Win7 64bit laptop. Friends laptop 3 weeks ago got virus and wouldn't boot at all. Also they got into his email acc. and sent email to his address book. I removed hard drive and ran virus scan and removed virus (can't remember what it was) and thought ok. Yesterday virus win32/bagle.gen.zip, ran eset online scanner found and removed virus laptop booted once into windows, now again only boot into safe mode. Can you help track this down please.
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16455
Run by Administrator at 0:55:42 on 2012-12-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3836.2876 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASC.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5532&r=27360110d825l0344z175t48m2x383
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5532&r=27360110d825l0344z175t48m2x383
mStart Page = hxxp://home.sweetim.com
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5532&r=27360110d825l0344z175t48m2x383
mURLSearchHooks: AOL UK Toolbar Search Class: {df655c49-d4a4-466f-8044-c86294e906c8} - C:\Program Files (x86)\AOL UK Toolbar\aoluktb.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: AOL UK Toolbar Loader: {c7651f6e-3592-4612-b4e0-e0d471da0626} - C:\Program Files (x86)\AOL UK Toolbar\aoluktb.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: BT Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AOL UK Toolbar: {1e7144b2-0b4e-435a-af95-d925c184dab3} - C:\Program Files (x86)\AOL UK Toolbar\aoluktb.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{BED7BA7E-F3D6-4EA9-8EEE-F23B2B52778F} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{CFD595EE-5A0F-4B9A-9445-361562F99441} : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{CFD595EE-5A0F-4B9A-9445-361562F99441}\244584572633D275341545 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CFD595EE-5A0F-4B9A-9445-361562F99441}\2445F40756E6A7F6E656 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{CFD595EE-5A0F-4B9A-9445-361562F99441}\35B4955373430313 : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5532&r=27360110d825l0344z175t48m2x383
x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5532&r=27360110d825l0344z175t48m2x383
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-11-29 17720]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-8-18 58880]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-11-11 34872]
S0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2012-5-9 101688]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-11-30 984144]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-11-30 370288]
S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
S1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-4 505720]
S1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-7-29 55096]
S1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-7-29 297240]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-11-29 464256]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-11-30 25232]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-11-30 71600]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-30 44808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-2-7 822624]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-8-18 844320]
S2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
S2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-6 311592]
S2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-9-16 361472]
S2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2012-9-16 441856]
S2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-7-29 976728]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-30 1153368]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-17 240160]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2011-5-18 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2010-12-2 171008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-30 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-11 222208]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2011-10-1 765288]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2011-10-1 268648]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2011-10-1 25960]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2011-10-1 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-30 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-29 1255736]
.
=============== Created Last 30 ================
.
2012-12-13 23:44:46 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{21DB4F20-0C5D-4925-91EA-41CB033DA417}\offreg.dll
2012-12-13 23:43:36 -------- d-----w- C:\Program Files (x86)\ESET
2012-12-13 23:38:16 -------- d-----w- C:\Users\Administrator\AppData\Roaming\GameConsole
2012-12-13 23:38:04 -------- d-----w- C:\Program Files (x86)\Common Files\SWF Studio
2012-12-13 23:38:03 -------- d-sh--w- C:\Users\Administrator\AppData\Roaming\.#
2012-12-13 17:10:32 164352 -c----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_c0000185_527d3ae4857ee3c17b123f7227aaf8386dbab6_cab_10d14b05\SearchProtocolHost.exe
2012-12-12 22:00:14 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes
2012-12-12 16:29:06 -------- d-----w- C:\Users\Administrator\AppData\Roaming\IObit
2012-12-07 08:18:26 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{21DB4F20-0C5D-4925-91EA-41CB033DA417}\mpengine.dll
2012-12-01 00:32:56 -------- d-----w- C:\Users\Administrator\AppData\Local\ATI
2012-11-30 20:23:03 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-11-30 20:23:03 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-11-30 17:40:07 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-11-30 17:40:05 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-11-30 17:40:05 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-11-30 17:39:35 41224 ----a-w- C:\Windows\avastSS.scr
2012-11-30 16:11:33 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-30 16:11:33 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-30 09:50:40 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-11-30 09:50:40 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-11-30 09:50:40 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-11-30 09:50:40 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-30 09:50:40 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-11-30 09:50:40 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-11-30 09:50:40 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-11-30 09:50:39 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-11-30 09:50:39 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-30 09:49:27 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-11-30 09:49:27 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-11-30 09:48:09 25472 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-11-30 00:07:06 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-11-29 23:49:21 32600 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2012-11-29 23:49:11 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2012-11-29 18:25:50 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-11-29 18:06:51 -------- d-----w- C:\ProgramData\IObit
