Solved Virus removal

B

bruce66

Posts: 64   +0
I thionk my mum has some form of virus or malware on her laptop have tried to get rid but it keeps replicating it. The file is 3590F75ABA9E485486C100C1A9D4FF06 this on the C drive

Any help would be much appreciated
 
You've been to this forum before so you should know better...
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Just to let you know that I am following your instructions from above and shall post logs when done
 
Have attached logs below
 

Attachments

  • attach.txt
    5.9 KB · Views: 0
  • dds.txt
    68.4 KB · Views: 1
  • Malware Bytes log.txt
    952 bytes · Views: 0
I suggest you pay better attention to what I post:

Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Click to expand...
 
No. You're attaching logs.
You need to copy logs content and PASTE it in your next reply.

I'll paste MBAM log for you if you're not sure what I'm talking about.
You do the other two logs.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.17.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jean :: SWINDLEHURST [administrator]

17/06/2013 22:23:01
mbam-log-2013-06-17 (22-23-01).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 420113
Time elapsed: 18 hour(s), 23 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 05/02/2012 13:04:53
System Uptime: 17/06/2013 21:29:28 (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K54C
Processor: Intel(R) Celeron(R) CPU B815 @ 1.60GHz | CPU 1 | 896/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 78.756 GiB free.
D: is FIXED (NTFS) - 154 GiB total, 153.723 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP146: 16/05/2013 21:07:43 - Windows Update
RP147: 29/05/2013 10:42:10 - Windows Update
RP148: 17/06/2013 16:42:46 - Windows Update
RP149: 17/06/2013 21:04:34 - Removed AVG 2013
RP150: 17/06/2013 21:09:17 - Removed AVG 2013
RP151: 17/06/2013 21:15:25 - Device Driver Package Install: COMODO Network Service
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.01)
Advanced SystemCare 6
Alcor Micro USB Card Reader
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS AI Recovery
ASUS FaceLogon
ASUS FancyStart
ASUS LifeFrame3
ASUS Power4Gear Hybrid
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
ASUS_Screensaver
AsusVibe2.0
ATK Package
BufferChm
Comodo Dragon
COMODO Internet Security Premium
CyberLink LabelPrint
CyberLink Media Suite
CyberLink Power2Go
DJ_AIO_06_F2400_SW_Min
ETDWare PS/2-X64 8.0.5.1_WHQL
F2400
Fast Boot
Galapago
Game Park Console
GeekBuddy
Google Earth
Google Update Helper
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
HP Update
HPPhotoGadget
HPSSupply
hpWLPGInstaller
InstantOn for NB
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
IObit Apps Toolbar v7.2
IObit Malware Fighter
Java 7 Update 13 (64-bit)
KNOWHOW(TM) APP CENTRE
Mahjong Memoirs
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nuance PDF Reader
OpenOffice.org 3.4.1
Opera 12.15
Picasa 3
Qualcomm Atheros WiFi Driver Installation
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Shop for HP Supplies
Skype Click to Call
Skype™ 6.3
Smart Defrag 2
Sonic Focus
SUPERAntiSpyware
Toolbox
Turbo Fiesta
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VoipBuster
WebReg
WinFlash
Wireless Console 3
Yahoo! Toolbar
Yontoo 2.05
.
==== Event Viewer Messages From Past Week ========
.
17/06/2013 21:30:32, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx CFRMD
17/06/2013 21:11:46, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx
17/06/2013 21:00:53, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
16/06/2013 15:58:04, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
.
==== End Of File ===========================
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16490
Run by Jean at 21:48:09 on 2013-06-17
#Option Extended Search is enabled.
#Option Whitelisting is disabled.
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2984.1429 [GMT 1:00]
.
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Jean\AppData\Roaming\Yontoo\YontooDesktop.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.yahoo.com/
uLocal Page = C:\Windows\System32\blank.htm
uSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=DSGO&bmod=DSGO
mStart Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
mLocal Page = C:\Windows\SysWOW64\blank.htm
mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Shell = explorer.exe
mWinlogon: Userinit = userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: ForceActiveDesktopOn = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:1
mPolicies-System: EnableLUA = dword:1
mPolicies-System: EnableSecureUIAPaths = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:1
mPolicies-System: ValidateAdminCodeSignatures = dword:0
mPolicies-System: dontdisplaylastusername = dword:0
mPolicies-System: scforceoption = dword:0
mPolicies-System: shutdownwithoutlogon = dword:1
mPolicies-System: undockwithoutlogon = dword:1
mPolicies-System: FilterAdministratorToken = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: %SystemRoot%\system32\mswsock.dll
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{0891618E-10D5-489F-9C0A-94E10A60D2FB} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{1A775E71-8C4A-462E-8DC0-68AA9D8B6BDB} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{1A775E71-8C4A-462E-8DC0-68AA9D8B6BDB} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1A775E71-8C4A-462E-8DC0-68AA9D8B6BDB}\05C65737E6564775962756C6563737349364643473 : DHCPNameServer = 192.168.1.254
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
SSODL: WebCheck - <orphaned>
SecurityProviders: SecurityProviders = credssp.dll
LSA: Authentication Packages = msv1_0
LSA: Notification Packages = scecli
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /I:/UserInstall C:\Windows\System32\themeui.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
x64-mStart Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
x64-mLocal Page = C:\Windows\System32\blank.htm
x64-mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
x64-mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mWinlogon: Shell = explorer.exe
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll
x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
x64-mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
x64-mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /I:/UserInstall C:\Windows\System32\themeui.dll
x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
.
 
============= SERVICES / DRIVERS ===============
.

