Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

IRP Hook removal

Started by spgrimm21 , Feb 17 2013 08:05 PM

This topic is locked

19 replies to this topic

#1 spgrimm21

New Member

Members
12 posts

Posted 17 February 2013 - 08:05 PM

I have used this site before for a virus removal, that is why I am coming back. I have Virus that AVG has picked up as an IRP hook virus. It doesn't seem to really affect my computer however I have recently had my cell phone account compromised by someone who changed all my info and ordered expensive cellular devices off of it. I believe this to be a direct result of the virus as they did this all online. Any ways back to the virus, avg picks it up and tries to remove it but it never does, I orginally bought this computer at best buy and used webroot which gave me my first virus which you all helped me remove, now avg which I have used on other computers has let me recieve this virus, I know I haven't gone to any site that hasn't been reputable. So I am wondering if the virus is in a file on my computer that I didn't get rid of and whenever I go to it, it reactivates. I really just want this virus gone for good. AVG picks it up as an IRP Hook and has like 9 of them. This is the ONLY computer that I have ever gotten viruses on and I am at the point of just throwing the computer away because of it. If you could please help me get rid of it I would be very thankful.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1
Run by Lindsay at 19:33:29 on 2013-02-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8173.4514 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 75.75.76.76 75.75.75.75 192.168.1.1
TCP: Interfaces\{A529F0AC-04CD-4AE7-A30D-4A0BEE6C97BD} : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
TCP: Interfaces\{A529F0AC-04CD-4AE7-A30D-4A0BEE6C97BD}\16474777966696 : DHCPNameServer = 206.59.51.130 64.134.255.2 64.134.255.10
TCP: Interfaces\{A529F0AC-04CD-4AE7-A30D-4A0BEE6C97BD}\34963736F61363837363 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A529F0AC-04CD-4AE7-A30D-4A0BEE6C97BD}\3514D43555E47402357484D29663637373239303 : DHCPNameServer = 192.168.33.1
TCP: Interfaces\{A529F0AC-04CD-4AE7-A30D-4A0BEE6C97BD}\C696E6B6379737 : DHCPNameServer = 192.168.1.1 75.75.76.76 75.75.75.75
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCUDelayStartup.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\il5ygold.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-21 52856]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-7-17 30568]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-1-25 166408]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-2-27 499200]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-3 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-1 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-13 682344]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-2-15 47104]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-3-15 428384]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2011-5-3 14112]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2011-3-7 102400]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsnxc64.sys [2011-3-6 98816]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-5-3 259192]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-3 2656280]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-5-3 550080]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-5-3 852160]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-9 711112]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-2-27 885248]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2011-2-17 75264]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2011-2-17 174080]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2011-2-17 81920]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-5-3 436776]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-5-3 39976]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-13 24176]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-8 413800]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-1 12032]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-5-3 44736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-8-14 99384]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-12 19456]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-8-14 203320]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-12 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-12 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-2-19 546608]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-19 385336]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-19 99104]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-26 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-02-03 02:53:01   20480   ----a-w-   C:\Windows\svchost.exe
2013-02-01 23:43:42   492032   ----a-w-   C:\Windows\SysWow64\win32spl.dll
2013-02-01 23:43:19   2002432   ----a-w-   C:\Windows\System32\msxml6.dll
2013-02-01 23:43:18   1882624   ----a-w-   C:\Windows\System32\msxml3.dll
2013-02-01 23:43:18   1389568   ----a-w-   C:\Windows\SysWow64\msxml6.dll
2013-02-01 23:43:17   1236992   ----a-w-   C:\Windows\SysWow64\msxml3.dll
2013-02-01 23:43:13   220160   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2013-02-01 23:43:09   800768   ----a-w-   C:\Windows\System32\usp10.dll
2013-02-01 23:43:09   626688   ----a-w-   C:\Windows\SysWow64\usp10.dll
2013-02-01 23:41:32   424448   ----a-w-   C:\Windows\System32\KernelBase.dll
2013-01-25 16:45:42   2551808   ----a-w-   C:\ProgramData\Microsoft\BingDesktop\Updater\BingDesktop.msi
2013-01-19 20:08:56   750592   ----a-w-   C:\Windows\System32\win32spl.dll
2013-01-19 20:08:04   307200   ----a-w-   C:\Windows\System32\ncrypt.dll
2013-01-19 20:04:32   308736   ----a-w-   C:\Windows\SysWow64\Wpc.dll
2013-01-19 19:59:52   362496   ----a-w-   C:\Windows\System32\wow64win.dll
.
==================== Find3M ====================
.
2013-01-12 21:15:17   74248   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-12 21:15:17   697864   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-16 17:11:22   46080   ----a-w-   C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03   367616   ----a-w-   C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28   295424   ----a-w-   C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20   34304   ----a-w-   C:\Windows\SysWow64\atmlib.dll
2012-12-14 21:49:28   24176   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2012-12-10 08:28:34   127328   ----a-w-   C:\Windows\System32\drivers\avgidsdrivera.sys
2012-12-07 13:20:16   441856   ----a-w-   C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31   2746368   ----a-w-   C:\Windows\System32\gameux.dll
2012-12-07 12:20:43   2576384   ----a-w-   C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04   30720   ----a-w-   C:\Windows\System32\usk.rs
2012-12-07 11:20:03   43520   ----a-w-   C:\Windows\System32\csrr.rs
2012-12-07 11:20:03   23552   ----a-w-   C:\Windows\System32\oflc.rs
2012-12-07 11:20:01   45568   ----a-w-   C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01   44544   ----a-w-   C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01   20480   ----a-w-   C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00   20480   ----a-w-   C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59   20480   ----a-w-   C:\Windows\System32\pegi.rs
2012-12-07 11:19:58   46592   ----a-w-   C:\Windows\System32\fpb.rs
2012-12-07 11:19:57   40960   ----a-w-   C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57   21504   ----a-w-   C:\Windows\System32\grb.rs
2012-12-07 11:19:57   15360   ----a-w-   C:\Windows\System32\djctq.rs
2012-12-07 11:19:56   55296   ----a-w-   C:\Windows\System32\cero.rs
2012-12-07 11:19:55   51712   ----a-w-   C:\Windows\System32\esrb.rs
2012-11-30 05:45:35   243200   ----a-w-   C:\Windows\System32\wow64.dll
2012-11-30 05:45:35   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14   215040   ----a-w-   C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12   16384   ----a-w-   C:\Windows\System32\ntvdm64.dll
2012-11-30 04:54:00   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59   274944   ----a-w-   C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48   338432   ----a-w-   C:\Windows\System32\conhost.exe
2012-11-30 02:44:06   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59   6144   ---ha-w-   C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59   4608   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59   3584   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31   3149824   ----a-w-   C:\Windows\System32\win32k.sys
2012-11-23 03:13:57   68608   ----a-w-   C:\Windows\System32\taskhost.exe
.
============= FINISH: 19:34:53.92 ===============

BC Ads
BleepingComputer.com

#2 nasdaq

Forum Addict

Malware Response Team
10,944 posts

Gender:Male
Location:Montreal, QC. Canada

Posted 18 February 2013 - 10:05 AM

Hello, Welcome to BleepingComputer.

I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.