2012-11-29 18:06:39 -------- d-----w- C:\Program Files (x86)\IObit
2012-11-29 08:56:53 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-29 08:56:51 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-29 08:56:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-29 08:50:35 -------- d-----w- C:\ProgramData\AVAST Software
2012-11-29 08:50:35 -------- d-----w- C:\Program Files\AVAST Software
2012-11-18 21:48:42 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-18 21:48:41 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-18 21:48:41 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-18 21:48:41 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-18 21:23:56 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-18 21:23:56 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-18 21:23:54 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-18 21:23:54 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-18 21:23:52 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-18 21:23:52 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-18 21:23:52 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-18 15:25:21 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-11-18 15:25:21 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-11-18 15:25:21 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-11-18 15:25:21 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-11-18 15:25:12 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-18 15:25:09 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-18 15:25:09 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-18 15:24:37 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-11-18 15:24:36 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-11-18 15:24:36 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2012-11-18 15:24:36 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-11-18 15:24:36 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-11-18 15:24:36 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-11-18 15:24:36 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-11-18 15:24:36 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-11-18 15:24:35 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-11-18 15:24:35 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-11-18 15:24:35 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-11-18 15:24:35 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-11-14 23:35:35 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL
2012-11-14 23:35:31 120320 ----a-w- C:\Windows\System32\E_ILMHBE.DLL
2012-11-14 23:35:29 83968 ----a-w- C:\Windows\System32\E_ID4BHBE.DLL
.
==================== Find3M ====================
.
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 0:57:06.03 ===============
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16455
Run by Administrator at 0:55:42 on 2012-12-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3836.2876 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASC.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5532&r=27360110d825l0344z175t48m2x383
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5532&r=27360110d825l0344z175t48m2x383
mStart Page = hxxp://home.sweetim.com
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5532&r=27360110d825l0344z175t48m2x383
mURLSearchHooks: AOL UK Toolbar Search Class: {df655c49-d4a4-466f-8044-c86294e906c8} - C:\Program Files (x86)\AOL UK Toolbar\aoluktb.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: AOL UK Toolbar Loader: {c7651f6e-3592-4612-b4e0-e0d471da0626} - C:\Program Files (x86)\AOL UK Toolbar\aoluktb.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: BT Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AOL UK Toolbar: {1e7144b2-0b4e-435a-af95-d925c184dab3} - C:\Program Files (x86)\AOL UK Toolbar\aoluktb.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{BED7BA7E-F3D6-4EA9-8EEE-F23B2B52778F} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{CFD595EE-5A0F-4B9A-9445-361562F99441} : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{CFD595EE-5A0F-4B9A-9445-361562F99441}\244584572633D275341545 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CFD595EE-5A0F-4B9A-9445-361562F99441}\2445F40756E6A7F6E656 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{CFD595EE-5A0F-4B9A-9445-361562F99441}\35B4955373430313 : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5532&r=27360110d825l0344z175t48m2x383
x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5532&r=27360110d825l0344z175t48m2x383
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-11-29 17720]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-8-18 58880]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-11-11 34872]
S0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2012-5-9 101688]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-11-30 984144]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-11-30 370288]
S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
S1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-4 505720]
S1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-7-29 55096]
S1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-7-29 297240]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-11-29 464256]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-11-30 25232]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-11-30 71600]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-30 44808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-2-7 822624]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-8-18 844320]
S2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
S2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-6 311592]
S2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-9-16 361472]
S2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2012-9-16 441856]
S2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-7-29 976728]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-30 1153368]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-17 240160]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2011-5-18 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2010-12-2 171008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-30 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-11 222208]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2011-10-1 765288]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2011-10-1 268648]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2011-10-1 25960]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2011-10-1 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-30 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-29 1255736]
.