R0 ACPI;Microsoft ACPI Driver;C:\Windows\System32\drivers\acpi.sys [2011-2-18 334208]
R0 amdxata;amdxata;C:\Windows\System32\drivers\amdxata.sys [2011-11-1 27008]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-4 65408]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-4 177672]
R0 atapi;IDE Channel;C:\Windows\System32\drivers\atapi.sys [2009-7-14 24128]
R0 CLFS;Common Log (CLFS);C:\Windows\System32\clfs.sys [2009-7-14 367696]
R0 CNG;CNG;C:\Windows\System32\drivers\cng.sys [2013-2-18 458712]
R0 Compbatt;Microsoft Composite Battery Driver;C:\Windows\System32\drivers\compbatt.sys [2009-7-14 21584]
R0 Disk;Disk Driver;C:\Windows\System32\drivers\disk.sys [2009-7-14 73280]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\System32\drivers\fileinfo.sys [2009-7-14 70224]
R0 FltMgr;FltMgr;C:\Windows\System32\drivers\fltMgr.sys [2011-2-18 289664]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\Windows\System32\drivers\fvevol.sys [2013-4-11 223752]
R0 hwpolicy;Hardware Policy Driver;C:\Windows\System32\drivers\hwpolicy.sys [2011-2-18 14720]
R0 iaStor;Intel AHCI Controller;C:\Windows\System32\drivers\iaStor.sys [2011-10-18 557848]
R0 KSecDD;KSecDD;C:\Windows\System32\drivers\ksecdd.sys [2012-7-11 95600]
R0 KSecPkg;KSecPkg;C:\Windows\System32\drivers\ksecpkg.sys [2013-2-18 154480]
R0 mountmgr;Mount Point Manager;C:\Windows\System32\drivers\mountmgr.sys [2011-2-18 94592]
R0 msahci;msahci;C:\Windows\System32\drivers\msahci.sys [2011-2-18 31104]
R0 msisadrv;msisadrv;C:\Windows\System32\drivers\msisadrv.sys [2009-7-14 15424]
R0 Mup;Mup;C:\Windows\System32\drivers\mup.sys [2009-7-14 60496]
R0 NDIS;NDIS System Driver;C:\Windows\System32\drivers\ndis.sys [2012-9-13 950128]
R0 partmgr;Partition Manager;C:\Windows\System32\drivers\partmgr.sys [2012-5-11 75120]
R0 pci;PCI Bus Driver;C:\Windows\System32\drivers\pci.sys [2011-2-18 184704]
R0 pciide;pciide;C:\Windows\System32\drivers\pciide.sys [2009-7-14 12352]
R0 pcw;Performance Counters for Windows Driver;C:\Windows\System32\drivers\pcw.sys [2009-7-14 50768]
R0 rdyboost;ReadyBoost;C:\Windows\System32\drivers\rdyboost.sys [2011-2-18 213888]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-6-16 17720]
R0 spldr;Security Processor Loader Driver;C:\Windows\System32\drivers\spldr.sys [2009-7-13 19008]
R0 Tcpip;TCP/IP Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-6-16 1910632]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\Windows\System32\drivers\vdrvroot.sys [2009-7-14 36432]
R0 volmgr;Volume Manager Driver;C:\Windows\System32\drivers\volmgr.sys [2011-2-18 71552]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\System32\drivers\volmgrx.sys [2011-2-18 363392]
R0 volsnap;Storage volumes;C:\Windows\System32\drivers\volsnap.sys [2011-11-1 296320]
R0 Wdf01000;Kernel Mode Driver Frameworks service;C:\Windows\System32\drivers\Wdf01000.sys [2012-11-18 785512]
R1 AFD;Ancillary Function Driver for Winsock;C:\Windows\System32\drivers\afd.sys [2012-3-5 498688]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 Beep;Beep;C:\Windows\System32\drivers\beep.sys [2009-7-14 6656]
R1 blbdrive;blbdrive;C:\Windows\System32\drivers\blbdrive.sys [2009-7-14 45056]
R1 cdrom;CD-ROM Driver;C:\Windows\System32\drivers\cdrom.sys [2011-2-18 147456]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-4-15 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-4-15 706560]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-4-15 48360]
R1 DfsC;DFS Namespace Client Driver;C:\Windows\System32\drivers\dfsc.sys [2011-2-18 102400]
R1 discache;System Attribute Cache;C:\Windows\System32\drivers\discache.sys [2009-7-14 40448]
R1 inspect;COMODO Internet Security Firewall Driver;C:\Windows\System32\drivers\inspect.sys [2013-4-25 96800]
R1 Msfs;Msfs;C:\Windows\System32\drivers\msfs.sys [2009-7-14 26112]
R1 mssmbios;Microsoft System Management BIOS Driver;C:\Windows\System32\drivers\mssmbios.sys [2009-7-14 32320]
R1 NetBIOS;NetBIOS Interface;C:\Windows\System32\drivers\netbios.sys [2009-7-14 44544]
R1 NetBT;NetBT;C:\Windows\System32\drivers\netbt.sys [2011-2-18 261632]
R1 Npfs;Npfs;C:\Windows\System32\drivers\npfs.sys [2009-7-14 44032]
R1 nsiproxy;NSI proxy service driver.;C:\Windows\System32\drivers\nsiproxy.sys [2009-7-14 24576]
R1 Null;Null;C:\Windows\System32\drivers\null.sys [2009-7-14 6144]
R1 Psched;QoS Packet Scheduler;C:\Windows\System32\drivers\pacer.sys [2011-2-18 131584]
R1 rdbss;Redirected Buffering Sub Sysytem;C:\Windows\System32\drivers\rdbss.sys [2011-2-18 309248]
R1 RDPCDD;RDPCDD;C:\Windows\System32\drivers\RDPCDD.sys [2009-7-14 7680]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\System32\drivers\RDPENCDD.sys [2009-7-14 7680]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\Windows\System32\drivers\RDPREFMP.sys [2009-7-14 8192]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\System32\drivers\tdx.sys [2011-2-18 119296]
R1 TermDD;Terminal Device Driver;C:\Windows\System32\drivers\termdd.sys [2011-2-18 63360]
R1 VgaSave;VgaSave;C:\Windows\System32\drivers\vga.sys [2009-7-14 29184]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2011-2-18 88576]
R1 WfpLwf;WFP Lightweight Filter;C:\Windows\System32\drivers\wfplwf.sys [2009-7-14 12800]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-5-17 574272]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-12-12 379520]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-6-7 806776]
R2 ASLDRService;ASLDR Service;C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [2009-6-16 84536]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2011-11-30 92800]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-2-2 33472]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-2 80888]
R2 ATKGFNEXSrv;ATKGFNEX Service;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 AudioSrv;Windows Audio;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R2 BFE;Base Filtering Engine;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
R2 BITS;Background Intelligent Transfer Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2013-4-17 70344]
R2 cmdAgent;COMODO Internet Security Helper Service;C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2013-4-25 5784472]
R2 CryptSvc;Cryptographic Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DcomLaunch;DCOM Server Process Launcher;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-14 27136]
R2 Dhcp;DHCP Client;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R2 Dnscache;DNS Client;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-6-4 2095752]
R2 eventlog;Windows Event Log;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R2 EventSystem;COM+ Event System;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
R2 GeekBuddyRSP;GeekBuddyRSP Service;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-4-17 1851088]
R2 gpsvc;Group Policy Client;C:\Windows\System32\svchost.exe -k GPSvcGroup [2009-7-14 27136]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-6-16 335168]
R2 LanmanServer;Server;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 LanmanWorkstation;Workstation;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\System32\drivers\lltdio.sys [2009-7-14 60928]
R2 lmhosts;TCP/IP NetBIOS Helper;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R2 LMS;Intel(R) Management and Security Application Local Management Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-12-12 325656]
