Jump to content

Recommended Posts

Ladies and Gentlemen,

I've got a bit of a problem. I've spent about 30 hours over the last three days trying to sort this -- by working from evidence and instruction on the posts of others.

Unfortunately, I've been unable to sort this out.

I've got a desktop and four laptops infected (they're not all mine, even divide between my flatmate and I) -- all with similar symptoms, NETSTAT -anob reads out SVCHOST pushing out a lot of data to a lot of ports.

I previously believed it was Access0, but it seems it might be deeper / more. It seems as well that this may have been low lying for a long while, and it wasn't until someone used the old backdoor to install something new on my desktop -- which caused SVCHOST to start playing music; alerting me to the issue.

As requested, my DDS and ATTACH logs -- to whomever reaches out, thank you in advance for your time, attention, and efforts.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16476

Run by Rys4k-HP at 10:49:11 on 2013-04-13

#Option Extended Search is enabled.

#Option Whitelisting is disabled.

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4063.2797 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.msn.com/

uLocal Page = C:\Windows\System32\blank.htm

uSearch Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

mStart Page = hxxp://www.msn.com/

mLocal Page = C:\Windows\System32\blank.htm

uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll

mWinlogon: Shell = explorer.exe

mWinlogon: Userinit = C:\Windows\System32\Userinit.exe,

EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableInstallerDetection = dword:1

mPolicies-System: EnableLUA = dword:1

mPolicies-System: EnableSecureUIAPaths = dword:1

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: EnableVirtualization = dword:1

mPolicies-System: PromptOnSecureDesktop = dword:1

mPolicies-System: ValidateAdminCodeSignatures = dword:0

mPolicies-System: dontdisplaylastusername = dword:0

mPolicies-System: scforceoption = dword:0

mPolicies-System: shutdownwithoutlogon = dword:1

mPolicies-System: undockwithoutlogon = dword:1

mPolicies-System: FilterAdministratorToken = dword:0

mPolicies-System: HideFastUserSwitching = dword:0

mPolicies-System: DisableRegistryTools = dword:0

LSP: %SystemRoot%\system32\mswsock.dll

TCP: NameServer = 10.9.8.1

TCP: Interfaces\{1EE849A1-A4D4-4728-AA34-F73FBADE191A} : DHCPNameServer = 10.9.8.1

TCP: Interfaces\{1EE849A1-A4D4-4728-AA34-F73FBADE191A}\05572675966696 : DHCPNameServer = 208.67.222.222 208.67.220.220

TCP: Interfaces\{1EE849A1-A4D4-4728-AA34-F73FBADE191A}\4456D637F6663457971686F67616D2075726C69636 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{1EE849A1-A4D4-4728-AA34-F73FBADE191A}\450574330313 : DHCPNameServer = 10.0.0.2 10.0.0.254

TCP: Interfaces\{1EE849A1-A4D4-4728-AA34-F73FBADE191A}\46C696E6B6 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{1EE849A1-A4D4-4728-AA34-F73FBADE191A}\8656964696 : DHCPNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{5171070C-B9D6-410E-9462-4F033E32E3AF} : DHCPNameServer = 10.9.8.1

Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -

Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -

Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -

Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL

Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll

Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll

Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll

Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll

Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll

Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll

Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll

Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll

Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll

Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll

Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll

Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll

Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll

Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll

Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll

Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll

Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -

SecurityProviders: SecurityProviders = credssp.dll

LSA: Authentication Packages = msv1_0

LSA: Notification Packages = scecli

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4

mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP

mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll

mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE

mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll

x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

x64-mLocal Page = C:\Windows\System32\blank.htm

x64-mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

x64-mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157

x64-mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

x64-mSearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

x64-mCustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

x64-mWinlogon: Shell = Explorer.exe

x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,

x64-mWinlogon: SFCDisable = dword:0

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -

x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -

x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -

x64-Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL

x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll

x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll

x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll

x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll

x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll

x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll

x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll

x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll

x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll

x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll

x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll

x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll

x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll

x64-Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - <orphaned>

x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll

x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll

x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll

x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll

x64-SSODL: WebCheck - <orphaned>

x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP

x64-mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

x64-mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll

x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE

x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install

x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Rys4k-HP\AppData\Roaming\Mozilla\Firefox\Profiles\ar10whuc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

FF - plugin: C:\Users\Rys4k-HP\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll

FF - plugin: C:\Users\Rys4k-HP\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Users\Rys4k-HP\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Rys4k-HP\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Rys4k-HP\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - ExtSQL: 2012-03-11 12:48; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; C:\Users\Rys4k-HP\AppData\Roaming\Mozilla\Firefox\Profiles\ar10whuc.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

FF - ExtSQL: 2012-03-11 12:48; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Rys4k-HP\AppData\Roaming\Mozilla\Firefox\Profiles\ar10whuc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF - ExtSQL: 2012-03-12 22:15; {972ce4c6-7e08-4474-a285-3208198ce6fd}; C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - ExtSQL: 2013-04-06 11:07; {4aebcd37-f454-4928-9233-174a026ed367}; C:\Users\Rys4k-HP\AppData\Roaming\Mozilla\Firefox\Profiles\ar10whuc.default\extensions\{4aebcd37-f454-4928-9233-174a026ed367}.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 ACPI;Microsoft ACPI Driver;C:\Windows\System32\drivers\acpi.sys [2011-8-7 334208]

R0 adp94xx;adp94xx;C:\Windows\System32\drivers\adp94xx.sys [2009-6-10 491088]

R0 adpahci;adpahci;C:\Windows\System32\drivers\adpahci.sys [2009-7-13 339536]

R0 adpu320;adpu320;C:\Windows\System32\drivers\adpu320.sys [2009-7-13 182864]

R0 aliide;aliide;C:\Windows\System32\drivers\aliide.sys [2009-7-13 15440]

R0 amdide;amdide;C:\Windows\System32\drivers\amdide.sys [2009-7-13 15440]

R0 amdsata;amdsata;C:\Windows\System32\drivers\amdsata.sys [2011-8-7 107904]

R0 amdsbs;amdsbs;C:\Windows\System32\drivers\amdsbs.sys [2009-6-10 194128]

R0 amdxata;amdxata;C:\Windows\System32\drivers\amdxata.sys [2011-8-7 27008]

R0 arc;arc;C:\Windows\System32\drivers\arc.sys [2009-7-13 87632]

R0 arcsas;Adaptec SAS/SATA-II RAID Windows Inbox Miniport Driver;C:\Windows\System32\drivers\arcsas.sys [2009-7-13 97856]

R0 atapi;IDE Channel;C:\Windows\System32\drivers\atapi.sys [2009-7-13 24128]

R0 CLFS;Common Log (CLFS);C:\Windows\System32\clfs.sys [2009-7-13 367696]

R0 cmdide;cmdide;C:\Windows\System32\drivers\cmdide.sys [2009-7-13 17488]

R0 CNG;CNG;C:\Windows\System32\drivers\cng.sys [2012-7-11 458704]

R0 Compbatt;Microsoft Composite Battery Driver;C:\Windows\System32\drivers\compbatt.sys [2009-7-13 21584]

