Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't run avg


  • This topic is locked This topic is locked
12 replies to this topic

#1 rogers2580

rogers2580

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 07 April 2014 - 03:00 PM

Been having problems with the pc for the last 3 days.  Tried to run avg but keep getting  THIS PROGRAM IS BLOCKED BY GROUP POLICY   plz help

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.45.2
Run by SABER at 19:37:42 on 2014-04-07
#Option Extended Search is enabled.
#Option Whitelisting is disabled.
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.12249.9442 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\WAN Miniport IP\ndiswan.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\mqsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\mqtgsvc.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = C:\Windows\System32\blank.htm
uSearch Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
uSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
mWinlogon: Shell = explorer.exe
mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
BHO: {1C100CD2-4C64-22D9-8C92-36CD560DB9D9} - <orphaned>
BHO: TWatchTorrentsHelper: {2EEE3B00-A4F8-4819-A336-1B547FA954BF} - C:\Program Files (x86)\WatchTorrents Player\WatchTorrentsHelper.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
StartupFolder: C:\Users\SABER\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\l7vqod8z.lnk - C:\Windows\System32\rundll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SYSTWE~1\TOTALM~1.LNK - C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableSecureUIAPaths = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:1
mPolicies-System: EnableVirtualization = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ValidateAdminCodeSignatures = dword:0
mPolicies-System: dontdisplaylastusername = dword:0
mPolicies-System: scforceoption = dword:0
mPolicies-System: shutdownwithoutlogon = dword:1
mPolicies-System: undockwithoutlogon = dword:1
mPolicies-System: FilterAdministratorToken = dword:1
mPolicies-System: DisableRegistryTools = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001021-0002-0021-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
LSP: %SystemRoot%\system32\mswsock.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} - hxxps://img.ui-portal.de/os/activex/gmxinc_osupload_2002.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{5C43FD58-0F52-4646-8889-781F174A7584} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{AC8176E9-6B16-45D4-8BCD-2DFAA9D4EB65} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{DEAD9DEE-A83D-4F5C-94AF-DC48267E08AA} : DHCPNameServer = 192.168.42.129
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - <orphaned>
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
SSODL: WebCheck - <orphaned>
SecurityProviders: SecurityProviders = credssp.dll
LSA: Authentication Packages =  msv1_0
LSA: Notification Packages =  scecli
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
x64-mStart Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
x64-mLocal Page = C:\Windows\System32\blank.htm
x64-mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
x64-mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mSearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
x64-mCustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
x64-mWinlogon: Shell = Explorer.exe
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
x64-mWinlogon: SFCDisable = dword:0
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: ArcadeFrontier Addon: {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - LocalServer32 - <no file>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: SearchNewTab: {E656D257-7E0F-FF5B-AF2E-9068D52FF0B2} - LocalServer32 - <no file>
x64-TB: MyStart Toolbar: {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - LocalServer32 - <no file>
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [MsmqIntCert] regsvr32 /s mqrt.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
x64-DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.6.2.cab
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll
x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
x64-mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\System32\cmd.exe /D /C start C:\Windows\System32\ie4uinit.exe -ClearIconCache
x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SABER\AppData\Roaming\Mozilla\Firefox\Profiles\zo6nuyfo.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_3&ent=hp_4981&src=4981
FF - prefs.js: keyword.URL - hxxp://www.mystart.com/results.php?pr=vmn&id=mystarttb&v=5_3&ent=bs____campaignID___&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
FF - plugin: C:\Program Files (x86)\WatchTorrents Player\npwtplayer.dll
FF - plugin: C:\Users\SABER\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\SABER\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 1970-01-17 01:40; {607b689f-7600-45e4-b8e5-887f72dab15c}; C:\Users\SABER\AppData\Roaming\Mozilla\Firefox\Profiles\zo6nuyfo.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}
FF - ExtSQL: 2013-02-11 21:05; {972ce4c6-7e08-4474-a285-3208198ce6fd}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - ExtSQL: 2013-04-16 22:20; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2013-05-15 21:30; uao7dvp@yugsha.com; C:\Users\SABER\AppData\Roaming\Mozilla\Firefox\Profiles\zo6nuyfo.default\extensions\uao7dvp@yugsha.com
FF - ExtSQL: 2013-05-15 21:30; rtp_88bp@xzwvayuou.net; C:\Users\SABER\AppData\Roaming\Mozilla\Firefox\Profiles\zo6nuyfo.default\extensions\rtp_88bp@xzwvayuou.net
FF - ExtSQL: 2013-05-15 21:30; r27w5ijq6@zaaeosibm.edu; C:\Users\SABER\AppData\Roaming\Mozilla\Firefox\Profiles\zo6nuyfo.default\extensions\r27w5ijq6@zaaeosibm.edu
FF - ExtSQL: 2013-06-27 00:09; jid1-vpu7aD5IBmKRFA@jetpack; C:\Program Files (x86)\WatchTorrents Player\jid1-vpu7aD5IBmKRFA@jetpack.xpi
FF - ExtSQL: 2013-06-29 02:11; leethax@leethax.net; C:\Users\SABER\AppData\Roaming\Mozilla\Firefox\Profiles\zo6nuyfo.default\extensions\leethax@leethax.net.xpi
FF - ExtSQL: 2013-10-05 01:29; ffxtlbr@mixidj.com; C:\Users\SABER\AppData\Roaming\Mozilla\Firefox\Profiles\zo6nuyfo.default\extensions\ffxtlbr@mixidj.com
FF - ExtSQL: 2013-11-05 15:55; uujaz@zknmzv.com; C:\Users\SABER\AppData\Roaming\Mozilla\Firefox\Profiles\zo6nuyfo.default\extensions\uujaz@zknmzv.com
.
============= SERVICES / DRIVERS ===============
.
R0 ACPI;Microsoft ACPI Driver;C:\Windows\System32\drivers\acpi.sys [2012-12-9 334208]
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-4-11 82560]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-4-11 42624]
R0 amdxata;amdxata;C:\Windows\System32\drivers\amdxata.sys [2012-12-8 27008]
R0 apmwin;apmwin;C:\Windows\System32\drivers\apmwin.sys [2013-10-13 50456]
R0 atapi;IDE Channel;C:\Windows\System32\drivers\atapi.sys [2009-7-14 24128]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-10-23 45880]
R0 BTHidEnum;Bluetooth HID Enumerator;C:\Windows\System32\drivers\VBTEnum.sys [2013-9-19 24976]
R0 BTHidMgr;Bluetooth HID Manager Service;C:\Windows\System32\drivers\BTHidMgr.sys [2013-9-19 49680]
R0 CLFS;Common Log (CLFS);C:\Windows\System32\clfs.sys [2009-7-14 367696]
R0 CNG;CNG;C:\Windows\System32\drivers\cng.sys [2013-11-14 458712]
R0 Disk;Disk Driver;C:\Windows\System32\drivers\disk.sys [2009-7-14 73280]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\System32\drivers\fileinfo.sys [2009-7-14 70224]
R0 FltMgr;FltMgr;C:\Windows\System32\drivers\fltMgr.sys [2012-12-9 289664]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\Windows\System32\drivers\fvevol.sys [2013-4-10 223752]
R0 gpt_loader;GUID Partition table support driver;C:\Windows\System32\drivers\gpt_loader.sys [2013-10-13 60184]
R0 hwpolicy;Hardware Policy Driver;C:\Windows\System32\drivers\hwpolicy.sys [2012-12-9 14720]
R0 JRAID;JRAID;C:\Windows\System32\drivers\jraid.sys [2012-9-17 123704]
R0 KSecDD;KSecDD;C:\Windows\System32\drivers\ksecdd.sys [2013-11-14 95680]
R0 KSecPkg;KSecPkg;C:\Windows\System32\drivers\ksecpkg.sys [2013-11-14 154560]
R0 mounthlp;Mounter helper driver for HFS+ volumes;C:\Windows\System32\drivers\mounthlp.sys [2013-10-13 42264]
R0 mountmgr;Mount Point Manager;C:\Windows\System32\drivers\mountmgr.sys [2012-12-9 94592]
R0 msahci;msahci;C:\Windows\System32\drivers\msahci.sys [2012-12-9 31104]
R0 msisadrv;msisadrv;C:\Windows\System32\drivers\msisadrv.sys [2009-7-14 15424]
R0 Mup;Mup;C:\Windows\System32\drivers\mup.sys [2009-7-14 60496]
R0 NDIS;NDIS System Driver;C:\Windows\System32\drivers\ndis.sys [2012-12-21 950128]
R0 partmgr;Partition Manager;C:\Windows\System32\drivers\partmgr.sys [2012-12-7 75120]
R0 pci;PCI Bus Driver;C:\Windows\System32\drivers\pci.sys [2012-12-9 184704]
R0 pciide;pciide;C:\Windows\System32\drivers\pciide.sys [2009-7-14 12352]
R0 pcw;Performance Counters for Windows Driver;C:\Windows\System32\drivers\pcw.sys [2009-7-14 50768]
R0 rdyboost;ReadyBoost;C:\Windows\System32\drivers\rdyboost.sys [2012-12-9 213888]
R0 snapman;Acronis Snapshots Manager;C:\Windows\System32\drivers\snapman.sys [2013-1-27 275552]
R0 spldr;Security Processor Loader Driver;C:\Windows\System32\drivers\spldr.sys [2009-7-13 19008]
R0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;C:\Windows\System32\drivers\vmstorfl.sys [2012-12-9 46464]
R0 Tcpip;TCP/IP Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-10-11 1903552]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\Windows\System32\drivers\vdrvroot.sys [2009-7-14 36432]
R0 vmbus;Virtual Machine Bus;C:\Windows\System32\drivers\vmbus.sys [2012-12-9 199552]
R0 volmgr;Volume Manager Driver;C:\Windows\System32\drivers\volmgr.sys [2012-12-9 71552]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\System32\drivers\volmgrx.sys [2012-12-9 363392]
R0 volsnap;Storage volumes;C:\Windows\System32\drivers\volsnap.sys [2012-12-11 296320]
R0 Wdf01000;Kernel Mode Driver Frameworks service;C:\Windows\System32\drivers\Wdf01000.sys [2013-10-11 785624]
R1 AFD;Ancillary Function Driver for Winsock;C:\Windows\System32\drivers\afd.sys [2013-11-14 497152]
R1 ArcSec;ArcSec;C:\Windows\System32\drivers\ArcSec.sys [2013-3-3 312184]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 Beep;Beep;C:\Windows\System32\drivers\beep.sys [2009-7-14 6656]
R1 blbdrive;blbdrive;C:\Windows\System32\drivers\blbdrive.sys [2009-7-14 45056]
R1 cdrom;CD-ROM Driver;C:\Windows\System32\drivers\cdrom.sys [2012-12-9 147456]
R1 CSC;Offline Files Driver;C:\Windows\System32\drivers\csc.sys [2012-12-9 514560]
R1 DfsC;DFS Namespace Client Driver;C:\Windows\System32\drivers\dfsc.sys [2012-12-9 102400]
R1 discache;System Attribute Cache;C:\Windows\System32\drivers\discache.sys [2009-7-14 40448]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-6-5 283200]
R1 Msfs;Msfs;C:\Windows\System32\drivers\msfs.sys [2009-7-14 26112]
R1 mssmbios;Microsoft System Management BIOS Driver;C:\Windows\System32\drivers\mssmbios.sys [2009-7-14 32320]
R1 NetBIOS;NetBIOS Interface;C:\Windows\System32\drivers\netbios.sys [2009-7-14 44544]
R1 NetBT;NetBT;C:\Windows\System32\drivers\netbt.sys [2012-12-9 261632]
R1 Npfs;Npfs;C:\Windows\System32\drivers\npfs.sys [2009-7-14 44032]
R1 nsiproxy;NSI proxy service driver.;C:\Windows\System32\drivers\nsiproxy.sys [2009-7-14 24576]
R1 Null;Null;C:\Windows\System32\drivers\null.sys [2009-7-14 6144]
R1 Psched;QoS Packet Scheduler;C:\Windows\System32\drivers\pacer.sys [2012-12-9 131584]
R1 rdbss;Redirected Buffering Sub Sysytem;C:\Windows\System32\drivers\rdbss.sys [2012-12-9 309248]
R1 RDPCDD;RDPCDD;C:\Windows\System32\drivers\RDPCDD.sys [2009-7-14 7680]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\System32\drivers\RDPENCDD.sys [2009-7-14 7680]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\Windows\System32\drivers\RDPREFMP.sys [2009-7-14 8192]
R1 SCDEmu;SCDEmu;C:\Windows\System32\drivers\scdemu.sys [2013-4-18 91568]
R1 Serial;Serial port driver;C:\Windows\System32\drivers\serial.sys [2009-7-14 94208]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\System32\drivers\tdx.sys [2012-12-9 119296]
R1 TermDD;Terminal Device Driver;C:\Windows\System32\drivers\termdd.sys [2012-12-9 63360]
R1 VBoxDrv;VirtualBox Service;C:\Windows\System32\drivers\VBoxDrv.sys [2014-1-18 252688]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\System32\drivers\VBoxUSBMon.sys [2014-1-18 126736]
R1 VgaSave;VgaSave;C:\Windows\System32\drivers\vga.sys [2009-7-14 29184]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2012-12-9 88576]
R1 WfpLwf;WFP Lightweight Filter;C:\Windows\System32\drivers\wfplwf.sys [2009-7-14 12800]
R1 ws2ifsl;Winsock IFS Driver;C:\Windows\System32\drivers\ws2ifsl.sys [2009-7-14 21504]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-5-11 65640]
R2 AppIDSvc;Application Identity;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 AudioSrv;Windows Audio;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R2 BFE;Base Filtering Engine;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608]
R2 CryptSvc;Cryptographic Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R2 CscService;Offline Files;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 DcomLaunch;DCOM Server Process Launcher;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-14 27136]
R2 Dhcp;DHCP Client;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R2 Dnscache;DNS Client;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
R2 EFS;Encrypting File System (EFS);C:\Windows\System32\lsass.exe [2013-11-14 30720]
R2 eventlog;Windows Event Log;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R2 EventSystem;COM+ Event System;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R2 ftpsvc;Microsoft FTP Service;C:\Windows\System32\svchost.exe -k ftpsvc [2009-7-14 27136]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-7-22 219480]
R2 gpsvc;Group Policy Client;C:\Windows\System32\svchost.exe -k GPSvcGroup [2009-7-14 27136]
R2 HfsplusRec;HfsplusRec;C:\Windows\System32\drivers\hfsplusrec.sys [2013-10-13 15128]
R2 IISADMIN;IIS Admin Service;C:\Windows\System32\inetsrv\inetinfo.exe [2012-12-9 15872]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs [2009-7-14 27136]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-14 27136]
R2 LanmanServer;Server;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 LanmanWorkstation;Workstation;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\System32\drivers\lltdio.sys [2009-7-14 60928]
R2 lmhosts;TCP/IP NetBIOS Helper;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R2 luafv;UAC File Virtualization;C:\Windows\System32\drivers\luafv.sys [2009-7-14 113152]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-7 418376]
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 MpsSvc;Windows Firewall;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
R2 MSMQ;Message Queuing;C:\Windows\System32\mqsvc.exe [2009-7-14 9216]
R2 MSMQTriggers;Message Queuing Triggers;C:\Windows\System32\mqtgsvc.exe [2012-12-9 189440]
R2 MSSQL$ACCUCHEK360;SQL Server (ACCUCHEK360);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NetPipeActivator;Net.Pipe Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-9-11 139856]
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R2 nsi;Network Store Interface Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2008-1-1 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2008-1-1 16939296]
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 PEAUTH;PEAUTH;C:\Windows\System32\drivers\PEAuth.sys [2009-7-14 651264]
R2 PlugPlay;Plug and Play;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-14 27136]
R2 Power;Power;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-14 27136]
R2 ProfSvc;User Profile Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 PSI_SVC_2;Protexis Licensing V2;C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-3-10 189728]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2013-3-3 15672]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2013-9-26 386344]
R2 RMCAST;Reliable Multicast Protocol;C:\Windows\System32\drivers\rmcast.sys [2012-12-9 146432]
R2 RpcEptMapper;RPC Endpoint Mapper;C:\Windows\System32\svchost.exe -k RPCSS [2009-7-14 27136]
R2 RpcSs;Remote Procedure Call (RPC);C:\Windows\System32\svchost.exe -k rpcss [2009-7-14 27136]
R2 rspndr;Link-Layer Topology Discovery Responder;C:\Windows\System32\drivers\rspndr.sys [2009-7-14 76800]
R2 SamSs;Security Accounts Manager;C:\Windows\System32\lsass.exe [2013-11-14 30720]
R2 Schedule;Task Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 secdrv;Security Driver;C:\Windows\System32\drivers\secdrv.sys [2009-7-14 23040]
R2 seclogon;Secondary Logon;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 SENS;System Event Notification Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 ShellHWDetection;Shell Hardware Detection;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 simptcp;Simple TCP/IP Services;C:\Windows\System32\TCPSVCS.EXE [2009-7-14 10240]
R2 SNMP;SNMP Service;C:\Windows\System32\snmp.exe [2012-12-9 49664]
R2 Spooler;Print Spooler;C:\Windows\System32\spoolsv.exe [2012-12-7 559104]
R2 SQLBrowser;SQL Server Browser;C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer;C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 153440]
R2 stisvc;Windows Image Acquisition (WIA);C:\Windows\System32\svchost.exe -k imgsvc [2009-7-14 27136]
R2 SysMain;Superfetch;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\System32\drivers\tcpipreg.sys [2012-12-21 45568]
