DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420 BrowserJavaVersion: 11.25.2
Run by Heidi at 21:34:12 on 2014-11-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1384 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\SysWOW64\schtasks.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page =
hxxps://www.google.com/uSearch Bar = Preserve
uSearch Page =
hxxps://www.google.com/search?q={searchTerms}
mStart Page =
hxxps://www.google.com/?trackid=sp-006mSearch Bar =
hxxps://www.google.com/?trackid=sp-006mSearch Page =
hxxps://www.google.com/search?q={searchTerms}
mSearchAssistant =
hxxp://toolbar.inbox.com/search/ie.aspx ... 114&lng=enmCustomizeSearch =
hxxp://toolbar.inbox.com/help/sa_custom ... tbid=80114dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} -
BHO: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - <orphaned>
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} -
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} -
BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} -
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: TaskbarNoNotification = dword:1
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-System: WallpaperStyle = 2
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: TaskbarNoNotification = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: TaskbarNoNotification = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: WallpaperStyle = 2
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} -
hxxp://www.worldwinner.com/games/v63/bjattack/bja.cabDPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -
hxxp://www.worldwinner.com/games/shared/wwlaunch.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cabDPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} -
hxxp://www.worldwinner.com/games/launch ... wwload.cabDPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} -
hxxp://trial.trymicrosoftoffice.com/tri ... /wrc32.ocxDPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cabTCP: NameServer = 192.168.1.1
TCP: Interfaces\{0B4AA0B4-D29A-4C2A-8DAC-A2F0B1E64C0C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0B4AA0B4-D29A-4C2A-8DAC-A2F0B1E64C0C}\3686162796562627F677E6 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{0B4AA0B4-D29A-4C2A-8DAC-A2F0B1E64C0C}\36861627C696562627F677E6 : DHCPNameServer = 10.0.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -
x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1
www.spywareinfo.com.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\n7qe0ovt.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\npspwrap.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
.
---- FIREFOX POLICIES ----
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
FF - user.js: extensions.nspdlgrvrio.aflt - grv_adk5_14_29
FF - user.js: extensions.nspdlgrvrio.instlRef - grv_adk5_14_29
FF - user.js: extensions.nspdlgrvrio.cr - 892784084
FF - user.js: extensions.nspdlgrvrio.cd - 2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JyD1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2StD0C0C0DyB0B0A0AtG0DtBtA0EtGzz0B0B0DtG0F0CtAzytGyDtC0B0FtDzz0CzzyE0FtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0E0ByC0DyE0C0CtGzztDyEzztGyE0FyB0FtGzy0EtAyEtGzz0C0DtB0EzyyEzz0CyEtD0C2Q
FF - user.js: extensions.srchvstrn.hmpg - true
FF - user.js: extensions.srchvstrn.hmpgUrl -
hxxp://Vosteran.com/?f=1&a=vst_cmi_14_4 ... 535139&ir=FF - user.js: extensions.srchvstrn.dfltSrch - true
FF - user.js: extensions.srchvstrn.srchPrvdr - Vosteran
FF - user.js: extensions.srchvstrn.dnsErr - true
FF - user.js: extensions.srchvstrn_i.newTab - true
FF - user.js: extensions.srchvstrn.newTabUrl -
hxxp://Vosteran.com/?f=2&a=vst_cmi_14_4 ... 535139&ir=FF - user.js: extensions.srchvstrn.tlbrSrchUrl -
hxxp://Vosteran.com/?f=3&a=vst_cmi_14_4 ... 139&ir=&q=FF - user.js: extensions.srchvstrn.id - 2EEEE6AA172BD7EC
FF - user.js: extensions.srchvstrn.instlDay - 16388
FF - user.js: extensions.srchvstrn.vrsn -
FF - user.js: extensions.srchvstrn.vrsni -
FF - user.js: extensions.srchvstrn_i.vrsnTs - 16:7:56
FF - user.js: extensions.srchvstrn.prtnrId - WSE_Vosteran
FF - user.js: extensions.srchvstrn.prdct - srchvstrn
FF - user.js: extensions.srchvstrn.aflt - vst_cmi_14_46_ch
FF - user.js: extensions.srchvstrn_i.smplGrp - none
FF - user.js: extensions.srchvstrn.tlbrId -
FF - user.js: extensions.srchvstrn.instlRef - 142905_b
FF - user.js: extensions.srchvstrn.dfltLng -
FF - user.js: extensions.srchvstrn.appId - {4CB3598A-82E8-4D1F-983F-061238AE696E}
FF - user.js: extensions.srchvstrn.excTlbr - false
FF - user.js: extensions.srchvstrn.cr - 1120535139
FF - user.js: extensions.srchvstrn.cd - 2XzuyEtN2Y1L1QzutB0E0E0E0EyC0A0AtCyBtB0B0DyB0E0CtN0D0Tzu0StCtDyEzytN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0A0F0ByCtAtAzytGtA0F0CyDtG0DyB0EyBtG0DyDtCzytGtDtCzzyEzz0C0EyBtD0E0F0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0E0ByC0DyE0C0CtGzztDyEzztGyE0FyB0FtGzy0EtAyEtGzz0C0DtB0EzyyEzz0CyEtD0C2Q
FF - user.js: extensions.srchvstrn.AL - 4
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-11-15 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-11-15 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-11-15 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-11-15 436624]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-7-2 203264]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-11-15 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-11-15 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-11-15 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-15 50344]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-3-7 517632]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-1-27 226624]
R2 OfficeSvc;Servicio de Microsoft Office;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2014-1-29 1494144]
R2 webinstrT;webinstrT;C:\Windows\System32\drivers\webinstrT.sys [2014-11-14 63696]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-16 228408]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-19 314400]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-10-11 36408]
R3 VSBC7;Virtual Serial Bus Enumerator 7 (Eltima Software);C:\Windows\System32\drivers\evsbc7.sys [2012-9-23 36616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-4-8 35840]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 evserial7;Virtual Serial Ports Driver 7 (Eltima Software);C:\Windows\System32\drivers\evserial7.sys [2012-9-23 71432]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-11 114688]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2010-12-3 21504]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\System32\drivers\motodrv.sys [2009-5-8 53632]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-11 216576]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-3 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-7 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== File Associations ===============
.