R2 luafv;UAC File Virtualization;C:\Windows\System32\drivers\luafv.sys [2009-7-14 113152]
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 MpsSvc;Windows Firewall;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
R2 Net Driver HPZ12;Net Driver HPZ12;C:\Windows\System32\svchost.exe -k HPZ12 [2009-7-14 27136]
R2 PEAUTH;PEAUTH;C:\Windows\System32\drivers\PEAuth.sys [2009-7-14 651264]
R2 rspndr;Link-Layer Topology Discovery Responder;C:\Windows\System32\drivers\rspndr.sys [2009-7-14 76800]
R2 secdrv;Security Driver;C:\Windows\System32\drivers\secdrv.sys [2009-7-14 23040]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\System32\drivers\tcpipreg.sys [2012-11-17 45568]
R3 AeLookupSvc;Application Experience;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R3 Appinfo;Application Information;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-10-3 129512]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-10-3 394728]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\System32\drivers\athrx.sys [2011-12-12 2769920]
R3 bowser;Browser Support Driver;C:\Windows\System32\drivers\bowser.sys [2011-11-1 90624]
R3 Browser;Computer Browser;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver;C:\Windows\System32\drivers\CmBatt.sys [2009-7-14 17664]
R3 CompositeBus;Composite Bus Enumerator Driver;C:\Windows\System32\drivers\CompositeBus.sys [2011-2-18 38912]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\System32\drivers\dxgkrnl.sys [2013-5-16 983400]
R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-10-18 138024]
R3 fastfat;FAT12/16/32 File System Driver;C:\Windows\System32\drivers\fastfat.sys [2009-7-14 204800]
R3 fdPHost;Function Discovery Provider Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R3 FDResPub;Function Discovery Resource Publication;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-6-16 23048]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\Windows\System32\drivers\hdaudbus.sys [2011-2-18 122368]
R3 hidserv;Human Interface Device Access;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R3 HidUsb;Microsoft HID Class Driver;C:\Windows\System32\drivers\hidusb.sys [2011-2-18 30208]
R3 HomeGroupListener;HomeGroup Listener;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R3 HomeGroupProvider;HomeGroup Provider;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R3 HTTP;HTTP;C:\Windows\System32\drivers\http.sys [2011-2-18 753664]
R3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\Windows\System32\drivers\i8042prt.sys [2009-7-14 105472]
R3 igfx;igfx;C:\Windows\System32\drivers\igdkmd64.sys [2011-11-3 12310112]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM);C:\Windows\System32\drivers\RTKVHD64.sys [2011-12-12 3074536]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-11-3 317440]
R3 intelppm;Intel Processor Driver;C:\Windows\System32\drivers\intelppm.sys [2009-7-14 62464]
R3 kbdclass;Keyboard Class Driver;C:\Windows\System32\drivers\kbdclass.sys [2009-7-14 50768]
R3 kbdhid;Keyboard HID Driver;C:\Windows\System32\drivers\kbdhid.sys [2011-2-18 33280]
R3 kbfiltr;Keyboard Filter;C:\Windows\System32\drivers\kbfiltr.sys [2011-10-18 15416]
R3 KeyIso;CNG Key Isolation;C:\Windows\System32\lsass.exe [2012-3-5 31232]
R3 ksthunk;Kernel Streaming Thunks;C:\Windows\System32\drivers\ksthunk.sys [2009-7-14 20992]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-10-18 76912]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-17 25928]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-12-12 56344]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\System32\drivers\monitor.sys [2009-7-14 30208]
R3 mouclass;Mouse Class Driver;C:\Windows\System32\drivers\mouclass.sys [2009-7-14 49216]
R3 mouhid;Mouse HID Driver;C:\Windows\System32\drivers\mouhid.sys [2009-7-14 31232]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\System32\drivers\mpsdrv.sys [2009-7-14 77312]
R3 mrxsmb;SMB MiniRedirector Wrapper and Engine;C:\Windows\System32\drivers\mrxsmb.sys [2011-11-1 158208]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\System32\drivers\mrxsmb10.sys [2011-11-1 288768]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\System32\drivers\mrxsmb20.sys [2011-11-1 128000]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\System32\drivers\nwifi.sys [2009-7-14 318976]
R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\Windows\System32\drivers\ndistapi.sys [2009-7-14 24064]
R3 Ndisuio;NDIS Usermode I/O Protocol;C:\Windows\System32\drivers\ndisuio.sys [2011-2-18 56832]
R3 NdisWan;Remote Access NDIS WAN Driver;C:\Windows\System32\drivers\ndiswan.sys [2011-2-18 164352]
R3 NDProxy;NDIS Proxy;C:\Windows\System32\drivers\ndproxy.sys [2011-2-18 57856]
R3 Netman;Network Connections;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R3 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R3 Ntfs;Ntfs;C:\Windows\System32\drivers\ntfs.sys [2013-4-24 1656680]
R3 PptpMiniport;WAN Miniport (PPTP);C:\Windows\System32\drivers\raspptp.sys [2011-2-18 111104]
R3 RasAgileVpn;WAN Miniport (IKEv2);C:\Windows\System32\drivers\agilevpn.sys [2009-7-14 60416]
R3 Rasl2tp;WAN Miniport (L2TP);C:\Windows\System32\drivers\rasl2tp.sys [2011-2-18 129536]
R3 RasPppoe;Remote Access PPPOE Driver;C:\Windows\System32\drivers\raspppoe.sys [2009-7-14 92672]
R3 RasSstp;WAN Miniport (SSTP);C:\Windows\System32\drivers\rassstp.sys [2009-7-14 83968]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-6-16 34336]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 srv;Server SMB 1.xxx Driver;C:\Windows\System32\drivers\srv.sys [2011-11-1 467456]
R3 srv2;Server SMB 2.xxx Driver;C:\Windows\System32\drivers\srv2.sys [2011-11-1 410112]
R3 srvnet;srvnet;C:\Windows\System32\drivers\srvnet.sys [2011-11-1 168448]
R3 swenum;Software Bus Driver;C:\Windows\System32\drivers\swenum.sys [2009-7-14 12496]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\Windows\System32\drivers\tunnel.sys [2011-2-18 125440]
R3 umbus;UMBus Enumerator Driver;C:\Windows\System32\drivers\umbus.sys [2011-2-18 48640]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-6-16 23016]
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\Windows\System32\drivers\usbccgp.sys [2011-11-1 98816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\Windows\System32\drivers\usbehci.sys [2011-11-1 52736]
R3 usbhub;Microsoft USB Standard Hub Driver;C:\Windows\System32\drivers\usbhub.sys [2011-11-1 343040]
R3 usbvideo;USB Video Device (WDM);C:\Windows\System32\drivers\usbvideo.sys [2011-2-18 184960]
R3 vwifibus;Virtual WiFi Bus Driver;C:\Windows\System32\drivers\vwifibus.sys [2009-7-14 24576]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\Windows\System32\drivers\wmiacpi.sys [2009-7-14 14336]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-2-2 1025880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-20 116648]
S3 1394ohci;1394 OHCI Compliant Host Controller;C:\Windows\System32\drivers\1394ohci.sys [2011-2-18 229888]
S3 AcpiPmi;ACPI Power Meter Driver;C:\Windows\System32\drivers\acpipmi.sys [2011-2-18 12800]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-28 256904]
S3 adp94xx;adp94xx;C:\Windows\System32\drivers\adp94xx.sys [2009-6-10 491088]
S3 adpahci;adpahci;C:\Windows\System32\drivers\adpahci.sys [2009-7-13 339536]