R2 Themes;Themes;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 TrkWks;Distributed Link Tracking Client;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 Winmgmt;Windows Management Instrumentation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 wscsvc;Security Center;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R2 WSearch;Windows Search;C:\Windows\System32\SearchIndexer.exe [2012-12-7 591872]
R2 wuauserv;Windows Update;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 xndi;MS PPP Framing Driver (Strong Encryption);C:\Program Files (x86)\WAN Miniport IP\ndiswan.exe "C:\Program Files (x86)\Common Files\WAN Miniport IP\ndiswan.dat" --> C:\Program Files (x86)\WAN Miniport IP\ndiswan.exe C:\Program Files (x86)\Common Files\WAN Miniport IP\ndiswan.dat [?]
R3 1394ohci;1394 OHCI Compliant Host Controller;C:\Windows\System32\drivers\1394ohci.sys [2012-12-9 229888]
R3 AeLookupSvc;Application Experience;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R3 AmdPPM;AMD Processor Driver;C:\Windows\System32\drivers\amdppm.sys [2009-7-14 60928]
R3 AppID;AppID Driver;C:\Windows\System32\drivers\appid.sys [2012-12-9 61440]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-2-24 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-2-24 389608]
R3 bowser;Browser Support Driver;C:\Windows\System32\drivers\bowser.sys [2012-12-7 90624]
R3 Browser;Computer Browser;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R3 BT;Bluetooth PAN Network Adapter;C:\Windows\System32\drivers\BtNetDrv.sys [2013-9-19 25360]
R3 circlass;Consumer IR Devices;C:\Windows\System32\drivers\circlass.sys [2009-7-14 45568]
R3 CompositeBus;Composite Bus Enumerator Driver;C:\Windows\System32\drivers\CompositeBus.sys [2012-12-9 38912]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\System32\drivers\dxgkrnl.sys [2013-10-11 983488]
R3 fdPHost;Function Discovery Provider Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R3 FDResPub;Function Discovery Resource Publication;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
R3 GEARAspiWDM;GEAR ASPI Filter Driver;C:\Windows\System32\drivers\GEARAspiWDM.sys [2012-12-17 33240]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\HdAudio.sys [2012-12-9 350208]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\Windows\System32\drivers\hdaudbus.sys [2012-12-9 122368]
R3 hidserv;Human Interface Device Access;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R3 HidUsb;Microsoft HID Class Driver;C:\Windows\System32\drivers\hidusb.sys [2012-12-9 30208]
R3 HomeGroupListener;HomeGroup Listener;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R3 HomeGroupProvider;HomeGroup Provider;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R3 HTTP;HTTP;C:\Windows\System32\drivers\http.sys [2012-12-9 753664]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-11-6 87040]
R3 kbdclass;Keyboard Class Driver;C:\Windows\System32\drivers\kbdclass.sys [2009-7-14 50768]
R3 kbdhid;Keyboard HID Driver;C:\Windows\System32\drivers\kbdhid.sys [2012-12-9 33280]
R3 KeyIso;CNG Key Isolation;C:\Windows\System32\lsass.exe [2013-11-14 30720]
R3 ksthunk;Kernel Streaming Thunks;C:\Windows\System32\drivers\ksthunk.sys [2009-7-14 20992]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-7 25928]
R3 Modem;Modem;C:\Windows\System32\drivers\modem.sys [2009-7-14 40448]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\System32\drivers\monitor.sys [2009-7-14 30208]
R3 mouclass;Mouse Class Driver;C:\Windows\System32\drivers\mouclass.sys [2009-7-14 49216]
R3 mouhid;Mouse HID Driver;C:\Windows\System32\drivers\mouhid.sys [2009-7-14 31232]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\System32\drivers\mpsdrv.sys [2009-7-14 77312]
R3 MQAC;Message Queuing Access Control;C:\Windows\System32\drivers\mqac.sys [2009-7-14 189440]
R3 mrxsmb;SMB MiniRedirector Wrapper and Engine;C:\Windows\System32\drivers\mrxsmb.sys [2012-12-7 158208]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\System32\drivers\mrxsmb10.sys [2012-12-7 288768]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\System32\drivers\mrxsmb20.sys [2012-12-7 128000]
R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\Windows\System32\drivers\ndistapi.sys [2009-7-14 24064]
R3 NdisWan;Remote Access NDIS WAN Driver;C:\Windows\System32\drivers\ndiswan.sys [2012-12-9 164352]
R3 NDProxy;NDIS Proxy;C:\Windows\System32\drivers\ndproxy.sys [2012-12-9 57856]
R3 Netman;Network Connections;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R3 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R3 Ntfs;Ntfs;C:\Windows\System32\drivers\ntfs.sys [2013-4-24 1656680]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2008-1-1 197408]
R3 nvlddmkm;nvlddmkm;C:\Windows\System32\drivers\nvlddmkm.sys [2008-1-1 12668192]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2008-1-1 39200]
R3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
R3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
R3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
R3 PolicyAgent;IPsec Policy Agent;C:\Windows\System32\svchost.exe -k NetworkServiceNetworkRestricted [2009-7-14 27136]
R3 PptpMiniport;WAN Miniport (PPTP);C:\Windows\System32\drivers\raspptp.sys [2012-12-9 111104]
R3 RasAgileVpn;WAN Miniport (IKEv2);C:\Windows\System32\drivers\agilevpn.sys [2009-7-14 60416]
R3 Rasl2tp;WAN Miniport (L2TP);C:\Windows\System32\drivers\rasl2tp.sys [2012-12-9 129536]
R3 RasMan;Remote Access Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R3 RasPppoe;Remote Access PPPOE Driver;C:\Windows\System32\drivers\raspppoe.sys [2009-7-14 92672]
R3 RasSstp;WAN Miniport (SSTP);C:\Windows\System32\drivers\rassstp.sys [2009-7-14 83968]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\Windows\System32\drivers\rdpbus.sys [2009-7-14 24064]
R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\Windows\System32\drivers\rootmdm.sys [2009-7-14 11264]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 SaiMini;SaiMini;C:\Windows\System32\drivers\SaiMini.sys [2013-4-30 25120]
R3 SaiNtBus;SaiNtBus;C:\Windows\System32\drivers\SaiBus.sys [2013-4-30 52640]
R3 Serenum;Serenum Filter Driver;C:\Windows\System32\drivers\serenum.sys [2009-7-14 23552]
R3 srv;Server SMB 1.xxx Driver;C:\Windows\System32\drivers\srv.sys [2012-12-7 467456]
R3 srv2;Server SMB 2.xxx Driver;C:\Windows\System32\drivers\srv2.sys [2012-12-7 410112]
R3 srvnet;srvnet;C:\Windows\System32\drivers\srvnet.sys [2012-12-7 168448]
R3 SSDPSRV;SSDP Discovery;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
R3 SstpSvc;Secure Socket Tunneling Protocol Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R3 swenum;Software Bus Driver;C:\Windows\System32\drivers\swenum.sys [2009-7-14 12496]
R3 TapiSrv;Telephony;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\Windows\System32\drivers\tunnel.sys [2012-12-9 125440]
R3 umbus;UMBus Enumerator Driver;C:\Windows\System32\drivers\umbus.sys [2012-12-9 48640]
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\Windows\System32\drivers\usbccgp.sys [2014-1-15 99840]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\Windows\System32\drivers\usbehci.sys [2014-1-15 53248]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-4-6 58536]
R3 usbhub;Microsoft USB Standard Hub Driver;C:\Windows\System32\drivers\usbhub.sys [2014-1-15 343040]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\Windows\System32\drivers\usbohci.sys [2014-1-15 25600]
R3 USBSTOR;USB Mass Storage Driver;C:\Windows\System32\drivers\USBSTOR.SYS [2012-12-8 91648]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\System32\drivers\VBoxNetAdp.sys [2013-12-18 140560]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\System32\drivers\VBoxNetFlt.sys [2013-12-18 154896]
R3 VcommMgr;Bluetooth VComm Manager Service;C:\Windows\System32\drivers\VcommMgr.sys [2013-9-19 63248]
R3 WAS;Windows Process Activation Service;C:\Windows\System32\svchost.exe -k iissvcs [2009-7-14 27136]
R3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\Windows\System32\drivers\wmiacpi.sys [2009-7-14 14336]
R3 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R3 WudfPf;User Mode Driver Frameworks Platform Driver;C:\Windows\System32\drivers\WUDFPf.sys [2012-12-8 87040]
R3 WUDFRd;WUDFRd;C:\Windows\System32\drivers\WUDFRd.sys [2012-12-8 198656]
R3 wudfsvc;Windows Driver Foundation - User-mode Driver Framework;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R4 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 246072]
R4 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R4 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R4 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R4 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-9-29 46368]
R4 cdfs;CD/DVD File System Reader;C:\Windows\System32\drivers\cdfs.sys [2009-7-14 92160]
R4 KProcessHacker2;KProcessHacker2;C:\Program Files\Process Hacker 2\kprocesshacker.sys [2014-4-7 39576]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-7 701512]
S2 SharedAccess;Internet Connection Sharing (ICS);C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S2 sppsvc;Software Protection;C:\Windows\System32\sppsvc.exe [2012-12-9 3524608]
S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S2 WCMVCAM;WebcamMax, WDM Video Capture;C:\Windows\System32\drivers\wcmvcam64.sys [2012-4-15 1071032]
S2 WinDefend;Windows Defender;C:\Windows\System32\svchost.exe -k secsvcs [2009-7-14 27136]
S3 AcpiPmi;ACPI Power Meter Driver;C:\Windows\System32\drivers\acpipmi.sys [2012-12-9 12800]
S3 adp94xx;adp94xx;C:\Windows\System32\drivers\adp94xx.sys [2009-6-10 491088]
S3 adpahci;adpahci;C:\Windows\System32\drivers\adpahci.sys [2009-7-13 339536]
S3 adpu320;adpu320;C:\Windows\System32\drivers\adpu320.sys [2009-7-13 182864]
S3 agp440;Intel AGP Bus Filter;C:\Windows\System32\drivers\AGP440.sys [2009-7-14 61008]
S3 ALG;Application Layer Gateway Service;C:\Windows\System32\alg.exe [2009-7-14 79360]
S3 aliide;aliide;C:\Windows\System32\drivers\aliide.sys [2009-7-14 15440]
S3 amdide;amdide;C:\Windows\System32\drivers\amdide.sys [2009-7-14 15440]
S3 AmdK8;AMD K8 Processor Driver;C:\Windows\System32\drivers\amdk8.sys [2009-7-14 64512]
S3 amdsata;amdsata;C:\Windows\System32\drivers\amdsata.sys [2012-12-8 107904]
S3 amdsbs;amdsbs;C:\Windows\System32\drivers\amdsbs.sys [2009-6-10 194128]
S3 androidusb;Google Device Driver;C:\Windows\System32\drivers\wsadb.sys [2013-9-13 40232]
S3 Appinfo;Application Information;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 AppMgmt;Application Management;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 arc;arc;C:\Windows\System32\drivers\arc.sys [2009-7-13 87632]
S3 arcsas;arcsas;C:\Windows\System32\drivers\arcsas.sys [2009-7-13 97856]
S3 aspnet_state;ASP.NET State Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-9-11 51808]
S3 AsyncMac;RAS Asynchronous Media Driver;C:\Windows\System32\drivers\asyncmac.sys [2009-7-14 23040]
S3 AxInstSV;ActiveX Installer (AxInstSV);C:\Windows\System32\svchost.exe -k AxInstSVGroup [2009-7-14 27136]
S3 b06bdrv;Broadcom NetXtreme II VBD;C:\Windows\System32\drivers\bxvbda.sys [2009-6-10 468480]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2009-6-10 270848]
S3 BDESVC;BitLocker Drive Encryption Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 BITS;Background Intelligent Transfer Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 BlueletAudio;Bluetooth Audio Service;C:\Windows\System32\drivers\blueletaudio.sys [2013-9-19 37896]
S3 BlueletSCOAudio;Bluetooth SCO Audio Service;C:\Windows\System32\drivers\BlueletSCOAudio.sys [2013-9-19 37384]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\System32\drivers\BrFiltLo.sys [2009-7-14 18432]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\System32\drivers\BrFiltUp.sys [2009-7-14 8704]
S3 BridgeMP;MAC Bridge Miniport;C:\Windows\System32\drivers\bridge.sys [2009-7-14 95232]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\System32\drivers\BrSerId.sys [2009-7-14 286720]
S3 BrSerWdm;Brother WDM Serial driver;C:\Windows\System32\drivers\BrSerWdm.sys [2009-7-14 47104]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\System32\drivers\BrUsbMdm.sys [2009-7-14 14976]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\System32\drivers\BrUsbSer.sys [2009-7-14 14720]
S3 BTHMODEM;Bluetooth Serial Communications Driver;C:\Windows\System32\drivers\bthmodem.sys [2009-7-14 72192]
S3 CertPropSvc;Certificate Propagation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 CH341SER_A64;CH341SER_A64;C:\Windows\System32\drivers\CH341S64.SYS [2011-11-4 58368]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver;C:\Windows\System32\drivers\CmBatt.sys [2009-7-14 17664]
S3 cmdide;cmdide;C:\Windows\System32\drivers\cmdide.sys [2009-7-14 17488]
S3 Cmprvg;Cmprvg;C:\Windows\System32\drivers\Cmprvg.sys [2013-9-26 223488]
S3 Compbatt;Compbatt;C:\Windows\System32\drivers\compbatt.sys [2009-7-14 21584]
S3 COMSysApp;COM+ System Application;C:\Windows\System32\dllhost.exe [2009-7-14 9728]
S3 defragsvc;Disk Defragmenter;C:\Windows\System32\svchost.exe -k defragsvc [2009-7-14 27136]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-9-13 98616]
S3 dot3svc;Wired AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 drmkaud;Microsoft Trusted Audio Drivers;C:\Windows\System32\drivers\drmkaud.sys [2009-7-14 5632]
S3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\Windows\System32\drivers\evbda.sys [2009-6-10 3286016]
S3 ehRecvr;Windows Media Center Receiver Service;C:\Windows\ehome\ehrecvr.exe [2012-12-9 696832]
S3 ehSched;Windows Media Center Scheduler Service;C:\Windows\ehome\ehsched.exe [2009-7-14 127488]
S3 elxstor;elxstor;C:\Windows\System32\drivers\elxstor.sys [2009-6-10 530496]
S3 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\System32\drivers\errdev.sys [2009-7-14 9728]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-11-6 117248]
S3 exfat;exFAT File System Driver;C:\Windows\System32\drivers\exfat.sys [2009-7-14 195072]
S3 fastfat;FAT12/16/32 File System Driver;C:\Windows\System32\drivers\fastfat.sys [2009-7-14 204800]
S3 fdc;Floppy Disk Controller Driver;C:\Windows\System32\drivers\fdc.sys [2009-7-14 29696]
S3 Filetrace;Filetrace;C:\Windows\System32\drivers\filetrace.sys [2009-7-14 34304]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service;C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-5-10 1044816]
S3 flpydisk;Floppy Disk Driver;C:\Windows\System32\drivers\flpydisk.sys [2009-7-14 24576]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2012-12-9 42856]
S3 FsDepends;File System Dependency Minifilter;C:\Windows\System32\drivers\fsdepends.sys [2009-7-14 55376]
S3 FTDIBUS;USB Serial Converter Driver;C:\Windows\System32\drivers\ftdibus.sys [2013-2-13 76648]
S3 FTSER2K;USB Serial Port Driver;C:\Windows\System32\drivers\ftser2k.sys [2013-2-13 85864]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-7-25 139776]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\Windows\System32\drivers\GAGP30KX.SYS [2009-7-14 65088]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2014-1-18 14448]
S3 ggsemc;SEMC USB Flash Driver;C:\Windows\System32\drivers\ggsemc.sys [2014-1-18 27760]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\System32\drivers\hcw85cir.sys [2009-7-13 31232]
S3 Hfsplus;Hfsplus;C:\Windows\System32\drivers\hfsplus.sys [2013-10-13 200472]
S3 HidBatt;HID UPS Battery Driver;C:\Windows\System32\drivers\hidbatt.sys [2009-7-14 26624]
S3 HidBth;Microsoft Bluetooth HID Miniport;C:\Windows\System32\drivers\hidbth.sys [2009-7-14 100864]
S3 HidIr;Microsoft Infrared HID Driver;C:\Windows\System32\drivers\hidir.sys [2009-7-14 46592]
S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 HpSAMD;HpSAMD;C:\Windows\System32\drivers\HpSAMD.sys [2012-12-9 78720]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2013-11-6 98304]
S3 huawei_cdcecm;huawei_cdcecm;C:\Windows\System32\drivers\ew_jucdcecm.sys [2013-11-6 72192]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2013-11-6 28672]
S3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\Windows\System32\drivers\i8042prt.sys [2009-7-14 105472]
S3 iaStorV;Intel RAID Controller Windows 7;C:\Windows\System32\drivers\iaStorV.sys [2012-12-8 410496]
S3 idsvc;Windows CardSpace;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2012-12-9 856400]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 iirsp;iirsp;C:\Windows\System32\drivers\iirsp.sys [2009-7-13 44112]
S3 intelide;intelide;C:\Windows\System32\drivers\intelide.sys [2009-7-14 16960]
S3 intelppm;Intel Processor Driver;C:\Windows\System32\drivers\intelppm.sys [2009-7-14 62464]
S3 IpFilterDriver;IP Traffic Filter Driver;C:\Windows\System32\drivers\ipfltdrv.sys [2012-12-9 82944]
S3 IPMIDRV;IPMIDRV;C:\Windows\System32\drivers\IPMIDrv.sys [2012-12-9 78848]
S3 IPNAT;IP Network Address Translator;C:\Windows\System32\drivers\ipnat.sys [2009-7-14 116224]
S3 IRENUM;IR Bus Enumerator;C:\Windows\System32\drivers\irenum.sys [2009-7-14 17920]
S3 isapnp;isapnp;C:\Windows\System32\drivers\isapnp.sys [2009-7-14 20544]
S3 iScsiPrt;iScsiPort Driver;C:\Windows\System32\drivers\msiscsi.sys [2012-12-9 273792]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-14 27136]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 LSI_FC;LSI_FC;C:\Windows\System32\drivers\lsi_fc.sys [2009-7-13 114752]
S3 LSI_SAS;LSI_SAS;C:\Windows\System32\drivers\lsi_sas.sys [2009-7-13 106560]
S3 LSI_SAS2;LSI_SAS2;C:\Windows\System32\drivers\lsi_sas2.sys [2009-7-13 65600]
S3 LSI_SCSI;LSI_SCSI;C:\Windows\System32\drivers\lsi_scsi.sys [2009-7-13 115776]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2009-10-7 271640]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 megasas;megasas;C:\Windows\System32\drivers\megasas.sys [2009-6-10 35392]
