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.200.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE75096F-60FB-47B7-806A-11C9470E2DC3}: DhcpNameServer = 192.168.200.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/08 16:50:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\SarahKaising\Desktop\OTL.exe
[2013/06/08 16:22:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/08 11:21:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/08 11:21:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/08 11:21:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/08 11:14:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/08 11:02:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/06/08 11:01:44 | 005,078,669 | R--- | C] (Swearware) -- C:\Users\SarahKaising\Desktop\ComboFix.exe
[2013/06/07 18:49:50 | 000,000,000 | ---D | C] -- C:\Users\SarahKaising\Documents\mbar-1.06.0.1003 (1)
[2013/06/07 18:47:12 | 000,000,000 | ---D | C] -- C:\Users\SarahKaising\Documents\mbar-1.06.0.1003
[2013/06/07 18:28:59 | 002,239,840 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\SarahKaising\Desktop\tdsskiller.exe
[2013/06/07 10:22:09 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/07 10:22:08 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/07 10:22:07 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/06/07 10:22:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/06/07 10:22:05 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/06/07 10:22:05 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/06/07 10:22:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/06/07 10:22:04 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/06/07 10:22:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/06/07 10:22:04 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/06/07 10:22:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/07 10:22:03 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/07 10:21:56 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/07 10:21:56 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/07 10:21:54 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/01 20:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/06/01 17:48:38 | 000,000,000 | ---D | C] -- C:\Users\SarahKaising\AppData\Local\Deployment
[2013/06/01 17:48:38 | 000,000,000 | ---D | C] -- C:\Users\SarahKaising\AppData\Local\Apps
[2013/06/01 16:04:11 | 000,000,000 | ---D | C] -- C:\Users\SarahKaising\Documents\JavaRa-1.16-16-12-11
[2013/06/01 15:51:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/05/29 17:31:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/29 17:31:16 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/28 21:25:30 | 000,000,000 | ---D | C] -- C:\Users\SarahKaising\Desktop\mbar-1.06.0.1003
[2013/05/28 15:46:15 | 000,000,000 | ---D | C] -- C:\Users\SarahKaising\AppData\Roaming\Malwarebytes
[2013/05/28 15:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/28 15:45:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/05/28 15:44:38 | 000,000,000 | ---D | C] -- C:\Users\SarahKaising\AppData\Local\Programs
[2013/05/27 23:03:56 | 000,000,000 | ---D | C] -- C:\Users\SarahKaising\AppData\Local\CrashDumps
[2013/05/27 21:27:23 | 000,000,000 | ---D | C] -- C:\Users\SarahKaising\AppData\Local\NPE
[2013/05/27 21:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/05/27 19:50:11 | 000,000,000 | ---D | C] -- C:\Users\SarahKaising\AppData\Local\CRE
[2013/05/10 13:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2013/05/10 13:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/08 16:50:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SarahKaising\Desktop\OTL.exe
[2013/06/08 16:28:50 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/08 16:28:50 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/08 16:21:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/08 16:20:57 | 3003,305,984 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/08 11:59:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/08 11:20:25 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/06/08 11:03:43 | 000,637,496 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/08 11:03:43 | 000,111,354 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/08 11:03:42 | 000,759,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/08 11:01:49 | 005,078,669 | R--- | M] (Swearware) -- C:\Users\SarahKaising\Desktop\ComboFix.exe
[2013/06/07 19:08:02 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3726318915-3219820487-2007679332-1001UA.job
[2013/06/07 18:51:33 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/06/07 18:29:00 | 002,239,840 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\SarahKaising\Desktop\tdsskiller.exe
[2013/06/06 22:07:00 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3726318915-3219820487-2007679332-1001Core.job
[2013/06/01 17:30:28 | 000,122,629 | ---- | M] () -- C:\Users\SarahKaising\Documents\bookmarks_6_1_13.html
[2013/05/28 16:20:10 | 013,169,742 | ---- | M] () -- C:\Users\SarahKaising\Desktop\mbar-1.06.0.1003.zip
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/08 11:21:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/08 11:21:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/08 11:21:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/08 11:21:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/08 11:21:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/07 18:51:33 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/06/01 17:30:27 | 000,122,629 | ---- | C] () -- C:\Users\SarahKaising\Documents\bookmarks_6_1_13.html
[2013/05/28 16:19:37 | 013,169,742 | ---- | C] () -- C:\Users\SarahKaising\Desktop\mbar-1.06.0.1003.zip
[2011/08/05 22:53:09 | 000,762,316 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