S3 adpu320;adpu320;C:\Windows\System32\drivers\adpu320.sys [2009-7-13 182864]
S3 agp440;Intel AGP Bus Filter;C:\Windows\System32\drivers\AGP440.sys [2009-7-14 61008]
S3 ALG;Application Layer Gateway Service;C:\Windows\System32\alg.exe [2009-7-14 79360]
S3 aliide;aliide;C:\Windows\System32\drivers\aliide.sys [2009-7-14 15440]
S3 amdide;amdide;C:\Windows\System32\drivers\amdide.sys [2009-7-14 15440]
S3 AmdK8;AMD K8 Processor Driver;C:\Windows\System32\drivers\amdk8.sys [2009-7-14 64512]
S3 AmdPPM;AMD Processor Driver;C:\Windows\System32\drivers\amdppm.sys [2009-7-14 60928]
S3 amdsata;amdsata;C:\Windows\System32\drivers\amdsata.sys [2011-11-1 107904]
S3 amdsbs;amdsbs;C:\Windows\System32\drivers\amdsbs.sys [2009-6-10 194128]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-3-18 74840]
S3 AppID;AppID Driver;C:\Windows\System32\drivers\appid.sys [2011-2-18 61440]
S3 AppIDSvc;Application Identity;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 arc;arc;C:\Windows\System32\drivers\arc.sys [2009-7-13 87632]
S3 arcsas;arcsas;C:\Windows\System32\drivers\arcsas.sys [2009-7-13 97856]
S3 aspnet_state;ASP.NET State Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-3-19 44376]
S3 AsyncMac;RAS Asynchronous Media Driver;C:\Windows\System32\drivers\asyncmac.sys [2009-7-14 23040]
S3 AxInstSV;ActiveX Installer (AxInstSV);C:\Windows\System32\svchost.exe -k AxInstSVGroup [2009-7-14 27136]
S3 b06bdrv;Broadcom NetXtreme II VBD;C:\Windows\System32\drivers\bxvbda.sys [2009-6-10 468480]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2009-6-10 270848]
S3 BDESVC;BitLocker Drive Encryption Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\System32\drivers\BrFiltLo.sys [2009-7-14 18432]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\System32\drivers\BrFiltUp.sys [2009-7-14 8704]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\System32\drivers\BrSerId.sys [2009-7-14 286720]
S3 BrSerWdm;Brother WDM Serial driver;C:\Windows\System32\drivers\BrSerWdm.sys [2009-7-14 47104]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\System32\drivers\BrUsbMdm.sys [2009-7-14 14976]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\System32\drivers\BrUsbSer.sys [2009-7-14 14720]
S3 BthEnum;Bluetooth Request Block Driver;C:\Windows\System32\drivers\bthenum.sys [2009-7-14 41984]
S3 BTHMODEM;Bluetooth Serial Communications Driver;C:\Windows\System32\drivers\bthmodem.sys [2009-7-14 72192]
S3 BthPan;Bluetooth Device (Personal Area Network);C:\Windows\System32\drivers\bthpan.sys [2009-7-14 118784]
S3 BTHPORT;Bluetooth Port Driver;C:\Windows\System32\drivers\bthport.sys [2012-8-20 552960]
S3 bthserv;Bluetooth Support Service;C:\Windows\System32\svchost.exe -k bthsvcs [2009-7-14 27136]
S3 BTHUSB;Bluetooth Radio USB Driver;C:\Windows\System32\drivers\BTHUSB.SYS [2011-11-1 80384]
S3 circlass;Consumer IR Devices;C:\Windows\System32\drivers\circlass.sys [2009-7-14 45568]
S3 cmdide;cmdide;C:\Windows\System32\drivers\cmdide.sys [2009-7-14 17488]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-4-15 158928]
S3 COMSysApp;COM+ System Application;C:\Windows\System32\dllhost.exe [2009-7-14 9728]
S3 defragsvc;Disk Defragmenter;C:\Windows\System32\svchost.exe -k defragsvc [2009-7-14 27136]
S3 dot3svc;Wired AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 Dot4;MS IEEE-1284.4 Driver;C:\Windows\System32\drivers\Dot4.sys [2009-7-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4;C:\Windows\System32\drivers\Dot4Prt.sys [2011-2-18 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter;C:\Windows\System32\drivers\Dot4usb.sys [2009-7-14 43008]
S3 drmkaud;Microsoft Trusted Audio Drivers;C:\Windows\System32\drivers\drmkaud.sys [2009-7-14 5632]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\Windows\System32\drivers\evbda.sys [2009-6-10 3286016]
S3 EFS;Encrypting File System (EFS);C:\Windows\System32\lsass.exe [2012-3-5 31232]
S3 ehRecvr;Windows Media Center Receiver Service;C:\Windows\ehome\ehrecvr.exe [2011-2-18 696832]
S3 ehSched;Windows Media Center Scheduler Service;C:\Windows\ehome\ehsched.exe [2009-7-14 127488]
S3 elxstor;elxstor;C:\Windows\System32\drivers\elxstor.sys [2009-6-10 530496]
S3 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\System32\drivers\errdev.sys [2009-7-14 9728]
S3 exfat;exFAT File System Driver;C:\Windows\System32\drivers\exfat.sys [2009-7-14 195072]
S3 Fax;Fax;C:\Windows\System32\FXSSVC.exe [2011-2-18 689152]
S3 fdc;Floppy Disk Controller Driver;C:\Windows\System32\drivers\fdc.sys [2009-7-14 29696]
S3 Filetrace;Filetrace;C:\Windows\System32\drivers\filetrace.sys [2009-7-14 34304]
S3 flpydisk;Floppy Disk Driver;C:\Windows\System32\drivers\flpydisk.sys [2009-7-14 24576]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2011-2-18 42856]
S3 FsDepends;File System Dependency Minifilter;C:\Windows\System32\drivers\fsdepends.sys [2009-7-14 55376]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\Windows\System32\drivers\GAGP30KX.SYS [2009-7-14 65088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-20 116648]
S3 gusvc;Google Software Updater;C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-11-1 182768]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\System32\drivers\hcw85cir.sys [2009-7-13 31232]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\HdAudio.sys [2011-2-18 350208]
S3 HidBatt;HID UPS Battery Driver;C:\Windows\System32\drivers\hidbatt.sys [2009-7-14 26624]
S3 HidBth;Microsoft Bluetooth HID Miniport;C:\Windows\System32\drivers\hidbth.sys [2009-7-14 100864]
S3 HidIr;Microsoft Infrared HID Driver;C:\Windows\System32\drivers\hidir.sys [2009-7-14 46592]
S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 HpSAMD;HpSAMD;C:\Windows\System32\drivers\HpSAMD.sys [2011-2-18 78720]
S3 iaStorV;iaStorV;C:\Windows\System32\drivers\iaStorV.sys [2011-11-1 410496]
S3 idsvc;Windows CardSpace;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2011-2-18 856400]
S3 iirsp;iirsp;C:\Windows\System32\drivers\iirsp.sys [2009-7-13 44112]
S3 intelide;intelide;C:\Windows\System32\drivers\intelide.sys [2009-7-14 16960]
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 IpFilterDriver;IP Traffic Filter Driver;C:\Windows\System32\drivers\ipfltdrv.sys [2011-2-18 82944]
S3 IPMIDRV;IPMIDRV;C:\Windows\System32\drivers\IPMIDrv.sys [2011-2-18 78848]
S3 IPNAT;IP Network Address Translator;C:\Windows\System32\drivers\ipnat.sys [2009-7-14 116224]
S3 IRENUM;IR Bus Enumerator;C:\Windows\System32\drivers\irenum.sys [2009-7-14 17920]
S3 isapnp;isapnp;C:\Windows\System32\drivers\isapnp.sys [2009-7-14 20544]
S3 iScsiPrt;iScsiPort Driver;C:\Windows\System32\drivers\msiscsi.sys [2011-2-18 273792]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-14 27136]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 LSI_FC;LSI_FC;C:\Windows\System32\drivers\lsi_fc.sys [2009-7-13 114752]
S3 LSI_SAS;LSI_SAS;C:\Windows\System32\drivers\lsi_sas.sys [2009-7-13 106560]
S3 LSI_SAS2;LSI_SAS2;C:\Windows\System32\drivers\lsi_sas2.sys [2009-7-13 65600]
S3 LSI_SCSI;LSI_SCSI;C:\Windows\System32\drivers\lsi_scsi.sys [2009-7-13 115776]
S3 megasas;megasas;C:\Windows\System32\drivers\megasas.sys [2009-6-10 35392]
S3 MegaSR;MegaSR;C:\Windows\System32\drivers\MegaSR.sys [2009-7-13 284736]
S3 Modem;Modem;C:\Windows\System32\drivers\modem.sys [2009-7-14 40448]