S3 MegaSR;MegaSR;C:\Windows\System32\drivers\MegaSR.sys [2009-7-13 284736]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-2-11 119408]
S3 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\System32\drivers\mpio.sys [2012-12-9 155008]
S3 MRxDAV;WebDav Client Redirector Driver;C:\Windows\System32\drivers\mrxdav.sys [2013-10-11 140800]
S3 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\System32\drivers\msdsm.sys [2012-12-9 140672]
S3 MSDTC;Distributed Transaction Coordinator;C:\Windows\System32\msdtc.exe [2009-7-14 141824]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\Windows\System32\drivers\mshidkmdf.sys [2009-7-14 8192]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 msiserver;Windows Installer;C:\Windows\System32\msiexec.exe [2012-12-9 128000]
S3 MSKSSRV;Microsoft Streaming Service Proxy;C:\Windows\System32\drivers\mskssrv.sys [2009-7-14 11136]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;C:\Windows\System32\drivers\mspclock.sys [2009-7-14 7168]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;C:\Windows\System32\drivers\mspqm.sys [2009-7-14 6784]
S3 MsRPC;MsRPC;C:\Windows\System32\drivers\msrpc.sys [2012-12-9 366976]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;C:\Windows\System32\drivers\mstee.sys [2009-7-14 8064]
S3 MTConfig;Microsoft Input Configuration Driver;C:\Windows\System32\drivers\MTConfig.sys [2009-7-14 15360]
S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
S3 NativeWifiP;NativeWiFi Filter;C:\Windows\System32\drivers\nwifi.sys [2009-7-14 318976]
S3 NdisCap;NDIS Capture LightWeight Filter;C:\Windows\System32\drivers\ndiscap.sys [2009-7-14 35328]
S3 Ndisuio;NDIS Usermode I/O Protocol;C:\Windows\System32\drivers\ndisuio.sys [2012-12-9 56832]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 Netlogon;Netlogon;C:\Windows\System32\lsass.exe [2013-11-14 30720]
S3 nfrd960;nfrd960;C:\Windows\System32\drivers\nfrd960.sys [2009-7-13 51264]
S3 nv_agp;NVIDIA nForce AGP Bus Filter;C:\Windows\System32\drivers\NV_AGP.SYS [2009-7-14 122960]
S3 nvraid;nvraid;C:\Windows\System32\drivers\nvraid.sys [2012-12-8 148352]
S3 nvstor;nvstor;C:\Windows\System32\drivers\nvstor.sys [2012-12-8 166272]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy);C:\Windows\System32\drivers\ohci1394.sys [2009-7-14 72832]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-1 5132888]
S3 Parport;Parallel port driver;C:\Windows\System32\drivers\parport.sys [2009-7-14 97280]
S3 pcmcia;pcmcia;C:\Windows\System32\drivers\pcmcia.sys [2009-7-14 220752]
S3 pcouffin;VSO Software pcouffin;C:\Windows\System32\drivers\pcouffin.sys [2013-1-22 82816]
S3 PeerDistSvc;BranchCache;C:\Windows\System32\svchost.exe -k PeerDist [2009-7-14 27136]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-14 20992]
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
S3 Processor;Processor Driver;C:\Windows\System32\drivers\processr.sys [2009-7-14 60416]
S3 ProtectedStorage;Protected Storage;C:\Windows\System32\lsass.exe [2013-11-14 30720]
S3 ql2300;ql2300;C:\Windows\System32\drivers\ql2300.sys [2009-6-10 1524816]
S3 ql40xx;ql40xx;C:\Windows\System32\drivers\ql40xx.sys [2009-7-13 128592]
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 QWAVEdrv;QWAVE driver;C:\Windows\System32\drivers\qwavedrv.sys [2009-7-14 46592]
S3 RasAcd;Remote Access Auto Connection Driver;C:\Windows\System32\drivers\rasacd.sys [2009-7-14 14848]
S3 RasAuto;Remote Access Auto Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 RDPDR;Terminal Server Device Redirector Driver;C:\Windows\System32\drivers\rdpdr.sys [2012-12-9 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-13 19456]
S3 RDPWD;RDP Winstation Driver;C:\Windows\System32\drivers\rdpwd.sys [2012-12-7 210944]
S3 RemoteRegistry;Remote Registry;C:\Windows\System32\svchost.exe -k regsvc [2009-7-14 27136]
S3 RimUsb;BlackBerry Smartphone;C:\Windows\System32\drivers\RimUsb_AMD64.sys [2007-5-14 27520]
S3 RimVSerPort;RIM Virtual Serial Port v2;C:\Windows\System32\drivers\RimSerial_AMD64.sys [2013-4-15 44544]
S3 RpcLocator;Remote Procedure Call (RPC) Locator;C:\Windows\System32\Locator.exe [2009-7-14 10240]
S3 s3cap;s3cap;C:\Windows\System32\drivers\vms3cap.sys [2012-12-9 6656]
S3 SaiK0836;SaiK0836;C:\Windows\System32\drivers\SaiK0836.sys [2010-6-17 172040]
S3 sbp2port;SBP-2 Transport/Protocol Bus Driver;C:\Windows\System32\drivers\sbp2port.sys [2012-12-9 103808]
S3 SCardSvr;Smart Card;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 scfilter;Smart card PnP Class Filter Driver;C:\Windows\System32\drivers\scfilter.sys [2012-12-9 29696]
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 SDRSVC;Windows Backup;C:\Windows\System32\svchost.exe -k SDRSVC [2009-7-14 27136]
S3 SensrSvc;Adaptive Brightness;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 sermouse;Serial Mouse Driver;C:\Windows\System32\drivers\sermouse.sys [2009-7-14 26624]
S3 SessionEnv;Remote Desktop Configuration;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 sffdisk;SFF Storage Class Driver;C:\Windows\System32\drivers\sffdisk.sys [2009-7-14 14336]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\System32\drivers\sffp_mmc.sys [2009-7-14 13824]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\Windows\System32\drivers\sffp_sd.sys [2012-12-9 14336]
S3 sfloppy;High-Capacity Floppy Disk Drive;C:\Windows\System32\drivers\sfloppy.sys [2009-7-14 16896]
S3 SiSRaid2;SiSRaid2;C:\Windows\System32\drivers\sisraid2.sys [2009-6-10 43584]
S3 SiSRaid4;SiSRaid4;C:\Windows\System32\drivers\sisraid4.sys [2009-7-13 80464]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\System32\drivers\smb.sys [2009-7-14 93184]
S3 SNMPTRAP;SNMP Trap;C:\Windows\System32\snmptrap.exe [2009-7-14 14336]
S3 sppuinotify;SPP Notification Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]
S3 Steam Client Service;Steam Client Service;C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-6-23 529744]
S3 stexstor;stexstor;C:\Windows\System32\drivers\stexstor.sys [2009-7-13 24656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 storvsc;storvsc;C:\Windows\System32\drivers\storvsc.sys [2012-12-9 34688]
S3 swprv;Microsoft Software Shadow Copy Provider;C:\Windows\System32\svchost.exe -k swprv [2009-7-14 27136]
S3 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 TCPIP6;Microsoft IPv6 Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-10-11 1903552]
S3 TDPIPE;TDPIPE;C:\Windows\System32\drivers\tdpipe.sys [2009-7-14 15872]
S3 TDTCP;TDTCP;C:\Windows\System32\drivers\tdtcp.sys [2012-12-7 23552]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TermService;Remote Desktop Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
S3 THREADORDER;Thread Ordering Server;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2012-12-9 194048]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\Windows\System32\drivers\tssecsrv.sys [2013-8-15 39936]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-3 56832]
S3 uagp35;Microsoft AGPv3.5 Filter;C:\Windows\System32\drivers\UAGP35.SYS [2009-7-14 64080]
S3 UI0Detect;Interactive Services Detection;C:\Windows\System32\UI0Detect.exe [2009-7-14 40960]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\System32\drivers\ULIAGPKX.SYS [2009-7-14 64592]
S3 UmPass;Microsoft UMPass Driver;C:\Windows\System32\drivers\umpass.sys [2009-7-14 9728]
S3 UmRdpService;Remote Desktop Services UserMode Port Redirector;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 upnphost;UPnP Device Host;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 usb_rndisx;USB RNDIS Adapter;C:\Windows\System32\drivers\usb8023x.sys [2013-3-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbaudio;USB Audio Driver (WDM);C:\Windows\System32\drivers\USBAUDIO.sys [2013-10-11 109824]
S3 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\System32\drivers\usbcir.sys [2013-10-11 100864]
S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\System32\drivers\usbprint.sys [2009-7-14 25088]
S3 usbscan;USB Scanner Driver;C:\Windows\System32\drivers\usbscan.sys [2013-10-11 42496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\Windows\System32\drivers\usbuhci.sys [2014-1-15 30720]
S3 usbvideo;USB Video Device (WDM);C:\Windows\System32\drivers\usbvideo.sys [2013-10-11 185344]
S3 VaultSvc;Credential Manager;C:\Windows\System32\lsass.exe [2013-11-14 30720]
S3 VComm;Virtual Serial port driver;C:\Windows\System32\drivers\VComm.sys [2013-9-19 47120]
S3 vds;Virtual Disk;C:\Windows\System32\vds.exe [2012-12-9 533504]
S3 vga;vga;C:\Windows\System32\drivers\vgapnp.sys [2009-7-14 29184]
S3 vhdmp;vhdmp;C:\Windows\System32\drivers\vhdmp.sys [2012-12-9 215936]
S3 viaide;viaide;C:\Windows\System32\drivers\viaide.sys [2009-7-14 17488]
S3 VMBusHID;VMBusHID;C:\Windows\System32\drivers\VMBusHID.sys [2012-12-9 21760]
S3 vsmraid;vsmraid;C:\Windows\System32\drivers\vsmraid.sys [2009-6-10 161872]
S3 VSS;Volume Shadow Copy;C:\Windows\System32\VSSVC.exe [2012-12-9 1600512]
S3 vwifibus;Virtual WiFi Bus Driver;C:\Windows\System32\drivers\vwifibus.sys [2009-7-14 24576]
S3 W32Time;Windows Time;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\System32\drivers\wacompen.sys [2009-7-14 27776]
S3 WANARP;Remote Access IP ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2012-12-9 88576]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-8 1255736]
S3 wbengine;Block Level Backup Engine Service;C:\Windows\System32\wbengine.exe [2012-12-9 1504256]
S3 WbioSrvc;Windows Biometric Service;C:\Windows\System32\svchost.exe -k WbioSvcGroup [2009-7-14 27136]
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 WcsPlugInService;Windows Color System;C:\Windows\System32\svchost.exe -k wcssvc [2009-7-14 27136]
S3 Wd;Wd;C:\Windows\System32\drivers\wd.sys [2009-7-14 21056]
S3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 WebClient;WebClient;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 Wecsvc;Windows Event Collector;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup [2009-7-14 27136]
S3 WIMMount;WIMMount;C:\Windows\System32\drivers\wimmount.sys [2009-7-14 22096]
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
S3 WinUsb;Sony so0101 ADB Interface;C:\Windows\System32\drivers\winusb.sys [2012-12-9 41984]
S3 Wlansvc;WLAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 wmiApSrv;WMI Performance Adapter;C:\Windows\System32\wbem\WmiApSrv.exe [2009-7-14 203264]
S3 WMSVC;Web Management Service;C:\Windows\System32\inetsrv\WMSvc.exe [2009-7-14 10752]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S3 WPCSvc;Parental Controls;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-14 23040]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S3 WwanSvc;WWAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21;C:\Windows\System32\drivers\xusb21.sys [2009-4-8 68992]
S3 ZuneNetworkSvc;Zune Network Sharing Service;C:\Program Files\Zune\ZuneNss.exe [2011-8-5 8277728]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\Program Files\Zune\ZuneWlanCfgSvc.exe [2011-8-5 467680]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-8 257928]
S4 AppHostSvc;Application Host Helper Service;C:\Windows\System32\svchost.exe -k apphost [2009-7-14 27136]
S4 Apple Mobile Device;Apple Mobile Device;C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]
S4 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
S4 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-2 915584]
S4 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-12-7 586880]
S4 BlueSoleil Hid Service;BlueSoleil Hid Service;C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe [2007-12-27 166520]
S4 bthserv;Bluetooth Support Service;C:\Windows\System32\svchost.exe -k bthsvcs [2009-7-14 27136]
S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86;C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-7-13 66384]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-13 89920]
S4 crcdisk;Crcdisk Filter Driver;C:\Windows\System32\drivers\crcdisk.sys [2009-7-14 24144]
S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2014-3-25 151648]
S4 Fax;Fax;C:\Windows\System32\FXSSVC.exe [2012-12-9 689152]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-7 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-7 136176]
S4 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]
S4 IDriverT;InstallDriver Table Manager;C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-4-4 69632]
S4 iPod Service;iPod Service;C:\Program Files\iPod\bin\iPodService.exe [2013-5-31 641352]
S4 Mcx2Svc;Media Center Extender Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper;C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 NetMsmqActivator;Net.Msmq Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-9-11 139856]
S4 NetTcpActivator;Net.Tcp Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-9-11 139856]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-9-11 139856]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2014-4-3 794272]
S4 RemoteAccess;Routing and Remote Access;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2014-1-18 155824]
S4 Start BT in service;Start BT in service;C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-8 411936]
S4 udfs;udfs;C:\Windows\System32\drivers\udfs.sys [2012-12-9 328192]
S4 W3SVC;World Wide Web Publishing Service;C:\Windows\System32\svchost.exe -k iissvcs [2009-7-14 27136]
.
=============== File Associations ===============
.
FileExt: .bat: batfile="%1" %*
FileExt: .cmd: cmdfile="%1" %*
FileExt: .com: ComFile="%1" %*
FileExt: .exe: exefile="%1" %*
FileExt: .pif: piffile="%1" %*
FileExt: .scr: scrfile="%1" /S
FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .chm: chm.file="C:\Windows\hh.exe" %1
FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .vbs: VBSFile=C:\Windows\System32\WScript.exe "%1" %* [UserChoice]
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
ShellExec: 7zFM.exe: open="C:\Program Files\7-Zip\7zFM.exe" "%1"
ShellExec: 7zG.exe: open="C:\Program Files\7-Zip\7zG.exe" "%1"
ShellExec: AcroRD32.exe: Read="C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" "%1"
ShellExec: djvuviewer.exe: open="C:\Program Files (x86)\DjVu Viewer\djvuviewer.exe" "%1"
ShellExec: DTAgent.exe: open="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -shellmount "%1"
ShellExec: ehshell.exe: open="C:\Windows\eHome\ehshell.exe" "%1"
ShellExec: FastPictureViewer.exe: open="C:\Program Files\FastPictureViewer\FastPictureViewer.exe" "%1"
ShellExec: firefox.exe: open="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" "%1"
ShellExec: hfsexplorer.exe: open=C:\Program Files (x86)\HFSExplorer\hfsexplorer.exe "%1"
ShellExec: iexplore.exe: open="C:\Program Files\Internet Explorer\iexplore.exe" %1
ShellExec: ImgBurn.exe: open="C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE WRITE /SOURCE "%1"
ShellExec: iTunes.exe: open="C:\Program Files (x86)\iTunes\iTunes.exe" /open "%L"
ShellExec: iTunes.exe: play="C:\Program Files (x86)\iTunes\iTunes.exe" /play "%L"
ShellExec: mpl.exe: open="C:\Program Files (x86)\MediaPlayerLite\mpl.exe" "%1"
ShellExec: mpl.exe: play="C:\Program Files (x86)\MediaPlayerLite\mpl.exe" "%1"
ShellExec: mspaint.exe: edit="C:\Windows\System32\mspaint.exe" "%1"
ShellExec: notepad.exe: edit=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: notepad.exe: open=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: photoviewer.dll: open=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: photoviewer.dll: print=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: PictureViewer.exe: open=C:\Program Files (x86)\QuickTime\PictureViewer.exe "%1"
ShellExec: PowerISO.exe: open=C:\Program Files (x86)\PowerISO\PowerISO.exe "%1"
ShellExec: SimCity: open=C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe "%1" -dataDir:C:\Program Files (x86)\Origin Games\SimCity\SimCityData\
ShellExec: uTorrent.exe: open="C:\Users\SABER\AppData\Roaming\uTorrent\uTorrent.exe" "%1"
ShellExec: vlc.exe: Open="C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
ShellExec: WhoCrashed.exe: open="C:\Program Files\WhoCrashed\WhoCrashed.exe" "%1"
ShellExec: WinRAR.exe: open="C:\Program Files (x86)\WinRAR\WinRAR.exe" "%1"
ShellExec: winword.exe: edit="C:\Program Files\Microsoft Office\Office15\WINWORD.EXE" /n "%1"
ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"
ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"
ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"
ShellExec: write.exe: open="C:\Windows\write.exe" "%1"
ShellExec: zune.exe: open=C:\Program Files\Zune\Zune.exe /PlayMedia:"%L"
ShellExec: zune.exe: play=C:\Program Files\Zune\Zune.exe /Play:"%L"
.
=============== Created Last 60 ================
.
2014-04-07 18:28:39 -------- d-sh--w- C:\$RECYCLE.BIN
2014-04-07 18:13:15 -------- d-----w- C:\Users\SABER\AppData\Roaming\Process Hacker 2
2014-04-07 18:06:33 -------- d-----w- C:\Program Files\Process Hacker 2
2014-04-06 20:51:11 511328 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2014-04-06 20:46:17 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll
2014-04-06 20:46:15 -------- d-----w- C:\Users\SABER\AppData\Roaming\iolo
2014-04-06 20:46:15 -------- d-----w- C:\ProgramData\iolo
2014-04-06 20:34:01 -------- d-----w- C:\ProgramData\REGSERVO64
2014-04-06 03:51:27 -------- d-----w- C:\Windows\temp
2014-04-06 03:34:18 98816 ----a-w- C:\Windows\sed.exe
2014-04-06 03:34:18 80412 ----a-w- C:\Windows\grep.exe
2014-04-06 03:34:18 68096 ----a-w- C:\Windows\zip.exe
2014-04-06 03:34:18 60416 ----a-w- C:\Windows\NIRCMD.exe