How to : Disable Anti-virus and Firewall...

http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt

Note:

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.

Double click on AdwCleaner.exe to run the tool.

Click on Delete tab follow the prompts.

A log file will automatically open after the scan has finished.

Please post the content of that log file with your next answer.

You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review.

#3 spgrimm21

New Member

Members
12 posts

Posted 18 February 2013 - 03:41 PM

ComboFix 13-02-18.01 - Lindsay 02/18/2013 11:01:27.9.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8173.5572 [GMT -5:00]
Running from: c:\users\Lindsay\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lindsay\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll
c:\windows\svchost.exe
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-18 to 2013-02-18 )))))))))))))))))))))))))))))))
.
.
2013-02-18 16:12 . 2013-02-18 16:12   --------   d-----w-   c:\users\UpdatusUser\AppData\Local\temp
2013-02-18 16:12 . 2013-02-18 16:12   --------   d-----w-   c:\users\Public\AppData\Local\temp
2013-02-18 16:12 . 2013-02-18 16:12   --------   d-----w-   c:\users\Mcx1-LINDSAY-VAIO\AppData\Local\temp
2013-02-18 16:12 . 2013-02-18 16:12   --------   d-----w-   c:\users\Mcx1-LINDSAY-VAIO.Lindsay-VAIO\AppData\Local\temp
2013-02-18 16:12 . 2013-02-18 16:12   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-02-01 23:43 . 2012-11-09 04:43   492032   ----a-w-   c:\windows\SysWow64\win32spl.dll
2013-02-01 23:43 . 2012-11-01 05:43   2002432   ----a-w-   c:\windows\system32\msxml6.dll
2013-02-01 23:43 . 2012-11-01 05:43   1882624   ----a-w-   c:\windows\system32\msxml3.dll
2013-02-01 23:43 . 2012-11-01 04:47   1389568   ----a-w-   c:\windows\SysWow64\msxml6.dll
2013-02-01 23:43 . 2012-11-01 04:47   1236992   ----a-w-   c:\windows\SysWow64\msxml3.dll
2013-02-01 23:43 . 2012-11-20 04:51   220160   ----a-w-   c:\windows\SysWow64\ncrypt.dll
2013-02-01 23:43 . 2012-11-22 05:44   800768   ----a-w-   c:\windows\system32\usp10.dll
2013-02-01 23:43 . 2012-11-22 04:45   626688   ----a-w-   c:\windows\SysWow64\usp10.dll
2013-02-01 23:41 . 2012-11-30 05:41   424448   ----a-w-   c:\windows\system32\KernelBase.dll
2013-02-01 23:32 . 2013-02-01 23:32   --------   d-----w-   c:\users\Default\AppData\Roaming\TuneUp Software
2013-01-25 16:45 . 2013-01-25 16:45   2551808   ----a-w-   c:\programdata\Microsoft\BingDesktop\Updater\BingDesktop.msi
2013-01-19 20:08 . 2012-11-09 05:45   750592   ----a-w-   c:\windows\system32\win32spl.dll
2013-01-19 20:08 . 2012-11-20 05:48   307200   ----a-w-   c:\windows\system32\ncrypt.dll
2013-01-19 20:04 . 2012-12-07 12:26   308736   ----a-w-   c:\windows\SysWow64\Wpc.dll
2013-01-19 19:59 . 2012-11-30 05:45   362496   ----a-w-   c:\windows\system32\wow64win.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-18 16:15 . 2012-04-17 02:38   697712   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-18 16:15 . 2011-09-04 15:21   74096   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-02 08:16 . 2011-07-26 18:28   67599240   ----a-w-   c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-24 03:27   46080   ----a-w-   c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-24 03:27   367616   ----a-w-   c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-24 03:27   295424   ----a-w-   c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-24 03:27   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
2012-12-14 21:49 . 2011-11-13 21:47   24176   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-12-10 08:28 . 2012-12-10 08:28   127328   ----a-w-   c:\windows\system32\drivers\avgidsdrivera.sys
2012-11-30 05:43 . 2013-01-12 20:43   16384   ----a-w-   c:\windows\system32\ntvdm64.dll
2012-11-30 04:45 . 2013-02-01 23:41   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2012-11-30 02:44 . 2013-01-12 20:43   2048   ----a-w-   c:\windows\SysWow64\user.exe
2012-11-30 02:38 . 2013-01-12 20:43   6144   ---ha-w-   c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-22 15:50 . 2012-12-25 23:13   92184   ----a-w-   c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-10 00:52   1796552   ----a-w-   c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-10 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-07 960440]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-07 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-10 997320]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]
"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-01-25 2127896]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-12-5 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-24 1219360]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-19 546608]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-26 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2012-01-21 52856]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-11-08 307040]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-10 30568]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-02 5174392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-01-25 166408]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-02-27 499200]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-02-15 47104]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2011-03-01 102400]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsnxc64.sys [2011-03-01 98816]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-03-07 2656280]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-02-15 550080]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-10 711112]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-02-27 885248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-12-10 127328]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-02-17 75264]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-02-17 174080]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-02-17 81920]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-04-01 436776]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-04-01 39976]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-07 413800]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 16:15]
.
2013-02-03 c:\windows\Tasks\One-Click Tweak.job
- c:\program files (x86)\Advanced PC Tweaker\OneClick.exe [2011-11-13 16:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCUDelayStartup.exe" [2011-03-02 718336]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\il5ygold.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:8e,7c,f0,b8,f6,51,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\01\16\13(*\05"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Sony\VAIO Care\listener.exe
c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe
c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe
.
**************************************************************************
.
Completion time: 2013-02-18 11:24:13 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-18 16:24
.
Pre-Run: 493,620,191,232 bytes free
Post-Run: 493,804,113,920 bytes free
.
- - End Of File - - 288DBD876E604FDDE172A914D11F9BA3

Results of screen317's Security Check version 0.99.58
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
AVG PC Tuneup 2011
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.5.502.149 Flash Player out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (18.0.2)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````

# AdwCleaner v2.112 - Logfile created 02/18/2013 at 15:34:23
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Lindsay - LINDSAY-VAIO
# Boot Mode : Normal
# Running from : C:\Users\Lindsay\Desktop\adwcleaner0.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\Lindsay\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Lindsay\AppData\Local\Conduit
Folder Deleted : C:\Users\Lindsay\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Lindsay\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\il5ygold.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.46] : icon_url =   "hxxp://isearch.avg.com/favicon.ico",
Deleted [l.49] : keyword =   "isearch.avg.com",
Deleted [l.52] : search_url =   "hxxp://isearch.avg.com/search?cid={E3E59FAE-3895-4956-8E83-AB10EFB8D94F}&mid=b73010[...]

*************************

AdwCleaner[R1].txt - [6561 octets] - [18/02/2013 15:32:13]
AdwCleaner[S1].txt - [6345 octets] - [18/02/2013 15:34:23]

########## EOF - C:\AdwCleaner[S1].txt - [6405 octets] ##########

#4 nasdaq

Forum Addict

Malware Response Team
10,944 posts

Gender:Male
Location:Montreal, QC. Canada

Posted 19 February 2013 - 07:46 AM

Looking good.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!

Important read this blog.

http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.