S3 mpio;mpio;C:\Windows\System32\drivers\mpio.sys [2011-2-18 155008]
S3 MRxDAV;WebDav Client Redirector Driver;C:\Windows\System32\drivers\mrxdav.sys [2011-2-18 140800]
S3 msdsm;msdsm;C:\Windows\System32\drivers\msdsm.sys [2011-2-18 140672]
S3 MSDTC;Distributed Transaction Coordinator;C:\Windows\System32\msdtc.exe [2009-7-14 141824]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\Windows\System32\drivers\mshidkmdf.sys [2009-7-14 8192]
S3 msiserver;Windows Installer;C:\Windows\System32\msiexec.exe [2011-2-18 128000]
S3 MSKSSRV;Microsoft Streaming Service Proxy;C:\Windows\System32\drivers\mskssrv.sys [2009-7-14 11136]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;C:\Windows\System32\drivers\mspclock.sys [2009-7-14 7168]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;C:\Windows\System32\drivers\mspqm.sys [2009-7-14 6784]
S3 MsRPC;MsRPC;C:\Windows\System32\drivers\msrpc.sys [2011-2-18 366976]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;C:\Windows\System32\drivers\mstee.sys [2009-7-14 8064]
S3 MTConfig;Microsoft Input Configuration Driver;C:\Windows\System32\drivers\MTConfig.sys [2009-7-14 15360]
S3 NdisCap;NDIS Capture LightWeight Filter;C:\Windows\System32\drivers\ndiscap.sys [2009-7-14 35328]
S3 nfrd960;nfrd960;C:\Windows\System32\drivers\nfrd960.sys [2009-7-13 51264]
S3 nv_agp;NVIDIA nForce AGP Bus Filter;C:\Windows\System32\drivers\NV_AGP.SYS [2009-7-14 122960]
S3 nvraid;nvraid;C:\Windows\System32\drivers\nvraid.sys [2011-11-1 148352]
S3 nvstor;nvstor;C:\Windows\System32\drivers\nvstor.sys [2011-11-1 166272]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy);C:\Windows\System32\drivers\ohci1394.sys [2009-7-14 72832]
S3 Parport;Parallel port driver;C:\Windows\System32\drivers\parport.sys [2009-7-14 97280]
S3 pcmcia;pcmcia;C:\Windows\System32\drivers\pcmcia.sys [2009-7-14 220752]
S3 Processor;Processor Driver;C:\Windows\System32\drivers\processr.sys [2009-7-14 60416]
S3 ql2300;ql2300;C:\Windows\System32\drivers\ql2300.sys [2009-6-10 1524816]
S3 ql40xx;ql40xx;C:\Windows\System32\drivers\ql40xx.sys [2009-7-13 128592]
S3 QWAVEdrv;QWAVE driver;C:\Windows\System32\drivers\qwavedrv.sys [2009-7-14 46592]
S3 RasAcd;Remote Access Auto Connection Driver;C:\Windows\System32\drivers\rasacd.sys [2009-7-14 14848]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\Windows\System32\drivers\rdpbus.sys [2009-7-14 24064]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-18 19456]
S3 RDPWD;RDP Winstation Driver;C:\Windows\System32\drivers\rdpwd.sys [2012-6-24 210944]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\Windows\System32\drivers\rfcomm.sys [2009-7-14 158720]
S3 sbp2port;sbp2port;C:\Windows\System32\drivers\sbp2port.sys [2011-2-18 103808]
S3 scfilter;Smart card PnP Class Filter Driver;C:\Windows\System32\drivers\scfilter.sys [2011-2-18 29696]
S3 Serenum;Serenum Filter Driver;C:\Windows\System32\drivers\serenum.sys [2009-7-14 23552]
S3 Serial;Serial;C:\Windows\System32\drivers\serial.sys [2009-7-14 94208]
S3 sermouse;Serial Mouse Driver;C:\Windows\System32\drivers\sermouse.sys [2009-7-14 26624]
S3 sffdisk;SFF Storage Class Driver;C:\Windows\System32\drivers\sffdisk.sys [2009-7-14 14336]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\System32\drivers\sffp_mmc.sys [2009-7-14 13824]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\Windows\System32\drivers\sffp_sd.sys [2011-2-18 14336]
S3 sfloppy;High-Capacity Floppy Disk Drive;C:\Windows\System32\drivers\sfloppy.sys [2009-7-14 16896]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 SiSRaid2;SiSRaid2;C:\Windows\System32\drivers\sisraid2.sys [2009-6-10 43584]
S3 SiSRaid4;SiSRaid4;C:\Windows\System32\drivers\sisraid4.sys [2009-7-13 80464]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\System32\drivers\smb.sys [2009-7-14 93184]
S3 stexstor;stexstor;C:\Windows\System32\drivers\stexstor.sys [2009-7-13 24656]
S3 TCPIP6;Microsoft IPv6 Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-6-16 1910632]
S3 TDPIPE;TDPIPE;C:\Windows\System32\drivers\tdpipe.sys [2009-7-14 15872]
S3 TDTCP;TDTCP;C:\Windows\System32\drivers\tdtcp.sys [2012-3-14 23552]
S3 TPM;TPM;C:\Windows\System32\drivers\tpm.sys [2009-7-14 38400]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\Windows\System32\drivers\tssecsrv.sys [2011-2-18 39424]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-18 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-18 30208]
S3 uagp35;Microsoft AGPv3.5 Filter;C:\Windows\System32\drivers\UAGP35.SYS [2009-7-14 64080]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\System32\drivers\ULIAGPKX.SYS [2009-7-14 64592]
S3 UmPass;Microsoft UMPass Driver;C:\Windows\System32\drivers\umpass.sys [2009-7-14 9728]
S3 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\System32\drivers\usbcir.sys [2009-7-14 100352]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\Windows\System32\drivers\usbohci.sys [2011-11-1 25600]
S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\System32\drivers\usbprint.sys [2009-7-14 25088]
S3 usbscan;USB Scanner Driver;C:\Windows\System32\drivers\usbscan.sys [2009-7-14 41984]
S3 USBSTOR;USB Mass Storage Driver;C:\Windows\System32\drivers\USBSTOR.SYS [2011-11-1 91648]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\Windows\System32\drivers\usbuhci.sys [2011-11-1 30720]
S3 vga;vga;C:\Windows\System32\drivers\vgapnp.sys [2009-7-14 29184]
S3 vhdmp;vhdmp;C:\Windows\System32\drivers\vhdmp.sys [2011-2-18 215936]
S3 viaide;viaide;C:\Windows\System32\drivers\viaide.sys [2009-7-14 17488]
S3 vsmraid;vsmraid;C:\Windows\System32\drivers\vsmraid.sys [2009-6-10 161872]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\System32\drivers\wacompen.sys [2009-7-14 27776]
S3 WANARP;Remote Access IP ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2011-2-18 88576]
S3 Wd;Wd;C:\Windows\System32\drivers\wd.sys [2009-7-14 21056]
S3 WimFltr;WimFltr;C:\Windows\System32\drivers\WimFltr.sys [2008-5-23 154168]
S3 WIMMount;WIMMount;C:\Windows\System32\drivers\wimmount.sys [2009-7-14 22096]
S3 WinUsb;WinUsb;C:\Windows\System32\drivers\winusb.sys [2011-2-18 41984]
S3 WudfPf;User Mode Driver Frameworks Platform Driver;C:\Windows\System32\drivers\WUDFPf.sys [2012-11-18 87040]
S3 WUDFRd;WUDFRd;C:\Windows\System32\drivers\WUDFRd.sys [2012-11-18 198656]
S4 cdfs;CD/DVD File System Reader;C:\Windows\System32\drivers\cdfs.sys [2009-7-14 92160]
S4 CertPropSvc;Certificate Propagation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86;C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-7-13 66384]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-13 89920]
S4 crcdisk;Crcdisk Filter Driver;C:\Windows\System32\drivers\crcdisk.sys [2009-7-14 24144]
S4 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs [2009-7-14 27136]
S4 Mcx2Svc;Media Center Extender Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S4 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S4 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
S4 Netlogon;Netlogon;C:\Windows\System32\lsass.exe [2012-3-5 31232]
S4 NetMsmqActivator;Net.Msmq Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
S4 NetPipeActivator;Net.Pipe Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
S4 udfs;udfs;C:\Windows\System32\drivers\udfs.sys [2011-2-18 328192]
S4 ws2ifsl;Winsock IFS Driver;C:\Windows\System32\drivers\ws2ifsl.sys [2009-7-14 21504]
.
 
