TechSpot

Virus removal

Solved
By bruce66
Jun 16, 2013
  1. I thionk my mum has some form of virus or malware on her laptop have tried to get rid but it keeps replicating it. The file is 3590F75ABA9E485486C100C1A9D4FF06 this on the C drive

    Any help would be much appreciated
  2. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    You've been to this forum before so you should know better...
    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. bruce66

    bruce66 Newcomer, in training Topic Starter Posts: 64

    Just to let you know that I am following your instructions from above and shall post logs when done
  4. Broni

    Broni Malware Annihilator Posts: 46,499   +252

  5. bruce66

    bruce66 Newcomer, in training Topic Starter Posts: 64

    Have attached logs below

    Attached Files:

  6. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    I suggest you pay better attention to what I post:

  7. bruce66

    bruce66 Newcomer, in training Topic Starter Posts: 64

    Could you please explain your last reply because I don't know what I did wrong?
  8. bruce66

    bruce66 Newcomer, in training Topic Starter Posts: 64

    Dds logs enclosed

    Attached Files:

  9. bruce66

    bruce66 Newcomer, in training Topic Starter Posts: 64

    Malwarebytes log below

    Attached Files:

  10. bruce66

    bruce66 Newcomer, in training Topic Starter Posts: 64

    Is that better?
  11. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    No. You're attaching logs.
    You need to copy logs content and PASTE it in your next reply.

    I'll paste MBAM log for you if you're not sure what I'm talking about.
    You do the other two logs.

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.06.17.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Jean :: SWINDLEHURST [administrator]

    17/06/2013 22:23:01
    mbam-log-2013-06-17 (22-23-01).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 420113
    Time elapsed: 18 hour(s), 23 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  12. bruce66

    bruce66 Newcomer, in training Topic Starter Posts: 64

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 05/02/2012 13:04:53
    System Uptime: 17/06/2013 21:29:28 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | K54C
    Processor: Intel(R) Celeron(R) CPU B815 @ 1.60GHz | CPU 1 | 896/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 119 GiB total, 78.756 GiB free.
    D: is FIXED (NTFS) - 154 GiB total, 153.723 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP146: 16/05/2013 21:07:43 - Windows Update
    RP147: 29/05/2013 10:42:10 - Windows Update
    RP148: 17/06/2013 16:42:46 - Windows Update
    RP149: 17/06/2013 21:04:34 - Removed AVG 2013
    RP150: 17/06/2013 21:09:17 - Removed AVG 2013
    RP151: 17/06/2013 21:15:25 - Device Driver Package Install: COMODO Network Service
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader XI (11.0.01)
    Advanced SystemCare 6
    Alcor Micro USB Card Reader
    Asmedia ASM104x USB 3.0 Host Controller Driver
    ASUS AI Recovery
    ASUS FaceLogon
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS Power4Gear Hybrid
    ASUS Splendid Video Enhancement Technology
    ASUS Virtual Camera
    ASUS WebStorage
    ASUS_Screensaver
    AsusVibe2.0
    ATK Package
    BufferChm
    Comodo Dragon
    COMODO Internet Security Premium
    CyberLink LabelPrint
    CyberLink Media Suite
    CyberLink Power2Go
    DJ_AIO_06_F2400_SW_Min
    ETDWare PS/2-X64 8.0.5.1_WHQL
    F2400
    Fast Boot
    Galapago
    Game Park Console
    GeekBuddy
    Google Earth
    Google Update Helper
    HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
    HP Update
    HPPhotoGadget
    HPSSupply
    hpWLPGInstaller
    InstantOn for NB
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    IObit Apps Toolbar v7.2
    IObit Malware Fighter
    Java 7 Update 13 (64-bit)
    KNOWHOW(TM) APP CENTRE
    Mahjong Memoirs
    Malwarebytes Anti-Malware version 1.75.0.1300
    MarketResearch
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nuance PDF Reader
    OpenOffice.org 3.4.1
    Opera 12.15
    Picasa 3
    Qualcomm Atheros WiFi Driver Installation
    Realtek High Definition Audio Driver
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Shop for HP Supplies
    Skype Click to Call
    Skype™ 6.3
    Smart Defrag 2
    Sonic Focus
    SUPERAntiSpyware
    Toolbox
    Turbo Fiesta
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 x64 Redistributables
    VoipBuster
    WebReg
    WinFlash
    Wireless Console 3
    Yahoo! Toolbar
    Yontoo 2.05
    .
    ==== Event Viewer Messages From Past Week ========
    .
    17/06/2013 21:30:32, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx CFRMD
    17/06/2013 21:11:46, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx
    17/06/2013 21:00:53, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    16/06/2013 15:58:04, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    .
    ==== End Of File ===========================
  13. bruce66

    bruce66 Newcomer, in training Topic Starter Posts: 64

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16490
    Run by Jean at 21:48:09 on 2013-06-17
    #Option Extended Search is enabled.
    #Option Whitelisting is disabled.
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2984.1429 [GMT 1:00]
    .
    AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
    SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
    C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\FBAgent.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ASUS\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Users\Jean\AppData\Roaming\Yontoo\YontooDesktop.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://uk.yahoo.com/
    uLocal Page = C:\Windows\System32\blank.htm
    uSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=DSGO&bmod=DSGO
    mStart Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
    mLocal Page = C:\Windows\SysWOW64\blank.htm
    mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
    mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
    uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll
    uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    mWinlogon: Shell = explorer.exe
    mWinlogon: Userinit = userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
    BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
    mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: ForceActiveDesktopOn = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableInstallerDetection = dword:1
    mPolicies-System: EnableLUA = dword:1
    mPolicies-System: EnableSecureUIAPaths = dword:1
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: EnableVirtualization = dword:1
    mPolicies-System: PromptOnSecureDesktop = dword:1
    mPolicies-System: ValidateAdminCodeSignatures = dword:0
    mPolicies-System: dontdisplaylastusername = dword:0
    mPolicies-System: scforceoption = dword:0
    mPolicies-System: shutdownwithoutlogon = dword:1
    mPolicies-System: undockwithoutlogon = dword:1
    mPolicies-System: FilterAdministratorToken = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    LSP: %SystemRoot%\system32\mswsock.dll
    TCP: NameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{0891618E-10D5-489F-9C0A-94E10A60D2FB} : NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{1A775E71-8C4A-462E-8DC0-68AA9D8B6BDB} : NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{1A775E71-8C4A-462E-8DC0-68AA9D8B6BDB} : DHCPNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{1A775E71-8C4A-462E-8DC0-68AA9D8B6BDB}\05C65737E6564775962756C6563737349364643473 : DHCPNameServer = 192.168.1.254
    Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
    Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
    Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
    Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
    Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
    Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
    Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
    Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
    Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
    Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
    Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
    SSODL: WebCheck - <orphaned>
    SecurityProviders: SecurityProviders = credssp.dll
    LSA: Authentication Packages = msv1_0
    LSA: Notification Packages = scecli
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
    mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
    mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
    mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /I:/UserInstall C:\Windows\System32\themeui.dll
    mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
    mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
    mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
    x64-mStart Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
    x64-mLocal Page = C:\Windows\System32\blank.htm
    x64-mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    x64-mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
    x64-mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    x64-mWinlogon: Shell = explorer.exe
    x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
    x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll
    x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll
    x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
    x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
    x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
    x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
    x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
    x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
    x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll
    x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
    x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
    x64-mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    x64-mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /I:/UserInstall C:\Windows\System32\themeui.dll
    x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
    x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
    x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
    .
  14. bruce66

    bruce66 Newcomer, in training Topic Starter Posts: 64

    ============= SERVICES / DRIVERS ===============
    .