"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:

http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers

http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.

https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java™ 7 Update 5

Java 7 update 10 introduced important new security controls

You can read about it here.

http://nakedsecurity.sophos.com/2012/12/19/java-7-update-10-introduces-important-new-security-controls/

Note

Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.

http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png

I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.

===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.

Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.

Flash Player 11 (64 bit)

Flash Player 11 (32 bit)

===

Get the latest version of the Adobe Reader.

http://get.adobe.com/reader/

Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

===

Please let me know if the problem persists.

#5 spgrimm21

New Member

Members
12 posts

Posted 19 February 2013 - 05:10 PM

ok, I updated all of those programs

#6 nasdaq

Forum Addict

Malware Response Team
10,944 posts

Gender:Male
Location:Montreal, QC. Canada

Posted 20 February 2013 - 09:21 AM

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.

Click on Uninstall.

Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure delete your version and download the latest before running it.

Delete the other tools we used.

You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!

===

#7 spgrimm21

New Member

Members
12 posts

Posted 21 February 2013 - 07:00 PM

I ran AVG again and it is still finding those hooks when it run thru the root files

#8 nasdaq

Forum Addict

Malware Response Team
10,944 posts

Gender:Male
Location:Montreal, QC. Canada

Posted 22 February 2013 - 10:52 AM

Can you post the log from AVG stating the IRP hooks. It may help in identifying the cause.

Edited by nasdaq, 22 February 2013 - 10:53 AM.

#9 spgrimm21

New Member

Members
12 posts

Posted 24 February 2013 - 12:02 PM

here is one of the logs from them

"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_QUERY_INFORMATION -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_SET_INFORMATION -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_QUERY_EA -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_SET_EA -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_FLUSH_BUFFERS -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_QUERY_VOLUME_INFORMATION -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_SET_VOLUME_INFORMATION -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_DIRECTORY_CONTROL -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_FILE_SYSTEM_CONTROL -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_DEVICE_CONTROL -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_SHUTDOWN -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_LOCK_CONTROL -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_CLEANUP -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_CREATE_MAILSLOT -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_QUERY_SECURITY -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_SET_SECURITY -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_POWER -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_SYSTEM_CONTROL -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_DEVICE_CHANGE -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_QUERY_QUOTA -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_SET_QUOTA -> 0xFFFFFA8009BA8674";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\iaStor IRP_MJ_PNP -> 0xFFFFFA8009BA8674";"Object is hidden"

#10 nasdaq

Forum Addict

Malware Response Team
10,944 posts

Gender:Male
Location:Montreal, QC. Canada

Posted 24 February 2013 - 02:02 PM

There could be an damaged or an infected iaStor driver. Lets check it.

Please Download

TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.

Click on the Start Scan button and wait for the scan and disinfection process to be over.

If an infected file is detected, the default action will be Cure, click on Continue

If a suspicious file is detected, the default action will be Skip, click on Continue

If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.

Click the "Scan" button to start scan.

Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT

Please post the contents of that log in your next reply.

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#11 spgrimm21

New Member

Members
12 posts

Posted 24 February 2013 - 02:50 PM

Ran tdskiller and when it went to reboot it crashed windows and gave a long code.

Stop: 0x000000B8 (0xFFFFFA80093E76A0, 0xFFFFFA8006B2D640, 0x0000000000000000, 0x0000000000000000)