=============== File Associations ===============
.
FileExt: .bat: batfile="%1" %*
FileExt: .cmd: cmdfile="%1" %*
FileExt: .com: comfile="%1" %*
FileExt: .exe: exefile="%1" %*
FileExt: .pif: piffile="%1" %*
FileExt: .scr: scrfile="%1" /S
FileExt: .reg: regfile=regedit.exe "%1"
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .chm: chm.file="C:\Windows\hh.exe" %1
FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: AcroRD32.exe: Read="C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" "%1"
ShellExec: ehshell.exe: open="C:\Windows\eHome\ehshell.exe" "%1"
ShellExec: iexplore.exe: open="C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
ShellExec: mspaint.exe: edit="C:\Windows\System32\mspaint.exe" "%1"
ShellExec: notepad.exe: edit=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: notepad.exe: open=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Opera.exe" "%1"
ShellExec: photoviewer.dll: open=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: photoviewer.dll: print=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: PicasaPhotoViewer.exe: Open="C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe" "%1"
ShellExec: PicasaPhotoViewer.exe: Preview="C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe" "%1"
ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"
ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"
ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"
.
=============== Created Last 60 ================
.
2013-06-17 20:21:59 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-06-17 20:21:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-17 20:15:08 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-06-17 20:15:08 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2013-06-17 20:14:50 -------- d-s---w- C:\ProgramData\Shared Space
2013-06-17 20:14:31 -------- d-----w- C:\Program Files\COMODO
2013-06-17 20:14:22 -------- d-----w- C:\ProgramData\COMODO
2013-06-17 20:14:04 -------- d-----w- C:\Program Files (x86)\Common Files\COMODO
2013-06-17 20:13:47 -------- d-----w- C:\Users\Jean\AppData\Local\Comodo
2013-06-17 20:13:39 56072 ----a-w- C:\Windows\System32\certsentry.dll
2013-06-17 20:13:39 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll
2013-06-17 20:13:25 -------- d-----w- C:\Program Files (x86)\Comodo
2013-06-17 15:51:21 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-06-17 15:51:21 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-17 15:51:21 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-17 15:51:20 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-06-17 15:51:19 768512 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-17 15:51:19 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-06-17 15:51:19 182936 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-06-17 15:51:19 149656 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-06-17 15:51:18 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-17 15:51:18 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-06-17 15:51:18 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-06-17 15:51:17 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-06-17 15:51:17 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-06-17 15:51:17 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-06-17 15:51:16 763544 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2013-06-17 15:51:16 757400 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-06-17 15:51:16 237056 ----a-w- C:\Windows\System32\url.dll
2013-06-17 15:51:16 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-06-17 15:51:16 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-06-17 15:51:16 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-17 15:51:15 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-06-17 15:51:14 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-06-17 15:51:14 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-06-17 15:51:14 1346560 ----a-w- C:\Windows\System32\urlmon.dll
2013-06-17 15:51:14 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-06-17 15:51:13 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-06-17 15:51:13 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-17 15:51:12 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-06-17 15:51:12 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-06-17 15:51:12 548864 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2013-06-17 15:51:12 194560 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-06-17 15:51:11 141312 ----a-w- C:\Program Files\Internet Explorer\jsdebuggeride.dll
2013-06-17 15:51:10 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-06-17 15:51:10 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-06-17 15:51:10 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-06-17 15:51:10 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-17 15:51:09 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-06-17 15:51:08 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-06-17 15:51:08 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2013-06-17 15:51:08 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2013-06-17 15:51:08 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-06-17 15:51:08 104448 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-06-17 15:51:07 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2013-06-17 15:51:07 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2013-06-17 15:51:06 12329984 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-06-17 15:50:59 17824768 ----a-w- C:\Windows\System32\mshtml.dll
2013-06-17 15:50:59 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-06-17 15:50:55 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-06-17 15:50:38 -------- d-----w- C:\ProgramData\Comodo Downloader
2013-06-16 16:36:18 32600 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2013-06-16 16:31:32 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2013-06-16 16:31:05 8610696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-06-16 15:16:02 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-16 15:16:00 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-16 15:16:00 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-16 15:15:55 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-16 15:15:55 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-06-16 15:15:37 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-06-16 15:15:36 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-06-16 15:15:36 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-06-16 15:15:36 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-06-16 15:15:36 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-06-16 15:15:36 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-06-16 15:15:36 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-06-16 15:15:36 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-06-16 15:15:36 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-06-16 15:15:36 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-06-16 14:59:15 -------- d-----w- C:\Program Files (x86)\IObit Apps Toolbar
2013-06-16 14:59:15 -------- d-----w- C:\Program Files (x86)\Application Updater
2013-05-25 12:01:14 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2013-05-18 10:10:29 -------- d-----w- C:\Users\Jean\AppData\Roaming\HP
2013-05-18 10:10:29 -------- d-----w- C:\ProgramData\WEBREG
2013-05-18 10:08:44 248320 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp70v.dll
2013-05-18 10:07:59 -------- d-----w- C:\Users\Jean\AppData\Roaming\Yahoo!
2013-05-18 10:07:59 -------- d-----w- C:\ProgramData\Yahoo! Companion
2013-05-18 10:07:56 -------- d-----w- C:\Program Files (x86)\Yahoo!
2013-05-18 10:03:38 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2013-05-18 10:03:10 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2013-05-18 10:01:37 880640 ----a-w- C:\Windows\System32\hposwia_d02c.dll
2013-05-18 10:01:37 748544 ----a-w- C:\Windows\System32\hpost_d02c.dll
2013-05-18 10:01:37 515072 ----a-w- C:\Windows\System32\hposc_d02a.dll
2013-05-18 10:01:28 551424 ----a-w- C:\Windows\System32\hppldcoi.dll
2013-05-18 10:01:18 642360 ----a-w- C:\Windows\System32\hpzids40.dll
2013-05-18 10:01:11 136704 ----a-w- C:\Windows\System32\hpf3l70v.dll
2013-05-18 10:00:16 -------- d-----w- C:\Program Files (x86)\HP
2013-05-18 09:57:19 -------- d-----w- C:\ProgramData\HP
2013-05-18 09:55:52 -------- d-----w- C:\Users\Jean\AppData\Local\ElevatedDiagnostics
2013-05-17 16:29:29 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2013-05-16 12:07:11 -------- d-----w- C:\Users\Jean\AppData\Roaming\TuneUp Software
2013-05-16 12:01:16 -------- d-----w- C:\Users\Jean\AppData\Local\MFAData
2013-05-16 11:23:41 -------- d-----w- C:\Program Files (x86)\Common Files\Skype
2013-05-16 11:16:06 -------- d-----w- C:\Users\Jean\AppData\Roaming\Vtools
2013-05-16 11:16:02 -------- d-----w- C:\Program Files (x86)\Vtools
2013-05-16 11:14:05 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-16 11:14:05 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-16 11:14:05 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-16 11:13:55 14172672 ----a-w- C:\Windows\System32\shell32.dll
2013-05-16 11:13:52 197120 ----a-w- C:\Windows\System32\shdocvw.dll
2013-05-16 11:13:52 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-16 11:13:52 12872704 ----a-w- C:\Windows\SysWow64\shell32.dll
2013-05-16 11:13:51 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-16 11:13:51 180224 ----a-w- C:\Windows\SysWow64\shdocvw.dll
2013-05-16 11:13:51 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-16 11:13:51 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-16 11:13:43 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-16 11:13:43 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-16 11:13:42 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-09 08:51:50 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z..Z..Z...Z.Z..Z
2013-04-25 10:05:14 96800 ----a-w- C:\Windows\System32\drivers\inspect.sys
2013-04-24 15:15:14 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-23 14:04:12 437176 ----a-w- C:\Windows\System32\guard64.dll
2013-04-23 14:04:12 348048 ----a-w- C:\Windows\SysWow64\guard32.dll
.
==================== Find6M ====================
.
2013-06-17 20:30:12 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
2013-06-17 15:44:45 75825640 ----a-w- C:\Windows\System32\MRT.exe
2013-06-16 16:31:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-16 16:31:31 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-17 19:20:34 26432 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2013-04-15 17:38:54 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2013-04-15 17:38:52 706560 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
2013-04-15 17:38:52 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2013-04-15 17:38:40 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
2013-04-15 17:38:30 45776 ----a-w- C:\Windows\System32\cmdkbd64.dll
2013-04-15 17:38:30 343760 ----a-w- C:\Windows\System32\cmdvrt64.dll
2013-04-15 17:38:26 40656 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
2013-04-15 17:38:26 276688 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-06 16:09:20 0 ----a-w- C:\Windows\SysWow64\shoC325.tmp
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-16 13:50:51 5262064 ----a-w- C:\Windows\uninst.exe
2013-02-28 08:36:34 68992 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2013-02-28 08:36:34 177672 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-02-28 08:36:33 71064 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-02-28 08:36:33 65408 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-02-28 08:36:33 1025880 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-02-28 08:36:32 80888 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-02-28 08:36:31 33472 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys
2013-02-28 08:36:07 41664 ------w- C:\Windows\avastSS.scr
2013-02-28 08:35:43 287840 ----a-w- C:\Windows\System32\aswBoot.exe
2013-02-18 12:06:57 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-02-18 12:06:57 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-02-18 12:06:57 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-02-18 12:06:57 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-02-18 12:06:57 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-02-18 12:06:57 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-02-18 12:06:56 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-02-18 12:06:06 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-02-18 12:06:06 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-02-02 14:41:50 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-02-02 14:41:36 310688 ----a-w- C:\Windows\System32\javaws.exe
2013-02-02 14:41:36 188832 ----a-w- C:\Windows\System32\javaw.exe
2013-02-02 14:41:34 188320 ----a-w- C:\Windows\System32\java.exe
2013-02-02 14:41:31 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-02-02 14:41:30 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-01-24 06:01:01 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-01-21 10:12:12 2177664 ----a-w- C:\Windows\System32\coin93.dll
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-12-25 19:23:03 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-12-25 19:23:03 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 21:51:10.01 ===============
 