    R0 ACPI;Microsoft ACPI Driver;C:\Windows\System32\drivers\acpi.sys [2011-2-18 334208]
    R0 amdxata;amdxata;C:\Windows\System32\drivers\amdxata.sys [2011-11-1 27008]
    R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-4 65408]
    R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-4 177672]
    R0 atapi;IDE Channel;C:\Windows\System32\drivers\atapi.sys [2009-7-14 24128]
    R0 CLFS;Common Log (CLFS);C:\Windows\System32\clfs.sys [2009-7-14 367696]
    R0 CNG;CNG;C:\Windows\System32\drivers\cng.sys [2013-2-18 458712]
    R0 Compbatt;Microsoft Composite Battery Driver;C:\Windows\System32\drivers\compbatt.sys [2009-7-14 21584]
    R0 Disk;Disk Driver;C:\Windows\System32\drivers\disk.sys [2009-7-14 73280]
    R0 FileInfo;File Information FS MiniFilter;C:\Windows\System32\drivers\fileinfo.sys [2009-7-14 70224]
    R0 FltMgr;FltMgr;C:\Windows\System32\drivers\fltMgr.sys [2011-2-18 289664]
    R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\Windows\System32\drivers\fvevol.sys [2013-4-11 223752]
    R0 hwpolicy;Hardware Policy Driver;C:\Windows\System32\drivers\hwpolicy.sys [2011-2-18 14720]
    R0 iaStor;Intel AHCI Controller;C:\Windows\System32\drivers\iaStor.sys [2011-10-18 557848]
    R0 KSecDD;KSecDD;C:\Windows\System32\drivers\ksecdd.sys [2012-7-11 95600]
    R0 KSecPkg;KSecPkg;C:\Windows\System32\drivers\ksecpkg.sys [2013-2-18 154480]
    R0 mountmgr;Mount Point Manager;C:\Windows\System32\drivers\mountmgr.sys [2011-2-18 94592]
    R0 msahci;msahci;C:\Windows\System32\drivers\msahci.sys [2011-2-18 31104]
    R0 msisadrv;msisadrv;C:\Windows\System32\drivers\msisadrv.sys [2009-7-14 15424]
    R0 Mup;Mup;C:\Windows\System32\drivers\mup.sys [2009-7-14 60496]
    R0 NDIS;NDIS System Driver;C:\Windows\System32\drivers\ndis.sys [2012-9-13 950128]
    R0 partmgr;Partition Manager;C:\Windows\System32\drivers\partmgr.sys [2012-5-11 75120]
    R0 pci;PCI Bus Driver;C:\Windows\System32\drivers\pci.sys [2011-2-18 184704]
    R0 pciide;pciide;C:\Windows\System32\drivers\pciide.sys [2009-7-14 12352]
    R0 pcw;Performance Counters for Windows Driver;C:\Windows\System32\drivers\pcw.sys [2009-7-14 50768]
    R0 rdyboost;ReadyBoost;C:\Windows\System32\drivers\rdyboost.sys [2011-2-18 213888]
    R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-6-16 17720]
    R0 spldr;Security Processor Loader Driver;C:\Windows\System32\drivers\spldr.sys [2009-7-13 19008]
    R0 Tcpip;TCP/IP Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-6-16 1910632]
    R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\Windows\System32\drivers\vdrvroot.sys [2009-7-14 36432]
    R0 volmgr;Volume Manager Driver;C:\Windows\System32\drivers\volmgr.sys [2011-2-18 71552]
    R0 volmgrx;Dynamic Volume Manager;C:\Windows\System32\drivers\volmgrx.sys [2011-2-18 363392]
    R0 volsnap;Storage volumes;C:\Windows\System32\drivers\volsnap.sys [2011-11-1 296320]
    R0 Wdf01000;Kernel Mode Driver Frameworks service;C:\Windows\System32\drivers\Wdf01000.sys [2012-11-18 785512]
    R1 AFD;Ancillary Function Driver for Winsock;C:\Windows\System32\drivers\afd.sys [2012-3-5 498688]
    R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
    R1 Beep;Beep;C:\Windows\System32\drivers\beep.sys [2009-7-14 6656]
    R1 blbdrive;blbdrive;C:\Windows\System32\drivers\blbdrive.sys [2009-7-14 45056]
    R1 cdrom;CD-ROM Driver;C:\Windows\System32\drivers\cdrom.sys [2011-2-18 147456]
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-4-15 23168]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-4-15 706560]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-4-15 48360]
    R1 DfsC;DFS Namespace Client Driver;C:\Windows\System32\drivers\dfsc.sys [2011-2-18 102400]
    R1 discache;System Attribute Cache;C:\Windows\System32\drivers\discache.sys [2009-7-14 40448]
    R1 inspect;COMODO Internet Security Firewall Driver;C:\Windows\System32\drivers\inspect.sys [2013-4-25 96800]
    R1 Msfs;Msfs;C:\Windows\System32\drivers\msfs.sys [2009-7-14 26112]
    R1 mssmbios;Microsoft System Management BIOS Driver;C:\Windows\System32\drivers\mssmbios.sys [2009-7-14 32320]
    R1 NetBIOS;NetBIOS Interface;C:\Windows\System32\drivers\netbios.sys [2009-7-14 44544]
    R1 NetBT;NetBT;C:\Windows\System32\drivers\netbt.sys [2011-2-18 261632]
    R1 Npfs;Npfs;C:\Windows\System32\drivers\npfs.sys [2009-7-14 44032]
    R1 nsiproxy;NSI proxy service driver.;C:\Windows\System32\drivers\nsiproxy.sys [2009-7-14 24576]
    R1 Null;Null;C:\Windows\System32\drivers\null.sys [2009-7-14 6144]
    R1 Psched;QoS Packet Scheduler;C:\Windows\System32\drivers\pacer.sys [2011-2-18 131584]
    R1 rdbss;Redirected Buffering Sub Sysytem;C:\Windows\System32\drivers\rdbss.sys [2011-2-18 309248]
    R1 RDPCDD;RDPCDD;C:\Windows\System32\drivers\RDPCDD.sys [2009-7-14 7680]
    R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\System32\drivers\RDPENCDD.sys [2009-7-14 7680]
    R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\Windows\System32\drivers\RDPREFMP.sys [2009-7-14 8192]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\System32\drivers\tdx.sys [2011-2-18 119296]
    R1 TermDD;Terminal Device Driver;C:\Windows\System32\drivers\termdd.sys [2011-2-18 63360]
    R1 VgaSave;VgaSave;C:\Windows\System32\drivers\vga.sys [2009-7-14 29184]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
    R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2011-2-18 88576]
    R1 WfpLwf;WFP Lightweight Filter;C:\Windows\System32\drivers\wfplwf.sys [2009-7-14 12800]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
    R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-5-17 574272]
    R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-12-12 379520]
    R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-6-7 806776]
    R2 ASLDRService;ASLDR Service;C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [2009-6-16 84536]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
    R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2011-11-30 92800]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-2-2 33472]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-2 80888]
    R2 ATKGFNEXSrv;ATKGFNEX Service;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
    R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    R2 AudioSrv;Windows Audio;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
    R2 BFE;Base Filtering Engine;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
    R2 BITS;Background Intelligent Transfer Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2013-4-17 70344]
    R2 cmdAgent;COMODO Internet Security Helper Service;C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2013-4-25 5784472]
    R2 CryptSvc;Cryptographic Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DcomLaunch;DCOM Server Process Launcher;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-14 27136]
    R2 Dhcp;DHCP Client;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
    R2 Dnscache;DNS Client;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
    R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
    R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-6-4 2095752]
    R2 eventlog;Windows Event Log;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
    R2 EventSystem;COM+ Event System;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
    R2 GeekBuddyRSP;GeekBuddyRSP Service;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-4-17 1851088]
    R2 gpsvc;Group Policy Client;C:\Windows\System32\svchost.exe -k GPSvcGroup [2009-7-14 27136]
    R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-6-16 335168]
    R2 LanmanServer;Server;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 LanmanWorkstation;Workstation;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