Going to reboot and try running it again

#12 spgrimm21

New Member

Members
12 posts

Posted 24 February 2013 - 03:06 PM

14:54:53.0061 2604 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:54:53.0357 2604 ============================================================
14:54:53.0357 2604 Current date / time: 2013/02/24 14:54:53.0357
14:54:53.0357 2604 SystemInfo:
14:54:53.0357 2604
14:54:53.0357 2604 OS Version: 6.1.7601 ServicePack: 1.0
14:54:53.0357 2604 Product type: Workstation
14:54:53.0357 2604 ComputerName: LINDSAY-VAIO
14:54:53.0357 2604 UserName: Lindsay
14:54:53.0357 2604 Windows directory: C:\Windows
14:54:53.0357 2604 System windows directory: C:\Windows
14:54:53.0357 2604 Running under WOW64
14:54:53.0357 2604 Processor architecture: Intel x64
14:54:53.0357 2604 Number of processors: 8
14:54:53.0357 2604 Page size: 0x1000
14:54:53.0357 2604 Boot type: Normal boot
14:54:53.0357 2604 ============================================================
14:54:55.0822 2604 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:54:55.0838 2604 ============================================================
14:54:55.0838 2604 \Device\Harddisk0\DR0:
14:54:55.0838 2604 MBR partitions:
14:54:55.0838 2604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1735000, BlocksNum 0x32000
14:54:55.0838 2604 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1767000, BlocksNum 0x55DDEEF0
14:54:55.0838 2604 ============================================================
14:54:55.0900 2604 C: <-> \Device\Harddisk0\DR0\Partition2
14:54:55.0900 2604 ============================================================
14:54:55.0900 2604 Initialize success
14:54:55.0900 2604 ============================================================
14:54:57.0788 0836 ============================================================
14:54:57.0788 0836 Scan started
14:54:57.0788 0836 Mode: Manual;
14:54:57.0788 0836 ============================================================
14:54:59.0925 0836 ================ Scan system memory ========================
14:54:59.0925 0836 System memory - ok
14:54:59.0925 0836 ================ Scan services =============================
14:55:00.0409 0836 11725186 - ok
14:55:00.0783 0836 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:55:00.0783 0836 1394ohci - ok
14:55:00.0923 0836 [ F146E2BA475893DD77B2370DC1211FC6 ] 18361117        C:\Windows\system32\drivers\18073643.sys
14:55:00.0923 0836 Suspicious file (Forged): C:\Windows\system32\drivers\18073643.sys. Real md5: F146E2BA475893DD77B2370DC1211FC6, Fake md5: 8CCC23B22BB3F48403FD6AA37B6B0772
14:55:00.0923 0836 18361117 ( ForgedFile.Multi.Generic ) - warning
14:55:00.0923 0836 18361117 - detected ForgedFile.Multi.Generic (1)
14:55:01.0126 0836 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
14:55:01.0126 0836 ACDaemon - ok
14:55:01.0173 0836 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:55:01.0173 0836 ACPI - ok
14:55:01.0204 0836 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:55:01.0204 0836 AcpiPmi - ok
14:55:01.0454 0836 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
14:55:01.0469 0836 AdobeActiveFileMonitor6.0 - ok
14:55:01.0563 0836 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:55:01.0563 0836 AdobeARMservice - ok
14:55:02.0093 0836 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:55:02.0156 0836 AdobeFlashPlayerUpdateSvc - ok
14:55:02.0265 0836 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:55:02.0281 0836 adp94xx - ok
14:55:02.0327 0836 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:55:02.0359 0836 adpahci - ok
14:55:02.0639 0836 [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:55:02.0639 0836 adpu320 - ok
14:55:02.0733 0836 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:55:02.0733 0836 AeLookupSvc - ok
14:55:02.0811 0836 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:55:02.0827 0836 AFD - ok
14:55:02.0905 0836 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:55:02.0905 0836 agp440 - ok
14:55:02.0967 0836 [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:55:02.0983 0836 ALG - ok
14:55:03.0061 0836 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:55:03.0061 0836 aliide - ok
14:55:03.0123 0836 [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:55:03.0139 0836 amdide - ok
14:55:03.0185 0836 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:55:03.0185 0836 AmdK8 - ok
14:55:03.0201 0836 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:55:03.0201 0836 AmdPPM - ok
14:55:03.0263 0836 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:55:03.0263 0836 amdsata - ok
14:55:03.0310 0836 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:55:03.0310 0836 amdsbs - ok
14:55:03.0357 0836 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:55:03.0357 0836 amdxata - ok
14:55:03.0419 0836 [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:55:03.0435 0836 AppID - ok
14:55:03.0466 0836 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:55:03.0482 0836 AppIDSvc - ok
14:55:03.0497 0836 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
14:55:03.0513 0836 Appinfo - ok
14:55:03.0716 0836 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:55:03.0716 0836 Apple Mobile Device - ok
14:55:03.0825 0836 [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
14:55:03.0841 0836 arc - ok
14:55:03.0934 0836 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:55:03.0950 0836 arcsas - ok
14:55:04.0215 0836 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:55:04.0324 0836 aspnet_state - ok
14:55:04.0371 0836 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:55:04.0371 0836 AsyncMac - ok
14:55:04.0449 0836 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:55:04.0449 0836 atapi - ok
14:55:04.0667 0836 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
14:55:04.0730 0836 athr - ok
14:55:04.0901 0836 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:55:04.0901 0836 AudioEndpointBuilder - ok
14:55:04.0979 0836 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:55:04.0979 0836 AudioSrv - ok
14:55:05.0822 0836 [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
14:55:05.0837 0836 AVGIDSAgent - ok
14:55:05.0993 0836 [ 633360E94804E7BAFE642017817C9413 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
14:55:05.0993 0836 AVGIDSDriver - ok
14:55:06.0025 0836 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter    C:\Windows\system32\DRIVERS\avgidsfiltera.sys
14:55:06.0025 0836 AVGIDSFilter - ok
14:55:06.0134 0836 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
14:55:06.0134 0836 AVGIDSHA - ok
14:55:06.0274 0836 [ BE8BC5D10ABA05D7F6E79D8296906C86 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
14:55:06.0290 0836 Avgldx64 - ok
14:55:06.0352 0836 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
14:55:06.0352 0836 Avgmfx64 - ok
14:55:06.0493 0836 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
14:55:06.0493 0836 Avgrkx64 - ok
14:55:06.0680 0836 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
14:55:06.0680 0836 Avgtdia - ok
14:55:06.0789 0836 [ 371428CF0F71934CB0F2344823ADFA32 ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
14:55:06.0789 0836 avgtp - ok
14:55:06.0883 0836 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd           C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
14:55:06.0898 0836 avgwd - ok
14:55:07.0007 0836 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:55:07.0007 0836 AxInstSV - ok
14:55:07.0132 0836 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:55:07.0148 0836 b06bdrv - ok
14:55:07.0351 0836 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:55:07.0366 0836 b57nd60a - ok
14:55:07.0460 0836 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:55:07.0460 0836 BDESVC - ok
14:55:07.0491 0836 [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:55:07.0491 0836 Beep - ok
14:55:07.0538 0836 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:55:07.0538 0836 BFE - ok
14:55:07.0694 0836 [ 71B1869F96C978771F1616467302AB5A ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
14:55:07.0694 0836 BingDesktopUpdate - ok
14:55:07.0912 0836 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
14:55:07.0928 0836 BITS - ok
14:55:07.0990 0836 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
14:55:07.0990 0836 blbdrive - ok
14:55:08.0193 0836 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:55:08.0209 0836 Bonjour Service - ok
14:55:08.0271 0836 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:55:08.0271 0836 bowser - ok
14:55:08.0349 0836 [ 3DCB409BCBD02AB0675682F8E42A410F ] bpenum          C:\Windows\system32\DRIVERS\bpenum.sys
14:55:08.0365 0836 bpenum - ok
14:55:08.0411 0836 [ 6C66EEF6669B14DF4F426990A1CA5112 ] bpmp            C:\Windows\system32\DRIVERS\bpmp.sys
14:55:08.0427 0836 bpmp - ok
14:55:08.0505 0836 [ 2EE68405BBADE51CBE1C973FF3A1A400 ] bpusb           C:\Windows\system32\Drivers\bpusb.sys
14:55:08.0505 0836 bpusb - ok
14:55:08.0583 0836 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:55:08.0583 0836 BrFiltLo - ok
14:55:08.0614 0836 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:55:08.0614 0836 BrFiltUp - ok