R0 Disk;Disk Driver;C:\Windows\System32\drivers\disk.sys [2009-7-13 73280]

R0 elxstor;elxstor;C:\Windows\System32\drivers\elxstor.sys [2009-6-10 530496]

R0 FileInfo;File Information FS MiniFilter;C:\Windows\System32\drivers\fileinfo.sys [2009-7-13 70224]

R0 FltMgr;FltMgr;C:\Windows\System32\drivers\fltMgr.sys [2011-8-7 289664]

R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\Windows\System32\drivers\fvevol.sys [2011-8-7 223248]

R0 hpdskflt;HP Filter;C:\Windows\System32\drivers\hpdskflt.sys [2009-7-8 30008]

R0 HpSAMD;HpSAMD;C:\Windows\System32\drivers\HpSAMD.sys [2011-8-7 78720]

R0 hwpolicy;Hardware Policy Driver;C:\Windows\System32\drivers\hwpolicy.sys [2011-8-7 14720]

R0 iaStorV;Intel RAID Controller Windows 7;C:\Windows\System32\drivers\iaStorV.sys [2011-8-7 410496]

R0 iirsp;iirsp;C:\Windows\System32\drivers\iirsp.sys [2009-7-13 44112]

R0 intelide;intelide;C:\Windows\System32\drivers\intelide.sys [2009-7-13 16960]

R0 isapnp;isapnp;C:\Windows\System32\drivers\isapnp.sys [2009-7-13 20544]

R0 KSecDD;KSecDD;C:\Windows\System32\drivers\ksecdd.sys [2012-7-11 95600]

R0 KSecPkg;KSecPkg;C:\Windows\System32\drivers\ksecpkg.sys [2012-7-11 151920]

R0 LSI_FC;LSI_FC;C:\Windows\System32\drivers\lsi_fc.sys [2009-7-13 114752]

R0 LSI_SAS;LSI_SAS;C:\Windows\System32\drivers\lsi_sas.sys [2009-7-13 106560]

R0 LSI_SAS2;LSI_SAS2;C:\Windows\System32\drivers\lsi_sas2.sys [2009-7-13 65600]

R0 LSI_SCSI;LSI_SCSI;C:\Windows\System32\drivers\lsi_scsi.sys [2009-7-13 115776]

R0 megasas;megasas;C:\Windows\System32\drivers\megasas.sys [2009-6-10 35392]

R0 MegaSR;MegaSR;C:\Windows\System32\drivers\MegaSR.sys [2009-7-13 284736]

R0 mountmgr;Mount Point Manager;C:\Windows\System32\drivers\mountmgr.sys [2011-8-7 94592]

R0 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\System32\drivers\mpio.sys [2011-8-7 155008]

R0 msahci;msahci;C:\Windows\System32\drivers\msahci.sys [2011-8-7 31104]

R0 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\System32\drivers\msdsm.sys [2011-8-7 140672]

R0 msisadrv;msisadrv;C:\Windows\System32\drivers\msisadrv.sys [2009-7-13 15424]

R0 Mup;Mup;C:\Windows\System32\drivers\mup.sys [2009-7-13 60496]

R0 NDIS;NDIS System Driver;C:\Windows\System32\drivers\ndis.sys [2011-8-7 951680]

R0 nfrd960;nfrd960;C:\Windows\System32\drivers\nfrd960.sys [2009-7-13 51264]

R0 nvraid;nvraid;C:\Windows\System32\drivers\nvraid.sys [2011-8-7 148352]

R0 nvstor;nvstor;C:\Windows\System32\drivers\nvstor.sys [2011-8-7 166272]

R0 partmgr;Partition Manager;C:\Windows\System32\drivers\partmgr.sys [2012-5-9 75120]

R0 pci;PCI Bus Driver;C:\Windows\System32\drivers\pci.sys [2011-8-7 184704]

R0 pciide;pciide;C:\Windows\System32\drivers\pciide.sys [2009-7-13 12352]

R0 pcw;Performance Counters for Windows Driver;C:\Windows\System32\drivers\pcw.sys [2009-7-13 50768]

R0 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\System32\drivers\ql2300.sys [2009-6-10 1524816]

R0 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\System32\drivers\ql40xx.sys [2009-7-13 128592]

R0 rdyboost;ReadyBoost;C:\Windows\System32\drivers\rdyboost.sys [2011-8-7 213888]

R0 sbp2port;SBP-2 Transport/Protocol Bus Driver;C:\Windows\System32\drivers\sbp2port.sys [2011-8-7 103808]

R0 SiSRaid2;SiSRaid2;C:\Windows\System32\drivers\sisraid2.sys [2009-6-10 43584]

R0 SiSRaid4;SiSRaid4;C:\Windows\System32\drivers\sisraid4.sys [2009-7-13 80464]

R0 spldr;Security Processor Loader Driver;C:\Windows\System32\drivers\spldr.sys [2009-7-13 19008]

R0 stexstor;stexstor;C:\Windows\System32\drivers\stexstor.sys [2009-7-13 24656]

R0 Tcpip;TCP/IP Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-2-13 1913192]

R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\Windows\System32\drivers\vdrvroot.sys [2009-7-13 36432]

R0 viaide;viaide;C:\Windows\System32\drivers\viaide.sys [2009-7-13 17488]

R0 volmgr;Volume Manager Driver;C:\Windows\System32\drivers\volmgr.sys [2011-8-7 71552]

R0 volmgrx;Dynamic Volume Manager;C:\Windows\System32\drivers\volmgrx.sys [2011-8-7 363392]

R0 volsnap;Storage volumes;C:\Windows\System32\drivers\volsnap.sys [2011-8-7 295808]

R0 vsmraid;vsmraid;C:\Windows\System32\drivers\vsmraid.sys [2009-6-10 161872]

R0 Wd;Microsoft Watchdog Timer Driver;C:\Windows\System32\drivers\wd.sys [2009-7-13 21056]

R0 Wdf01000;Kernel Mode Driver Frameworks service;C:\Windows\System32\drivers\Wdf01000.sys [2009-7-13 654928]

R1 AFD;Ancillary Function Driver for Winsock;C:\Windows\System32\drivers\afd.sys [2012-2-15 498688]

R1 Beep;Beep;C:\Windows\System32\drivers\beep.sys [2009-7-13 6656]

R1 blbdrive;blbdrive;C:\Windows\System32\drivers\blbdrive.sys [2009-7-13 45056]

R1 cdrom;CD-ROM Driver;C:\Windows\System32\drivers\cdrom.sys [2011-8-7 147456]

R1 DfsC;DFS Namespace Client Driver;C:\Windows\System32\drivers\dfsc.sys [2011-8-7 102400]

R1 discache;System Attribute Cache;C:\Windows\System32\drivers\discache.sys [2009-7-13 40448]

R1 Msfs;Msfs;C:\Windows\System32\drivers\msfs.sys [2009-7-13 26112]

R1 mssmbios;Microsoft System Management BIOS Driver;C:\Windows\System32\drivers\mssmbios.sys [2009-7-13 32320]

R1 NetBIOS;NetBIOS Interface;C:\Windows\System32\drivers\netbios.sys [2009-7-13 44544]

R1 NetBT;NetBT;C:\Windows\System32\drivers\netbt.sys [2011-8-7 261632]