 

OTL Extras logfile created on: 6/8/2013 4:51:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\SarahKaising\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.73 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 54.05% Memory free
7.46 Gb Paging File | 5.58 Gb Available in Paging File | 74.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.79 Gb Total Space | 155.78 Gb Free Space | 71.53% Space Free | Partition Type: NTFS
 
Computer Name: SARAHKAISING-PC | User Name: SarahKaising | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C6F70A4-BE59-4A39-B954-C1863CA9F4E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1700ECD6-4E33-410D-A757-87FD54768B81}" = lport=445 | protocol=6 | dir=in | app=system |
"{17502D08-CAFA-4048-BC70-F5FB40811ABB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1B40B733-69AE-4E3E-B5E6-D433BEA74667}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{210F8B84-BC03-4AC7-8FAA-A0043731F7AA}" = lport=139 | protocol=6 | dir=in | app=system |
"{46D5FF39-ACF4-4931-925B-22B770EBA7DA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E806000-445C-4DC2-AE5A-4A90F85A93F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{539475C1-5D11-446F-AECB-42D6837F7DDC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{542F1BAD-37CC-4EF4-A859-54B4944816DE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{56E6C353-063F-4C7C-99C9-16733E7CA5D8}" = rport=137 | protocol=17 | dir=out | app=system |
"{58461E62-90E7-4D5B-81B1-2889D3F3D069}" = rport=139 | protocol=6 | dir=out | app=system |
"{5D72AB86-0219-47ED-BEC7-194835DF5263}" = rport=10243 | protocol=6 | dir=out | app=system |
"{68B13338-E971-4E5B-9CD7-F1821299CF49}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{70C25E18-E949-4750-85DC-AB629D949888}" = rport=445 | protocol=6 | dir=out | app=system |
"{9DBFE4E6-B21F-432A-A289-BCBCD73DDC4C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AAD167FA-A3F8-4D25-B734-ECDCE981D6A6}" = lport=138 | protocol=17 | dir=in | app=system |
"{AC3F4FE1-90FD-4431-803A-42DD0CBE7E8F}" = rport=138 | protocol=17 | dir=out | app=system |
"{ACD82749-0E55-4A0D-BD01-75B65F0C9144}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B45E4F23-B32A-4543-BF5F-B309E8A3321F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C906EDFE-6A03-4E1F-821F-A47C5ADBE70F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D72776EE-9063-48AD-B461-88B456CCA3D7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DE86B2FB-E231-4701-940A-9957635CE209}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DEF706AD-9951-42C1-B1D1-F62883B006A5}" = lport=137 | protocol=17 | dir=in | app=system |
"{EF538025-EEAB-4F61-AC5B-5C2E8E1D0CD4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FF6708A2-9336-4083-A39E-82941C9DBB22}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1389E9BC-39AE-475F-9124-0BF04D6A38AB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{13D0F80D-4615-456E-85EE-572C76EF6614}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1536D170-2D82-480D-A323-6892F84BD96E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1E5BF4BB-F114-4D17-B6AB-B0DFD59C699F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25BE4489-C78E-4EFC-8E97-C69CE11B6375}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe |
"{28EC3C1F-9696-4E16-9AA6-DF0A49FA2B8A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
"{360E61AA-DC88-48E5-B741-A95D0A591968}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe |
"{3BBAE88F-74AE-44BC-8F1E-B8EBBBD7A0D0}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe |
"{48130314-BEAC-4A0D-8FD4-CA3194FA807B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4CA1EE7D-B918-44C5-B052-D37E4CA6DFE7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4D585E9E-6DA9-4D85-9499-A73A207D2F4B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5216CEB0-860C-4537-96B8-45F856AD59D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5B9DBE77-F944-4D58-8579-C7DCE38F8198}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F7B396E-F302-4ABE-9D73-8ECF361434CF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6AD47C5C-7170-43A2-979B-2BB675F4688F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{78FA0220-90A9-4579-B711-E0DF3D440BAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7BABF4A9-5534-4EA8-A8FF-D6C4DF17B232}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7CF02625-B1A0-4471-BBDD-9FC4B16EF6FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F9A1870-9231-432F-AD1E-4BB0A9D04BB8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{85EC766A-724B-43F7-B869-CCC139AD8D48}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{878033F5-F4E1-4F3A-99CC-A10CDEE7D8F5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8FF3C087-311D-433A-9741-38756AF570E5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{907E67D8-5F18-421C-B0CE-C06727F486D3}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{9179B4FD-EC57-4F1F-BD37-75AB1C2D7998}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{99DC7966-3A04-4107-BC95-7F00F9890BC0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9A71F099-4CBA-4B0C-818A-3225C854EEB5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A3EC634F-A1EB-476D-8424-5F17BF323604}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A3F13D24-314F-45BA-B516-B88218B03550}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A4F59E8A-30A1-4219-A89A-3F0E1E37A08A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ACC08CDD-6477-449C-9813-604234AD517F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE54173B-D59F-4494-8BCD-42BB982C23F9}" = dir=in | app=c:\users\sarahkaising\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{BDD6B312-3559-43C0-A2D2-98E6F968D846}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C3AD1969-F7CA-4EBC-BA29-353AB5619F85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E4D93AAE-0C08-4D84-8E97-E6247D1CC037}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F08B50EE-8ED1-49C0-A975-087F5DCCD44B}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe |
"{F4530AFD-3592-4602-8F56-4C89331C3C8F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F4F49B31-CA16-47CA-9C0C-E295F767FD0C}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe |
"{F682E354-B6AE-4AEC-BF8E-937BE3964546}" = protocol=6 | dir=out | app=system |
"{FC80BE71-EA20-467A-9AC2-2BBFE2678BFF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF46F6B0-7370-458F-8C79-AF428F014A3C}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\clml\clmlsvc.exe |
"TCP Query User{86F658FD-638E-48DB-AAC6-14A39D62FAE2}C:\users\sarahkaising\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\sarahkaising\appdata\roaming\spotify\spotify.exe |
"TCP Query User{96A296C5-F9BD-4ED1-B7E7-EF940841AFFF}C:\users\sarahkaising\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\sarahkaising\appdata\roaming\spotify\spotify.exe |
"UDP Query User{37002D9A-0906-4935-AE25-828E14D6989B}C:\users\sarahkaising\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\sarahkaising\appdata\roaming\spotify\spotify.exe |
"UDP Query User{AC91EAFA-FAA3-4DC0-850E-A920E9EB99FC}C:\users\sarahkaising\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\sarahkaising\appdata\roaming\spotify\spotify.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{4F125E8B-3B58-B80D-51E5-4FD110D1EF58}" = ATI Catalyst Install Manager
"{56D8EE9D-5411-4DEE-6CFB-C720A07FDCAB}" = ccc-utility64
"{5850E3A0-1096-5C2D-C296-D9C2B00E8855}" = AMD Fuel
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE24C28A-6BE1-5138-7CC7-854E9EB3757C}" = WMV9/VC-1 Video Playback