14:55:08.0661 0836 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:55:08.0677 0836 BridgeMP - ok
14:55:08.0723 0836 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:55:08.0755 0836 Browser - ok
14:55:08.0895 0836 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:55:08.0926 0836 Brserid - ok
14:55:09.0004 0836 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:55:09.0004 0836 BrSerWdm - ok
14:55:09.0051 0836 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:55:09.0051 0836 BrUsbMdm - ok
14:55:09.0082 0836 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:55:09.0082 0836 BrUsbSer - ok
14:55:09.0145 0836 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
14:55:09.0145 0836 BthEnum - ok
14:55:09.0207 0836 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:55:09.0223 0836 BTHMODEM - ok
14:55:09.0301 0836 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:55:09.0301 0836 BthPan - ok
14:55:09.0441 0836 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
14:55:09.0441 0836 BTHPORT - ok
14:55:09.0566 0836 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:55:09.0566 0836 bthserv - ok
14:55:09.0644 0836 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
14:55:09.0659 0836 BTHUSB - ok
14:55:09.0753 0836 [ 8767C8B416B6D583881F0FD7A0555135 ] BTWAMPFL        C:\Windows\system32\DRIVERS\btwampfl.sys
14:55:09.0769 0836 BTWAMPFL - ok
14:55:09.0784 0836 [ AB95865207E68FE9245BA942AE20D09A ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
14:55:09.0784 0836 btwaudio - ok
14:55:09.0893 0836 [ 3CF91081B85241B624876CEE7C1F5BBD ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
14:55:09.0893 0836 btwavdt - ok
14:55:10.0003 0836 [ CEAD84B8E5902AE6C61F5B0F05C097FF ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:55:10.0018 0836 btwdins - ok
14:55:10.0049 0836 [ B9354F9F111C64F2495B60F1E24CB453 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
14:55:10.0049 0836 btwl2cap - ok
14:55:10.0143 0836 [ D08EA90B392C173DCE0FDC0370D6BC9C ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
14:55:10.0143 0836 btwrchid - ok
14:55:10.0143 0836 catchme - ok
14:55:10.0283 0836 [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:55:10.0283 0836 cdfs - ok
14:55:10.0361 0836 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:55:10.0361 0836 cdrom - ok
14:55:10.0439 0836 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:55:10.0439 0836 CertPropSvc - ok
14:55:10.0486 0836 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
14:55:10.0486 0836 circlass - ok
14:55:10.0517 0836 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:55:10.0533 0836 CLFS - ok
14:55:10.0689 0836 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:55:10.0689 0836 clr_optimization_v2.0.50727_32 - ok
14:55:10.0798 0836 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:55:10.0814 0836 clr_optimization_v2.0.50727_64 - ok
14:55:10.0892 0836 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:55:11.0173 0836 clr_optimization_v4.0.30319_32 - ok
14:55:11.0219 0836 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:55:11.0375 0836 clr_optimization_v4.0.30319_64 - ok
14:55:11.0407 0836 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:55:11.0407 0836 CmBatt - ok
14:55:11.0485 0836 [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:55:11.0485 0836 cmdide - ok
14:55:11.0625 0836 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
14:55:11.0641 0836 CNG - ok
14:55:11.0766 0836 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:55:11.0766 0836 Compbatt - ok
14:55:11.0782 0836 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:55:11.0782 0836 CompositeBus - ok
14:55:11.0782 0836 COMSysApp - ok
14:55:11.0813 0836 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:55:11.0813 0836 crcdisk - ok
14:55:11.0907 0836 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:55:11.0907 0836 CryptSvc - ok
14:55:11.0954 0836 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:55:11.0969 0836 DcomLaunch - ok
14:55:12.0032 0836 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:55:12.0032 0836 defragsvc - ok
14:55:12.0078 0836 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:55:12.0078 0836 DfsC - ok
14:55:12.0156 0836 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
14:55:12.0156 0836 dg_ssudbus - ok
14:55:12.0188 0836 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:55:12.0203 0836 Dhcp - ok
14:55:12.0234 0836 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:55:12.0250 0836 discache - ok
14:55:12.0266 0836 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
14:55:12.0281 0836 Disk - ok
14:55:12.0344 0836 [ EC9D64CC2DD8A4C6D11550F364890DB1 ] DMAgent         C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
14:55:12.0375 0836 DMAgent - ok
14:55:12.0437 0836 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:55:12.0437 0836 Dnscache - ok
14:55:12.0500 0836 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:55:12.0500 0836 dot3svc - ok
14:55:12.0531 0836 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:55:12.0531 0836 DPS - ok
14:55:12.0593 0836 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:55:12.0593 0836 drmkaud - ok
14:55:12.0656 0836 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:55:12.0671 0836 DXGKrnl - ok
14:55:12.0702 0836 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y60x64.sys
14:55:12.0702 0836 e1yexpress - ok
14:55:12.0734 0836 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:55:12.0734 0836 EapHost - ok
14:55:12.0968 0836 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:55:13.0092 0836 ebdrv - ok
14:55:13.0108 0836 [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:55:13.0124 0836 EFS - ok
14:55:13.0202 0836 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:55:13.0202 0836 ehRecvr - ok
14:55:13.0233 0836 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:55:13.0233 0836 ehSched - ok
14:55:13.0295 0836 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:55:13.0295 0836 elxstor - ok
14:55:13.0358 0836 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:55:13.0358 0836 ErrDev - ok
14:55:13.0451 0836 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:55:13.0451 0836 EventSystem - ok
14:55:13.0592 0836 [ 7EE9F35BC1DD0CE1A4976032F9AC5162 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:55:13.0607 0836 EvtEng - ok
14:55:13.0654 0836 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:55:13.0670 0836 exfat - ok
14:55:13.0701 0836 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:55:13.0701 0836 fastfat - ok
14:55:13.0794 0836 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:55:13.0810 0836 Fax - ok
14:55:13.0826 0836 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
14:55:13.0826 0836 fdc - ok
14:55:13.0872 0836 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:55:13.0872 0836 fdPHost - ok
14:55:13.0888 0836 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:55:13.0888 0836 FDResPub - ok
14:55:13.0919 0836 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:55:13.0919 0836 FileInfo - ok
14:55:13.0935 0836 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:55:13.0935 0836 Filetrace - ok
14:55:14.0169 0836 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:55:14.0184 0836 FLEXnet Licensing Service - ok
14:55:14.0247 0836 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:55:14.0247 0836 flpydisk - ok
14:55:14.0309 0836 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:55:14.0309 0836 FltMgr - ok
14:55:14.0387 0836 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
14:55:14.0403 0836 FontCache - ok
14:55:14.0496 0836 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:55:14.0512 0836 FontCache3.0.0.0 - ok
14:55:14.0512 0836 [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:55:14.0512 0836 FsDepends - ok
14:55:14.0543 0836 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:55:14.0559 0836 Fs_Rec - ok
14:55:14.0574 0836 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:55:14.0590 0836 fvevol - ok
14:55:14.0637 0836 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:55:14.0637 0836 gagp30kx - ok
14:55:14.0699 0836 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:55:14.0699 0836 GEARAspiWDM - ok
14:55:14.0777 0836 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:55:14.0793 0836 gpsvc - ok
14:55:14.0840 0836 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:55:14.0840 0836 hcw85cir - ok
14:55:14.0886 0836 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:55:14.0886 0836 HdAudAddService - ok
14:55:14.0902 0836 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:55:14.0918 0836 HDAudBus - ok
14:55:14.0964 0836 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:55:14.0980 0836 HidBatt - ok
14:55:15.0011 0836 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:55:15.0011 0836 HidBth - ok
14:55:15.0058 0836 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:55:15.0058 0836 HidIr - ok
14:55:15.0120 0836 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
14:55:15.0120 0836 hidserv - ok
14:55:15.0152 0836 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:55:15.0167 0836 HidUsb - ok
14:55:15.0183 0836 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:55:15.0183 0836 hkmsvc - ok