=============== Created Last 30 ================
.
2012-12-13 23:44:46 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{21DB4F20-0C5D-4925-91EA-41CB033DA417}\offreg.dll
2012-12-13 23:43:36 -------- d-----w- C:\Program Files (x86)\ESET
2012-12-13 23:38:16 -------- d-----w- C:\Users\Administrator\AppData\Roaming\GameConsole
2012-12-13 23:38:04 -------- d-----w- C:\Program Files (x86)\Common Files\SWF Studio
2012-12-13 23:38:03 -------- d-sh--w- C:\Users\Administrator\AppData\Roaming\.#
2012-12-13 17:10:32 164352 -c----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_c0000185_527d3ae4857ee3c17b123f7227aaf8386dbab6_cab_10d14b05\SearchProtocolHost.exe
2012-12-12 22:00:14 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes
2012-12-12 16:29:06 -------- d-----w- C:\Users\Administrator\AppData\Roaming\IObit
2012-12-07 08:18:26 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{21DB4F20-0C5D-4925-91EA-41CB033DA417}\mpengine.dll
2012-12-01 00:32:56 -------- d-----w- C:\Users\Administrator\AppData\Local\ATI
2012-11-30 20:23:03 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-11-30 20:23:03 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-11-30 17:40:07 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-11-30 17:40:05 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-11-30 17:40:05 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-11-30 17:39:35 41224 ----a-w- C:\Windows\avastSS.scr
2012-11-30 16:11:33 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-30 16:11:33 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-30 09:50:40 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-11-30 09:50:40 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-11-30 09:50:40 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-11-30 09:50:40 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-30 09:50:40 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-11-30 09:50:40 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-11-30 09:50:40 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-11-30 09:50:39 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-11-30 09:50:39 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-30 09:49:27 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-11-30 09:49:27 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-11-30 09:48:09 25472 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-11-30 00:07:06 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-11-29 23:49:21 32600 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2012-11-29 23:49:11 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2012-11-29 18:25:50 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-11-29 18:06:51 -------- d-----w- C:\ProgramData\IObit
2012-11-29 18:06:39 -------- d-----w- C:\Program Files (x86)\IObit
2012-11-29 08:56:53 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-29 08:56:51 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-29 08:56:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-29 08:50:35 -------- d-----w- C:\ProgramData\AVAST Software
2012-11-29 08:50:35 -------- d-----w- C:\Program Files\AVAST Software
2012-11-18 21:48:42 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-18 21:48:41 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-18 21:48:41 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-18 21:48:41 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-18 21:23:56 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-18 21:23:56 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-18 21:23:54 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-18 21:23:54 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-18 21:23:52 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-18 21:23:52 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-18 21:23:52 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-18 15:25:21 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-11-18 15:25:21 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-11-18 15:25:21 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-11-18 15:25:21 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-11-18 15:25:12 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-18 15:25:09 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-18 15:25:09 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-18 15:24:37 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-11-18 15:24:36 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-11-18 15:24:36 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2012-11-18 15:24:36 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-11-18 15:24:36 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-11-18 15:24:36 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-11-18 15:24:36 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-11-18 15:24:36 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-11-18 15:24:35 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-11-18 15:24:35 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-11-18 15:24:35 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-11-18 15:24:35 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-11-14 23:35:35 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL
2012-11-14 23:35:31 120320 ----a-w- C:\Windows\System32\E_ILMHBE.DLL
2012-11-14 23:35:29 83968 ----a-w- C:\Windows\System32\E_ID4BHBE.DLL
.
==================== Find3M ====================
.
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 0:57:06.03 ===============