2014-04-06 03:34:18 518144 ----a-w- C:\Windows\SWREG.exe
2014-04-06 03:34:18 406528 ----a-w- C:\Windows\SWSC.exe
2014-04-06 03:34:18 256000 ----a-w- C:\Windows\PEV.exe
2014-04-06 03:34:18 208896 ----a-w- C:\Windows\MBR.exe
2014-04-06 02:29:10 -------- d---a-w- C:\Qoobox
2014-04-06 02:28:36 -------- d-----w- C:\Windows\erdnt
2014-04-06 02:02:47 -------- d-----w- C:\Windows\Migration
2014-04-05 21:15:53 -------- d-----w- C:\Windows\System32\msmq
2014-04-04 18:03:24 -------- d-----w- C:\Users\SABER\AppData\Roaming\Registry Mechanic
2014-04-03 20:46:02 880640 ----a-w- C:\Windows\SysWow64\UniBox10.ocx
2014-04-03 20:46:02 513696 ----a-w- C:\Windows\SysWow64\msxml.dll
2014-04-03 20:46:02 41632 ----a-w- C:\Windows\System32\CleanMFT64.exe
2014-04-03 20:46:02 212992 ----a-w- C:\Windows\SysWow64\UniBoxVB12.ocx
2014-04-03 20:46:02 1101824 ----a-w- C:\Windows\SysWow64\UniBox210.ocx
2014-04-03 20:46:00 -------- d-----w- C:\Program Files (x86)\PC Tools
2014-04-03 20:46:00 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2014-04-03 20:45:43 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-04-03 20:45:43 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-04-03 20:44:47 -------- d-----w- C:\ProgramData\PC Tools
2014-04-03 20:44:46 -------- d-----w- C:\Users\SABER\AppData\Roaming\Product_RM
2014-04-03 20:38:12 -------- d-----w- C:\Program Files (x86)\Registry Mechanic
2014-04-03 16:44:56 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2014-04-03 16:44:54 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2014-04-03 16:44:54 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2014-04-03 16:44:54 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-03 16:44:54 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-03 16:44:53 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-04-03 16:44:53 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2014-04-03 16:44:53 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2014-04-03 16:44:53 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-04-03 16:44:53 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2014-04-03 16:44:53 420864 ----a-w- C:\Windows\System32\wksprt.exe
2014-04-03 16:44:53 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2014-04-03 16:44:53 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2014-04-03 16:44:53 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2014-04-03 16:44:53 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2014-04-03 16:44:52 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2014-04-03 16:44:52 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll
2014-04-03 16:44:46 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-04-03 16:44:46 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-04-03 16:22:28 710 ----a-w- C:\FixitRegBackup.reg
2014-04-02 23:35:04 -------- d-----w- C:\Users\SABER\AppData\Local\Sony
2014-04-02 23:34:33 -------- d-----w- C:\Users\SABER\AppData\Roaming\Sony
2014-04-02 21:33:12 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-04-02 21:33:12 92784 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
2014-04-02 21:33:12 878024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2014-04-02 21:33:12 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2014-04-02 21:33:12 647280 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2014-04-02 21:33:12 5779568 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2014-04-02 21:33:12 53360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2014-04-02 21:33:12 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2014-04-02 21:33:12 398960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
2014-04-02 21:33:12 3642480 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-02 21:33:12 34072 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
2014-04-02 21:33:12 307824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2014-04-02 21:33:12 28272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2014-04-02 21:33:12 276592 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
2014-04-02 21:33:12 275568 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2014-04-02 21:33:12 23186032 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2014-04-02 21:33:12 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2014-04-02 21:33:12 209472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-04-02 21:33:12 194552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2014-04-02 21:33:12 18544 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2014-04-02 21:33:12 1791600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nss3.dll
2014-04-02 21:33:12 170960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2014-04-02 21:33:12 17008 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2014-04-02 21:33:12 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2014-04-02 21:33:12 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2014-04-02 21:33:12 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2014-04-02 21:33:12 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2014-04-02 21:33:12 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2014-04-02 21:33:12 152688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
2014-04-02 21:33:12 142448 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2014-04-02 21:33:12 119408 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2014-04-02 21:33:12 117360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2014-04-02 21:33:11 75376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2014-04-02 21:33:11 46704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-04-02 21:33:11 20080 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2014-04-02 21:33:11 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox
2014-03-29 23:34:59 -------- d-----w- C:\Users\SABER\AppData\Roaming\TeamViewer
2014-03-27 22:58:57 -------- d-----w- C:\Users\SABER\AppData\Roaming\PMDG
2014-03-27 21:38:52 552960 ----a-w- C:\Windows\SysWow64\RAASAUDIO32.dll
2014-03-27 21:38:52 -------- d-----w- C:\Users\SABER\AppData\Roaming\RAASPRO
2014-03-27 21:38:47 -------- d-----w- C:\Program Files (x86)\PMDG Operations Center
2014-03-26 02:18:57 -------- d-----w- C:\Output
2014-03-26 02:16:41 -------- d-----w- C:\Program Files (x86)\Free Word-Doc to Pdf Converter&Creator
2014-03-26 02:13:26 -------- d-----w- C:\Users\SABER\AppData\Roaming\Softland
2014-03-26 02:13:25 1700352 ----a-w- C:\Windows\System32\GdiPlus.dll
2014-03-25 17:19:26 120320 ----a-w- C:\Windows\System32\E_ILMHAE.DLL
2014-03-25 17:19:26 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL
2014-03-25 17:19:25 83968 ----a-w- C:\Windows\System32\E_ID4BHAE.DLL
2014-03-24 00:56:14 -------- d-----w- C:\Users\SABER\AppData\Roaming\Landwirt2014
2014-03-20 11:41:37 -------- d-----w- C:\Program Files (x86)\astragon
2014-03-19 23:08:51 -------- d-----w- C:\Program Files (x86)\DjVu Viewer
2014-03-19 23:04:33 -------- d-----w- C:\Windows\WICCodecs
2014-03-19 23:04:33 -------- d-----w- C:\ProgramData\FastPictureViewer
2014-03-19 23:04:28 -------- d-----w- C:\Program Files\FastPictureViewer
2014-03-12 21:13:06 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-12 21:13:06 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-12 21:13:06 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-12 21:13:05 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-12 21:13:05 32768 ----a-w- C:\Windows\SysWow64\iernonce.dll
2014-03-12 21:13:05 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-12 21:13:05 2765824 ----a-w- C:\Windows\System32\iertutil.dll
2014-03-12 21:13:05 2168320 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-03-12 21:13:05 184320 ----a-w- C:\Program Files (x86)\Internet Explorer\F12Tools.dll
2014-03-12 21:13:04 999936 ----a-w- C:\Program Files (x86)\Internet Explorer\networkinspection.dll
2014-03-12 21:13:04 808152 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-03-12 21:13:04 806104 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-03-12 21:13:04 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-12 21:13:04 524288 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-03-12 21:13:04 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-12 21:13:04 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-03-12 21:13:04 33792 ----a-w- C:\Windows\System32\iernonce.dll
2014-03-12 21:13:04 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-12 21:13:04 271360 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2014-03-12 21:13:04 251392 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-03-12 21:13:04 17074688 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-03-12 21:13:04 1156096 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-03-12 21:13:03 7211520 ----a-w- C:\Program Files\Internet Explorer\F12Resources.dll
2014-03-12 21:13:03 627200 ----a-w- C:\Windows\System32\msfeeds.dll
2014-03-12 21:13:03 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-12 21:13:03 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-12 21:13:03 440832 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-03-12 21:13:03 43008 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-03-12 21:13:03 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-12 21:13:03 259072 ----a-w- C:\Program Files\Internet Explorer\F12Tools.dll
2014-03-12 21:13:03 218624 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-03-12 21:13:03 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-12 21:13:03 1393664 ----a-w- C:\Windows\System32\urlmon.dll
2014-03-12 21:13:03 1127424 ----a-w- C:\Program Files\Internet Explorer\networkinspection.dll
2014-03-12 21:13:03 11266048 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-03-12 21:13:02 722432 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2014-03-12 21:13:02 703488 ----a-w- C:\Windows\SysWow64\ieapfltr.dll
2014-03-12 21:13:02 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-12 21:13:02 574976 ----a-w- C:\Windows\System32\ieui.dll
2014-03-12 21:13:02 53760 ----a-w- C:\Windows\System32\jsproxy.dll
2014-03-12 21:13:02 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-03-12 21:13:02 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-12 21:13:02 235224 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2014-03-12 21:13:02 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-12 21:13:02 1837056 ----a-w- C:\Program Files\Internet Explorer\MemoryAnalyzer.dll
2014-03-12 21:13:02 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-12 21:13:02 1739776 ----a-w- C:\Program Files\Internet Explorer\F12.dll
2014-03-12 21:13:02 164864 ----a-w- C:\Windows\SysWow64\msrating.dll
2014-03-12 21:13:02 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-12 21:13:02 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-12 21:13:01 817664 ----a-w- C:\Windows\System32\ieapfltr.dll
2014-03-12 21:13:01 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-12 21:13:01 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-12 21:13:01 353280 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-03-12 21:13:01 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-12 21:13:01 195584 ----a-w- C:\Windows\System32\msrating.dll
2014-03-12 21:13:01 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-12 21:13:01 13051904 ----a-w- C:\Windows\System32\ieframe.dll
2014-03-12 21:13:00 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-12 21:13:00 293080 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2014-03-12 21:13:00 23133696 ----a-w- C:\Windows\System32\mshtml.dll
2014-03-12 21:09:14 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 21:09:14 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-12 21:07:37 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 21:07:37 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-08 22:19:35 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-03-06 23:22:13 -------- d-----w- C:\Users\SABER\AppData\Roaming\NEC Projector User Supportware
2014-03-06 23:22:13 -------- d-----w- C:\Program Files (x86)\NEC Projector User Supportware
2014-03-05 05:14:55 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2014-03-05 05:14:55 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2014-03-05 05:14:55 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2014-03-05 05:14:55 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2014-03-05 05:14:27 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2014-02-20 00:39:25 -------- d-----w- C:\Program Files (x86)\CyberScrub Privacy Suite
2014-02-19 00:17:23 -------- d-----w- C:\Program Files (x86)\GTA IV Vehicle Mod Installer
2014-02-16 23:51:20 -------- d-----w- C:\ProgramData\YTD Video Downloader
2014-02-16 22:46:28 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
2014-02-13 23:21:00 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-13 23:21:00 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-13 17:56:22 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-13 17:56:22 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-13 17:56:21 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-13 17:56:21 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-13 17:56:17 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2014-02-13 17:56:17 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2014-02-13 17:56:17 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2014-02-13 17:56:17 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2014-02-13 17:56:17 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2014-02-13 17:56:17 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2014-02-13 17:56:17 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2014-02-13 17:56:17 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2014-02-13 17:56:17 528384 ----a-w- C:\Windows\System32\msdrm.dll
2014-02-13 17:56:17 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2014-02-13 17:56:17 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2014-02-13 17:56:17 488448 ----a-w- C:\Windows\System32\secproc.dll
2014-02-13 17:56:17 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2014-02-13 17:56:17 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2014-02-13 17:56:17 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2014-02-13 17:56:17 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2014-02-13 17:56:17 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2014-02-13 17:56:17 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2014-02-13 17:56:16 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-13 17:56:16 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-13 17:56:16 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-13 17:56:16 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-12 17:57:15 -------- d-----w- C:\Users\SABER\AppData\Roaming\TuxPaint
2014-02-12 17:57:07 -------- d-----w- C:\Program Files (x86)\TuxPaint
2014-02-10 00:43:41 -------- d-----w- C:\Users\SABER\AppData\Roaming\NVIDIA
2014-02-09 01:31:52 -------- d-----w- C:\Program Files (x86)\Test My Hardware
.
==================== Find6M  ====================
.
2014-04-05 23:21:27 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-05 23:21:27 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-02 13:05:02 90015360 ----a-w- C:\Windows\System32\MRT.exe
2014-01-21 02:54:53 1048152 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-01-21 02:54:22 1179576 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-01-18 04:05:41 27760 ----a-w- C:\Windows\System32\drivers\ggsemc.sys
2014-01-18 04:05:40 14448 ----a-w- C:\Windows\System32\drivers\ggflt.sys
2014-01-18 03:17:56 196096 ----a-w- C:\Program Files (x86)\Removepycrypto.exe
2014-01-15 21:53:13 6712608 ----a-w- C:\Windows\System32\nvcpl.dll
2014-01-15 21:53:13 3498272 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-01-15 21:53:08 923936 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-01-15 21:53:08 63776 ----a-w- C:\Windows\System32\nvshext.dll
2014-01-15 21:53:08 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-01-15 21:53:08 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-01-13 22:31:20 3559557 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-12-27 18:42:26 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-12-27 18:42:16 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-12-27 18:42:16 33056 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-12-18 17:19:54 252688 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2013-12-18 17:16:44 154896 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2013-12-18 17:16:44 140560 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2013-12-18 17:16:44 126736 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2013-12-18 17:13:30 204048 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2013-11-28 13:38:22 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-11-28 13:38:18 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-25 01:48:36 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-22 08:36:08 1515296 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2013-11-20 06:13:43 263040 --s-a-w- C:\Windows\System32\hal.dll
2013-11-19 23:06:56 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-11-19 23:06:56 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-07 00:13:12 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-23 01:05:08 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-14 18:00:00 28368 ----a-w- C:\Windows\System32\IEUDINIT.EXE
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2009-12-06 17:18:14 26624 --sh--w- C:\Windows\bfcs2.dll
.
============= FINISH: 19:37:50.78 ===============
 