14:55:15.0245 0836 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:55:15.0261 0836 HomeGroupListener - ok
14:55:15.0308 0836 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:55:15.0323 0836 HomeGroupProvider - ok
14:55:15.0339 0836 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:55:15.0339 0836 HpSAMD - ok
14:55:15.0495 0836 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:55:15.0510 0836 HTTP - ok
14:55:15.0573 0836 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:55:15.0573 0836 hwpolicy - ok
14:55:15.0604 0836 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:55:15.0620 0836 i8042prt - ok
14:55:15.0651 0836 [ D469B77687E12FE43E344806740B624D ] iaStor          C:\Windows\system32\drivers\iaStor.sys
14:55:15.0651 0836 iaStor - ok
14:55:15.0729 0836 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:55:15.0729 0836 IAStorDataMgrSvc - ok
14:55:15.0760 0836 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:55:15.0760 0836 iaStorV - ok
14:55:15.0932 0836 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:55:15.0963 0836 idsvc - ok
14:55:15.0994 0836 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:55:15.0994 0836 iirsp - ok
14:55:16.0056 0836 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:55:16.0088 0836 IKEEXT - ok
14:55:16.0306 0836 [ 2CC2F7C5990BB76767038F4B16D17A56 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:55:16.0337 0836 IntcAzAudAddService - ok
14:55:16.0353 0836 [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:55:16.0353 0836 intelide - ok
14:55:16.0368 0836 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
14:55:16.0368 0836 intelppm - ok
14:55:16.0400 0836 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:55:16.0400 0836 IPBusEnum - ok
14:55:16.0478 0836 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:55:16.0478 0836 IpFilterDriver - ok
14:55:16.0556 0836 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:55:16.0571 0836 iphlpsvc - ok
14:55:16.0634 0836 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:55:16.0634 0836 IPMIDRV - ok
14:55:16.0649 0836 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:55:16.0649 0836 IPNAT - ok
14:55:16.0790 0836 [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:55:16.0805 0836 iPod Service - ok
14:55:16.0836 0836 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:55:16.0836 0836 IRENUM - ok
14:55:16.0899 0836 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:55:16.0914 0836 isapnp - ok
14:55:16.0946 0836 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:55:16.0946 0836 iScsiPrt - ok
14:55:17.0055 0836 [ F415A88162D23977B5EDAE4F0410E903 ] IviRegMgr       C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
14:55:17.0055 0836 IviRegMgr - ok
14:55:17.0117 0836 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:55:17.0117 0836 kbdclass - ok
14:55:17.0133 0836 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:55:17.0133 0836 kbdhid - ok
14:55:17.0164 0836 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:55:17.0164 0836 KeyIso - ok
14:55:17.0211 0836 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:55:17.0211 0836 KSecDD - ok
14:55:17.0242 0836 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:55:17.0242 0836 KSecPkg - ok
14:55:17.0351 0836 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:55:17.0351 0836 ksthunk - ok
14:55:17.0445 0836 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:55:17.0445 0836 KtmRm - ok
14:55:17.0585 0836 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:55:17.0585 0836 LanmanServer - ok
14:55:17.0663 0836 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:55:17.0663 0836 LanmanWorkstation - ok
14:55:17.0679 0836 [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:55:17.0694 0836 lltdio - ok
14:55:17.0772 0836 [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:55:17.0788 0836 lltdsvc - ok
14:55:17.0804 0836 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:55:17.0804 0836 lmhosts - ok
14:55:17.0928 0836 [ 1584DEEAE5AA0E3FB045F3D0EAC585EA ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:55:17.0944 0836 LMS - ok
14:55:17.0975 0836 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:55:17.0975 0836 LSI_FC - ok
14:55:18.0022 0836 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:55:18.0038 0836 LSI_SAS - ok
14:55:18.0100 0836 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:55:18.0100 0836 LSI_SAS2 - ok
14:55:18.0178 0836 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:55:18.0178 0836 LSI_SCSI - ok
14:55:18.0225 0836 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:55:18.0225 0836 luafv - ok
14:55:18.0287 0836 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
14:55:18.0287 0836 MBAMProtector - ok
14:55:18.0428 0836 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:55:18.0443 0836 MBAMScheduler - ok
14:55:18.0599 0836 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:55:18.0615 0836 MBAMService - ok
14:55:18.0662 0836 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:55:18.0677 0836 Mcx2Svc - ok
14:55:18.0771 0836 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:55:18.0786 0836 megasas - ok
14:55:18.0864 0836 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:55:18.0880 0836 MegaSR - ok
14:55:18.0911 0836 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\drivers\HECIx64.sys
14:55:18.0911 0836 MEIx64 - ok
14:55:18.0942 0836 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:55:18.0958 0836 MMCSS - ok
14:55:19.0005 0836 [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:55:19.0005 0836 Modem - ok
14:55:19.0083 0836 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:55:19.0083 0836 monitor - ok
14:55:19.0114 0836 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:55:19.0114 0836 mouclass - ok
14:55:19.0130 0836 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:55:19.0161 0836 mouhid - ok
14:55:19.0176 0836 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:55:19.0176 0836 mountmgr - ok
14:55:19.0317 0836 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:55:19.0332 0836 MozillaMaintenance - ok
14:55:19.0364 0836 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:55:19.0364 0836 mpio - ok
14:55:19.0395 0836 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:55:19.0395 0836 mpsdrv - ok
14:55:19.0473 0836 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:55:19.0473 0836 MpsSvc - ok
14:55:19.0504 0836 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:55:19.0504 0836 MRxDAV - ok
14:55:19.0582 0836 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:55:19.0582 0836 mrxsmb - ok
14:55:19.0691 0836 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:55:19.0707 0836 mrxsmb10 - ok
14:55:19.0738 0836 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:55:19.0738 0836 mrxsmb20 - ok
14:55:19.0769 0836 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:55:19.0769 0836 msahci - ok
14:55:19.0800 0836 [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:55:19.0800 0836 msdsm - ok
14:55:19.0847 0836 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:55:19.0847 0836 MSDTC - ok
14:55:19.0894 0836 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:55:19.0894 0836 Msfs - ok
14:55:19.0910 0836 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:55:19.0910 0836 mshidkmdf - ok
14:55:19.0941 0836 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:55:19.0941 0836 msisadrv - ok
14:55:19.0988 0836 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:55:19.0988 0836 MSiSCSI - ok
14:55:19.0988 0836 msiserver - ok
14:55:20.0019 0836 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:55:20.0019 0836 MSKSSRV - ok
14:55:20.0066 0836 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:55:20.0066 0836 MSPCLOCK - ok
14:55:20.0097 0836 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:55:20.0097 0836 MSPQM - ok
14:55:20.0128 0836 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:55:20.0144 0836 MsRPC - ok
14:55:20.0190 0836 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:55:20.0190 0836 mssmbios - ok
14:55:20.0222 0836 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:55:20.0222 0836 MSTEE - ok
14:55:20.0237 0836 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:55:20.0237 0836 MTConfig - ok
14:55:20.0268 0836 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:55:20.0268 0836 Mup - ok
14:55:20.0378 0836 [ 0CF5580F27918FFD2E165ECAFA734103 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
14:55:20.0378 0836 MyWiFiDHCPDNS - ok
14:55:20.0440 0836 [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:55:20.0440 0836 napagent - ok
14:55:20.0487 0836 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:55:20.0487 0836 NativeWifiP - ok
14:55:20.0580 0836 [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:55:20.0596 0836 NDIS - ok
14:55:20.0658 0836 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:55:20.0658 0836 NdisCap - ok
14:55:20.0690 0836 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:55:20.0690 0836 NdisTapi - ok
14:55:20.0705 0836 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:55:20.0705 0836 Ndisuio - ok