Good job :)

redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
RogueKiller V8.6.1 _x64_ [Jun 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jean [Admin rights]
Mode : Remove -- Date : 06/21/2013 12:19:29
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 8 ¤¤¤
[DNS] HKLM\[...]\CCSet\[...]\{0891618E-10D5-489F-9C0A-94E10A60D2FB} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\CCSet\[...]\{1A775E71-8C4A-462E-8DC0-68AA9D8B6BDB} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\CS001\[...]\{0891618E-10D5-489F-9C0A-94E10A60D2FB} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\CS001\[...]\{1A775E71-8C4A-462E-8DC0-68AA9D8B6BDB} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\CS002\[...]\{0891618E-10D5-489F-9C0A-94E10A60D2FB} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\CS002\[...]\{1A775E71-8C4A-462E-8DC0-68AA9D8B6BDB} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BPVT-80JJ5T0 +++++
--- User ---
[MBR] 2d7d94ba8776bd501073fc5c5b67dc55
[BSP] 6038da5abdb86a32e945c2c6aa172f56 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 122098 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 302487552 | Size: 157545 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_06212013_121929.txt >>
RKreport[0]_S_06212013_121429.txt
 
redtarget.gif
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

redtarget.gif
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Whilst running Combofix have now run into trouble as I am having to talk to you from my own Desktop because Combo fix is saying Illegal Operation attempted on Registry key marked for deletion. Have tried System Restore and Also that is marked for deletion. Please help
 