Attached Files


Edited by rogers2580, 07 April 2014 - 03:26 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 PM

Posted 08 April 2014 - 08:07 AM





Hello rogers2580,

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 rogers2580

rogers2580
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 08 April 2014 - 09:28 AM

This is my FRST.TXT file

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by SABER (administrator) on SABER-PC on 07-04-2014 21:23:30
Running from C:\Users\SABER\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files (x86)\WAN Miniport IP\ndiswan.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\system32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_start.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [MsmqIntCert] - regsvr32 /s mqrt.dll
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SSDMonitor] - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\BitDefender <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKU\S-1-5-21-1081987573-2304323192-2215364477-1000\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-1081987573-2304323192-2215364477-1000\...\Run: [AlcoholAutomount] - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [33120 2009-11-15] (Alcohol Soft Development Team)
HKU\S-1-5-21-1081987573-2304323192-2215364477-1000\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-22] (Garmin Ltd or its subsidiaries)
Startup: C:\Users\SABER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l7vqod8z.lnk
ShortcutTarget: l7vqod8z.lnk -> C:\PROGRA~3\z8doqv7l.cpp (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x51955B4D8F52CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyCtA0C0D0AtAtCyEzztBtAtN0D0Tzu0CyCtCyEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1278581426&ir=
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ArcadeFrontier Addon - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SearchNewTab - {E656D257-7E0F-FF5B-AF2E-9068D52FF0B2} -  No File
BHO-x32: No Name - {1C100CD2-4C64-22D9-8C92-36CD560DB9D9} -  No File
BHO-x32: TWatchTorrentsHelper - {2EEE3B00-A4F8-4819-A336-1B547FA954BF} - C:\Program Files (x86)\WatchTorrents Player\WatchTorrentsHelper.dll ()
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - MyStart Toolbar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} -  No File
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.6.2.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} https://img.ui-portal.de/os/activex/gmxinc_osupload_2002.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\SABER\AppData\Roaming\Mozilla\Firefox\Profiles\zo6nuyfo.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_3&ent=hp_4981&src=4981
FF Keyword.URL: hxxp://www.mystart.com/results.php?pr=vmn&id=mystarttb&v=5_3&ent=bs____campaignID___&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Koox Group LLC/WatchTorrents Player,version=1.0.0.0 - C:\Program Files (x86)\WatchTorrents Player\npwtplayer.dll (Koox Group LLC)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\SABER\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\SABER\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\SABER\AppData\Roaming\Mozilla\Firefox\Profiles\zo6nuyfo.default\searchplugins\mixidj-v30-customized-web-search.xml
FF SearchPlugin: C:\Users\SABER\AppData\Roaming\Mozilla\Firefox\Profiles\zo6nuyfo.default\searchplugins\yahoo_ff.xml
FF Extension: MixiDJ Toolbar - C:\Users\SABER\AppData\Roaming\Mozilla\Firefox\Profiles\zo6nuyfo.default\Extensions\ffxtlbr@mixidj.com [2013-10-05]
FF Extension: ArcadeFrontier - C:\Users\SABER\AppData\Roaming\Mozilla\Firefox\Profiles\zo6nuyfo.default\Extensions\{1a68cbde-3e4c-4fae-bf49-af5ab9868e53} [2014-03-01]
FF Extension: MyStart Toolbar - C:\Users\SABER\AppData\Roaming\Mozilla\Firefox\Profiles\zo6nuyfo.default\Extensions\{607b689f-7600-45e4-b8e5-887f72dab15c} [2013-12-30]
FF Extension: leethax.net extension - C:\Users\SABER\AppData\Roaming\Mozilla\Firefox\Profiles\zo6nuyfo.default\Extensions\leethax@leethax.net.xpi [2013-06-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-02]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-04-16]
FF HKLM-x32\...\Firefox\Extensions: [jid1-vpu7aD5IBmKRFA@jetpack] - C:\Program Files (x86)\WatchTorrents Player\jid1-vpu7aD5IBmKRFA@jetpack.xpi
FF Extension: No Name - C:\Program Files (x86)\WatchTorrents Player\jid1-vpu7aD5IBmKRFA@jetpack.xpi [2013-06-27]

Chrome:
=======
CHR HomePage: hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_3&ent=hp_4981&src=4981
CHR DefaultSearchKeyword: omiga-plus
CHR DefaultSearchProvider: omiga-plus
CHR DefaultSearchURL: http://isearch.omiga-plus.com/web/?type=ds&ts=1383420502&from=mlv&uid=395049983_1052576_00004823&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Skype Click to Call) - C:\Users\SABER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-01]
CHR Extension: (WatchTorrents) - C:\Users\SABER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpafocldgpkgojfbjigddelmfjmffkee [2013-06-27]
CHR Extension: (Google Wallet) - C:\Users\SABER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-16]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\SABER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-12-26]
CHR Extension: (ArcadeFrontier) - C:\Users\SABER\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl [2014-03-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
CHR HKLM-x32\...\Chrome\Extension: [mpafocldgpkgojfbjigddelmfjmffkee] - C:\Program Files (x86)\WatchTorrents Player\mpafocldgpkgojfbjigddelmfjmffkee.crx [2013-06-27]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-04-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
S4 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S4 BlueSoleil Hid Service; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe [166520 2007-12-27] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-22] (Garmin Ltd or its subsidiaries)
S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
R2 MSSQL$ACCUCHEK360; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
S4 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S4 Start BT in service; C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [51816 2007-12-27] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
S4 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)
R2 xndi; C:\Program Files (x86)\WAN Miniport IP\ndiswan.exe [40960 2011-04-06] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40232 2013-09-13] (Google Inc)
R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [50456 2012-11-02] (Paragon Software Group)
R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [312184 2010-09-21] ()
R1 ArcSec; C:\Windows\SysWOW64\drivers\ArcSec.sys [312184 2010-09-21] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R4 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R4 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R4 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R4 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R4 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)
S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [37896 2007-06-24] (IVT Corporation.)
S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [37896 2007-06-24] (IVT Corporation.)
S3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [37384 2007-06-24] (IVT Corporation.)
S3 BlueletSCOAudio; C:\Windows\SysWOW64\DRIVERS\BlueletSCOAudio.sys [37384 2007-06-24] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\SysWOW64\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\SysWOW64\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\SysWOW64\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-04] (www.winchiphead.com)
S3 Cmprvg; C:\Windows\System32\drivers\Cmprvg.sys [223488 2012-05-23] (Compro Technology Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-05] (DT Soft Ltd)
R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [60184 2012-11-02] (Paragon Software Group)
S3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [200472 2012-11-02] (Paragon Software Group)
R2 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [15128 2012-11-02] (Paragon Software Group)
R4 KProcessHacker2; C:\Program Files\Process Hacker 2\kprocesshacker.sys [39576 2013-11-13] (wj32)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [42264 2012-11-02] (Paragon Software Group)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SaiK0836; C:\Windows\System32\DRIVERS\SaiK0836.sys [172040 2010-06-17] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-06-05] ()
S3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
S3 VComm; C:\Windows\SysWOW64\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\SysWOW64\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows ® Win 7 DDK provider)
U3 ayhcnql0; C:\Windows\System32\Drivers\ayhcnql0.sys [0 ] (Microsoft Corporation)
U4 bdselfpr;
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
U4 vsserv;

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\amd_sata.sys EE4797DFEBBE8ACDB548DD8E80BE0A88
C:\Windows\System32\DRIVERS\amd_xata.sys D56EAD71A86FD2ACAE2DB47D0A6A3A41
C:\Windows\System32\Drivers\wsadb.sys 1C95002CE0AB71D9C81B7DC2D790E4C2
C:\Windows\System32\DRIVERS\apmwin.sys 30DD0C49F246AFB79F4DE5850FA0CE87
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\drivers\ArcSec.sys A7409B5C0E35DDEE64F16F3054E5530B
C:\Windows\SysWOW64\drivers\ArcSec.sys A7409B5C0E35DDEE64F16F3054E5530B
C:\Windows\SysWow64\drivers\AsIO.sys FEF9DD9EA587F8886ADE43C1BEFBDAFE
C:\Windows\System32\DRIVERS\asmthub3.sys 954950D11ADA98AC1B7EE3C770E4622C
C:\Windows\System32\DRIVERS\asmtxhci.sys 01DBB05DB1DB95803E3C9F2B49AFE79C
C:\Windows\SysWow64\drivers\AsUpIO.sys 1392B92179B07B672720763D9B1028A5
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgidsdrivera.sys 92B7689FBC131E143421A19C18320E34
C:\Windows\System32\DRIVERS\avgidsha.sys C8D9EEACF266512C1FA52E2ECF5AD944
C:\Windows\System32\DRIVERS\avgldx64.sys FACD18A89FDEBC35C85CAF762B294BE2
C:\Windows\System32\DRIVERS\avgloga.sys 29FCDEAC6086FB7E55344B51E35D99CE
C:\Windows\System32\DRIVERS\avgmfx64.sys 85053293DCDE19829E8691A9E9E8A6FF
C:\Windows\System32\DRIVERS\avgrkx64.sys E191E443B0F7B05E784279A1C29B9D2A
C:\Windows\System32\DRIVERS\avgtdia.sys 69BD90E337625F96C718CACE7A9C9E29
C:\Windows\system32\drivers\avgtpx64.sys A1F53D2A00E64679A1D81B61D2333D06
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blueletaudio.sys DAA72C9154459E613EED88502624C340
C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys DAA72C9154459E613EED88502624C340
C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys 8AF05BCB15D846E1E8B34AF0635879C9
C:\Windows\SysWOW64\DRIVERS\BlueletSCOAudio.sys 8AF05BCB15D846E1E8B34AF0635879C9
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btnetdrv.sys 0F890E854FCBE98F4574ACC6423FCCEF
C:\Windows\SysWOW64\DRIVERS\btnetdrv.sys 0F890E854FCBE98F4574ACC6423FCCEF
C:\Windows\System32\Drivers\vbtenum.sys E49A371185D5E79C103765DA93856EE1
C:\Windows\SysWOW64\Drivers\vbtenum.sys E49A371185D5E79C103765DA93856EE1
C:\Windows\System32\Drivers\BTHidMgr.sys 8FA060B557C7DE309D2D5C16C3DA2EF6
C:\Windows\SysWOW64\Drivers\BTHidMgr.sys 8FA060B557C7DE309D2D5C16C3DA2EF6
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\Drivers\CH341S64.SYS C58EC27035731337ADD1326880086B16
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\drivers\Cmprvg.sys 3EFDF292DBCB228711A5429051485CBA
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 388039F99CE8769024EE0438352ACA99
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 46571ED73AE84469DCA53081D33CF3C8
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 86F7951BBCEE4A86E79A97306BD14318
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\drivers\ftdibus.sys F16370F37CCA72ED2C21C230333C2C11
C:\Windows\System32\drivers\ftser2k.sys 787BBE2466C36B2E36B4A41BB788E2A2
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\DRIVERS\ggflt.sys 16C2A6BCDDA8952C2035DEC861492A19
C:\Windows\System32\DRIVERS\ggsemc.sys 6B503DF845EABF3457E49FBBDA26C10E
C:\Windows\System32\DRIVERS\gpt_loader.sys 6CF2DBB11AD0704677048B2D30E57809
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hfsplus.sys 9E99C9783A4E11EE1D13485D396C7042
C:\Windows\System32\DRIVERS\hfsplusrec.sys C6B9A2464E73CDE93917B5B74FF797A3
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_jucdcacm.sys 91971BCD780D6063DF90DE4F1DF10C2F
C:\Windows\System32\DRIVERS\ew_jucdcecm.sys 53D3E56CB36C9DDE9B7CDB5447DA0E80
C:\Windows\System32\DRIVERS\ew_jubusenum.sys CCE3DB0BA3C615CAA321EB1301532688
C:\Windows\System32\DRIVERS\ew_juextctrl.sys C4BC37B9E5E54A50B2AA458F1FCA428C
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\jraid.sys 23A70C99813D554337500396188B9A07
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Program Files\Process Hacker 2\kprocesshacker.sys C80E5F6861DF5E983DC17B9EEE224748
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lvpopf64.sys B2085E335F2B57077B0CBADB6F1245CD
C:\Windows\System32\DRIVERS\lvrs64.sys 986C1CB787A007BAA5F74E7D316D7246
C:\Windows\System32\DRIVERS\lvuvc64.sys 5747BC465ABEA2858C5D037252AED84E
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mounthlp.sys AE6FC074FAC386504886B0F6744CD303
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\mqac.sys CD22D2563039DDA6793F7624719363A7
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netaapl64.sys 6F4607E2333FE21E9E3FF8133A88B35B
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys E366A5681C50785D4ED04FCFD65C3415
C:\Windows\System32\DRIVERS\nvlddmkm.sys 06B19EBFE9E43E0F6072252B397E4361
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\System32\drivers\nvvad64v.sys 939C0FAE9CC0CDD69E6508BDE4C11FE5
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\system32\drivers\regi.sys 84C83C7577407C4FF6AB1379EE944610
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 7B04C9843921AB1F695FB395422C5360
C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys 344604E6913BD6E4EAEC34AF2E0943D7
C:\Windows\System32\DRIVERS\RMCAST.sys CAF88D6573D21CD2AA27001DDBFDC74D
C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SaiK0836.sys 2B44FF231CAC210A32904C310FB476CD
C:\Windows\System32\DRIVERS\SaiMini.sys B08581EDF3290210D3366CD2D992F6C2
C:\Windows\System32\drivers\SaiBus.sys D086C2F45D328C2F63FC6B4CD79FCB66
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SCDEmu.sys 6CE6F98EA3D07A9C2CE3CD0A5A86352D
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snapman.sys 32CDE417100C530964E79C53B4E994CA
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssudmdm.sys AAF6F247F1DC370C593B4430974EAD9C
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbfilter.sys 504901430B6E03B99EBB6BF26E0868C6
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\DRIVERS\VBoxDrv.sys 8DB40EB504AE9C10558675035B4B4A4A
C:\Windows\System32\DRIVERS\VBoxNetAdp.sys 9C24F61B36E7305AC42DC41881A2C97C
C:\Windows\System32\DRIVERS\VBoxNetFlt.sys 4B3B9912BBA05473BE94E61334971858
C:\Windows\System32\DRIVERS\VBoxUSBMon.sys DD8F22BA8DD0F2A9A1D5D93023441FE0
C:\Windows\System32\DRIVERS\VComm.sys B9B0A0B9232A51BBDE9F28CA41716D61
C:\Windows\SysWOW64\DRIVERS\VComm.sys B9B0A0B9232A51BBDE9F28CA41716D61
C:\Windows\System32\Drivers\VcommMgr.sys F1B2D9AC422F8B72BF417C8D77C85A3B
C:\Windows\SysWOW64\Drivers\VcommMgr.sys F1B2D9AC422F8B72BF417C8D77C85A3B
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wcmvcam64.sys 8F105ADE434064ADFBBFBE198513B84F
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\DRIVERS\WSDScan.sys 4A2A5C50DD1A63577D3ACA94269FBC7F
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xusb21.sys 38F55D07B1D3391065C40EC065F984E2
C:\Windows\System32\Drivers\ayhcnql0.sys