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-X64 8.0.6.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{0959BCF5-05D5-9F2B-0965-1A27A533C492}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{1292DD8E-474E-7D7C-5FF9-B4A7639D435A}" = CCC Help Czech
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2D234FAE-7FE2-5002-2B63-8CDEA2BD0B60}" = CCC Help Hungarian
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35168310-7EE6-AD4E-84F3-73960642561C}" = Catalyst Control Center Localization All
"{366234D5-16FC-9EA2-5881-08B8CC44D36D}" = CCC Help Greek
"{37AAE8BF-DC98-1937-CDE9-9CE61833A252}" = CCC Help Japanese
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3A915C0E-0168-0E43-B5A4-949136DF0C33}" = Catalyst Control Center Profiles Mobile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{45CBA375-6ECC-EA3C-5EC3-E06A16DFD9A8}" = CCC Help Thai
"{477878A3-24BC-98D5-B447-417E4FF30218}" = CCC Help Korean
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaEspresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4EF87BA4-A1C8-818D-81B4-A211B8D817C7}" = CCC Help Portuguese
"{508457D2-6156-EE57-2F7D-8DCB90B2BCF2}" = CCC Help Russian
"{52D36E31-AE4A-8E99-8B6B-F04A306AC4E7}" = CCC Help Chinese Standard
"{54D986DF-0B7F-244D-9A36-A52CF36D8633}" = CCC Help Norwegian
"{5A4D2D53-D233-4FAE-FB7D-9101B46C9F53}" = CCC Help Italian
"{5A8EBCAE-71F2-F101-E86E-8E128A47401C}" = CCC Help French
"{5D43581B-77CC-CA01-5D4F-34215870EBE8}" = CCC Help Swedish
"{624B8C52-419F-48BF-704F-0DE2BEC1E323}" = Catalyst Control Center InstallProxy
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FDDD338-24AD-E75E-E0A7-82CDAE803378}" = CCC Help Danish
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{823FB107-94F5-405C-8B3D-6F6E66C3A310}" = Catalyst Control Center - Branding
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{903E5724-3250-163F-017F-33030AAEA16B}" = CCC Help Spanish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C0E3DA8-408A-39D3-855D-3440E38F3D83}" = ccc-core-static
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9AED59-2E4B-C3BB-D036-9392A3898E20}" = CCC Help English
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CABA6C97-8680-D8C4-7DAA-A8D1CC230370}" = Catalyst Control Center Graphics Previews Common
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB9AA311-9119-5466-BE82-6CD37304FE42}" = CCC Help Dutch
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E15555E9-386B-B748-7C94-4F2591ADCB63}" = CCC Help Chinese Traditional
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F5FCABF0-E2AF-6A70-3971-67C8B1310480}" = CCC Help Finnish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEE720F0-7A20-A61E-D56B-90DB02655B78}" = CCC Help German
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Acer Game Console" = Acer Game Console
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Coupon Printer for Windows5.0.0.2" = Coupon Printer for Windows
"Digital Editions" = Adobe Digital Editions
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WT088295" = Agatha Christie - Death on the Nile
"WT088300" = Bejeweled 2 Deluxe
"WT088310" = Build-a-lot 2
"WT088312" = Chuzzle Deluxe
"WT088318" = Diner Dash 2 Restaurant Rescue
"WT088350" = Jewel Quest Solitaire 2
"WT088364" = Plants vs. Zombies
"WT088373" = Blackhawk Striker 2
"WT088393" = Dora's Carnival Adventure
"WT088413" = FATE
"WT088445" = John Deere Drive Green
"WT088449" = Penguins!
"WT088453" = Polar Bowler
"WT088457" = Polar Golfer
"WT088517" = Zuma's Revenge
"WT088553" = Virtual Villagers 4 - The Tree of Life
"WT088649" = 18 Wheels of Steel - American Long Haul
"WT088653" = Jewel Quest - Heritage
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3726318915-3219820487-2007679332-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/7/2013 6:17:47 PM | Computer Name = SarahKaising-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 25671338
 