Please ignore last two posts as I just kept rebooting the computer and eventually it let me do what I wanted to do. Combo fix report follows
ComboFix 13-06-22.01 - Jean 22/06/2013 12:03:31.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2984.1629 [GMT 1:00]
Running from: c:\users\Jean\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\programdata\FullRemove.exe
c:\windows\msvcr71.dll
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-05-22 to 2013-06-22 )))))))))))))))))))))))))))))))
.
.
2013-06-21 15:25 . 2013-06-21 15:53 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-21 15:16 . 2013-06-21 15:16 -------- d-----w- c:\users\Jean\AppData\Local\Macromedia
2013-06-21 11:09 . 2013-06-21 11:09 56072 ----a-w- c:\windows\system32\certsentry.dll
2013-06-21 11:09 . 2013-06-21 11:09 47368 ----a-w- c:\windows\SysWow64\certsentry.dll
2013-06-21 11:05 . 2013-06-21 11:05 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2013-06-19 20:38 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-19 20:38 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-19 10:29 . 2013-06-19 10:29 -------- d-----w- c:\users\Jean\AppData\Local\Mozilla
2013-06-19 10:28 . 2013-06-19 10:28 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-06-19 10:28 . 2013-06-19 10:28 -------- d-----w- c:\program files (x86)\CheckPoint
2013-06-19 10:27 . 2013-06-19 10:27 -------- d-----w- c:\programdata\CheckPoint
2013-06-19 10:19 . 2013-06-19 10:19 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-19 10:19 . 2013-06-19 10:19 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-19 10:19 . 2013-06-19 10:19 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-19 10:19 . 2013-06-19 10:19 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-19 10:19 . 2013-06-19 10:19 770648 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2013-06-19 10:19 . 2013-06-19 10:19 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-19 10:19 . 2013-06-19 10:19 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-19 10:17 . 2013-06-19 10:17 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-19 10:10 . 2013-06-19 10:10 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-17 20:21 . 2013-06-17 20:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-17 20:21 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-17 20:15 . 2013-06-17 20:15 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-06-17 20:15 . 2013-06-17 20:15 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2013-06-17 20:14 . 2013-06-17 20:17 -------- d-s---w- c:\programdata\Shared Space
2013-06-17 20:14 . 2013-06-17 20:14 -------- d-----w- c:\program files\COMODO
2013-06-17 20:14 . 2013-06-17 20:17 -------- d-----w- c:\programdata\COMODO
2013-06-17 20:14 . 2013-06-17 20:14 -------- d-----w- c:\program files (x86)\Common Files\COMODO
2013-06-17 20:13 . 2013-06-17 20:13 -------- d-----w- c:\users\Jean\AppData\Local\Comodo
2013-06-17 20:13 . 2013-06-21 11:09 -------- d-----w- c:\program files (x86)\Comodo
2013-06-17 15:50 . 2013-06-17 15:50 -------- d-----w- c:\programdata\Comodo Downloader
2013-06-16 16:36 . 2012-05-08 17:34 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-06-16 16:31 . 2010-11-26 17:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-06-16 16:31 . 2013-06-16 16:31 8610696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-16 15:16 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-16 15:16 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-16 15:16 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-05-25 12:01 . 2013-05-25 12:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-05-25 11:25 . 2013-05-25 11:25 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-22 11:25 . 2012-02-05 13:05 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2013-06-20 10:01 . 2012-04-28 09:49 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-20 10:01 . 2012-03-14 14:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-17 15:44 . 2012-03-17 10:48 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-02 15:29 . 2012-05-19 13:35 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-25 10:05 . 2013-04-25 10:05 96800 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-04-23 14:04 . 2013-04-23 14:04 437176 ----a-w- c:\windows\system32\guard64.dll
2013-04-23 14:04 . 2013-04-23 14:04 348048 ----a-w- c:\windows\SysWow64\guard32.dll
2013-04-17 19:20 . 2012-03-26 12:21 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-04-15 17:38 . 2013-04-15 17:38 48360 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-04-15 17:38 . 2013-04-15 17:38 706560 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-04-15 17:38 . 2013-04-15 17:38 23168 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-04-15 17:38 . 2013-04-15 17:38 43216 ----a-w- c:\windows\system32\cmdcsr.dll
2013-04-15 17:38 . 2013-04-15 17:38 45776 ----a-w- c:\windows\system32\cmdkbd64.dll
2013-04-15 17:38 . 2013-04-15 17:38 343760 ----a-w- c:\windows\system32\cmdvrt64.dll
2013-04-15 17:38 . 2013-04-15 17:38 40656 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2013-04-15 17:38 . 2013-04-15 17:38 276688 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2013-04-13 05:49 . 2013-05-16 11:14 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 11:14 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 11:14 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 11:14 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 11:14 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 11:14 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 15:15 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 11:14 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 11:14 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 11:13 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-06 16:09 . 2013-04-06 16:09 0 ----a-w- c:\windows\SysWow64\shoC325.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-16 5622512]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
"gbrspcontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-04-17 1851088]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2013-4-17 49352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R1 aswSnx;aswSnx; [x]
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 10:01]
.
2013-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20 10:48]
.
2013-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20 10:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-03 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-03 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-11-03 416024]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-04-15 3603152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://uk.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{0891618E-10D5-489F-9C0A-94E10A60D2FB}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{1A775E71-8C4A-462E-8DC0-68AA9D8B6BDB}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\algc20ss.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}"=hex:51,66,7a,6c,4c,1d,38,12,07,04,c9,
0f,40,b3,9a,0c,ed,70,a2,bb,05,11,09,9b
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:03,d8,04,b0,26,26,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\Splendid\ACMON.exe
c:\program files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-06-22 12:37:26 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-22 11:37
.
Pre-Run: 84,472,238,080 bytes free
Post-Run: 84,069,892,096 bytes free
.
- - End Of File - - 127A2212821B1929645B2482B626365D
D41D8CD98F00B204E9800998ECF8427E
 
It pays to read my instructions carefully:
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Click to expand...
Using system restore (unless ordered by me) during cleaning process is bad idea because it may force us to start over.

Combofix log looks good.

How is computer doing?

redtarget.gif
Uninstall Advanced SystemCare 6.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Funnily enough it vwas C Cleaner by Piriform which someone put on my Mums laptop which caused all this trouble and so will remove all cleaners and optimizers
 
You must log in or register to reply here.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
465
eriksnyman1
E
Cal Jeffrey
Researchers prove they can exploit chatbots to spread AI worms
Replies
3
Views
154
Cal Jeffrey
Cal Jeffrey
M
Virus warning popup
Replies
1
Views
531
Mark Fuller
M

Latest posts

Back