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-07 21:18 - 2014-04-07 21:18 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SABER-PC-Microsoft-Windows-7-Professional-(64-bit).dat
2014-04-07 21:17 - 2014-04-07 21:17 - 00000000 ____D () C:\RegBackup
2014-04-07 21:16 - 2014-04-07 21:16 - 00002249 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-04-07 21:16 - 2014-04-07 21:16 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-04-07 21:13 - 2014-04-07 21:15 - 00000000 ____D () C:\Users\SABER\Downloads\Fixlist
2014-04-07 21:10 - 2014-04-07 21:11 - 00000000 ____D () C:\Users\SABER\Documents\avg not running
2014-04-07 21:09 - 2014-04-07 21:09 - 00227567 _____ () C:\Users\SABER\Downloads\Shortcut.txt
2014-04-07 21:07 - 2014-04-07 21:23 - 00047142 _____ () C:\Users\SABER\Downloads\FRST.txt
2014-04-07 21:07 - 2014-04-07 21:09 - 00084891 _____ () C:\Users\SABER\Downloads\Addition.txt
2014-04-07 21:06 - 2014-04-07 21:23 - 00000000 ____D () C:\FRST
2014-04-07 21:06 - 2014-04-07 21:06 - 02157056 _____ (Farbar) C:\Users\SABER\Downloads\FRST64.exe
2014-04-07 20:55 - 2014-04-07 20:55 - 00007325 _____ () C:\Users\SABER\Documents\Attach.zip
2014-04-07 19:38 - 2014-04-07 19:38 - 00100818 _____ () C:\Users\SABER\Documents\DDS.txt
2014-04-07 19:38 - 2014-04-07 19:38 - 00026659 _____ () C:\Users\SABER\Documents\Attach.txt
2014-04-07 19:37 - 2014-04-07 19:37 - 00688992 ____R (Swearware) C:\Users\SABER\Downloads\dds.com
2014-04-07 19:37 - 2014-04-07 19:37 - 00100818 _____ () C:\Users\SABER\Desktop\dds.txt
2014-04-07 19:37 - 2014-04-07 19:37 - 00026659 _____ () C:\Users\SABER\Desktop\attach.txt
2014-04-07 19:28 - 2014-04-07 19:28 - 00039385 _____ () C:\ComboFix.txt
2014-04-07 19:13 - 2014-04-07 19:13 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\Process Hacker 2
2014-04-07 19:06 - 2014-04-07 19:06 - 00001851 _____ () C:\Users\Public\Desktop\Process Hacker 2.lnk
2014-04-07 19:06 - 2014-04-07 19:06 - 00000000 ____D () C:\Program Files\Process Hacker 2
2014-04-06 22:39 - 2014-04-06 22:48 - 00000045 _____ () C:\filesys.txt
2014-04-06 21:51 - 2014-04-06 21:51 - 00000406 _____ () C:\Windows\SysWOW64\ioloBootDefrag.cfg
2014-04-06 21:46 - 2014-04-07 16:50 - 00000000 ____D () C:\ProgramData\iolo
2014-04-06 21:46 - 2014-04-06 21:58 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\iolo
2014-04-06 21:46 - 2014-04-06 21:46 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dll
2014-04-06 21:46 - 2014-04-06 21:46 - 00000000 ____D () C:\Users\SABER\Downloads\System Mechanic 12.5.0.79+Crack
2014-04-06 21:41 - 2014-04-06 21:43 - 00000000 ____D () C:\Users\SABER\Downloads\System Mechanic Professional v10.0.0.68 + Activator [RH]
2014-04-06 21:35 - 2014-04-06 21:35 - 03940568 _____ () C:\Users\SABER\Downloads\REGSERVO_Installer.exe
2014-04-06 21:34 - 2014-04-06 21:34 - 00000000 ____D () C:\ProgramData\REGSERVO64
2014-04-06 19:05 - 2014-04-06 19:06 - 00002442 _____ () C:\Users\SABER\Desktop\Rkill.txt
2014-04-06 04:34 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-06 04:34 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-06 04:34 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-06 04:34 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-06 04:34 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-06 04:34 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-06 04:34 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-06 04:34 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-06 03:29 - 2014-04-07 19:28 - 00000000 ____D () C:\Qoobox
2014-04-06 03:28 - 2014-04-06 05:02 - 00000000 ____D () C:\Windows\erdnt
2014-04-06 00:12 - 2014-04-06 00:12 - 00002702 _____ () C:\Users\SABER\Desktop\Windows Compatibility Report.htm
2014-04-05 23:16 - 2014-04-05 23:17 - 00000000 ____D () C:\Users\SABER\Documents\Security
2014-04-05 22:15 - 2014-04-05 22:15 - 00000000 ____D () C:\Windows\system32\msmq
2014-04-04 19:03 - 2014-04-04 19:03 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\Registry Mechanic
2014-04-04 19:00 - 2014-04-06 19:02 - 00061202 _____ () C:\Windows\SysWOW64\AppLog.log
2014-04-04 19:00 - 2014-04-06 19:00 - 00002472 _____ () C:\Windows\SysWOW64\Engines.log
2014-04-03 23:33 - 2014-04-04 00:06 - 00000000 ____D () C:\Users\SABER\Downloads\MASTER OF HARDCORE EMPIRE OF ETERNITY
2014-04-03 21:54 - 2014-04-07 19:00 - 00000304 _____ () C:\Windows\Tasks\RMSchedule.job
2014-04-03 21:54 - 2014-04-07 18:54 - 00000302 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2014-04-03 21:54 - 2014-04-03 21:54 - 00002880 _____ () C:\Windows\System32\Tasks\RMSchedule
2014-04-03 21:54 - 2014-04-03 21:54 - 00002538 _____ () C:\Windows\System32\Tasks\RMAutoUpdate
2014-04-03 21:46 - 2014-04-03 21:46 - 00001339 _____ () C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
2014-04-03 21:46 - 2014-04-03 21:46 - 00000000 ____D () C:\Program Files (x86)\PC Tools
2014-04-03 21:46 - 2012-08-21 14:44 - 00513696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml.dll
2014-04-03 21:46 - 2012-08-21 14:44 - 00041632 _____ () C:\Windows\system32\CleanMFT64.exe
2014-04-03 21:46 - 2008-04-02 15:54 - 01101824 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox210.ocx
2014-04-03 21:46 - 2008-04-02 15:53 - 00880640 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox10.ocx
2014-04-03 21:46 - 2008-04-02 15:53 - 00212992 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBoxVB12.ocx
2014-04-03 21:45 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-03 21:45 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-03 21:44 - 2014-04-03 21:44 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\Product_RM
2014-04-03 21:44 - 2014-04-03 21:44 - 00000000 ____D () C:\ProgramData\PC Tools
2014-04-03 21:42 - 2014-04-03 21:42 - 00000000 ____D () C:\Users\SABER\Downloads\PC Tools Registry Mechanic v11.1.0.214 With Key [h33t][iahq76]
2014-04-03 21:38 - 2014-04-03 21:43 - 00000000 ____D () C:\Program Files (x86)\Registry Mechanic
2014-04-03 18:39 - 2014-04-03 18:58 - 00000414 _____ () C:\Users\SABER\Desktop\avgrep.txt
2014-04-03 17:44 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-03 17:44 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-03 17:44 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-03 17:44 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-03 17:44 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-03 17:44 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-03 17:44 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-03 17:44 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-03 17:44 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-04-03 17:44 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-04-03 17:44 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-03 17:44 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-03 17:44 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-04-03 17:44 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-03 17:44 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-04-03 17:44 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-04-03 17:44 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-03 17:44 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-04-03 17:41 - 2014-04-03 17:41 - 00002153 _____ () C:\Windows\epplauncher.mif
2014-04-03 17:22 - 2014-04-03 17:22 - 00000710 _____ () C:\FixitRegBackup.reg
2014-04-03 17:16 - 2014-04-07 17:39 - 05195663 ____R (Swearware) C:\Users\SABER\Downloads\ComboFix.exe
2014-04-03 00:35 - 2014-04-06 23:30 - 00000000 ____D () C:\Users\SABER\AppData\Local\Sony
2014-04-03 00:34 - 2014-04-03 01:14 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\Sony
2014-04-03 00:23 - 2014-04-03 21:27 - 00000000 ____D () C:\Users\SABER\Downloads\SONY Sound Forge Audio Studio 10.0 Build 252
2014-04-03 00:07 - 2014-04-03 00:21 - 00000000 ____D () C:\Users\SABER\Downloads\satan's beats
2014-04-02 23:41 - 2014-04-02 23:55 - 00000000 ____D () C:\Users\SABER\Downloads\Mix TJR
2014-04-02 22:33 - 2014-04-03 21:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-31 18:21 - 2014-03-31 18:22 - 00000000 ____D () C:\Users\SABER\Downloads\The Ring Two (2005)720p BDRip[Hindi(224Kbps)-Eng]DD5.1-DGrea8
2014-03-31 15:41 - 2014-03-31 15:41 - 00000206 _____ () C:\Users\SABER\Desktop\Thumbnail.url
2014-03-30 16:15 - 2014-03-30 16:15 - 00000000 ____D () C:\Users\SABER\Desktop\New folder
2014-03-30 00:34 - 2014-03-30 00:34 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\TeamViewer
2014-03-29 14:49 - 2014-04-03 21:27 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2014-03-29 14:49 - 2014-03-29 14:49 - 00002136 _____ () C:\Users\SABER\Desktop\Minecraft.lnk
2014-03-29 14:45 - 2014-04-03 21:27 - 00000000 ____D () C:\Users\SABER\Downloads\Minecraft 1.7.4 by TeamExtremeMc.com
2014-03-29 00:56 - 2014-03-29 00:56 - 00001055 _____ () C:\Users\SABER\Desktop\VirtualDJ PRO Full.lnk
2014-03-29 00:28 - 2014-03-29 00:29 - 00000000 ____D () C:\Users\SABER\Downloads\Virtual DJ Pro 7.4 Build 453 Final Multilanguage - SceneDL
2014-03-28 23:41 - 2014-03-29 00:02 - 00000000 ____D () C:\Users\SABER\Downloads\Enochian Crescent
2014-03-27 23:58 - 2014-03-27 23:58 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\PMDG
2014-03-27 22:38 - 2014-03-28 00:08 - 00000000 ____D () C:\Program Files (x86)\PMDG Operations Center
2014-03-27 22:38 - 2014-03-27 22:38 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\RAASPRO
2014-03-27 22:38 - 2013-07-30 12:34 - 00552960 _____ () C:\Windows\SysWOW64\RAASAUDIO32.dll
2014-03-27 22:37 - 2014-03-27 22:37 - 00000000 ____D () C:\Users\SABER\Downloads\PMDG_777_200LRF
2014-03-27 22:35 - 2013-09-03 01:06 - 92250112 _____ (Precision Manuals Development Group) C:\Users\SABER\Desktop\pmdg_777x.dll
2014-03-27 14:50 - 2014-04-05 16:48 - 00000000 ____D () C:\Users\SABER\Downloads\car list
2014-03-27 00:07 - 2014-03-27 00:10 - 816057955 ____R () C:\Users\SABER\Downloads\PMDG_777_200LRF.zip
2014-03-26 16:33 - 2014-03-26 17:39 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-03-26 03:23 - 2014-03-26 03:26 - 00000000 ____D () C:\Users\SABER\Downloads\Rio (2011)
2014-03-26 03:18 - 2014-03-26 03:18 - 00000000 ____D () C:\Output
2014-03-26 03:16 - 2014-04-05 23:06 - 00000000 ____D () C:\Program Files (x86)\Free Word-Doc to Pdf Converter&Creator
2014-03-26 03:13 - 2014-03-26 03:13 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\Softland
2014-03-26 03:13 - 2010-11-25 13:17 - 00007549 _____ () C:\Windows\system32\dopdf7.ctm
2014-03-26 03:13 - 2010-02-05 16:00 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2014-03-25 21:46 - 2014-03-25 21:50 - 00000411 _____ () C:\Users\SABER\Desktop\Already tagged.url
2014-03-25 18:19 - 2014-03-25 18:18 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMHAE.DLL
2014-03-25 18:19 - 2014-03-25 18:18 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BHAE.DLL
2014-03-25 18:19 - 2014-03-25 18:18 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2014-03-25 08:32 - 2014-04-03 21:27 - 00000000 ____D () C:\Users\SABER\Downloads\Camping Manager 2012-FASiSO
2014-03-24 01:56 - 2014-03-24 01:56 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\Landwirt2014
2014-03-24 00:26 - 2014-03-24 00:26 - 00000000 ____D () C:\Users\SABER\Documents\Camping Manager 2012
2014-03-22 18:01 - 2014-03-22 18:01 - 00000000 ____D () C:\Users\SABER\Downloads\DOLLY_DEAREST
2014-03-21 15:44 - 2014-03-21 15:49 - 1307617280 ____R () C:\Users\SABER\Downloads\t-p f20 14.iso
2014-03-20 17:02 - 2014-03-20 17:02 - 03103191 _____ () C:\Users\SABER\Desktop\Apples and Bananas.rar
2014-03-20 12:41 - 2014-03-24 01:11 - 00000000 ____D () C:\Program Files (x86)\astragon
2014-03-20 11:54 - 2014-03-24 00:45 - 00000000 ____D () C:\Users\SABER\Downloads\Camping.Manager.2012-FASiSO
2014-03-20 00:08 - 2014-03-20 00:08 - 00001052 _____ () C:\Users\Public\Desktop\DjVu Viewer.lnk
2014-03-20 00:08 - 2014-03-20 00:08 - 00000000 ____D () C:\Program Files (x86)\DjVu Viewer
2014-03-20 00:04 - 2014-03-20 00:04 - 00000000 ____D () C:\Windows\WICCodecs
2014-03-20 00:04 - 2014-03-20 00:04 - 00000000 ____D () C:\ProgramData\FastPictureViewer
2014-03-20 00:04 - 2014-03-20 00:04 - 00000000 ____D () C:\Program Files\FastPictureViewer
2014-03-18 23:23 - 2014-03-19 00:13 - 00000000 ____D () C:\Users\SABER\Downloads\astra projection binaural beats
2014-03-18 21:42 - 2014-03-18 21:42 - 00005090 _____ () C:\Users\SABER\Documents\NVIDIA System Information 03-18-2014 20-42-18.txt
2014-03-18 21:42 - 2014-03-18 21:42 - 00005090 _____ () C:\Users\SABER\Documents\NVIDIA System Information 03-18-2014 20-42-04.txt
2014-03-18 21:36 - 2014-03-18 21:36 - 00249613 _____ () C:\Users\SABER\Downloads\nvidiaInspector.zip
2014-03-18 21:36 - 2013-07-19 23:04 - 00611840 _____ (Orbmu2k) C:\Users\SABER\Desktop\nvidiaInspector.exe
2014-03-18 21:34 - 2014-03-18 21:34 - 03820082 _____ () C:\Users\SABER\Documents\NVIDIA Profiles.txt
2014-03-18 02:47 - 2014-03-18 15:36 - 00000000 ____D () C:\Users\SABER\Downloads\Satanism & Left-hand Path
2014-03-18 02:43 - 2014-03-18 03:16 - 00000000 ____D () C:\Users\SABER\Downloads\Satanism [57 e-books]
2014-03-18 02:35 - 2014-03-18 02:54 - 1800158312 ____R () C:\Users\SABER\Downloads\The Biggest Conspiracy.avi
2014-03-18 02:30 - 2014-03-18 03:40 - 670061086 ____R () C:\Users\SABER\Downloads\The All Seeing Eye.avi
2014-03-16 15:39 - 2014-04-06 19:01 - 00000000 ___RD () C:\Users\SABER\Desktop\GAMES
2014-03-16 02:49 - 2014-03-16 02:49 - 00000570 _____ () C:\Users\SABER\Documents\MY DEMONS.txt
2014-03-14 21:12 - 2014-03-14 21:13 - 00000000 ____D () C:\Users\SABER\Downloads\I.Am.Legend[2007]DvDrip[Eng]-aXXo
2014-03-14 19:23 - 2014-03-14 19:26 - 00000000 ____D () C:\Users\SABER\Downloads\Paranormal Activity 4 (2012) [1080p]
2014-03-12 22:14 - 2014-03-12 22:34 - 00000000 ____D () C:\Users\SABER\Downloads\Playback.2012.HDRiP.AC3-2.0.XviD-SiC
2014-03-12 22:13 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 22:13 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 22:13 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 22:13 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 22:13 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 22:13 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 22:13 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 22:13 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 22:13 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 22:13 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 22:13 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 22:13 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 22:13 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 22:13 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 22:13 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 22:13 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 22:13 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 22:13 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 22:13 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 22:13 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 22:13 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 22:13 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 22:13 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 22:13 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 22:13 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 22:13 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 22:13 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 22:13 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 22:13 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 22:13 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 22:13 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 22:13 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 22:13 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 22:13 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 22:13 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 22:13 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 22:13 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 22:13 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 22:13 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 22:13 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 22:13 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 22:13 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 22:13 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 22:13 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 22:09 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 22:09 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 22:07 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 22:07 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-08 23:19 - 2014-01-15 23:35 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