    R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\System32\drivers\lltdio.sys [2009-7-14 60928]
    R2 lmhosts;TCP/IP NetBIOS Helper;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
    R2 LMS;Intel(R) Management and Security Application Local Management Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-12-12 325656]
    R2 luafv;UAC File Virtualization;C:\Windows\System32\drivers\luafv.sys [2009-7-14 113152]
    R2 MMCSS;Multimedia Class Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 MpsSvc;Windows Firewall;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
    R2 Net Driver HPZ12;Net Driver HPZ12;C:\Windows\System32\svchost.exe -k HPZ12 [2009-7-14 27136]
    R2 PEAUTH;PEAUTH;C:\Windows\System32\drivers\PEAuth.sys [2009-7-14 651264]
    R2 rspndr;Link-Layer Topology Discovery Responder;C:\Windows\System32\drivers\rspndr.sys [2009-7-14 76800]
    R2 secdrv;Security Driver;C:\Windows\System32\drivers\secdrv.sys [2009-7-14 23040]
    R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\System32\drivers\tcpipreg.sys [2012-11-17 45568]
    R3 AeLookupSvc;Application Experience;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R3 Appinfo;Application Information;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-10-3 129512]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-10-3 394728]
    R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\System32\drivers\athrx.sys [2011-12-12 2769920]
    R3 bowser;Browser Support Driver;C:\Windows\System32\drivers\bowser.sys [2011-11-1 90624]
    R3 Browser;Computer Browser;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R3 CmBatt;Microsoft ACPI Control Method Battery Driver;C:\Windows\System32\drivers\CmBatt.sys [2009-7-14 17664]
    R3 CompositeBus;Composite Bus Enumerator Driver;C:\Windows\System32\drivers\CompositeBus.sys [2011-2-18 38912]
    R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\System32\drivers\dxgkrnl.sys [2013-5-16 983400]
    R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-10-18 138024]
    R3 fastfat;FAT12/16/32 File System Driver;C:\Windows\System32\drivers\fastfat.sys [2009-7-14 204800]
    R3 fdPHost;Function Discovery Provider Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
    R3 FDResPub;Function Discovery Resource Publication;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
    R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-6-16 23048]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\Windows\System32\drivers\hdaudbus.sys [2011-2-18 122368]
    R3 hidserv;Human Interface Device Access;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    R3 HidUsb;Microsoft HID Class Driver;C:\Windows\System32\drivers\hidusb.sys [2011-2-18 30208]
    R3 HomeGroupListener;HomeGroup Listener;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    R3 HomeGroupProvider;HomeGroup Provider;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
    R3 HTTP;HTTP;C:\Windows\System32\drivers\http.sys [2011-2-18 753664]
    R3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\Windows\System32\drivers\i8042prt.sys [2009-7-14 105472]
    R3 igfx;igfx;C:\Windows\System32\drivers\igdkmd64.sys [2011-11-3 12310112]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM);C:\Windows\System32\drivers\RTKVHD64.sys [2011-12-12 3074536]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-11-3 317440]
    R3 intelppm;Intel Processor Driver;C:\Windows\System32\drivers\intelppm.sys [2009-7-14 62464]
    R3 kbdclass;Keyboard Class Driver;C:\Windows\System32\drivers\kbdclass.sys [2009-7-14 50768]
    R3 kbdhid;Keyboard HID Driver;C:\Windows\System32\drivers\kbdhid.sys [2011-2-18 33280]
    R3 kbfiltr;Keyboard Filter;C:\Windows\System32\drivers\kbfiltr.sys [2011-10-18 15416]
    R3 KeyIso;CNG Key Isolation;C:\Windows\System32\lsass.exe [2012-3-5 31232]
    R3 ksthunk;Kernel Streaming Thunks;C:\Windows\System32\drivers\ksthunk.sys [2009-7-14 20992]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-10-18 76912]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-17 25928]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-12-12 56344]
    R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\System32\drivers\monitor.sys [2009-7-14 30208]
    R3 mouclass;Mouse Class Driver;C:\Windows\System32\drivers\mouclass.sys [2009-7-14 49216]
    R3 mouhid;Mouse HID Driver;C:\Windows\System32\drivers\mouhid.sys [2009-7-14 31232]
    R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\System32\drivers\mpsdrv.sys [2009-7-14 77312]
    R3 mrxsmb;SMB MiniRedirector Wrapper and Engine;C:\Windows\System32\drivers\mrxsmb.sys [2011-11-1 158208]
    R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\System32\drivers\mrxsmb10.sys [2011-11-1 288768]
    R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\System32\drivers\mrxsmb20.sys [2011-11-1 128000]
    R3 NativeWifiP;NativeWiFi Filter;C:\Windows\System32\drivers\nwifi.sys [2009-7-14 318976]
    R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\Windows\System32\drivers\ndistapi.sys [2009-7-14 24064]
    R3 Ndisuio;NDIS Usermode I/O Protocol;C:\Windows\System32\drivers\ndisuio.sys [2011-2-18 56832]
    R3 NdisWan;Remote Access NDIS WAN Driver;C:\Windows\System32\drivers\ndiswan.sys [2011-2-18 164352]
    R3 NDProxy;NDIS Proxy;C:\Windows\System32\drivers\ndproxy.sys [2011-2-18 57856]
    R3 Netman;Network Connections;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    R3 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
    R3 Ntfs;Ntfs;C:\Windows\System32\drivers\ntfs.sys [2013-4-24 1656680]
    R3 PptpMiniport;WAN Miniport (PPTP);C:\Windows\System32\drivers\raspptp.sys [2011-2-18 111104]
    R3 RasAgileVpn;WAN Miniport (IKEv2);C:\Windows\System32\drivers\agilevpn.sys [2009-7-14 60416]
    R3 Rasl2tp;WAN Miniport (L2TP);C:\Windows\System32\drivers\rasl2tp.sys [2011-2-18 129536]
    R3 RasPppoe;Remote Access PPPOE Driver;C:\Windows\System32\drivers\raspppoe.sys [2009-7-14 92672]
    R3 RasSstp;WAN Miniport (SSTP);C:\Windows\System32\drivers\rassstp.sys [2009-7-14 83968]
    R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-6-16 34336]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 srv;Server SMB 1.xxx Driver;C:\Windows\System32\drivers\srv.sys [2011-11-1 467456]
    R3 srv2;Server SMB 2.xxx Driver;C:\Windows\System32\drivers\srv2.sys [2011-11-1 410112]
    R3 srvnet;srvnet;C:\Windows\System32\drivers\srvnet.sys [2011-11-1 168448]
    R3 swenum;Software Bus Driver;C:\Windows\System32\drivers\swenum.sys [2009-7-14 12496]
    R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\Windows\System32\drivers\tunnel.sys [2011-2-18 125440]
    R3 umbus;UMBus Enumerator Driver;C:\Windows\System32\drivers\umbus.sys [2011-2-18 48640]
    R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-6-16 23016]
    R3 usbccgp;Microsoft USB Generic Parent Driver;C:\Windows\System32\drivers\usbccgp.sys [2011-11-1 98816]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\Windows\System32\drivers\usbehci.sys [2011-11-1 52736]
    R3 usbhub;Microsoft USB Standard Hub Driver;C:\Windows\System32\drivers\usbhub.sys [2011-11-1 343040]
    R3 usbvideo;USB Video Device (WDM);C:\Windows\System32\drivers\usbvideo.sys [2011-2-18 184960]
    R3 vwifibus;Virtual WiFi Bus Driver;C:\Windows\System32\drivers\vwifibus.sys [2009-7-14 24576]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
    R3 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\Windows\System32\drivers\wmiacpi.sys [2009-7-14 14336]
    S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-2-2 1025880]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-20 116648]
    S3 1394ohci;1394 OHCI Compliant Host Controller;C:\Windows\System32\drivers\1394ohci.sys [2011-2-18 229888]