FileExt: .txt: soffice.StarWriterDocument.6="C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe" -o "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-11-16 18:10:58 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73D8D4DA-7A67-425B-AD65-E8E127DAD9C0}\offreg.dll
2014-11-16 16:58:13 6231376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-11-16 16:57:55 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73D8D4DA-7A67-425B-AD65-E8E127DAD9C0}\mpengine.dll
2014-11-16 01:30:45 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-16 00:45:51 -------- d-----w- C:\Users\Heidi\AppData\Roaming\AVAST Software
2014-11-16 00:45:05 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-16 00:45:05 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-11-16 00:45:04 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-16 00:45:04 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-16 00:45:04 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-16 00:45:03 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-16 00:45:02 1050432 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-11-16 00:44:52 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-16 00:34:52 -------- d-----w- C:\Program Files\AVAST Software
2014-11-16 00:33:40 -------- d-----w- C:\ProgramData\AVAST Software
2014-11-14 21:17:58 -------- d-----w- C:\Windows\SysWow64\Flash
2014-11-14 21:15:46 613012 ----a-w- C:\Users\Heidi\AppData\Local\nsh6995.tmp
2014-11-14 21:15:42 -------- d-sh--w- C:\Users\Heidi\AppData\Roaming\AnyProtectEx
2014-11-14 21:15:11 -------- d-----w- C:\Users\Heidi\AppData\Local\Vosteran-old
2014-11-14 21:12:40 2065 ----a-w- C:\Windows\patsearch.bin
2014-11-14 21:12:32 63696 ----a-w- C:\Windows\System32\drivers\webinstrT.sys
2014-11-14 21:12:31 -------- d-----w- C:\ProgramData\Systweak
2014-11-14 21:09:08 -------- d-----w- C:\Users\Heidi\AppData\Roaming\Systweak
2014-11-14 21:09:07 20296 ----a-w- C:\Windows\System32\roboot64.exe
2014-11-14 21:08:01 -------- d-----w- C:\Users\Heidi\AppData\Roaming\WSE_Vosteran
2014-11-14 20:56:11 -------- d-----w- C:\Users\Heidi\AppData\Roaming\24x7 Help
2014-11-14 00:03:21 -------- d-sh--w- C:\Users\Heidi\AppData\Local\EmieBrowserModeList
2014-11-11 21:46:57 878080 ----a-w- C:\Windows\System32\IMJP10K.DLL
2014-11-11 21:46:57 701440 ----a-w- C:\Windows\SysWow64\IMJP10K.DLL
2014-11-11 21:46:55 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-11-11 21:46:55 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-11-11 21:46:55 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-11-11 21:46:55 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-11-11 21:46:55 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-11-11 21:46:55 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-11-11 21:46:55 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-11-11 21:46:55 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-11-11 21:45:59 304640 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-11 21:45:58 228864 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-11 21:45:57 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-11-11 21:45:45 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-11-11 21:45:44 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-11-11 21:45:44 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-11-11 21:45:44 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-11-11 21:45:43 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-11-11 21:45:43 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-11-11 21:45:43 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-11-11 21:45:43 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-11-11 21:45:43 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-11-11 21:40:36 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-11-11 21:40:36 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-11-11 21:40:36 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2014-11-11 21:40:36 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-11-11 21:33:42 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-11 21:33:42 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
.
==================== Find3M ====================
.
2014-11-16 23:52:10 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-12 09:44:10 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-12 09:44:08 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 09:42:02 4918960 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-04 19:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-01 16:11:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-01 16:11:16 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 16:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:44 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:42 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
.
============= FINISH: 21:35:20.66 ===============