R1 Npfs;Npfs;C:\Windows\System32\drivers\npfs.sys [2009-7-13 44032]

R1 nsiproxy;NSI proxy service driver.;C:\Windows\System32\drivers\nsiproxy.sys [2009-7-13 24576]

R1 Null;Null;C:\Windows\System32\drivers\null.sys [2009-7-13 6144]

R1 Psched;QoS Packet Scheduler;C:\Windows\System32\drivers\pacer.sys [2011-8-7 131584]

R1 rdbss;Redirected Buffering Sub Sysytem;C:\Windows\System32\drivers\rdbss.sys [2011-8-7 309248]

R1 RDPCDD;RDPCDD;C:\Windows\System32\drivers\RDPCDD.sys [2009-7-13 7680]

R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\System32\drivers\RDPENCDD.sys [2009-7-13 7680]

R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\Windows\System32\drivers\RDPREFMP.sys [2009-7-13 8192]

R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\System32\drivers\tdx.sys [2011-8-7 119296]

R1 TermDD;Terminal Device Driver;C:\Windows\System32\drivers\termdd.sys [2011-8-7 63360]

R1 VgaSave;VgaSave;C:\Windows\System32\drivers\vga.sys [2009-7-13 29184]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2011-8-7 88576]

R1 WfpLwf;WFP Lightweight Filter;C:\Windows\System32\drivers\wfplwf.sys [2009-7-13 12800]

R1 ws2ifsl;Winsock IFS Driver;C:\Windows\System32\drivers\ws2ifsl.sys [2009-7-13 21504]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-11-26 89600]

R2 AgereModemAudio;Agere Modem Call Progress Audio;C:\Program Files\LSI SoftModem\agr64svc.exe [2009-3-27 16896]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-7-2 203264]

R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

R2 AudioSrv;Windows Audio;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]

R2 BFE;Base Filtering Engine;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]

R2 BITS;Background Intelligent Transfer Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

R2 CryptSvc;Cryptographic Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]

R2 DcomLaunch;DCOM Server Process Launcher;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]

R2 Dhcp;DHCP Client;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]

R2 Dnscache;DNS Client;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]

R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]

R2 eventlog;Windows Event Log;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]

R2 EventSystem;COM+ Event System;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]

R2 FDResPub;Function Discovery Resource Publication;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]

R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]

R2 gpsvc;Group Policy Client;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]

R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs [2009-7-13 27136]

R2 LanmanServer;Server;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

R2 LanmanWorkstation;Workstation;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]

R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\System32\drivers\lltdio.sys [2009-7-13 60928]

R2 lmhosts;TCP/IP NetBIOS Helper;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]

R2 luafv;UAC File Virtualization;C:\Windows\System32\drivers\luafv.sys [2009-7-13 113152]

R2 MMCSS;Multimedia Class Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

R2 MpsSvc;Windows Firewall;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]

R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]

R2 nsi;Network Store Interface Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]

R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

R2 PEAUTH;PEAUTH;C:\Windows\System32\drivers\PEAuth.sys [2009-7-13 651264]

R2 PlugPlay;Plug and Play;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]

R2 Power;Power;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]

R2 ProfSvc;User Profile Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

R2 RpcEptMapper;RPC Endpoint Mapper;C:\Windows\System32\svchost.exe -k RPCSS [2009-7-13 27136]

R2 RpcSs;Remote Procedure Call (RPC);C:\Windows\System32\svchost.exe -k rpcss [2009-7-13 27136]

R2 rspndr;Link-Layer Topology Discovery Responder;C:\Windows\System32\drivers\rspndr.sys [2009-7-13 76800]

R2 SamSs;Security Accounts Manager;C:\Windows\System32\lsass.exe [2012-1-26 31232]

R2 Schedule;Task Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

R2 secdrv;Security Driver;C:\Windows\System32\drivers\secdrv.sys [2009-7-13 23040]

R2 seclogon;Secondary Logon;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

R2 SENS;System Event Notification Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

R2 ShellHWDetection;Shell Hardware Detection;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

R2 Spooler;Print Spooler;C:\Windows\System32\spoolsv.exe [2011-8-7 559104]

R2 sppsvc;Software Protection;C:\Windows\System32\sppsvc.exe [2011-8-7 3524608]

R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2012-6-19 11576]

R2 STacSV;Audio Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe [2009-11-26 240128]

R2 stisvc;Windows Image Acquisition (WIA);C:\Windows\System32\svchost.exe -k imgsvc [2009-7-13 27136]

R2 SysMain;Superfetch;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\System32\drivers\tcpipreg.sys [2011-8-7 45056]

R2 Themes;Themes;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

R2 TrkWks;Distributed Link Tracking Client;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

R2 WinDefend;Windows Defender;C:\Windows\System32\svchost.exe -k secsvcs [2009-7-13 27136]

R2 Winmgmt;Windows Management Instrumentation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

R2 Wlansvc;WLAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

R2 WMPNetworkSvc;Windows Media Player Network Sharing Service;C:\Program Files\Windows Media Player\wmpnetwk.exe [2011-8-7 1525248]

R2 wscsvc;Security Center;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]

R2 WSearch;Windows Search;C:\Windows\System32\SearchIndexer.exe [2009-7-13 593408]

R2 wuauserv;Windows Update;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

R2 wudfsvc;Windows Driver Foundation - User-mode Driver Framework;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

R3 1394ohci;1394 OHCI Compliant Host Controller;C:\Windows\System32\drivers\1394ohci.sys [2011-8-7 229888]

R3 Accelerometer;HP Accelerometer;C:\Windows\System32\drivers\Accelerometer.sys [2009-7-8 41272]

R3 AeLookupSvc;Application Experience;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

R3 AgereSoftModem;Agere Systems Soft Modem;C:\Windows\System32\drivers\agrsm64.sys [2009-4-6 1208320]

R3 Appinfo;Application Information;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

R3 AtiHdmiService;ATI Service for HD Audio Codec;C:\Windows\System32\drivers\AtiHdmi.sys [2009-6-29 116752]

R3 atikmdag;atikmdag;C:\Windows\System32\drivers\atikmdag.sys [2009-7-2 6036480]

R3 bowser;Browser Support Driver;C:\Windows\System32\drivers\bowser.sys [2011-4-14 90624]

R3 Browser;Computer Browser;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

R3 circlass;Consumer IR Devices;C:\Windows\System32\drivers\circlass.sys [2009-7-13 45568]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver;C:\Windows\System32\drivers\CmBatt.sys [2009-7-13 17664]

R3 CompositeBus;Composite Bus Enumerator Driver;C:\Windows\System32\drivers\CompositeBus.sys [2011-8-7 38912]

R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\System32\drivers\dxgkrnl.sys [2011-8-7 982912]

R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]

R3 fastfat;FAT12/16/32 File System Driver;C:\Windows\System32\drivers\fastfat.sys [2009-7-13 204800]

R3 fdPHost;Function Discovery Provider Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\Windows\System32\drivers\hdaudbus.sys [2011-8-7 122368]

R3 HidIr;Microsoft Infrared HID Driver;C:\Windows\System32\drivers\hidir.sys [2009-7-13 46592]

R3 hidserv;Human Interface Device Access;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

R3 HomeGroupListener;HomeGroup Listener;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