    S3 AcpiPmi;ACPI Power Meter Driver;C:\Windows\System32\drivers\acpipmi.sys [2011-2-18 12800]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-28 256904]
    S3 adp94xx;adp94xx;C:\Windows\System32\drivers\adp94xx.sys [2009-6-10 491088]
    S3 adpahci;adpahci;C:\Windows\System32\drivers\adpahci.sys [2009-7-13 339536]
    S3 adpu320;adpu320;C:\Windows\System32\drivers\adpu320.sys [2009-7-13 182864]
    S3 agp440;Intel AGP Bus Filter;C:\Windows\System32\drivers\AGP440.sys [2009-7-14 61008]
    S3 ALG;Application Layer Gateway Service;C:\Windows\System32\alg.exe [2009-7-14 79360]
    S3 aliide;aliide;C:\Windows\System32\drivers\aliide.sys [2009-7-14 15440]
    S3 amdide;amdide;C:\Windows\System32\drivers\amdide.sys [2009-7-14 15440]
    S3 AmdK8;AMD K8 Processor Driver;C:\Windows\System32\drivers\amdk8.sys [2009-7-14 64512]
    S3 AmdPPM;AMD Processor Driver;C:\Windows\System32\drivers\amdppm.sys [2009-7-14 60928]
    S3 amdsata;amdsata;C:\Windows\System32\drivers\amdsata.sys [2011-11-1 107904]
    S3 amdsbs;amdsbs;C:\Windows\System32\drivers\amdsbs.sys [2009-6-10 194128]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-3-18 74840]
    S3 AppID;AppID Driver;C:\Windows\System32\drivers\appid.sys [2011-2-18 61440]
    S3 AppIDSvc;Application Identity;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
    S3 arc;arc;C:\Windows\System32\drivers\arc.sys [2009-7-13 87632]
    S3 arcsas;arcsas;C:\Windows\System32\drivers\arcsas.sys [2009-7-13 97856]
    S3 aspnet_state;ASP.NET State Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-3-19 44376]
    S3 AsyncMac;RAS Asynchronous Media Driver;C:\Windows\System32\drivers\asyncmac.sys [2009-7-14 23040]
    S3 AxInstSV;ActiveX Installer (AxInstSV);C:\Windows\System32\svchost.exe -k AxInstSVGroup [2009-7-14 27136]
    S3 b06bdrv;Broadcom NetXtreme II VBD;C:\Windows\System32\drivers\bxvbda.sys [2009-6-10 468480]
    S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2009-6-10 270848]
    S3 BDESVC;BitLocker Drive Encryption Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\System32\drivers\BrFiltLo.sys [2009-7-14 18432]
    S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\System32\drivers\BrFiltUp.sys [2009-7-14 8704]
    S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\System32\drivers\BrSerId.sys [2009-7-14 286720]
    S3 BrSerWdm;Brother WDM Serial driver;C:\Windows\System32\drivers\BrSerWdm.sys [2009-7-14 47104]
    S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\System32\drivers\BrUsbMdm.sys [2009-7-14 14976]
    S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\System32\drivers\BrUsbSer.sys [2009-7-14 14720]
    S3 BthEnum;Bluetooth Request Block Driver;C:\Windows\System32\drivers\bthenum.sys [2009-7-14 41984]
    S3 BTHMODEM;Bluetooth Serial Communications Driver;C:\Windows\System32\drivers\bthmodem.sys [2009-7-14 72192]
    S3 BthPan;Bluetooth Device (Personal Area Network);C:\Windows\System32\drivers\bthpan.sys [2009-7-14 118784]
    S3 BTHPORT;Bluetooth Port Driver;C:\Windows\System32\drivers\bthport.sys [2012-8-20 552960]
    S3 bthserv;Bluetooth Support Service;C:\Windows\System32\svchost.exe -k bthsvcs [2009-7-14 27136]
    S3 BTHUSB;Bluetooth Radio USB Driver;C:\Windows\System32\drivers\BTHUSB.SYS [2011-11-1 80384]
    S3 circlass;Consumer IR Devices;C:\Windows\System32\drivers\circlass.sys [2009-7-14 45568]
    S3 cmdide;cmdide;C:\Windows\System32\drivers\cmdide.sys [2009-7-14 17488]
    S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-4-15 158928]
    S3 COMSysApp;COM+ System Application;C:\Windows\System32\dllhost.exe [2009-7-14 9728]
    S3 defragsvc;Disk Defragmenter;C:\Windows\System32\svchost.exe -k defragsvc [2009-7-14 27136]
    S3 dot3svc;Wired AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 Dot4;MS IEEE-1284.4 Driver;C:\Windows\System32\drivers\Dot4.sys [2009-7-14 145920]
    S3 Dot4Print;Print Class Driver for IEEE-1284.4;C:\Windows\System32\drivers\Dot4Prt.sys [2011-2-18 19968]
    S3 dot4usb;MS Dot4USB Filter Dot4USB Filter;C:\Windows\System32\drivers\Dot4usb.sys [2009-7-14 43008]
    S3 drmkaud;Microsoft Trusted Audio Drivers;C:\Windows\System32\drivers\drmkaud.sys [2009-7-14 5632]
    S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\Windows\System32\drivers\evbda.sys [2009-6-10 3286016]
    S3 EFS;Encrypting File System (EFS);C:\Windows\System32\lsass.exe [2012-3-5 31232]
    S3 ehRecvr;Windows Media Center Receiver Service;C:\Windows\ehome\ehrecvr.exe [2011-2-18 696832]
    S3 ehSched;Windows Media Center Scheduler Service;C:\Windows\ehome\ehsched.exe [2009-7-14 127488]
    S3 elxstor;elxstor;C:\Windows\System32\drivers\elxstor.sys [2009-6-10 530496]
    S3 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\System32\drivers\errdev.sys [2009-7-14 9728]
    S3 exfat;exFAT File System Driver;C:\Windows\System32\drivers\exfat.sys [2009-7-14 195072]
    S3 Fax;Fax;C:\Windows\System32\FXSSVC.exe [2011-2-18 689152]
    S3 fdc;Floppy Disk Controller Driver;C:\Windows\System32\drivers\fdc.sys [2009-7-14 29696]
    S3 Filetrace;Filetrace;C:\Windows\System32\drivers\filetrace.sys [2009-7-14 34304]
    S3 flpydisk;Floppy Disk Driver;C:\Windows\System32\drivers\flpydisk.sys [2009-7-14 24576]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2011-2-18 42856]
    S3 FsDepends;File System Dependency Minifilter;C:\Windows\System32\drivers\fsdepends.sys [2009-7-14 55376]
    S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\Windows\System32\drivers\GAGP30KX.SYS [2009-7-14 65088]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-20 116648]
    S3 gusvc;Google Software Updater;C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-11-1 182768]
    S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\System32\drivers\hcw85cir.sys [2009-7-13 31232]
    S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\HdAudio.sys [2011-2-18 350208]
    S3 HidBatt;HID UPS Battery Driver;C:\Windows\System32\drivers\hidbatt.sys [2009-7-14 26624]
    S3 HidBth;Microsoft Bluetooth HID Miniport;C:\Windows\System32\drivers\hidbth.sys [2009-7-14 100864]
    S3 HidIr;Microsoft Infrared HID Driver;C:\Windows\System32\drivers\hidir.sys [2009-7-14 46592]
    S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    S3 HpSAMD;HpSAMD;C:\Windows\System32\drivers\HpSAMD.sys [2011-2-18 78720]
    S3 iaStorV;iaStorV;C:\Windows\System32\drivers\iaStorV.sys [2011-11-1 410496]
    S3 idsvc;Windows CardSpace;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2011-2-18 856400]
    S3 iirsp;iirsp;C:\Windows\System32\drivers\iirsp.sys [2009-7-13 44112]
    S3 intelide;intelide;C:\Windows\System32\drivers\intelide.sys [2009-7-14 16960]
    S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 IpFilterDriver;IP Traffic Filter Driver;C:\Windows\System32\drivers\ipfltdrv.sys [2011-2-18 82944]
    S3 IPMIDRV;IPMIDRV;C:\Windows\System32\drivers\IPMIDrv.sys [2011-2-18 78848]
    S3 IPNAT;IP Network Address Translator;C:\Windows\System32\drivers\ipnat.sys [2009-7-14 116224]
    S3 IRENUM;IR Bus Enumerator;C:\Windows\System32\drivers\irenum.sys [2009-7-14 17920]
    S3 isapnp;isapnp;C:\Windows\System32\drivers\isapnp.sys [2009-7-14 20544]
    S3 iScsiPrt;iScsiPort Driver;C:\Windows\System32\drivers\msiscsi.sys [2011-2-18 273792]
    S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-14 27136]
    S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
    S3 LSI_FC;LSI_FC;C:\Windows\System32\drivers\lsi_fc.sys [2009-7-13 114752]
    S3 LSI_SAS;LSI_SAS;C:\Windows\System32\drivers\lsi_sas.sys [2009-7-13 106560]
    S3 LSI_SAS2;LSI_SAS2;C:\Windows\System32\drivers\lsi_sas2.sys [2009-7-13 65600]
    S3 LSI_SCSI;LSI_SCSI;C:\Windows\System32\drivers\lsi_scsi.sys [2009-7-13 115776]
    S3 megasas;megasas;C:\Windows\System32\drivers\megasas.sys [2009-6-10 35392]
    S3 MegaSR;MegaSR;C:\Windows\System32\drivers\MegaSR.sys [2009-7-13 284736]