14:55:20.0752 0836 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:55:20.0752 0836 NdisWan - ok
14:55:20.0783 0836 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:55:20.0783 0836 NDProxy - ok
14:55:20.0799 0836 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:55:20.0799 0836 NetBIOS - ok
14:55:20.0814 0836 [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:55:20.0830 0836 NetBT - ok
14:55:20.0846 0836 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:55:20.0846 0836 Netlogon - ok
14:55:20.0908 0836 [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:55:20.0924 0836 Netman - ok
14:55:20.0955 0836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:55:21.0002 0836 NetMsmqActivator - ok
14:55:21.0017 0836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:55:21.0017 0836 NetPipeActivator - ok
14:55:21.0080 0836 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:55:21.0095 0836 netprofm - ok
14:55:21.0111 0836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:55:21.0126 0836 NetTcpActivator - ok
14:55:21.0126 0836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:55:21.0126 0836 NetTcpPortSharing - ok
14:55:21.0626 0836 [ B9C587BDAA61A689883439D5AE6FE7F3 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
14:55:21.0922 0836 NETwNs64 - ok
14:55:21.0984 0836 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:55:21.0984 0836 nfrd960 - ok
14:55:22.0062 0836 [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:55:22.0062 0836 NlaSvc - ok
14:55:22.0140 0836 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:55:22.0156 0836 Npfs - ok
14:55:22.0187 0836 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:55:22.0187 0836 nsi - ok
14:55:22.0484 0836 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:55:22.0484 0836 nsiproxy - ok
14:55:22.0998 0836 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:55:23.0061 0836 Ntfs - ok
14:55:23.0092 0836 [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:55:23.0092 0836 Null - ok
14:55:23.0139 0836 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub        C:\Windows\system32\drivers\nusb3hub.sys
14:55:23.0139 0836 nusb3hub - ok
14:55:23.0170 0836 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc        C:\Windows\system32\drivers\nusb3xhc.sys
14:55:23.0170 0836 nusb3xhc - ok
14:55:23.0248 0836 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
14:55:23.0248 0836 NVHDA - ok
14:55:24.0075 0836 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:55:24.0137 0836 nvlddmkm - ok
14:55:24.0168 0836 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:55:24.0184 0836 nvraid - ok
14:55:24.0200 0836 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:55:24.0215 0836 nvstor - ok
14:55:24.0309 0836 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] NVSvc           C:\Windows\system32\nvvsvc.exe
14:55:24.0324 0836 NVSvc - ok
14:55:24.0512 0836 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:55:24.0527 0836 nvUpdatusService - ok
14:55:24.0558 0836 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:55:24.0558 0836 nv_agp - ok
14:55:24.0636 0836 [ 1D2DB985CB27A4B238E418BD5B25E7F2 ] Oasis2Service   C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
14:55:24.0636 0836 Oasis2Service - ok
14:55:24.0699 0836 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:55:24.0714 0836 ohci1394 - ok
14:55:24.0777 0836 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:55:24.0792 0836 ose - ok
14:55:25.0198 0836 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:55:25.0323 0836 osppsvc - ok
14:55:25.0432 0836 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:55:25.0432 0836 p2pimsvc - ok
14:55:25.0510 0836 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:55:25.0510 0836 p2psvc - ok
14:55:25.0557 0836 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
14:55:25.0572 0836 Parport - ok
14:55:25.0619 0836 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:55:25.0619 0836 partmgr - ok
14:55:25.0806 0836 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:55:25.0806 0836 PcaSvc - ok
14:55:25.0916 0836 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:55:25.0931 0836 pci - ok
14:55:25.0947 0836 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:55:25.0962 0836 pciide - ok
14:55:25.0994 0836 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:55:25.0994 0836 pcmcia - ok
14:55:26.0103 0836 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:55:26.0103 0836 pcw - ok
14:55:26.0181 0836 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:55:26.0181 0836 PEAUTH - ok
14:55:26.0321 0836 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:55:26.0321 0836 PerfHost - ok
14:55:26.0446 0836 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:55:26.0477 0836 pla - ok
14:55:26.0742 0836 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:55:26.0758 0836 PlugPlay - ok
14:55:26.0914 0836 [ E9605A180001A6B5551112D91DE92CA1 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
14:55:27.0086 0836 PMBDeviceInfoProvider - ok
14:55:27.0148 0836 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:55:27.0148 0836 PNRPAutoReg - ok
14:55:27.0226 0836 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:55:27.0242 0836 PNRPsvc - ok
14:55:27.0351 0836 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:55:27.0366 0836 PolicyAgent - ok
14:55:27.0429 0836 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:55:27.0429 0836 Power - ok
14:55:27.0507 0836 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:55:27.0507 0836 PptpMiniport - ok
14:55:27.0569 0836 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
14:55:27.0569 0836 Processor - ok
14:55:27.0663 0836 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:55:27.0663 0836 ProfSvc - ok
14:55:27.0678 0836 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:55:27.0678 0836 ProtectedStorage - ok
14:55:27.0741 0836 [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:55:27.0741 0836 Psched - ok
14:55:27.0788 0836 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2       C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
14:55:27.0788 0836 PSI_SVC_2 - ok
14:55:28.0068 0836 [ A6BF0A9B5A30D743623CA0D3BE35DF05 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
14:55:28.0068 0836 PxHlpa64 - ok
14:55:28.0178 0836 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:55:28.0193 0836 ql2300 - ok
14:55:28.0271 0836 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:55:28.0271 0836 ql40xx - ok
14:55:28.0349 0836 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:55:28.0365 0836 QWAVE - ok
14:55:28.0427 0836 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:55:28.0427 0836 QWAVEdrv - ok
14:55:28.0474 0836 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:55:28.0474 0836 RasAcd - ok
14:55:28.0505 0836 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:55:28.0505 0836 RasAgileVpn - ok
14:55:28.0599 0836 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:55:28.0614 0836 RasAuto - ok
14:55:28.0677 0836 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:55:28.0677 0836 Rasl2tp - ok
14:55:28.0724 0836 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:55:28.0739 0836 RasMan - ok
14:55:28.0770 0836 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:55:28.0770 0836 RasPppoe - ok
14:55:28.0817 0836 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:55:28.0817 0836 RasSstp - ok
14:55:28.0848 0836 [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:55:28.0848 0836 rdbss - ok
14:55:28.0880 0836 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
14:55:28.0880 0836 rdpbus - ok
14:55:28.0958 0836 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:55:28.0973 0836 RDPCDD - ok
14:55:28.0989 0836 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:55:28.0989 0836 RDPENCDD - ok
14:55:29.0020 0836 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:55:29.0020 0836 RDPREFMP - ok
14:55:29.0176 0836 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:55:29.0176 0836 RdpVideoMiniport - ok
14:55:29.0285 0836 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:55:29.0285 0836 RDPWD - ok
14:55:29.0379 0836 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:55:29.0394 0836 rdyboost - ok
14:55:29.0441 0836 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi            C:\Windows\system32\drivers\regi.sys
14:55:29.0441 0836 regi - ok
14:55:29.0550 0836 [ AA9FD849C028CCB441A78061B57DB734 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:55:29.0566 0836 RegSrvc - ok
14:55:29.0738 0836 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:55:29.0753 0836 RemoteAccess - ok
14:55:29.0800 0836 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:55:29.0800 0836 RemoteRegistry - ok
14:55:29.0862 0836 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:55:29.0862 0836 RFCOMM - ok
14:55:29.0894 0836 [ FF71ECB1B121C6273EC4C45EDDBC4FE4 ] rimspci         C:\Windows\system32\drivers\rimssne64.sys
14:55:29.0909 0836 rimspci - ok
14:55:29.0972 0836 [ E33075C22C14C57095F037253F936BB8 ] risdsnpe        C:\Windows\system32\drivers\risdsnxc64.sys
14:55:29.0987 0836 risdsnpe - ok
14:55:30.0034 0836 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:55:30.0034 0836 RpcEptMapper - ok