R3 HomeGroupProvider;HomeGroup Provider;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]

R3 HpqKbFiltr;HpqKbFilter Driver;C:\Windows\System32\drivers\HpqKbFiltr.sys [2009-8-9 18432]

R3 HTTP;HTTP;C:\Windows\System32\drivers\http.sys [2011-8-7 753664]

R3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\Windows\System32\drivers\i8042prt.sys [2009-7-13 105472]

R3 intelppm;Intel Processor Driver;C:\Windows\System32\drivers\intelppm.sys [2009-7-13 62464]

R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-20 140712]

R3 kbdclass;Keyboard Class Driver;C:\Windows\System32\drivers\kbdclass.sys [2009-7-13 50768]

R3 kbdhid;Keyboard HID Driver;C:\Windows\System32\drivers\kbdhid.sys [2011-8-7 33280]

R3 KeyIso;CNG Key Isolation;C:\Windows\System32\lsass.exe [2012-1-26 31232]

R3 ksthunk;Kernel Streaming Thunks;C:\Windows\System32\drivers\ksthunk.sys [2009-7-13 20992]

R3 Modem;Modem;C:\Windows\System32\drivers\modem.sys [2009-7-13 40448]

R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\System32\drivers\monitor.sys [2009-7-13 30208]

R3 mouclass;Mouse Class Driver;C:\Windows\System32\drivers\mouclass.sys [2009-7-13 49216]

R3 mouhid;Mouse HID Driver;C:\Windows\System32\drivers\mouhid.sys [2009-7-13 31232]

R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\System32\drivers\mpsdrv.sys [2009-7-13 77312]

R3 mrxsmb;SMB MiniRedirector Wrapper and Engine;C:\Windows\System32\drivers\mrxsmb.sys [2011-6-17 158208]

R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\System32\drivers\mrxsmb10.sys [2011-8-10 288768]

R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\System32\drivers\mrxsmb20.sys [2011-6-17 128000]

R3 NativeWifiP;NativeWiFi Filter;C:\Windows\System32\drivers\nwifi.sys [2009-7-13 318976]

R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\Windows\System32\drivers\ndistapi.sys [2009-7-13 24064]

R3 Ndisuio;NDIS Usermode I/O Protocol;C:\Windows\System32\drivers\ndisuio.sys [2011-8-7 56832]

R3 NdisWan;Remote Access NDIS WAN Driver;C:\Windows\System32\drivers\ndiswan.sys [2011-8-7 164352]

R3 NDProxy;NDIS Proxy;C:\Windows\System32\drivers\ndproxy.sys [2011-8-7 57856]

R3 Netman;Network Connections;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

R3 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]

R3 Ntfs;Ntfs;C:\Windows\System32\drivers\ntfs.sys [2013-4-10 1655656]

R3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]

R3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]

R3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]

R3 PptpMiniport;WAN Miniport (PPTP);C:\Windows\System32\drivers\raspptp.sys [2011-8-7 111104]

R3 RasAgileVpn;WAN Miniport (IKEv2);C:\Windows\System32\drivers\agilevpn.sys [2009-7-13 60416]

R3 Rasl2tp;WAN Miniport (L2TP);C:\Windows\System32\drivers\rasl2tp.sys [2011-8-7 129536]

R3 RasMan;Remote Access Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

R3 RasPppoe;Remote Access PPPOE Driver;C:\Windows\System32\drivers\raspppoe.sys [2009-7-13 92672]

R3 RasSstp;WAN Miniport (SSTP);C:\Windows\System32\drivers\rassstp.sys [2009-7-13 83968]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-26 233472]

R3 sdbus;sdbus;C:\Windows\System32\drivers\sdbus.sys [2011-8-7 109056]

R3 srv;Server SMB 1.xxx Driver;C:\Windows\System32\drivers\srv.sys [2011-6-17 467456]

R3 srv2;Server SMB 2.xxx Driver;C:\Windows\System32\drivers\srv2.sys [2011-6-17 410112]

R3 srvnet;srvnet;C:\Windows\System32\drivers\srvnet.sys [2011-6-17 168448]

R3 SSDPSRV;SSDP Discovery;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]

R3 SstpSvc;Secure Socket Tunneling Protocol Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]

R3 STHDA;IDT High Definition Audio CODEC;C:\Windows\System32\drivers\stwrt64.sys [2009-11-26 487936]

R3 swenum;Software Bus Driver;C:\Windows\System32\drivers\swenum.sys [2009-7-13 12496]

R3 SynTP;Synaptics TouchPad Driver;C:\Windows\System32\drivers\SynTP.sys [2009-7-14 273456]

R3 TapiSrv;Telephony;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]

R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\Windows\System32\drivers\tunnel.sys [2011-8-7 125440]

R3 umbus;UMBus Enumerator Driver;C:\Windows\System32\drivers\umbus.sys [2011-8-7 48640]

R3 upnphost;UPnP Device Host;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]

R3 usbccgp;Microsoft USB Generic Parent Driver;C:\Windows\System32\drivers\usbccgp.sys [2011-8-7 98816]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\Windows\System32\drivers\usbehci.sys [2011-8-7 52224]

R3 usbhub;Microsoft USB Standard Hub Driver;C:\Windows\System32\drivers\usbhub.sys [2011-8-7 343040]

R3 USBSTOR;USB Mass Storage Driver;C:\Windows\System32\drivers\USBSTOR.SYS [2011-8-7 91648]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\Windows\System32\drivers\usbuhci.sys [2009-7-13 30720]

R3 usbvideo;USB Video Device (WDM);C:\Windows\System32\drivers\usbvideo.sys [2011-8-7 184960]

R3 vwifibus;Virtual WiFi Bus Driver;C:\Windows\System32\drivers\vwifibus.sys [2009-7-13 24576]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]

R3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]

R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

R3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\Windows\System32\drivers\wmiacpi.sys [2009-7-13 14336]

R3 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

R3 WudfPf;User Mode Driver Frameworks Platform Driver;C:\Windows\System32\drivers\WUDFPf.sys [2011-8-7 112128]

R3 WUDFRd;WUDFRd;C:\Windows\System32\drivers\WUDFRd.sys [2011-8-7 172544]

S1 Serial;Serial port driver;C:\Windows\System32\drivers\serial.sys [2009-7-13 94208]

S2 ehRecvr;Windows Media Center Receiver Service;C:\Windows\ehome\ehrecvr.exe [2011-8-7 696832]

S2 ehSched;Windows Media Center Scheduler Service;C:\Windows\ehome\ehsched.exe [2009-7-13 127488]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-3-5 116648]

S2 SharedAccess;Internet Connection Sharing (ICS);C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 AcpiPmi;ACPI Power Meter Driver;C:\Windows\System32\drivers\acpipmi.sys [2011-8-7 12800]

S3 agp440;Intel AGP Bus Filter;C:\Windows\System32\drivers\AGP440.sys [2009-7-13 61008]

S3 ALG;Application Layer Gateway Service;C:\Windows\System32\alg.exe [2009-7-13 79360]

S3 AmdK8;AMD K8 Processor Driver;C:\Windows\System32\drivers\amdk8.sys [2009-7-13 64512]