    S3 Modem;Modem;C:\Windows\System32\drivers\modem.sys [2009-7-14 40448]
    S3 mpio;mpio;C:\Windows\System32\drivers\mpio.sys [2011-2-18 155008]
    S3 MRxDAV;WebDav Client Redirector Driver;C:\Windows\System32\drivers\mrxdav.sys [2011-2-18 140800]
    S3 msdsm;msdsm;C:\Windows\System32\drivers\msdsm.sys [2011-2-18 140672]
    S3 MSDTC;Distributed Transaction Coordinator;C:\Windows\System32\msdtc.exe [2009-7-14 141824]
    S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\Windows\System32\drivers\mshidkmdf.sys [2009-7-14 8192]
    S3 msiserver;Windows Installer;C:\Windows\System32\msiexec.exe [2011-2-18 128000]
    S3 MSKSSRV;Microsoft Streaming Service Proxy;C:\Windows\System32\drivers\mskssrv.sys [2009-7-14 11136]
    S3 MSPCLOCK;Microsoft Streaming Clock Proxy;C:\Windows\System32\drivers\mspclock.sys [2009-7-14 7168]
    S3 MSPQM;Microsoft Streaming Quality Manager Proxy;C:\Windows\System32\drivers\mspqm.sys [2009-7-14 6784]
    S3 MsRPC;MsRPC;C:\Windows\System32\drivers\msrpc.sys [2011-2-18 366976]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;C:\Windows\System32\drivers\mstee.sys [2009-7-14 8064]
    S3 MTConfig;Microsoft Input Configuration Driver;C:\Windows\System32\drivers\MTConfig.sys [2009-7-14 15360]
    S3 NdisCap;NDIS Capture LightWeight Filter;C:\Windows\System32\drivers\ndiscap.sys [2009-7-14 35328]
    S3 nfrd960;nfrd960;C:\Windows\System32\drivers\nfrd960.sys [2009-7-13 51264]
    S3 nv_agp;NVIDIA nForce AGP Bus Filter;C:\Windows\System32\drivers\NV_AGP.SYS [2009-7-14 122960]
    S3 nvraid;nvraid;C:\Windows\System32\drivers\nvraid.sys [2011-11-1 148352]
    S3 nvstor;nvstor;C:\Windows\System32\drivers\nvstor.sys [2011-11-1 166272]
    S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy);C:\Windows\System32\drivers\ohci1394.sys [2009-7-14 72832]
    S3 Parport;Parallel port driver;C:\Windows\System32\drivers\parport.sys [2009-7-14 97280]
    S3 pcmcia;pcmcia;C:\Windows\System32\drivers\pcmcia.sys [2009-7-14 220752]
    S3 Processor;Processor Driver;C:\Windows\System32\drivers\processr.sys [2009-7-14 60416]
    S3 ql2300;ql2300;C:\Windows\System32\drivers\ql2300.sys [2009-6-10 1524816]
    S3 ql40xx;ql40xx;C:\Windows\System32\drivers\ql40xx.sys [2009-7-13 128592]
    S3 QWAVEdrv;QWAVE driver;C:\Windows\System32\drivers\qwavedrv.sys [2009-7-14 46592]
    S3 RasAcd;Remote Access Auto Connection Driver;C:\Windows\System32\drivers\rasacd.sys [2009-7-14 14848]
    S3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\Windows\System32\drivers\rdpbus.sys [2009-7-14 24064]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-18 19456]
    S3 RDPWD;RDP Winstation Driver;C:\Windows\System32\drivers\rdpwd.sys [2012-6-24 210944]
    S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\Windows\System32\drivers\rfcomm.sys [2009-7-14 158720]
    S3 sbp2port;sbp2port;C:\Windows\System32\drivers\sbp2port.sys [2011-2-18 103808]
    S3 scfilter;Smart card PnP Class Filter Driver;C:\Windows\System32\drivers\scfilter.sys [2011-2-18 29696]
    S3 Serenum;Serenum Filter Driver;C:\Windows\System32\drivers\serenum.sys [2009-7-14 23552]
    S3 Serial;Serial;C:\Windows\System32\drivers\serial.sys [2009-7-14 94208]
    S3 sermouse;Serial Mouse Driver;C:\Windows\System32\drivers\sermouse.sys [2009-7-14 26624]
    S3 sffdisk;SFF Storage Class Driver;C:\Windows\System32\drivers\sffdisk.sys [2009-7-14 14336]
    S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\System32\drivers\sffp_mmc.sys [2009-7-14 13824]
    S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\Windows\System32\drivers\sffp_sd.sys [2011-2-18 14336]
    S3 sfloppy;High-Capacity Floppy Disk Drive;C:\Windows\System32\drivers\sfloppy.sys [2009-7-14 16896]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 SiSRaid2;SiSRaid2;C:\Windows\System32\drivers\sisraid2.sys [2009-6-10 43584]
    S3 SiSRaid4;SiSRaid4;C:\Windows\System32\drivers\sisraid4.sys [2009-7-13 80464]
    S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\System32\drivers\smb.sys [2009-7-14 93184]
    S3 stexstor;stexstor;C:\Windows\System32\drivers\stexstor.sys [2009-7-13 24656]
    S3 TCPIP6;Microsoft IPv6 Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-6-16 1910632]
    S3 TDPIPE;TDPIPE;C:\Windows\System32\drivers\tdpipe.sys [2009-7-14 15872]
    S3 TDTCP;TDTCP;C:\Windows\System32\drivers\tdtcp.sys [2012-3-14 23552]
    S3 TPM;TPM;C:\Windows\System32\drivers\tpm.sys [2009-7-14 38400]
    S3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\Windows\System32\drivers\tssecsrv.sys [2011-2-18 39424]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-18 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-18 30208]
    S3 uagp35;Microsoft AGPv3.5 Filter;C:\Windows\System32\drivers\UAGP35.SYS [2009-7-14 64080]
    S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\System32\drivers\ULIAGPKX.SYS [2009-7-14 64592]
    S3 UmPass;Microsoft UMPass Driver;C:\Windows\System32\drivers\umpass.sys [2009-7-14 9728]
    S3 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\System32\drivers\usbcir.sys [2009-7-14 100352]
    S3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\Windows\System32\drivers\usbohci.sys [2011-11-1 25600]
    S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\System32\drivers\usbprint.sys [2009-7-14 25088]
    S3 usbscan;USB Scanner Driver;C:\Windows\System32\drivers\usbscan.sys [2009-7-14 41984]
    S3 USBSTOR;USB Mass Storage Driver;C:\Windows\System32\drivers\USBSTOR.SYS [2011-11-1 91648]
    S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\Windows\System32\drivers\usbuhci.sys [2011-11-1 30720]
    S3 vga;vga;C:\Windows\System32\drivers\vgapnp.sys [2009-7-14 29184]
    S3 vhdmp;vhdmp;C:\Windows\System32\drivers\vhdmp.sys [2011-2-18 215936]
    S3 viaide;viaide;C:\Windows\System32\drivers\viaide.sys [2009-7-14 17488]
    S3 vsmraid;vsmraid;C:\Windows\System32\drivers\vsmraid.sys [2009-6-10 161872]
    S3 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\System32\drivers\wacompen.sys [2009-7-14 27776]
    S3 WANARP;Remote Access IP ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2011-2-18 88576]
    S3 Wd;Wd;C:\Windows\System32\drivers\wd.sys [2009-7-14 21056]
    S3 WimFltr;WimFltr;C:\Windows\System32\drivers\WimFltr.sys [2008-5-23 154168]
    S3 WIMMount;WIMMount;C:\Windows\System32\drivers\wimmount.sys [2009-7-14 22096]
    S3 WinUsb;WinUsb;C:\Windows\System32\drivers\winusb.sys [2011-2-18 41984]
    S3 WudfPf;User Mode Driver Frameworks Platform Driver;C:\Windows\System32\drivers\WUDFPf.sys [2012-11-18 87040]
    S3 WUDFRd;WUDFRd;C:\Windows\System32\drivers\WUDFRd.sys [2012-11-18 198656]
    S4 cdfs;CD/DVD File System Reader;C:\Windows\System32\drivers\cdfs.sys [2009-7-14 92160]
    S4 CertPropSvc;Certificate Propagation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86;C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-7-13 66384]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-13 89920]
    S4 crcdisk;Crcdisk Filter Driver;C:\Windows\System32\drivers\crcdisk.sys [2009-7-14 24144]
    S4 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs [2009-7-14 27136]
    S4 Mcx2Svc;Media Center Extender Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
    S4 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    S4 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
    S4 Netlogon;Netlogon;C:\Windows\System32\lsass.exe [2012-3-5 31232]
    S4 NetMsmqActivator;Net.Msmq Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
    S4 NetPipeActivator;Net.Pipe Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
    S4 udfs;udfs;C:\Windows\System32\drivers\udfs.sys [2011-2-18 328192]
    S4 ws2ifsl;Winsock IFS Driver;C:\Windows\System32\drivers\ws2ifsl.sys [2009-7-14 21504]
    .
  15. bruce66