==================== One Month Modified Files and Folders =======

2014-04-07 21:23 - 2014-04-07 21:07 - 00047142 _____ () C:\Users\SABER\Downloads\FRST.txt
2014-04-07 21:23 - 2014-04-07 21:06 - 00000000 ____D () C:\FRST
2014-04-07 21:18 - 2014-04-07 21:18 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SABER-PC-Microsoft-Windows-7-Professional-(64-bit).dat
2014-04-07 21:17 - 2014-04-07 21:17 - 00000000 ____D () C:\RegBackup
2014-04-07 21:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-04-07 21:16 - 2014-04-07 21:16 - 00002249 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-04-07 21:16 - 2014-04-07 21:16 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-04-07 21:15 - 2014-04-07 21:13 - 00000000 ____D () C:\Users\SABER\Downloads\Fixlist
2014-04-07 21:12 - 2013-05-04 12:10 - 00000000 ____D () C:\Users\SABER\AppData\Local\Apps\2.0
2014-04-07 21:11 - 2014-04-07 21:10 - 00000000 ____D () C:\Users\SABER\Documents\avg not running
2014-04-07 21:09 - 2014-04-07 21:09 - 00227567 _____ () C:\Users\SABER\Downloads\Shortcut.txt
2014-04-07 21:09 - 2014-04-07 21:07 - 00084891 _____ () C:\Users\SABER\Downloads\Addition.txt
2014-04-07 21:06 - 2014-04-07 21:06 - 02157056 _____ (Farbar) C:\Users\SABER\Downloads\FRST64.exe
2014-04-07 20:55 - 2014-04-07 20:55 - 00007325 _____ () C:\Users\SABER\Documents\Attach.zip
2014-04-07 20:54 - 2012-12-07 14:18 - 01216843 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 20:46 - 2012-12-07 18:04 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-07 20:46 - 2012-12-07 18:04 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-07 20:40 - 2013-06-23 23:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-07 19:38 - 2014-04-07 19:38 - 00100818 _____ () C:\Users\SABER\Documents\DDS.txt
2014-04-07 19:38 - 2014-04-07 19:38 - 00026659 _____ () C:\Users\SABER\Documents\Attach.txt
2014-04-07 19:37 - 2014-04-07 19:37 - 00688992 ____R (Swearware) C:\Users\SABER\Downloads\dds.com
2014-04-07 19:37 - 2014-04-07 19:37 - 00100818 _____ () C:\Users\SABER\Desktop\dds.txt
2014-04-07 19:37 - 2014-04-07 19:37 - 00026659 _____ () C:\Users\SABER\Desktop\attach.txt
2014-04-07 19:28 - 2014-04-07 19:28 - 00039385 _____ () C:\ComboFix.txt
2014-04-07 19:28 - 2014-04-06 03:29 - 00000000 ____D () C:\Qoobox
2014-04-07 19:23 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-07 19:17 - 2013-11-16 19:06 - 00004956 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for SABER-PC-SABER SABER-PC
2014-04-07 19:13 - 2014-04-07 19:13 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\Process Hacker 2
2014-04-07 19:13 - 2013-12-30 14:08 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1081987573-2304323192-2215364477-1000UA.job
2014-04-07 19:06 - 2014-04-07 19:06 - 00001851 _____ () C:\Users\Public\Desktop\Process Hacker 2.lnk
2014-04-07 19:06 - 2014-04-07 19:06 - 00000000 ____D () C:\Program Files\Process Hacker 2
2014-04-07 19:02 - 2009-07-14 05:45 - 00025760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 19:02 - 2009-07-14 05:45 - 00025760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 19:00 - 2014-04-03 21:54 - 00000304 _____ () C:\Windows\Tasks\RMSchedule.job
2014-04-07 18:54 - 2014-04-03 21:54 - 00000302 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2014-04-07 18:54 - 2009-07-14 05:51 - 00003725 _____ () C:\Windows\setupact.log
2014-04-07 18:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-07 18:52 - 2012-12-07 18:11 - 00601326 _____ () C:\Windows\PFRO.log
2014-04-07 17:39 - 2014-04-03 17:16 - 05195663 ____R (Swearware) C:\Users\SABER\Downloads\ComboFix.exe
2014-04-07 17:17 - 2013-01-11 19:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-07 17:03 - 2012-12-07 23:30 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{41DE554C-5DBE-4A98-9425-9E90EA3984AB}
2014-04-07 16:51 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-07 16:50 - 2014-04-06 21:46 - 00000000 ____D () C:\ProgramData\iolo
2014-04-07 15:52 - 2012-12-08 23:28 - 00000000 ____D () C:\Program Files (x86)\KaraKEYoke 3
2014-04-07 15:47 - 2013-04-06 16:27 - 00073174 _____ () C:\Windows\iis7.log
2014-04-07 15:47 - 2012-12-07 14:38 - 00000000 ____D () C:\Users\SABER
2014-04-07 02:45 - 2013-11-17 22:48 - 00000000 ____D () C:\Users\SABER\AppData\Local\CrashDumps
2014-04-07 01:42 - 2013-02-11 22:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-07 01:19 - 2013-04-18 23:35 - 00000000 ____D () C:\Users\SABER\Documents\VirtualDJ
2014-04-06 23:30 - 2014-04-03 00:35 - 00000000 ____D () C:\Users\SABER\AppData\Local\Sony
2014-04-06 23:30 - 2014-01-18 04:49 - 00000000 ____D () C:\ProgramData\Sony
2014-04-06 23:30 - 2014-01-18 04:49 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-04-06 22:48 - 2014-04-06 22:39 - 00000045 _____ () C:\filesys.txt
2014-04-06 21:58 - 2014-04-06 21:46 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\iolo
2014-04-06 21:53 - 2012-12-07 14:40 - 00000000 ___RD () C:\Users\SABER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-06 21:52 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-04-06 21:51 - 2014-04-06 21:51 - 00000406 _____ () C:\Windows\SysWOW64\ioloBootDefrag.cfg
2014-04-06 21:51 - 2012-12-10 23:57 - 00003242 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-04-06 21:47 - 2012-12-08 23:13 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\uTorrent
2014-04-06 21:46 - 2014-04-06 21:46 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dll
2014-04-06 21:46 - 2014-04-06 21:46 - 00000000 ____D () C:\Users\SABER\Downloads\System Mechanic 12.5.0.79+Crack
2014-04-06 21:43 - 2014-04-06 21:41 - 00000000 ____D () C:\Users\SABER\Downloads\System Mechanic Professional v10.0.0.68 + Activator [RH]
2014-04-06 21:35 - 2014-04-06 21:35 - 03940568 _____ () C:\Users\SABER\Downloads\REGSERVO_Installer.exe
2014-04-06 21:34 - 2014-04-06 21:34 - 00000000 ____D () C:\ProgramData\REGSERVO64
2014-04-06 21:07 - 2012-12-07 23:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-06 20:06 - 2009-07-14 06:13 - 00905856 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-06 19:06 - 2014-04-06 19:05 - 00002442 _____ () C:\Users\SABER\Desktop\Rkill.txt
2014-04-06 19:02 - 2014-04-04 19:00 - 00061202 _____ () C:\Windows\SysWOW64\AppLog.log
2014-04-06 19:01 - 2014-03-16 15:39 - 00000000 ___RD () C:\Users\SABER\Desktop\GAMES
2014-04-06 19:00 - 2014-04-04 19:00 - 00002472 _____ () C:\Windows\SysWOW64\Engines.log
2014-04-06 13:13 - 2013-12-30 14:08 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1081987573-2304323192-2215364477-1000Core.job
2014-04-06 08:02 - 2012-12-10 22:34 - 00889722 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-06 05:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-04-06 05:07 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-04-06 05:02 - 2014-04-06 03:28 - 00000000 ____D () C:\Windows\erdnt
2014-04-06 04:51 - 2009-07-14 03:34 - 45875200 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-04-06 04:51 - 2009-07-14 03:34 - 105644032 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-04-06 04:51 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-04-06 04:51 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-04-06 04:51 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-04-06 02:33 - 2013-12-04 08:52 - 00013714 _____ () C:\Windows\IE11_main.log
2014-04-06 00:21 - 2013-06-23 23:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-06 00:21 - 2012-12-08 18:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-06 00:21 - 2012-12-08 18:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-06 00:13 - 2013-11-19 18:25 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-04-06 00:13 - 2013-11-19 18:25 - 00001908 _____ () C:\Windows\diagerr.xml
2014-04-06 00:12 - 2014-04-06 00:12 - 00002702 _____ () C:\Users\SABER\Desktop\Windows Compatibility Report.htm
2014-04-06 00:11 - 2009-07-14 05:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-05 23:26 - 2009-07-14 05:45 - 00469224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-05 23:25 - 2012-12-07 18:05 - 00000000 ____D () C:\Program Files\Google
2014-04-05 23:25 - 2012-12-07 18:04 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-05 23:17 - 2014-04-05 23:16 - 00000000 ____D () C:\Users\SABER\Documents\Security
2014-04-05 23:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-04-05 23:11 - 2012-12-07 17:07 - 00122376 _____ () C:\Users\SABER\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-05 23:06 - 2014-03-26 03:16 - 00000000 ____D () C:\Program Files (x86)\Free Word-Doc to Pdf Converter&Creator
2014-04-05 23:04 - 2012-12-07 18:04 - 00000000 ____D () C:\Users\SABER\AppData\Local\Google
2014-04-05 22:15 - 2014-04-05 22:15 - 00000000 ____D () C:\Windows\system32\msmq
2014-04-05 22:15 - 2013-04-06 16:26 - 00000000 ____D () C:\inetpub
2014-04-05 22:15 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\system32\0409
2014-04-05 22:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-04-05 16:48 - 2014-03-27 14:50 - 00000000 ____D () C:\Users\SABER\Downloads\car list
2014-04-05 13:59 - 2013-09-19 17:58 - 00000000 ____D () C:\Program Files\KMSpico
2014-04-04 19:03 - 2014-04-04 19:03 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\Registry Mechanic
2014-04-04 00:06 - 2014-04-03 23:33 - 00000000 ____D () C:\Users\SABER\Downloads\MASTER OF HARDCORE EMPIRE OF ETERNITY
2014-04-03 22:06 - 2014-03-01 19:06 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeFrontier
2014-04-03 22:06 - 2013-08-23 13:08 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Carenado Cessna U206G Stationair 6 II
2014-04-03 21:54 - 2014-04-03 21:54 - 00002880 _____ () C:\Windows\System32\Tasks\RMSchedule
2014-04-03 21:54 - 2014-04-03 21:54 - 00002538 _____ () C:\Windows\System32\Tasks\RMAutoUpdate
2014-04-03 21:46 - 2014-04-03 21:46 - 00001339 _____ () C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
2014-04-03 21:46 - 2014-04-03 21:46 - 00000000 ____D () C:\Program Files (x86)\PC Tools
2014-04-03 21:44 - 2014-04-03 21:44 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\Product_RM
2014-04-03 21:44 - 2014-04-03 21:44 - 00000000 ____D () C:\ProgramData\PC Tools
2014-04-03 21:43 - 2014-04-03 21:38 - 00000000 ____D () C:\Program Files (x86)\Registry Mechanic
2014-04-03 21:42 - 2014-04-03 21:42 - 00000000 ____D () C:\Users\SABER\Downloads\PC Tools Registry Mechanic v11.1.0.214 With Key [h33t][iahq76]
2014-04-03 21:28 - 2014-04-02 22:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-03 21:28 - 2012-12-30 00:24 - 00000000 ____D () C:\Program Files (x86)\VirtualDJ
2014-04-03 21:28 - 2012-12-07 18:25 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-03 21:27 - 2014-04-03 00:23 - 00000000 ____D () C:\Users\SABER\Downloads\SONY Sound Forge Audio Studio 10.0 Build 252
2014-04-03 21:27 - 2014-03-29 14:49 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2014-04-03 21:27 - 2014-03-29 14:45 - 00000000 ____D () C:\Users\SABER\Downloads\Minecraft 1.7.4 by TeamExtremeMc.com
2014-04-03 21:27 - 2014-03-25 08:32 - 00000000 ____D () C:\Users\SABER\Downloads\Camping Manager 2012-FASiSO
2014-04-03 21:27 - 2013-12-18 02:34 - 00000000 ____D () C:\Users\SABER\Downloads\30 Nights of Paranormal Activity With The Devil Inside The Girl With The Dragon Tattoo (2013)
2014-04-03 21:27 - 2013-10-13 17:13 - 00000000 ____D () C:\Users\SABER\Downloads\Paragon HFS+ for Windows 10.0 Full Premium
2014-04-03 21:27 - 2013-07-19 21:43 - 00000000 ____D () C:\Users\SABER\Downloads\GTA-IV-v1.0.7.0-Crack.Only-CUE
2014-04-03 21:27 - 2012-12-30 00:24 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2014-04-03 21:27 - 2012-12-13 23:05 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-04-03 21:27 - 2009-07-14 08:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-03 21:27 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-03 21:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\schemas
2014-04-03 21:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-04-03 18:58 - 2014-04-03 18:39 - 00000414 _____ () C:\Users\SABER\Desktop\avgrep.txt
2014-04-03 17:41 - 2014-04-03 17:41 - 00002153 _____ () C:\Windows\epplauncher.mif
2014-04-03 17:22 - 2014-04-03 17:22 - 00000710 _____ () C:\FixitRegBackup.reg
2014-04-03 01:14 - 2014-04-03 00:34 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\Sony
2014-04-03 00:21 - 2014-04-03 00:07 - 00000000 ____D () C:\Users\SABER\Downloads\satan's beats
2014-04-02 23:55 - 2014-04-02 23:41 - 00000000 ____D () C:\Users\SABER\Downloads\Mix TJR
2014-04-01 18:50 - 2013-01-22 20:41 - 00000000 ____D () C:\Users\SABER\Documents\ConvertXToDVD
2014-04-01 18:49 - 2013-01-22 20:39 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\Vso
2014-03-31 18:32 - 2014-01-02 23:07 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\.minecraft
2014-03-31 18:22 - 2014-03-31 18:21 - 00000000 ____D () C:\Users\SABER\Downloads\The Ring Two (2005)720p BDRip[Hindi(224Kbps)-Eng]DD5.1-DGrea8
2014-03-31 15:41 - 2014-03-31 15:41 - 00000206 _____ () C:\Users\SABER\Desktop\Thumbnail.url
2014-03-30 16:35 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-30 16:15 - 2014-03-30 16:15 - 00000000 ____D () C:\Users\SABER\Desktop\New folder
2014-03-30 00:34 - 2014-03-30 00:34 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\TeamViewer
2014-03-29 14:49 - 2014-03-29 14:49 - 00002136 _____ () C:\Users\SABER\Desktop\Minecraft.lnk
2014-03-29 00:56 - 2014-03-29 00:56 - 00001055 _____ () C:\Users\SABER\Desktop\VirtualDJ PRO Full.lnk
2014-03-29 00:29 - 2014-03-29 00:28 - 00000000 ____D () C:\Users\SABER\Downloads\Virtual DJ Pro 7.4 Build 453 Final Multilanguage - SceneDL
2014-03-29 00:20 - 2014-02-17 00:52 - 00000000 ____D () C:\Users\SABER\Downloads\melbourne beats
2014-03-29 00:02 - 2014-03-28 23:41 - 00000000 ____D () C:\Users\SABER\Downloads\Enochian Crescent
2014-03-28 01:18 - 2013-12-31 00:04 - 00000000 ____D () C:\megaSceneryEarth
2014-03-28 00:08 - 2014-03-27 22:38 - 00000000 ____D () C:\Program Files (x86)\PMDG Operations Center
2014-03-28 00:02 - 2012-12-13 19:52 - 00000000 ____D () C:\Users\SABER\Documents\Flight Simulator X Files
2014-03-27 23:58 - 2014-03-27 23:58 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\PMDG
2014-03-27 22:40 - 2013-01-29 18:21 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-03-27 22:38 - 2014-03-27 22:38 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\RAASPRO
2014-03-27 22:38 - 2012-12-07 18:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-27 22:37 - 2014-03-27 22:37 - 00000000 ____D () C:\Users\SABER\Downloads\PMDG_777_200LRF
2014-03-27 00:10 - 2014-03-27 00:07 - 816057955 ____R () C:\Users\SABER\Downloads\PMDG_777_200LRF.zip
2014-03-26 23:42 - 2013-01-06 22:55 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-03-26 21:41 - 2012-12-07 18:04 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-26 21:41 - 2012-12-07 18:04 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-26 17:39 - 2014-03-26 16:33 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-03-26 17:26 - 2013-05-25 00:07 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\vlc
2014-03-26 03:26 - 2014-03-26 03:23 - 00000000 ____D () C:\Users\SABER\Downloads\Rio (2011)
2014-03-26 03:18 - 2014-03-26 03:18 - 00000000 ____D () C:\Output
2014-03-26 03:13 - 2014-03-26 03:13 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\Softland
2014-03-25 21:50 - 2014-03-25 21:46 - 00000411 _____ () C:\Users\SABER\Desktop\Already tagged.url
2014-03-25 18:18 - 2014-03-25 18:19 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMHAE.DLL
2014-03-25 18:18 - 2014-03-25 18:19 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BHAE.DLL
2014-03-25 18:18 - 2014-03-25 18:19 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2014-03-24 01:57 - 2013-10-13 14:58 - 00000000 ____D () C:\Users\SABER\AppData\Local\SKIDROW
2014-03-24 01:56 - 2014-03-24 01:56 - 00000000 ____D () C:\Users\SABER\AppData\Roaming\Landwirt2014
2014-03-24 01:11 - 2014-03-20 12:41 - 00000000 ____D () C:\Program Files (x86)\astragon
2014-03-24 00:45 - 2014-03-20 11:54 - 00000000 ____D () C:\Users\SABER\Downloads\Camping.Manager.2012-FASiSO
2014-03-24 00:26 - 2014-03-24 00:26 - 00000000 ____D () C:\Users\SABER\Documents\Camping Manager 2012
2014-03-22 18:01 - 2014-03-22 18:01 - 00000000 ____D () C:\Users\SABER\Downloads\DOLLY_DEAREST
2014-03-21 15:49 - 2014-03-21 15:44 - 1307617280 ____R () C:\Users\SABER\Downloads\t-p f20 14.iso
2014-03-20 18:06 - 2013-08-20 22:09 - 00000000 ____D () C:\Users\SABER\Downloads\firefox
2014-03-20 17:02 - 2014-03-20 17:02 - 03103191 _____ () C:\Users\SABER\Desktop\Apples and Bananas.rar
2014-03-20 00:08 - 2014-03-20 00:08 - 00001052 _____ () C:\Users\Public\Desktop\DjVu Viewer.lnk
2014-03-20 00:08 - 2014-03-20 00:08 - 00000000 ____D () C:\Program Files (x86)\DjVu Viewer
2014-03-20 00:04 - 2014-03-20 00:04 - 00000000 ____D () C:\Windows\WICCodecs
2014-03-20 00:04 - 2014-03-20 00:04 - 00000000 ____D () C:\ProgramData\FastPictureViewer
2014-03-20 00:04 - 2014-03-20 00:04 - 00000000 ____D () C:\Program Files\FastPictureViewer
2014-03-19 21:33 - 2014-01-03 22:17 - 1589583203 ____R () C:\Users\SABER\Downloads\MegaSceneryEarth Arizona (33 and 37 only).rar
2014-03-19 04:04 - 2013-07-16 23:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 04:00 - 2012-12-13 23:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-19 00:13 - 2014-03-18 23:23 - 00000000 ____D () C:\Users\SABER\Downloads\astra projection binaural beats
2014-03-18 21:42 - 2014-03-18 21:42 - 00005090 _____ () C:\Users\SABER\Documents\NVIDIA System Information 03-18-2014 20-42-18.txt
2014-03-18 21:42 - 2014-03-18 21:42 - 00005090 _____ () C:\Users\SABER\Documents\NVIDIA System Information 03-18-2014 20-42-04.txt
2014-03-18 21:36 - 2014-03-18 21:36 - 00249613 _____ () C:\Users\SABER\Downloads\nvidiaInspector.zip
2014-03-18 21:34 - 2014-03-18 21:34 - 03820082 _____ () C:\Users\SABER\Documents\NVIDIA Profiles.txt
2014-03-18 16:39 - 2013-11-15 14:12 - 00000000 ____D () C:\Users\SABER\Downloads\Windows 8.1 Activator 09-11-2013 - SRZ
2014-03-18 15:36 - 2014-03-18 02:47 - 00000000 ____D () C:\Users\SABER\Downloads\Satanism & Left-hand Path
2014-03-18 03:40 - 2014-03-18 02:30 - 670061086 ____R () C:\Users\SABER\Downloads\The All Seeing Eye.avi
2014-03-18 03:16 - 2014-03-18 02:43 - 00000000 ____D () C:\Users\SABER\Downloads\Satanism [57 e-books]
2014-03-18 02:54 - 2014-03-18 02:35 - 1800158312 ____R () C:\Users\SABER\Downloads\The Biggest Conspiracy.avi
2014-03-16 02:49 - 2014-03-16 02:49 - 00000570 _____ () C:\Users\SABER\Documents\MY DEMONS.txt
2014-03-15 23:04 - 2013-07-19 15:15 - 00000000 ____D () C:\Users\SABER\Documents\Rockstar Games
2014-03-15 20:01 - 2013-01-17 21:43 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-03-15 18:43 - 2012-12-07 18:05 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 21:13 - 2014-03-14 21:12 - 00000000 ____D () C:\Users\SABER\Downloads\I.Am.Legend[2007]DvDrip[Eng]-aXXo
2014-03-14 19:26 - 2014-03-14 19:23 - 00000000 ____D () C:\Users\SABER\Downloads\Paranormal Activity 4 (2012) [1080p]
2014-03-13 23:02 - 2014-01-30 21:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-13 22:55 - 2012-12-16 22:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 22:55 - 2012-12-16 22:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 01:28 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-03-12 22:34 - 2014-03-12 22:14 - 00000000 ____D () C:\Users\SABER\Downloads\Playback.2012.HDRiP.AC3-2.0.XviD-SiC
2014-03-12 22:14 - 2014-03-04 23:59 - 00000000 ____D () C:\Users\SABER\Downloads\гташка4 эпизоды
2014-03-12 22:14 - 2014-01-18 00:49 - 00000000 ____D () C:\Users\SABER\Downloads\OS X Mavericks 10.9 Retail VMware Image
2014-03-10 03:57 - 2013-05-04 12:10 - 00000000 ____D () C:\Users\SABER\AppData\Local\Deployment
2014-03-09 23:42 - 2014-03-07 03:02 - 00000000 ___RD () C:\Users\SABER\Desktop\FOLDERS
2014-03-09 23:32 - 2014-02-16 23:27 - 00000000 ____D () C:\Users\SABER\Downloads\Angel song list
2014-03-08 23:19 - 2014-02-03 00:20 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-08 23:17 - 2014-02-03 00:18 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-08 03:15 - 2014-03-05 00:15 - 00000000 ____D () C:\Users\SABER\Downloads\GTA IV - Episodes from Liberty City