Error - 6/7/2013 7:27:44 PM | Computer Name = SarahKaising-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/7/2013 7:27:44 PM | Computer Name = SarahKaising-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3152
 
Error - 6/7/2013 7:27:44 PM | Computer Name = SarahKaising-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3152
 
Error - 6/7/2013 7:27:46 PM | Computer Name = SarahKaising-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/7/2013 7:27:46 PM | Computer Name = SarahKaising-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4649
 
Error - 6/7/2013 7:27:46 PM | Computer Name = SarahKaising-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4649
 
Error - 6/8/2013 12:01:02 PM | Computer Name = SarahKaising-PC | Source = CVHSVC | ID = 100
Description = Information only.  (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
 DownloadLatest Failed: There are currently no active network connections. Background
 Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 
Error - 6/8/2013 4:37:06 PM | Computer Name = SarahKaising-PC | Source = Application Virtualization Client | ID = 5009
Description = {hap=12:app=Microsoft Word Starter 2010 9014006604090000:tid=CD8:usr=SarahKaising}
The
 Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.6137.5001.sft'
 (rc 16001E0A-000001D1, original rc 16001E0A-000001D1).
 
Error - 6/8/2013 4:37:07 PM | Computer Name = SarahKaising-PC | Source = Application Virtualization Client | ID = 3008
Description = {hap=12:app=Microsoft Word Starter 2010 9014006604090000:tid=CD8:usr=SarahKaising}
The
 client was unable to connect to an Application Virtualization Server (rc 16001E0A-000001D1)
 
[ System Events ]
Error - 6/8/2013 11:08:37 AM | Computer Name = SarahKaising-PC | Source = Microsoft Antimalware | ID = 2001
Description =
 
Error - 6/8/2013 11:38:09 AM | Computer Name = SarahKaising-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 6/8/2013 11:46:17 AM | Computer Name = SarahKaising-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
 with this system. Please contact your software vendor for a compatible version
of the driver.
 
Error - 6/8/2013 11:49:19 AM | Computer Name = SarahKaising-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 6/8/2013 4:24:35 PM | Computer Name = SarahKaising-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80004004: Security Update for Windows 7 for x64-based Systems (KB2830290).
 
Error - 6/8/2013 4:24:35 PM | Computer Name = SarahKaising-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80004004: Update for Windows 7 for x64-based Systems (KB2820331).
 
Error - 6/8/2013 4:24:35 PM | Computer Name = SarahKaising-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80004004: Update for Windows 7 for x64-based Systems (KB2798162).
 
Error - 6/8/2013 4:24:35 PM | Computer Name = SarahKaising-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80004004: Update for Windows 7 for x64-based Systems (KB2813956).
 
Error - 6/8/2013 4:24:35 PM | Computer Name = SarahKaising-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80004004: Update for Windows 7 for x64-based Systems (KB2818604).
 
Error - 6/8/2013 4:27:29 PM | Computer Name = SarahKaising-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80004004: Security Update for Windows 7 for x64-based Systems (KB2829361).
 
 
< End of report >



#12 redcurlyqcincy

redcurlyqcincy
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 08 June 2013 - 07:04 PM

Esset Produced no threats. 0 Threats found.



#13 redcurlyqcincy

redcurlyqcincy
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 08 June 2013 - 07:08 PM

But I still cannot open a new tab in internet explorer and, say, type in google and have it go there. It is a big blank page, even when I refresh it. That goes with everything: ebay, bing, facebook, twitter, USA today. It does not even act like it is working. There is no indication of it running at all. The only thing that is working is this site.



#14 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:22 AM

Posted 08 June 2013 - 08:03 PM

-----Step 1---------

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

 

-----Step 2---------

We need to run an OTL Fix

  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
    :OTL
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    
    [2013/05/10 13:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    
    [2013/05/10 13:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
    
    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
    
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    
    :Files
    C:\Program Files (x86)\Coupons
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

 

-----Step3---------

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

 

 

-----Step 4---------

Please post the OTL logs and the C:\AdwCleaner[S1].txt in your next reply. How are things running now?

 


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#15 redcurlyqcincy

redcurlyqcincy
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 08 June 2013 - 08:27 PM

All processes killed
========== OTL ==========
File/Folder C:\Windows\SysWow64\*.tmp not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons folder moved successfully.
C:\Program Files (x86)\Coupons folder moved successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\Coupons not found.
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: SarahKaising
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 628808 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6511205 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 7.00 mb
 
 
[EMPTYJAVA]
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: SarahKaising
->Java cache emptied: 0 bytes
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: SarahKaising
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06082013_212044

Files\Folders moved on Reboot...
C:\Users\SarahKaising\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\SarahKaising\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9OFFVRX\xd_arbiter[1].htm moved successfully.
C:\Users\SarahKaising\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9OFFVRX\xd_arbiter[2].htm moved successfully.
C:\Users\SarahKaising\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLBDWVAO\conduit-redirect-and-whitesmoke-virus-help-with-removal[1].htm moved successfully.
C:\Users\SarahKaising\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLBDWVAO\fastbutton[2].htm moved successfully.
C:\Users\SarahKaising\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLBDWVAO\like[2].htm moved successfully.
C:\Users\SarahKaising\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users