    bruce66 Newcomer, in training Topic Starter Posts: 64

    =============== File Associations ===============
    .
    FileExt: .bat: batfile="%1" %*
    FileExt: .cmd: cmdfile="%1" %*
    FileExt: .com: comfile="%1" %*
    FileExt: .exe: exefile="%1" %*
    FileExt: .pif: piffile="%1" %*
    FileExt: .scr: scrfile="%1" /S
    FileExt: .reg: regfile=regedit.exe "%1"
    FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1
    FileExt: .chm: chm.file="C:\Windows\hh.exe" %1
    FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1
    FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1
    ShellExec: AcroRD32.exe: Read="C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" "%1"
    ShellExec: ehshell.exe: open="C:\Windows\eHome\ehshell.exe" "%1"
    ShellExec: iexplore.exe: open="C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
    ShellExec: mspaint.exe: edit="C:\Windows\System32\mspaint.exe" "%1"
    ShellExec: notepad.exe: edit=C:\Windows\System32\NOTEPAD.EXE %1
    ShellExec: notepad.exe: open=C:\Windows\System32\NOTEPAD.EXE %1
    ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Opera.exe" "%1"
    ShellExec: photoviewer.dll: open=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
    ShellExec: photoviewer.dll: print=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
    ShellExec: PicasaPhotoViewer.exe: Open="C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe" "%1"
    ShellExec: PicasaPhotoViewer.exe: Preview="C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe" "%1"
    ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"
    ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"
    ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"
    .
    =============== Created Last 60 ================
    .
    2013-06-17 20:21:59 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-06-17 20:21:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-06-17 20:15:08 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2013-06-17 20:15:08 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
    2013-06-17 20:14:50 -------- d-s---w- C:\ProgramData\Shared Space
    2013-06-17 20:14:31 -------- d-----w- C:\Program Files\COMODO
    2013-06-17 20:14:22 -------- d-----w- C:\ProgramData\COMODO
    2013-06-17 20:14:04 -------- d-----w- C:\Program Files (x86)\Common Files\COMODO
    2013-06-17 20:13:47 -------- d-----w- C:\Users\Jean\AppData\Local\Comodo
    2013-06-17 20:13:39 56072 ----a-w- C:\Windows\System32\certsentry.dll
    2013-06-17 20:13:39 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll
    2013-06-17 20:13:25 -------- d-----w- C:\Program Files (x86)\Comodo
    2013-06-17 15:51:21 96768 ----a-w- C:\Windows\System32\mshtmled.dll
    2013-06-17 15:51:21 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-06-17 15:51:21 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-06-17 15:51:20 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2013-06-17 15:51:19 768512 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-06-17 15:51:19 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-06-17 15:51:19 182936 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
    2013-06-17 15:51:19 149656 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
    2013-06-17 15:51:18 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-06-17 15:51:18 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
    2013-06-17 15:51:18 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
    2013-06-17 15:51:17 248320 ----a-w- C:\Windows\System32\ieui.dll
    2013-06-17 15:51:17 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
    2013-06-17 15:51:17 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-06-17 15:51:16 763544 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
    2013-06-17 15:51:16 757400 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    2013-06-17 15:51:16 237056 ----a-w- C:\Windows\System32\url.dll
    2013-06-17 15:51:16 231936 ----a-w- C:\Windows\SysWow64\url.dll
    2013-06-17 15:51:16 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-06-17 15:51:16 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-06-17 15:51:15 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-06-17 15:51:14 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-06-17 15:51:14 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-06-17 15:51:14 1346560 ----a-w- C:\Windows\System32\urlmon.dll
    2013-06-17 15:51:14 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2013-06-17 15:51:13 729088 ----a-w- C:\Windows\System32\msfeeds.dll
    2013-06-17 15:51:13 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-06-17 15:51:12 85504 ----a-w- C:\Windows\System32\jsproxy.dll
    2013-06-17 15:51:12 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2013-06-17 15:51:12 548864 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
    2013-06-17 15:51:12 194560 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
    2013-06-17 15:51:11 141312 ----a-w- C:\Program Files\Internet Explorer\jsdebuggeride.dll
    2013-06-17 15:51:10 816640 ----a-w- C:\Windows\System32\jscript.dll
    2013-06-17 15:51:10 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
    2013-06-17 15:51:10 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-06-17 15:51:10 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-06-17 15:51:09 2147840 ----a-w- C:\Windows\System32\iertutil.dll
    2013-06-17 15:51:08 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2013-06-17 15:51:08 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
    2013-06-17 15:51:08 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
    2013-06-17 15:51:08 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2013-06-17 15:51:08 104448 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
    2013-06-17 15:51:07 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
    2013-06-17 15:51:07 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
    2013-06-17 15:51:06 12329984 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2013-06-17 15:50:59 17824768 ----a-w- C:\Windows\System32\mshtml.dll
    2013-06-17 15:50:59 10926080 ----a-w- C:\Windows\System32\ieframe.dll
    2013-06-17 15:50:55 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2013-06-17 15:50:38 -------- d-----w- C:\ProgramData\Comodo Downloader
    2013-06-16 16:36:18 32600 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
    2013-06-16 16:31:32 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
    2013-06-16 16:31:05 8610696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2013-06-16 15:16:02 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-06-16 15:16:00 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2013-06-16 15:16:00 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-06-16 15:15:55 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
    2013-06-16 15:15:55 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
    2013-06-16 15:15:37 1192448 ----a-w- C:\Windows\System32\certutil.exe
    2013-06-16 15:15:36 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
    2013-06-16 15:15:36 52224 ----a-w- C:\Windows\System32\certenc.dll
    2013-06-16 15:15:36 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
    2013-06-16 15:15:36 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-06-16 15:15:36 1464320 ----a-w- C:\Windows\System32\crypt32.dll
    2013-06-16 15:15:36 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-06-16 15:15:36 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-06-16 15:15:36 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-06-16 15:15:36 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-06-16 14:59:15 -------- d-----w- C:\Program Files (x86)\IObit Apps Toolbar
    2013-06-16 14:59:15 -------- d-----w- C:\Program Files (x86)\Application Updater
    2013-05-25 12:01:14 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2013-05-18 10:10:29 -------- d-----w- C:\Users\Jean\AppData\Roaming\HP
    2013-05-18 10:10:29 -------- d-----w- C:\ProgramData\WEBREG
    2013-05-18 10:08:44 248320 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp70v.dll
    2013-05-18 10:07:59 -------- d-----w- C:\Users\Jean\AppData\Roaming\Yahoo!
    2013-05-18 10:07:59 -------- d-----w- C:\ProgramData\Yahoo! Companion
    2013-05-18 10:07:56 -------- d-----w- C:\Program Files (x86)\Yahoo!
    2013-05-18 10:03:38 -------- d-----w- C:\Program Files (x86)\Common Files\HP
    2013-05-18 10:03:10 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
    2013-05-18 10:01:37 880640 ----a-w- C:\Windows\System32\hposwia_d02c.dll
    2013-05-18 10:01:37 748544 ----a-w- C:\Windows\System32\hpost_d02c.dll
    2013-05-18 10:01:37 515072 ----a-w- C:\Windows\System32\hposc_d02a.dll
    2013-05-18 10:01:28 551424 ----a-w- C:\Windows\System32\hppldcoi.dll
    2013-05-18 10:01:18 642360 ----a-w- C:\Windows\System32\hpzids40.dll
    2013-05-18 10:01:11 136704 ----a-w- C:\Windows\System32\hpf3l70v.dll
    2013-05-18 10:00:16 -------- d-----w- C:\Program Files (x86)\HP
    2013-05-18 09:57:19 -------- d-----w- C:\ProgramData\HP
    2013-05-18 09:55:52 -------- d-----w- C:\Users\Jean\AppData\Local\ElevatedDiagnostics
    2013-05-17 16:29:29 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
    2013-05-16 12:07:11 -------- d-----w- C:\Users\Jean\AppData\Roaming\TuneUp Software
    2013-05-16 12:01:16 -------- d-----w- C:\Users\Jean\AppData\Local\MFAData
    2013-05-16 11:23:41 -------- d-----w- C:\Program Files (x86)\Common Files\Skype
    2013-05-16 11:16:06 -------- d-----w- C:\Users\Jean\AppData\Roaming\Vtools
    2013-05-16 11:16:02 -------- d-----w- C:\Program Files (x86)\Vtools
    2013-05-16 11:14:05 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-05-16 11:14:05 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2013-05-16 11:14:05 144384 ----a-w- C:\Windows\System32\cdd.dll
    2013-05-16 11:13:55 14172672 ----a-w- C:\Windows\System32\shell32.dll
    2013-05-16 11:13:52 197120 ----a-w- C:\Windows\System32\shdocvw.dll
    2013-05-16 11:13:52 1930752 ----a-w- C:\Windows\System32\authui.dll
    2013-05-16 11:13:52 12872704 ----a-w- C:\Windows\SysWow64\shell32.dll
    2013-05-16 11:13:51 70144 ----a-w- C:\Windows\System32\appinfo.dll
    2013-05-16 11:13:51 180224 ----a-w- C:\Windows\SysWow64\shdocvw.dll
    2013-05-16 11:13:51 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
    2013-05-16 11:13:51 111448 ----a-w- C:\Windows\System32\consent.exe
    2013-05-16 11:13:43 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
    2013-05-16 11:13:43 230400 ----a-w- C:\Windows\System32\wwansvc.dll
    2013-05-16 11:13:42 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-05-09 08:51:50 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z...Z.Z..Z
    2013-04-25 10:05:14 96800 ----a-w- C:\Windows\System32\drivers\inspect.sys
    2013-04-24 15:15:14 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-04-23 14:04:12 437176 ----a-w- C:\Windows\System32\guard64.dll
    2013-04-23 14:04:12 348048 ----a-w- C:\Windows\SysWow64\guard32.dll
    .
    ==================== Find6M ====================
    .
    2013-06-17 20:30:12 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
    2013-06-17 15:44:45 75825640 ----a-w- C:\Windows\System32\MRT.exe
    2013-06-16 16:31:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-16 16:31:31 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
    2013-04-17 19:20:34 26432 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
    2013-04-15 17:38:54 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
    2013-04-15 17:38:52 706560 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
    2013-04-15 17:38:52 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys
    2013-04-15 17:38:40 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
    2013-04-15 17:38:30 45776 ----a-w- C:\Windows\System32\cmdkbd64.dll
    2013-04-15 17:38:30 343760 ----a-w- C:\Windows\System32\cmdvrt64.dll
    2013-04-15 17:38:26 40656 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
    2013-04-15 17:38:26 276688 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
    2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-04-06 16:09:20 0 ----a-w- C:\Windows\SysWow64\shoC325.tmp
    2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
    2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
    2013-03-16 13:50:51 5262064 ----a-w- C:\Windows\uninst.exe
    2013-02-28 08:36:34 68992 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
    2013-02-28 08:36:34 177672 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2013-02-28 08:36:33 71064 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2013-02-28 08:36:33 65408 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2013-02-28 08:36:33 1025880 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2013-02-28 08:36:32 80888 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2013-02-28 08:36:31 33472 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys
    2013-02-28 08:36:07 41664 ------w- C:\Windows\avastSS.scr
    2013-02-28 08:35:43 287840 ----a-w- C:\Windows\System32\aswBoot.exe
    2013-02-18 12:06:57 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2013-02-18 12:06:57 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
    2013-02-18 12:06:57 340992 ----a-w- C:\Windows\System32\schannel.dll
    2013-02-18 12:06:57 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2013-02-18 12:06:57 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2013-02-18 12:06:57 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
    2013-02-18 12:06:56 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2013-02-18 12:06:06 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2013-02-18 12:06:06 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
    2013-02-02 14:41:50 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2013-02-02 14:41:36 310688 ----a-w- C:\Windows\System32\javaws.exe
    2013-02-02 14:41:36 188832 ----a-w- C:\Windows\System32\javaw.exe
    2013-02-02 14:41:34 188320 ----a-w- C:\Windows\System32\java.exe
    2013-02-02 14:41:31 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2013-02-02 14:41:30 963488 ----a-w- C:\Windows\System32\deployJava1.dll
    2013-01-24 06:01:01 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
    2013-01-21 10:12:12 2177664 ----a-w- C:\Windows\System32\coin93.dll
    2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-12-25 19:23:03 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-12-25 19:23:03 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    .
    ============= FINISH: 21:51:10.01 ===============
  16. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    Good job :)