S3 AmdPPM;AMD Processor Driver;C:\Windows\System32\drivers\amdppm.sys [2009-7-13 60928]

S3 AppID;AppID Driver;C:\Windows\System32\drivers\appid.sys [2011-8-7 61440]

S3 AppIDSvc;Application Identity;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]

S3 AsyncMac;RAS Asynchronous Media Driver;C:\Windows\System32\drivers\asyncmac.sys [2009-7-13 23040]

S3 AxInstSV;ActiveX Installer (AxInstSV);C:\Windows\System32\svchost.exe -k AxInstSVGroup [2009-7-13 27136]

S3 b06bdrv;Broadcom NetXtreme II VBD;C:\Windows\System32\drivers\bxvbda.sys [2009-6-10 468480]

S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2009-6-10 270848]

S3 BDESVC;BitLocker Drive Encryption Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\System32\drivers\BrFiltLo.sys [2009-7-13 18432]

S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\System32\drivers\BrFiltUp.sys [2009-7-13 8704]

S3 BridgeMP;MAC Bridge Miniport;C:\Windows\System32\drivers\bridge.sys [2009-7-13 95232]

S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-7-13 281088]

S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\System32\drivers\BrSerId.sys [2009-7-13 286720]

S3 BrSerWdm;Brother WDM Serial driver;C:\Windows\System32\drivers\BrSerWdm.sys [2009-7-13 47104]

S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\System32\drivers\BrUsbMdm.sys [2009-7-13 14976]

S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\System32\drivers\BrUsbSer.sys [2009-7-13 14720]

S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360]

S3 BTHMODEM;Bluetooth Serial Communications Driver;C:\Windows\System32\drivers\bthmodem.sys [2009-7-13 72192]

S3 bthserv;Bluetooth Support Service;C:\Windows\System32\svchost.exe -k bthsvcs [2009-7-13 27136]

S3 CertPropSvc;Certificate Propagation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86;C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-7-13 66384]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-13 89920]

S3 COMSysApp;COM+ System Application;C:\Windows\System32\dllhost.exe [2009-7-13 9728]

S3 defragsvc;Disk Defragmenter;C:\Windows\System32\svchost.exe -k defragsvc [2009-7-13 27136]

S3 dot3svc;Wired AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 drmkaud;Microsoft Trusted Audio Drivers;C:\Windows\System32\drivers\drmkaud.sys [2009-7-13 5632]

S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\Windows\System32\drivers\evbda.sys [2009-6-10 3286016]

S3 EFS;Encrypting File System (EFS);C:\Windows\System32\lsass.exe [2012-1-26 31232]

S3 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\System32\drivers\errdev.sys [2009-7-13 9728]

S3 exfat;exFAT File System Driver;C:\Windows\System32\drivers\exfat.sys [2009-7-13 195072]

S3 Fax;Fax;C:\Windows\System32\FXSSVC.exe [2011-8-7 689152]

S3 fdc;Floppy Disk Controller Driver;C:\Windows\System32\drivers\fdc.sys [2009-7-13 29696]

S3 Filetrace;Filetrace;C:\Windows\System32\drivers\filetrace.sys [2009-7-13 34304]

S3 flpydisk;Floppy Disk Driver;C:\Windows\System32\drivers\flpydisk.sys [2009-7-13 24576]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2011-8-7 42856]

S3 FsDepends;File System Dependency Minifilter;C:\Windows\System32\drivers\fsdepends.sys [2009-7-13 55376]

S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\Windows\System32\drivers\GAGP30KX.SYS [2009-7-13 65088]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-3-5 116648]

S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\System32\drivers\hcw85cir.sys [2009-7-13 31232]

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\HdAudio.sys [2011-8-7 350208]

S3 HidBatt;HID UPS Battery Driver;C:\Windows\System32\drivers\hidbatt.sys [2009-7-13 26624]

S3 HidBth;Microsoft Bluetooth HID Miniport;C:\Windows\System32\drivers\hidbth.sys [2009-7-13 100864]

S3 HidUsb;Microsoft HID Class Driver;C:\Windows\System32\drivers\hidusb.sys [2011-8-7 30208]

S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

S3 idsvc;Windows CardSpace;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2011-8-7 856400]

S3 igfx;igfx;C:\Windows\System32\drivers\igdkmd64.sys [2009-6-10 6108416]

S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 IpFilterDriver;IP Traffic Filter Driver;C:\Windows\System32\drivers\ipfltdrv.sys [2011-8-7 82944]

S3 IPMIDRV;IPMIDRV;C:\Windows\System32\drivers\IPMIDrv.sys [2011-8-7 78848]

S3 IPNAT;IP Network Address Translator;C:\Windows\System32\drivers\ipnat.sys [2009-7-13 116224]

S3 IRENUM;IR Bus Enumerator;C:\Windows\System32\drivers\irenum.sys [2009-7-13 17920]

S3 iScsiPrt;iScsiPort Driver;C:\Windows\System32\drivers\msiscsi.sys [2011-8-7 273792]

S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-3-10 29720]

S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-13 27136]

S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service;C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-2-26 64856]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 115608]

S3 MRxDAV;WebDav Client Redirector Driver;C:\Windows\System32\drivers\mrxdav.sys [2011-8-7 140800]

S3 MSDTC;Distributed Transaction Coordinator;C:\Windows\System32\msdtc.exe [2009-7-13 141824]

S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\Windows\System32\drivers\mshidkmdf.sys [2009-7-13 8192]

S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

S3 msiserver;Windows Installer;C:\Windows\System32\msiexec.exe [2011-8-7 128000]

S3 MSKSSRV;Microsoft Streaming Service Proxy;C:\Windows\System32\drivers\mskssrv.sys [2009-7-13 11136]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy;C:\Windows\System32\drivers\mspclock.sys [2009-7-13 7168]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy;C:\Windows\System32\drivers\mspqm.sys [2009-7-13 6784]

S3 MsRPC;MsRPC;C:\Windows\System32\drivers\msrpc.sys [2011-8-7 366976]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;C:\Windows\System32\drivers\mstee.sys [2009-7-13 8064]

S3 MTConfig;Microsoft Input Configuration Driver;C:\Windows\System32\drivers\MTConfig.sys [2009-7-13 15360]

S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]

S3 NdisCap;NDIS Capture LightWeight Filter;C:\Windows\System32\drivers\ndiscap.sys [2009-7-13 35328]

S3 Netlogon;Netlogon;C:\Windows\System32\lsass.exe [2012-1-26 31232]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-11-26 5435904]

S3 nv_agp;NVIDIA nForce AGP Bus Filter;C:\Windows\System32\drivers\NV_AGP.SYS [2009-7-13 122960]

S3 odserv;Microsoft Office Diagnostics Service;C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\ODSERV.EXE [2011-7-20 440696]

S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy);C:\Windows\System32\drivers\ohci1394.sys [2009-7-13 72832]

S3 OlmarikFixer;Olmarik fixer kernel-mode driver;C:\Windows\System32\drivers\OlmarikFixer.sys [2013-4-11 29992]

S3 ose;Office Source Engine;C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 Parport;Parallel port driver;C:\Windows\System32\drivers\parport.sys [2009-7-13 97280]

S3 pcmcia;pcmcia;C:\Windows\System32\drivers\pcmcia.sys [2009-7-13 220752]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-13 20992]