Files to move or delete:
====================
C:\ProgramData\l7vqod8z.fee
C:\Windows\SysWOW64\WinMonitor.exe
C:\Windows\SysWOW64\libs.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=G:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
integrityservices       Enable
default                 {current}
resumeobject            {127fc694-40b3-11e2-9a18-cdbc918e7a3f}
displayorder            {8af04add-50d7-11e3-aa63-95d52bba181a}
                        {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {127fc696-40b3-11e2-9a18-cdbc918e7a3f}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {127fc694-40b3-11e2-9a18-cdbc918e7a3f}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {127fc696-40b3-11e2-9a18-cdbc918e7a3f}
device                  ramdisk=[C:]\Recovery\127fc696-40b3-11e2-9a18-cdbc918e7a3f\Winre.wim,{127fc697-40b3-11e2-9a18-cdbc918e7a3f}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\127fc696-40b3-11e2-9a18-cdbc918e7a3f\Winre.wim,{127fc697-40b3-11e2-9a18-cdbc918e7a3f}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {127fc69a-40b3-11e2-9a18-cdbc918e7a3f}
device                  ramdisk=[G:]\Recovery\127fc69a-40b3-11e2-9a18-cdbc918e7a3f\Winre.wim,{127fc69b-40b3-11e2-9a18-cdbc918e7a3f}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
custom:15000065         3
custom:15000066         3
osdevice                ramdisk=[G:]\Recovery\127fc69a-40b3-11e2-9a18-cdbc918e7a3f\Winre.wim,{127fc69b-40b3-11e2-9a18-cdbc918e7a3f}
systemroot              \windows
nx                      OptIn
custom:250000c2         1
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {127fc69c-40b3-11e2-9a18-cdbc918e7a3f}
device                  unknown
path                    \Windows\system32\winload.exe
description             Windows ™ Code Name "Longhorn" Preinstallation Environment (recovered)
locale                  en-US
osdevice                unknown
systemroot              \Windows
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {127fc69f-40b3-11e2-9a18-cdbc918e7a3f}
device                  ramdisk=[G:]\Recovery\127fc69f-40b3-11e2-9a18-cdbc918e7a3f\Winre.wim,{127fc6a0-40b3-11e2-9a18-cdbc918e7a3f}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
custom:15000065         3
custom:15000066         3
osdevice                ramdisk=[G:]\Recovery\127fc69f-40b3-11e2-9a18-cdbc918e7a3f\Winre.wim,{127fc6a0-40b3-11e2-9a18-cdbc918e7a3f}
systemroot              \windows
nx                      OptIn
custom:250000c2         1
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {8af04add-50d7-11e3-aa63-95d52bba181a}
device                  partition=N:
path                    \Windows\system32\winload.exe
description             Windows 8
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {127fc69f-40b3-11e2-9a18-cdbc918e7a3f}
integrityservices       Enable
recoveryenabled         Yes
custom:17000077         352321653
osdevice                partition=N:
systemroot              \Windows
resumeobject            {8af04adc-50d7-11e3-aa63-95d52bba181a}
nx                      OptIn
custom:250000c2         1

Resume from Hibernate
---------------------
identifier              {127fc694-40b3-11e2-9a18-cdbc918e7a3f}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {127fc69d-40b3-11e2-9a18-cdbc918e7a3f}
device                  partition=N:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {127fc69f-40b3-11e2-9a18-cdbc918e7a3f}
recoveryenabled         Yes
custom:17000077         352321653
filedevice              partition=N:
filepath                \hiberfil.sys
custom:25000008         1
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {8af04adc-50d7-11e3-aa63-95d52bba181a}
device                  partition=N:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {127fc69f-40b3-11e2-9a18-cdbc918e7a3f}
recoveryenabled         Yes
custom:17000077         352321653
filedevice              partition=N:
filepath                \hiberfil.sys
custom:25000008         1
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=G:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {127fc697-40b3-11e2-9a18-cdbc918e7a3f}
description             Ramdisk Options
ramdisksdidevice        unknown
ramdisksdipath          \Recovery\127fc696-40b3-11e2-9a18-cdbc918e7a3f\boot.sdi

Device options
--------------
identifier              {127fc69b-40b3-11e2-9a18-cdbc918e7a3f}
description             Windows Recovery
ramdisksdidevice        partition=G:
ramdisksdipath          \Recovery\127fc69a-40b3-11e2-9a18-cdbc918e7a3f\boot.sdi

Device options
--------------
identifier              {127fc6a0-40b3-11e2-9a18-cdbc918e7a3f}
description             Windows Recovery
ramdisksdidevice        partition=G:
ramdisksdipath          \Recovery\127fc69f-40b3-11e2-9a18-cdbc918e7a3f\boot.sdi

 

LastRegBack: 2014-03-30 14:43

==================== End Of Log ============================

Attached Files


Edited by rogers2580, 08 April 2014 - 09:29 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 PM

Posted 08 April 2014 - 10:49 AM

Hello rogers2580,



I need you to download this script I have made for you --> Attached File  fixlist.txt   800bytes   2 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 rogers2580

rogers2580
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 09 April 2014 - 10:07 PM

This is the next step u asked the fixlog

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by SABER at 2014-04-10 04:06:05 Run:1
Running from C:\Users\SABER\Downloads\FRST64
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\BitDefender <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\ProgramData\l7vqod8z.fee
C:\Windows\SysWOW64\WinMonitor.exe
C:\Windows\SysWOW64\libs.exe

*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\ProgramData\l7vqod8z.fee => Moved successfully.
C:\Windows\SysWOW64\WinMonitor.exe => Moved successfully.
C:\Windows\SysWOW64\libs.exe => Moved successfully.

==== End of Fixlog ====



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 PM

Posted 09 April 2014 - 11:43 PM



Hello rogers2580

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 rogers2580

rogers2580
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 10 April 2014 - 02:54 PM

this is the results from adwcleanner

 

 

# AdwCleaner v3.023 - Report created 10/04/2014 at 20:46:12
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : SABER - SABER-PC
# Running from : C:\Users\SABER\Downloads\adwcleanner\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\mystarttb
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\Search Protection
Folder Deleted : C:\ProgramData\WinterSoft
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\registry mechanic
Folder Deleted : C:\Users\SABER\AppData\LocalLow\mystarttb
Folder Deleted : C:\Users\SABER\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\SABER\AppData\Roaming\registry mechanic
Folder Deleted : C:\Users\SABER\AppData\Roaming\Mozilla\Firefox\Profiles\zo6nuyfo.default\mystarttb
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Users\SABER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab
Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCB24E92-62C4-4C53-95D2-65F9EED476BC}]
Key Deleted : HKCU\Software\AVG Nation toolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\AVG Nation toolbar
Key Deleted : HKLM\Software\Solvusoft

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\SABER\AppData\Roaming\Mozilla\Firefox\Profiles\zo6nuyfo.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_3&ent=hp_4981&src=4981");
Line Deleted : user_pref("extensions.51784fe86addf.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf[...]
Line Deleted : user_pref("extensions.51784ff62e86c.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf[...]
Line Deleted : user_pref("extensions.517960ce70d25.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf[...]
Line Deleted : user_pref("extensions.r30BaY8zh0Y.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\[...]
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.Services.BHPCode", "01");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.Services.DefaultEvent", "000");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.Services.DefaultWebSite", "000");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.Services.SmartFavCode", "02");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1371041115333");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.Services.BHPCode", "01");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultEvent", "000");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultWebSite", "000");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.Services.IminentClientCode", "11");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.Services.SmartFavCode", "02");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1371041248327");
Line Deleted : user_pref("keyword.URL", "hxxp://www.mystart.com/results.php?pr=vmn&id=mystarttb&v=5_3&ent=bs____campaignID___&q=");

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\SABER\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : search_url
Deleted : homepage

*************************

AdwCleaner[R0].txt - [58176 octets] - [07/11/2013 01:37:12]
AdwCleaner[R1].txt - [6561 octets] - [10/04/2014 20:44:08]
AdwCleaner[S0].txt - [55118 octets] - [07/11/2013 01:40:17]
AdwCleaner[S1].txt - [6498 octets] - [10/04/2014 20:46:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6558 octets] ##########



#8 rogers2580

rogers2580
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 10 April 2014 - 03:05 PM

This is the JRT results

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by SABER on 10/04/2014 at 20:59:13.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1081987573-2304323192-2215364477-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\your product"

 

~~~ FireFox

Successfully deleted: [Folder] C:\Users\SABER\AppData\Roaming\mozilla\firefox\profiles\zo6nuyfo.default\extensions\ffxtlbr@mixidj.com
Successfully deleted: [Folder] C:\Users\SABER\AppData\Roaming\mozilla\firefox\profiles\zo6nuyfo.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}
Emptied folder: C:\Users\SABER\AppData\Roaming\mozilla\firefox\profiles\zo6nuyfo.default\minidumps [55 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/04/2014 at 21:03:40.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#9 rogers2580

rogers2580
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 10 April 2014 - 03:11 PM

just to update you that my pc is working again all programs running with out  a issue so a BIG THANK YOU for your help in solving my problem many thanks

cant thank  you enough.  Is there any thing else need to do???



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 PM

Posted 11 April 2014 - 07:40 AM


Hello rogers2580

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 PM

Posted 15 April 2014 - 07:39 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 PM

Posted 18 April 2014 - 07:32 AM


Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 PM

Posted 23 April 2014 - 07:20 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users