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  17. bruce66

    bruce66 Newcomer, in training Topic Starter Posts: 64

    RogueKiller V8.6.1 _x64_ [Jun 19 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Jean [Admin rights]
    Mode : Remove -- Date : 06/21/2013 12:19:29
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 8 ¤¤¤
    [DNS] HKLM\[...]\CCSet\[...]\{0891618E-10D5-489F-9C0A-94E10A60D2FB} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\CCSet\[...]\{1A775E71-8C4A-462E-8DC0-68AA9D8B6BDB} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\CS001\[...]\{0891618E-10D5-489F-9C0A-94E10A60D2FB} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\CS001\[...]\{1A775E71-8C4A-462E-8DC0-68AA9D8B6BDB} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\CS002\[...]\{0891618E-10D5-489F-9C0A-94E10A60D2FB} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\CS002\[...]\{1A775E71-8C4A-462E-8DC0-68AA9D8B6BDB} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Scheduled tasks : 0 ¤¤¤
    ¤¤¤ Startup Entries : 0 ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ External Hives: ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD3200BPVT-80JJ5T0 +++++
    --- User ---
    [MBR] 2d7d94ba8776bd501073fc5c5b67dc55
    [BSP] 6038da5abdb86a32e945c2c6aa172f56 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 122098 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 302487552 | Size: 157545 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[0]_D_06212013_121929.txt >>
    RKreport[0]_S_06212013_121429.txt
  18. bruce66

    bruce66 Newcomer, in training Topic Starter Posts: 64

    Did the Malware Bytes Rootkit and nothing found so no reports to post
  19. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  20. bruce66

    bruce66 Newcomer, in training Topic Starter Posts: 64

    Whilst running Combofix have now run into trouble as I am having to talk to you from my own Desktop because Combo fix is saying Illegal Operation attempted on Registry key marked for deletion. Have tried System Restore and Also that is marked for deletion. Please help
  21. bruce66