S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]

S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]

S3 PolicyAgent;IPsec Policy Agent;C:\Windows\System32\svchost.exe -k NetworkServiceNetworkRestricted [2009-7-13 27136]

S3 Processor;Processor Driver;C:\Windows\System32\drivers\processr.sys [2009-7-13 60416]

S3 ProtectedStorage;Protected Storage;C:\Windows\System32\lsass.exe [2012-1-26 31232]

S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]

S3 QWAVEdrv;QWAVE driver;C:\Windows\System32\drivers\qwavedrv.sys [2009-7-13 46592]

S3 RasAcd;Remote Access Auto Connection Driver;C:\Windows\System32\drivers\rasacd.sys [2009-7-13 14848]

S3 RasAuto;Remote Access Auto Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

S3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\Windows\System32\drivers\rdpbus.sys [2009-7-13 24064]

S3 RDPWD;RDP Winstation Driver;C:\Windows\System32\drivers\rdpwd.sys [2012-6-13 210944]

S3 RemoteRegistry;Remote Registry;C:\Windows\System32\svchost.exe -k regsvc [2009-7-13 27136]

S3 RpcLocator;Remote Procedure Call (RPC) Locator;C:\Windows\System32\Locator.exe [2009-7-13 10240]

S3 SCardSvr;Smart Card;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]

S3 scfilter;Smart card PnP Class Filter Driver;C:\Windows\System32\drivers\scfilter.sys [2011-8-7 29696]

S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

S3 SDRSVC;Windows Backup;C:\Windows\System32\svchost.exe -k SDRSVC [2009-7-13 27136]

S3 SensrSvc;Adaptive Brightness;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]

S3 Serenum;Serenum Filter Driver;C:\Windows\System32\drivers\serenum.sys [2009-7-13 23552]

S3 sermouse;Serial Mouse Driver;C:\Windows\System32\drivers\sermouse.sys [2009-7-13 26624]

S3 SessionEnv;Remote Desktop Configuration;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

S3 sffdisk;SFF Storage Class Driver;C:\Windows\System32\drivers\sffdisk.sys [2009-7-13 14336]

S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\System32\drivers\sffp_mmc.sys [2009-7-13 13824]

S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\Windows\System32\drivers\sffp_sd.sys [2011-8-7 14336]

S3 sfloppy;High-Capacity Floppy Disk Drive;C:\Windows\System32\drivers\sfloppy.sys [2009-7-13 16896]

S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\System32\drivers\smb.sys [2009-7-13 93184]

S3 SNMPTRAP;SNMP Trap;C:\Windows\System32\snmptrap.exe [2009-7-13 14336]

S3 sppuinotify;SPP Notification Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 swprv;Microsoft Software Shadow Copy Provider;C:\Windows\System32\svchost.exe -k swprv [2009-7-13 27136]

S3 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]

S3 TCPIP6;Microsoft IPv6 Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-2-13 1913192]

S3 TDPIPE;TDPIPE;C:\Windows\System32\drivers\tdpipe.sys [2009-7-13 15872]

S3 TDTCP;TDTCP;C:\Windows\System32\drivers\tdtcp.sys [2012-3-19 23552]

S3 TermService;Remote Desktop Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]

S3 THREADORDER;Thread Ordering Server;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]

S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2011-8-7 194048]

S3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\Windows\System32\drivers\tssecsrv.sys [2011-8-7 39424]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-7 59392]

S3 uagp35;Microsoft AGPv3.5 Filter;C:\Windows\System32\drivers\UAGP35.SYS [2009-7-13 64080]

S3 UI0Detect;Interactive Services Detection;C:\Windows\System32\UI0Detect.exe [2009-7-13 40960]

S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\System32\drivers\ULIAGPKX.SYS [2009-7-13 64592]

S3 UmPass;Microsoft UMPass Driver;C:\Windows\System32\drivers\umpass.sys [2009-7-13 9728]

S3 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\System32\drivers\usbcir.sys [2009-7-13 100352]

S3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\Windows\System32\drivers\usbohci.sys [2009-7-13 25600]

S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\System32\drivers\usbprint.sys [2009-7-13 25088]

S3 usbscan;USB Scanner Driver;C:\Windows\System32\drivers\usbscan.sys [2009-7-13 41984]

S3 usbUDisc;usbUDisc;C:\Windows\System32\drivers\USBDrv_AMD64.sys [2012-5-19 17280]

S3 VaultSvc;Credential Manager;C:\Windows\System32\lsass.exe [2012-1-26 31232]

S3 vds;Virtual Disk;C:\Windows\System32\vds.exe [2011-8-7 533504]

S3 vga;vga;C:\Windows\System32\drivers\vgapnp.sys [2009-7-13 29184]

S3 vhdmp;vhdmp;C:\Windows\System32\drivers\vhdmp.sys [2011-8-7 215936]

S3 VSS;Volume Shadow Copy;C:\Windows\System32\VSSVC.exe [2011-8-7 1600512]

S3 W32Time;Windows Time;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]

S3 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\System32\drivers\wacompen.sys [2009-7-13 27776]

S3 WANARP;Remote Access IP ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2011-8-7 88576]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-16 1255736]

S3 wbengine;Block Level Backup Engine Service;C:\Windows\System32\wbengine.exe [2011-8-7 1504256]

S3 WbioSrvc;Windows Biometric Service;C:\Windows\System32\svchost.exe -k WbioSvcGroup [2009-7-13 27136]

S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]

S3 WcsPlugInService;Windows Color System;C:\Windows\System32\svchost.exe -k wcssvc [2009-7-13 27136]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-4-24 14464]

S3 WebClient;WebClient;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]

S3 Wecsvc;Windows Event Collector;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]

S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

S3 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup [2009-7-13 27136]

S3 WIMMount;WIMMount;C:\Windows\System32\drivers\wimmount.sys [2009-7-13 22096]

S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]

S3 WinUsb;WinUsb;C:\Windows\System32\drivers\winusb.sys [2011-8-7 41984]

S3 wmiApSrv;WMI Performance Adapter;C:\Windows\System32\wbem\WmiApSrv.exe [2009-7-13 203264]

S3 WPCSvc;Parental Controls;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]

S3 WwanSvc;WWAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

S4 cdfs;CD/DVD File System Reader;C:\Windows\System32\drivers\cdfs.sys [2009-7-13 92160]

S4 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-9 228408]

S4 crcdisk;Crcdisk Filter Driver;C:\Windows\System32\drivers\crcdisk.sys [2009-7-13 24144]

S4 hpqwmiex;hpqwmiex;C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2009-4-30 229944]

S4 Mcx2Svc;Media Center Extender Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-7-13 116560]

S4 RemoteAccess;Routing and Remote Access;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]

S4 Steam Client Service;Steam Client Service;C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-1-12 543656]

S4 udfs;udfs;C:\Windows\System32\drivers\udfs.sys [2011-8-7 328192]

.

=============== File Associations ===============

.