    bruce66 Newcomer, in training Topic Starter Posts: 64

    I did follow your instructions to the letter
  22. bruce66

    bruce66 Newcomer, in training Topic Starter Posts: 64

    Please ignore last two posts as I just kept rebooting the computer and eventually it let me do what I wanted to do. Combo fix report follows
    ComboFix 13-06-22.01 - Jean 22/06/2013 12:03:31.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2984.1629 [GMT 1:00]
    Running from: c:\users\Jean\Desktop\ComboFix.exe
    AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
    FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\prefs.js
    c:\programdata\FullRemove.exe
    c:\windows\msvcr71.dll
    D:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-05-22 to 2013-06-22 )))))))))))))))))))))))))))))))
    .
    .
    2013-06-21 15:25 . 2013-06-21 15:53 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2013-06-21 15:16 . 2013-06-21 15:16 -------- d-----w- c:\users\Jean\AppData\Local\Macromedia
    2013-06-21 11:09 . 2013-06-21 11:09 56072 ----a-w- c:\windows\system32\certsentry.dll
    2013-06-21 11:09 . 2013-06-21 11:09 47368 ----a-w- c:\windows\SysWow64\certsentry.dll
    2013-06-21 11:05 . 2013-06-21 11:05 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
    2013-06-19 20:38 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2013-06-19 20:38 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2013-06-19 10:29 . 2013-06-19 10:29 -------- d-----w- c:\users\Jean\AppData\Local\Mozilla
    2013-06-19 10:28 . 2013-06-19 10:28 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2013-06-19 10:28 . 2013-06-19 10:28 -------- d-----w- c:\program files (x86)\CheckPoint
    2013-06-19 10:27 . 2013-06-19 10:27 -------- d-----w- c:\programdata\CheckPoint
    2013-06-19 10:19 . 2013-06-19 10:19 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2013-06-19 10:19 . 2013-06-19 10:19 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2013-06-19 10:19 . 2013-06-19 10:19 226304 ----a-w- c:\windows\system32\elshyph.dll
    2013-06-19 10:19 . 2013-06-19 10:19 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
    2013-06-19 10:19 . 2013-06-19 10:19 770648 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
    2013-06-19 10:19 . 2013-06-19 10:19 158720 ----a-w- c:\windows\SysWow64\msls31.dll
    2013-06-19 10:19 . 2013-06-19 10:19 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
    2013-06-19 10:17 . 2013-06-19 10:17 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2013-06-19 10:10 . 2013-06-19 10:10 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-06-17 20:21 . 2013-06-17 20:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-06-17 20:21 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-06-17 20:15 . 2013-06-17 20:15 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2013-06-17 20:15 . 2013-06-17 20:15 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
    2013-06-17 20:14 . 2013-06-17 20:17 -------- d-s---w- c:\programdata\Shared Space
    2013-06-17 20:14 . 2013-06-17 20:14 -------- d-----w- c:\program files\COMODO
    2013-06-17 20:14 . 2013-06-17 20:17 -------- d-----w- c:\programdata\COMODO
    2013-06-17 20:14 . 2013-06-17 20:14 -------- d-----w- c:\program files (x86)\Common Files\COMODO
    2013-06-17 20:13 . 2013-06-17 20:13 -------- d-----w- c:\users\Jean\AppData\Local\Comodo
    2013-06-17 20:13 . 2013-06-21 11:09 -------- d-----w- c:\program files (x86)\Comodo
    2013-06-17 15:50 . 2013-06-17 15:50 -------- d-----w- c:\programdata\Comodo Downloader
    2013-06-16 16:36 . 2012-05-08 17:34 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
    2013-06-16 16:31 . 2010-11-26 17:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
    2013-06-16 16:31 . 2013-06-16 16:31 8610696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2013-06-16 15:16 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-06-16 15:16 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
    2013-06-16 15:16 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
    2013-05-25 12:01 . 2013-05-25 12:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2013-05-25 11:25 . 2013-05-25 11:25 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-06-22 11:25 . 2012-02-05 13:05 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
    2013-06-20 10:01 . 2012-04-28 09:49 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-06-20 10:01 . 2012-03-14 14:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-17 15:44 . 2012-03-17 10:48 75825640 ----a-w- c:\windows\system32\MRT.exe
    2013-05-02 15:29 . 2012-05-19 13:35 278800 ------w- c:\windows\system32\MpSigStub.exe
    2013-04-25 10:05 . 2013-04-25 10:05 96800 ----a-w- c:\windows\system32\drivers\inspect.sys
    2013-04-23 14:04 . 2013-04-23 14:04 437176 ----a-w- c:\windows\system32\guard64.dll
    2013-04-23 14:04 . 2013-04-23 14:04 348048 ----a-w- c:\windows\SysWow64\guard32.dll
    2013-04-17 19:20 . 2012-03-26 12:21 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
    2013-04-15 17:38 . 2013-04-15 17:38 48360 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2013-04-15 17:38 . 2013-04-15 17:38 706560 ----a-w- c:\windows\system32\drivers\cmdguard.sys
    2013-04-15 17:38 . 2013-04-15 17:38 23168 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2013-04-15 17:38 . 2013-04-15 17:38 43216 ----a-w- c:\windows\system32\cmdcsr.dll
    2013-04-15 17:38 . 2013-04-15 17:38 45776 ----a-w- c:\windows\system32\cmdkbd64.dll
    2013-04-15 17:38 . 2013-04-15 17:38 343760 ----a-w- c:\windows\system32\cmdvrt64.dll
    2013-04-15 17:38 . 2013-04-15 17:38 40656 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
    2013-04-15 17:38 . 2013-04-15 17:38 276688 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
    2013-04-13 05:49 . 2013-05-16 11:14 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49 . 2013-05-16 11:14 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49 . 2013-05-16 11:14 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49 . 2013-05-16 11:14 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45 . 2013-05-16 11:14 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45 . 2013-05-16 11:14 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-04-12 14:45 . 2013-04-24 15:15 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-04-10 06:01 . 2013-05-16 11:14 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2013-04-10 06:01 . 2013-05-16 11:14 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-04-10 03:30 . 2013-05-16 11:13 3153920 ----a-w- c:\windows\system32\win32k.sys
    2013-04-06 16:09 . 2013-04-06 16:09 0 ----a-w- c:\windows\SysWow64\shoC325.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-16 5622512]
    "Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
    "gbrspcontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-04-17 1851088]
    .
    c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.4.1.lnk - c:\program files (x86)\program\quickstart.exe [2012-8-13 1199104]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2013-4-17 49352]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    R1 aswSnx;aswSnx; [x]
    R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [x]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
    R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
    S0 aswRvrt;aswRvrt; [x]
    S0 aswVmm;aswVmm; [x]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
    S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
    S2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
    S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 10:01]
    .
    2013-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20 10:48]
    .
    2013-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20 10:48]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-03 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-03 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-11-03 416024]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-04-15 3603152]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://uk.yahoo.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{0891618E-10D5-489F-9C0A-94E10A60D2FB}: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{1A775E71-8C4A-462E-8DC0-68AA9D8B6BDB}: NameServer = 8.26.56.26,156.154.70.22
    FF - ProfilePath - c:\users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\algc20ss.default\
    FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
    91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}"=hex:51,66,7a,6c,4c,1d,38,12,07,04,c9,
    0f,40,b3,9a,0c,ed,70,a2,bb,05,11,09,9b
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:03,d8,04,b0,26,26,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe
    c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    c:\program files (x86)\ASUS\Splendid\ACMON.exe
    c:\program files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    c:\windows\SysWOW64\ACEngSvr.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2013-06-22 12:37:26 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-06-22 11:37
    .
    Pre-Run: 84,472,238,080 bytes free
    Post-Run: 84,069,892,096 bytes free
    .
    - - End Of File - - 127A2212821B1929645B2482B626365D
    D41D8CD98F00B204E9800998ECF8427E
  23. Broni

    Broni Malware Annihilator Posts: 46,499   +252

    It pays to read my instructions carefully:
    Using system restore (unless ordered by me) during cleaning process is bad idea because it may force us to start over.

    Combofix log looks good.

    How is computer doing?

    [​IMG] Uninstall Advanced SystemCare 6.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  24. bruce66

    bruce66 Newcomer, in training Topic Starter Posts: 64

    Funnily enough it vwas C Cleaner by Piriform which someone put on my Mums laptop which caused all this trouble and so will remove all cleaners and optimizers
  25. bruce66

    bruce66 Newcomer, in training Topic Starter Posts: 64

    The problem file is still there at moment


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.