FileExt: .bat: batfile="%1" %*

FileExt: .cmd: cmdfile="%1" %*

FileExt: .com: ComFile="%1" %*

FileExt: .exe: exefile="%1" %*

FileExt: .pif: piffile="%1" %*

FileExt: .scr: scrfile="%1" /S

FileExt: .reg: regfile=regedit.exe "%1"

FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1

FileExt: .chm: chm.file="C:\Windows\hh.exe" %1

FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1

FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1

ShellExec: ehshell.exe: open="C:\Windows\eHome\ehshell.exe" "%1"

ShellExec: Foxit Reader.exe: open="C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe" "%1"

ShellExec: iexplore.exe: open="C:\Program Files\Internet Explorer\iexplore.exe" %1

ShellExec: ImageReady.exe: edit="C:\Program Files (x86)\Adobe\Adobe Photoshop CS2\ImageReady.exe" "%1"

ShellExec: ImageReady.exe: open="C:\Program Files (x86)\Adobe\Adobe Photoshop CS2\ImageReady.exe" "%1"

ShellExec: mspaint.exe: edit="C:\Windows\System32\mspaint.exe" "%1"

ShellExec: notepad.exe: edit=C:\Windows\System32\NOTEPAD.EXE %1

ShellExec: notepad.exe: open=C:\Windows\System32\NOTEPAD.EXE %1

ShellExec: ois.exe: Edit=C:\PROGRA~2\MICROS~1\Office12\OIS.EXE /shellEdit "%1"

ShellExec: ois.exe: Open=C:\PROGRA~2\MICROS~1\Office12\OIS.EXE /shellOpen "%1"

ShellExec: ois.exe: Preview=C:\PROGRA~2\MICROS~1\Office12\OIS.EXE /shellPreview "%1"

ShellExec: Photoshop.exe: edit="C:\Program Files (x86)\Adobe\Adobe Photoshop CS2\Photoshop.exe" "%1"

ShellExec: Photoshop.exe: open="C:\Program Files (x86)\Adobe\Adobe Photoshop CS2\Photoshop.exe" "%1"

ShellExec: photoviewer.dll: open=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1

ShellExec: photoviewer.dll: print=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1

ShellExec: vlc.exe: Open="C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"

ShellExec: VSLauncher.exe: Open="C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1"

ShellExec: vsta.exe: edit="C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde

ShellExec: vsta.exe: open="C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" "%1"

ShellExec: Winword.exe: edit="C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde

ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"

ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"

ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"

.

=============== Created Last 60 ================

.

2013-04-13 18:19:31 -------- d-----w- C:\FRST

2013-04-13 14:12:49 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EEC6A747-EB8C-47B0-A637-0CAA1388F7DB}\mpengine.dll

2013-04-13 04:58:00 -------- d-----w- C:\Program Files (x86)\ESET

2013-04-13 02:38:54 -------- d-----w- C:\Windows\temp

2013-04-13 02:35:08 -------- d-----w- C:\$RECYCLE.BIN

2013-04-12 20:25:35 -------- d-----w- C:\Windows\SoftwareDistribution

2013-04-12 20:25:10 -------- d-----w- C:\Windows\System32\catroot2

2013-04-12 20:16:04 -------- d-----w- C:\Windows\SysWow64\wbem\Performance

2013-04-12 19:46:23 181064 ----a-w- C:\Windows\PSEXESVC.EXE

2013-04-12 19:41:00 -------- d-----w- C:\Config.Msi

2013-04-12 14:56:29 208216 ----a-w- C:\Windows\System32\drivers\27474431.sys

2013-04-12 10:26:41 -------- d-----w- C:\Qoobox

2013-04-12 10:18:33 -------- d-----w- C:\TDSSKiller_Quarantine

2013-04-12 09:06:29 -------- d-----w- C:\ProgramData\HitmanPro

2013-04-12 03:34:13 -------- d-----w- C:\ProgramData\ESET

2013-04-12 03:30:36 29992 ----a-w- C:\Windows\System32\drivers\OlmarikFixer.sys

2013-04-12 02:31:04 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe

2013-04-12 02:31:01 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe

2013-04-12 02:31:01 92056 ----a-w- C:\Program Files (x86)\Mozilla Firefox\smime3.dll

2013-04-12 02:31:01 865808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

2013-04-12 02:31:01 272280 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe

2013-04-12 02:31:01 19352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll

2013-04-12 02:31:01 18581400 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll

2013-04-12 02:31:01 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe

2013-04-12 02:31:01 157080 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll

2013-04-12 02:31:01 152472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll

2013-04-12 02:31:00 920472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

2013-04-12 02:31:00 91544 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll

2013-04-12 02:31:00 811928 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll

2013-04-12 02:31:00 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2013-04-12 02:31:00 75208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

2013-04-12 02:31:00 74136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2013-04-12 02:31:00 642968 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nss3.dll

2013-04-12 02:31:00 59288 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll

2013-04-12 02:31:00 478616 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll

2013-04-12 02:31:00 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2013-04-12 02:31:00 375192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll

2013-04-12 02:31:00 3133336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2013-04-12 02:31:00 2989464 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2013-04-12 02:31:00 279448 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll

2013-04-12 02:31:00 263064 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2013-04-12 02:31:00 21912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plc4.dll

2013-04-12 02:31:00 21400 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plds4.dll

2013-04-12 02:31:00 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2013-04-12 02:31:00 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll

2013-04-12 02:31:00 193584 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2013-04-12 02:31:00 19352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll

2013-04-12 02:31:00 17304 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

2013-04-12 02:31:00 171928 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nspr4.dll

2013-04-12 02:31:00 16280 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll

2013-04-12 02:31:00 16192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

2013-04-12 02:31:00 131480 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2013-04-12 02:31:00 116120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe

2013-04-12 02:31:00 115608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

2013-04-12 02:31:00 104344 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll

2013-04-12 02:31:00 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox

2013-04-11 19:44:12 -------- d-----w- C:\Windows\erdnt

2013-04-11 02:09:27 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-04-11 02:09:27 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-04-11 02:09:26 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-04-11 02:09:26 96768 ----a-w- C:\Windows\System32\mshtmled.dll

2013-04-11 02:09:26 768512 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-04-11 02:09:26 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll

2013-04-11 02:09:26 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-04-11 02:09:26 182896 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2013-04-11 02:09:26 149616 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2013-04-11 02:09:25 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll

2013-04-11 02:09:25 248320 ----a-w- C:\Windows\System32\ieui.dll

2013-04-11 02:09:25 237056 ----a-w- C:\Windows\System32\url.dll

2013-04-11 02:09:25 231936 ----a-w- C:\Windows\SysWow64\url.dll

2013-04-11 02:09:25 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll

2013-04-11 02:09:25 176640 ----a-w- C:\Windows\SysWow64\ieui.dll

2013-04-11 02:09:25 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-04-11 02:09:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-04-11 02:09:24 763520 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2013-04-11 02:09:24 757376 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

2013-04-11 02:09:24 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-11 02:09:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-04-11 02:09:24 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-04-11 02:09:24 1346560 ----a-w- C:\Windows\System32\urlmon.dll

2013-04-11 02:09:24 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll

2013-04-11 02:09:23 729088 ----a-w- C:\Windows\System32\msfeeds.dll

2013-04-11 02:09:23 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll

2013-04-11 02:09:23 548864 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll

2013-04-11 02:09:23 194560 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll

2013-04-11 02:09:23 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-04-11 02:09:23 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-11 02:09:22 85504 ----a-w- C:\Windows\System32\jsproxy.dll

2013-04-11 02:09:22 816640 ----a-w- C:\Windows\System32\jscript.dll

2013-04-11 02:09:22 717824 ----a-w- C:\Windows\SysWow64\jscript.dll

2013-04-11 02:09:22 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-04-11 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-11 02:09:21 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2013-04-11 02:09:21 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

2013-04-11 02:09:21 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll

2013-04-11 02:09:21 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll

2013-04-11 02:09:21 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll

2013-04-11 02:09:21 2147840 ----a-w- C:\Windows\System32\iertutil.dll

2013-04-11 02:09:21 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll

2013-04-11 02:09:19 12324352 ----a-w- C:\Windows\SysWow64\mshtml.dll

2013-04-11 02:09:18 17817088 ----a-w- C:\Windows\System32\mshtml.dll

2013-04-11 02:09:17 10925568 ----a-w- C:\Windows\System32\ieframe.dll

2013-04-11 02:09:16 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll

2013-04-11 01:48:52 -------- d-----w- C:\Windows\pss

2013-04-10 23:04:11 -------- d-----w- C:\Users\Rys4k-HP\AppData\Roaming\Malwarebytes

2013-04-10 23:03:59 -------- d-----w- C:\ProgramData\Malwarebytes

2013-04-10 23:03:58 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-10 23:03:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-10 23:03:50 -------- d-----w- C:\Users\Rys4k-HP\AppData\Local\Programs

2013-04-10 16:39:21 3717632 ----a-w- C:\Windows\System32\mstscax.dll

2013-04-10 16:39:20 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2013-04-10 16:39:20 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2013-04-10 16:39:20 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-04-10 16:39:20 158720 ----a-w- C:\Windows\System32\aaclient.dll

2013-04-10 16:39:20 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll

2013-04-10 16:39:16 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-04-10 16:39:15 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 16:39:13 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-04-10 16:39:12 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-04-10 16:39:11 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-04-10 16:39:10 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-04-10 16:39:10 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-04-10 16:39:10 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-30 15:19:29 -------- d-----w- C:\output media

2013-03-30 15:19:01 -------- d-----w- C:\Program Files (x86)\Free Convert to DIVX AVI WMV MP4 MPEG Converter

2013-03-30 15:18:19 164352 ----a-w- C:\Windows\SysWow64\unrar.dll

2013-03-30 15:18:18 860160 ----a-w- C:\Windows\SysWow64\lameACM.acm

2013-03-30 15:18:18 217088 ----a-w- C:\Windows\SysWow64\yv12vfw.dll

2013-03-30 15:18:18 118784 ----a-w- C:\Windows\SysWow64\ac3acm.acm

2013-03-30 15:18:17 81920 ----a-w- C:\Windows\SysWow64\dpl100.dll

2013-03-30 15:18:17 755027 ----a-w- C:\Windows\SysWow64\xvidcore.dll

2013-03-30 15:18:17 683520 ----a-w- C:\Windows\SysWow64\divx.dll

2013-03-30 15:18:17 3596288 ----a-w- C:\Windows\SysWow64\qt-dx331.dll

2013-03-30 15:18:17 159839 ----a-w- C:\Windows\SysWow64\xvidvfw.dll

2013-03-30 15:18:16 7680 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2013-03-30 15:18:16 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack

2013-03-30 15:04:20 -------- d-----w- C:\Users\Rys4k-HP\AppData\Roaming\Apple Computer

2013-03-30 15:04:20 -------- d-----w- C:\Users\Rys4k-HP\AppData\Local\Apple Computer

2013-03-30 15:04:10 -------- dc----w- C:\Windows\System32\DRVSTORE

2013-03-30 15:03:45 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-03-30 15:03:00 -------- d-----w- C:\Users\Rys4k-HP\AppData\Local\Apple

2013-03-30 15:01:52 -------- d-----w- C:\ProgramData\Apple

2013-03-30 14:41:18 -------- d-----w- C:\Program Files (x86)\Aimersoft

2013-03-29 15:57:43 -------- d-----w- C:\ProgramData\RICOH

2013-03-26 00:36:34 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-22 20:23:34 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-03-21 18:49:06 -------- d-----w- C:\Program Files (x86)\AMD APP

2013-03-21 18:48:14 -------- d-----w- C:\Program Files\ATI Technologies

2013-03-21 18:47:01 -------- d-----w- C:\AMD

2013-03-20 19:56:43 68608 ----a-w- C:\Windows\System32\taskhost.exe

2013-03-20 04:30:30 -------- d-----w- C:\Windows\System32\SPReview

2013-03-20 04:29:11 -------- d-----w- C:\Windows\System32\EventProviders

2013-03-05 13:13:07 -------- d-s---w- C:\Users\Rys4k-HP\Google Drive

2013-02-20 01:51:47 -------- d-----w- C:\Program Files (x86)\Common Files\Skype

2013-02-20 01:51:46 -------- d-----r- C:\Program Files (x86)\Skype

2013-02-13 15:10:40 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-13 15:10:39 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-13 15:10:39 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-13 15:10:39 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-13 15:10:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-13 15:10:32 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-13 15:10:29 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-02-13 15:10:28 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2013-02-13 15:10:28 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

.

==================== Find6M ====================

.

2013-04-06 04:54:12 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-06 04:54:12 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-20 04:44:41 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2013-03-20 04:44:40 175616 ----a-w- C:\Windows\System32\msclmd.dll

2013-03-12 05:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-13 17:50:38 6112864 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-11-16 20:01:08 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-11-16 20:00:52 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-11-16 20:00:46 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-11-16 20:00:38 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-11-16 20:00:36 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-11-16 20:00:26 16457216 ----a-w- C:\Windows\System32\amdocl64.dll

2012-11-16 19:59:40 13008384 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-11-16 19:58:52 54784 ----a-w- C:\Windows\System32\OpenCL.dll

2012-11-16 19:58:48 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll

2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

.

============= FINISH: 10:50:00.58 ===============

Cheers,

-Rys

p.s. -- attaching ATTACH as the boards told me my initial post attempt was too long.

It just occurred to me I might have not followed instructions -- as it doesn't make sense to me that the instructions wouldn't allow me to post both logs that it asks me to post.

BUT, I don't know if it's indicative of my ability to follow instructions -- or if it means that I'm in that much trouble =0P

As well, I just noticed we can't edit posts... I feel like I should've included something a bit more descriptive in the post name.

attach.txt

Link to post
Share on other sites

Hello Rys4k and welcome to MalwareBytes forum.

Let me suggest, if you're an MBAM PRO customer, you contact the consumer help desk here.

If you are in an organization or a corporate customer, contact Corporate Support for assistance.

If you decide to take advantage of the free help desk, do let me know.

I need for you to tell me if this is your computer, and if you are logged in with administrator-rights account. And confirm for me that you are not getting help on any outside forum or source.

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here. Do NOT run tools on your own :excl:

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Press Windows-key +R key on your keyboard to get RUN option.
  • Type in
    explorer.exe

    and press Enter to start Windows Explorer.

  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of C:\AdwCleaner[R1].txt;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.