14:55:30.0065 0836 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:55:30.0081 0836 RpcLocator - ok
14:55:30.0128 0836 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:55:30.0143 0836 RpcSs - ok
14:55:30.0190 0836 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:55:30.0190 0836 rspndr - ok
14:55:30.0315 0836 [ 4FE1CEF69D36E913738234303986FBB3 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
14:55:30.0315 0836 RTL8167 - ok
14:55:30.0346 0836 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:55:30.0346 0836 SamSs - ok
14:55:30.0424 0836 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:55:30.0440 0836 sbp2port - ok
14:55:30.0518 0836 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:55:30.0533 0836 SCardSvr - ok
14:55:30.0564 0836 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:55:30.0564 0836 scfilter - ok
14:55:30.0689 0836 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:55:30.0705 0836 Schedule - ok
14:55:30.0752 0836 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:55:30.0752 0836 SCPolicySvc - ok
14:55:30.0798 0836 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
14:55:30.0814 0836 sdbus - ok
14:55:30.0845 0836 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:55:30.0845 0836 SDRSVC - ok
14:55:30.0892 0836 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:55:30.0892 0836 secdrv - ok
14:55:30.0908 0836 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:55:30.0908 0836 seclogon - ok
14:55:30.0923 0836 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
14:55:30.0923 0836 SENS - ok
14:55:30.0970 0836 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:55:30.0970 0836 SensrSvc - ok
14:55:31.0048 0836 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:55:31.0048 0836 Serenum - ok
14:55:31.0079 0836 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
14:55:31.0079 0836 Serial - ok
14:55:31.0110 0836 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:55:31.0110 0836 sermouse - ok
14:55:31.0157 0836 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:55:31.0157 0836 SessionEnv - ok
14:55:31.0188 0836 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP            C:\Windows\system32\drivers\SFEP.sys
14:55:31.0188 0836 SFEP - ok
14:55:31.0220 0836 [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:55:31.0220 0836 sffdisk - ok
14:55:31.0266 0836 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:55:31.0266 0836 sffp_mmc - ok
14:55:31.0298 0836 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:55:31.0313 0836 sffp_sd - ok
14:55:31.0422 0836 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:55:31.0422 0836 sfloppy - ok
14:55:31.0516 0836 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:55:31.0516 0836 SharedAccess - ok
14:55:31.0578 0836 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:55:31.0578 0836 ShellHWDetection - ok
14:55:31.0656 0836 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:55:31.0656 0836 SiSRaid2 - ok
14:55:31.0688 0836 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:55:31.0688 0836 SiSRaid4 - ok
14:55:31.0812 0836 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:55:31.0828 0836 SkypeUpdate - ok
14:55:31.0875 0836 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:55:31.0875 0836 Smb - ok
14:55:31.0922 0836 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:55:31.0922 0836 SNMPTRAP - ok
14:55:31.0968 0836 [ DDF2EC98AF6FC70608A4F9CE4DB52758 ] SOHCImp         C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
14:55:31.0968 0836 SOHCImp - ok
14:55:31.0984 0836 [ 5FA03F5EA6EFEF6D17B4A1A48C40A23C ] SOHDs           C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
14:55:31.0984 0836 SOHDs - ok
14:55:32.0093 0836 [ 65E5659E9C2A0762D05657C0E22A7CA2 ] SpfService      C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
14:55:32.0093 0836 SpfService - ok
14:55:32.0140 0836 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:55:32.0140 0836 spldr - ok
14:55:32.0296 0836 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
14:55:32.0358 0836 Spooler - ok
14:55:32.0655 0836 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:55:32.0717 0836 sppsvc - ok
14:55:32.0748 0836 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:55:32.0795 0836 sppuinotify - ok
14:55:32.0858 0836 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:55:32.0873 0836 srv - ok
14:55:32.0889 0836 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:55:32.0904 0836 srv2 - ok
14:55:32.0920 0836 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:55:32.0920 0836 srvnet - ok
14:55:32.0967 0836 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:55:32.0967 0836 SSDPSRV - ok
14:55:33.0045 0836 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:55:33.0045 0836 SstpSvc - ok
14:55:33.0076 0836 [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
14:55:33.0092 0836 ssudmdm - ok
14:55:33.0216 0836 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:55:33.0216 0836 Stereo Service - ok
14:55:33.0248 0836 [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:55:33.0248 0836 stexstor - ok
14:55:33.0326 0836 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:55:33.0341 0836 stisvc - ok
14:55:33.0372 0836 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:55:33.0372 0836 swenum - ok
14:55:33.0404 0836 [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:55:33.0419 0836 swprv - ok
14:55:33.0544 0836 [ B0C7D4DCF4800DF2F2145B500D0161E8 ] SynTP           C:\Windows\system32\drivers\SynTP.sys
14:55:33.0560 0836 SynTP - ok
14:55:33.0669 0836 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:55:33.0684 0836 SysMain - ok
14:55:33.0731 0836 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:55:33.0747 0836 TabletInputService - ok
14:55:33.0794 0836 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:55:33.0794 0836 TapiSrv - ok
14:55:33.0825 0836 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:55:33.0825 0836 TBS - ok
14:55:34.0028 0836 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:55:34.0059 0836 Tcpip - ok
14:55:34.0168 0836 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:55:34.0184 0836 TCPIP6 - ok
14:55:34.0215 0836 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:55:34.0215 0836 tcpipreg - ok
14:55:34.0262 0836 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:55:34.0262 0836 TDPIPE - ok
14:55:34.0293 0836 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:55:34.0308 0836 TDTCP - ok
14:55:34.0324 0836 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:55:34.0324 0836 tdx - ok
14:55:34.0371 0836 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:55:34.0371 0836 TermDD - ok
14:55:34.0480 0836 [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:55:34.0496 0836 TermService - ok
14:55:34.0527 0836 [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:55:34.0527 0836 Themes - ok
14:55:34.0558 0836 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:55:34.0558 0836 THREADORDER - ok
14:55:34.0605 0836 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:55:34.0605 0836 TrkWks - ok
14:55:34.0698 0836 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:55:34.0698 0836 TrustedInstaller - ok
14:55:34.0745 0836 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:55:34.0745 0836 tssecsrv - ok
14:55:34.0761 0836 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:55:34.0776 0836 TsUsbFlt - ok
14:55:34.0823 0836 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:55:34.0839 0836 TsUsbGD - ok
14:55:34.0870 0836 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:55:34.0870 0836 tunnel - ok
14:55:34.0901 0836 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:55:34.0901 0836 uagp35 - ok
14:55:34.0932 0836 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:55:34.0932 0836 udfs - ok
14:55:34.0964 0836 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:55:34.0979 0836 UI0Detect - ok
14:55:34.0995 0836 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:55:34.0995 0836 uliagpkx - ok
14:55:35.0026 0836 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:55:35.0026 0836 umbus - ok
14:55:35.0057 0836 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:55:35.0057 0836 UmPass - ok
14:55:35.0291 0836 [ FC43877B4625F6EB773C98233EB625C5 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:55:35.0369 0836 UNS - ok
14:55:35.0447 0836 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:55:35.0447 0836 upnphost - ok
14:55:35.0478 0836 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
14:55:35.0478 0836 USBAAPL64 - ok
14:55:35.0556 0836 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:55:35.0556 0836 usbccgp - ok
14:55:35.0588 0836 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:55:35.0588 0836 usbcir - ok
14:55:35.0619 0836 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:55:35.0619 0836 usbehci - ok
14:55:35.0666 0836 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:55:35.0666 0836 usbhub - ok
14:55:35.0697 0836 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:55:35.0697 0836 usbohci - ok
14:55:35.0728 0836 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
14:55:35.0728 0836 usbprint - ok
14:55:35.0759 0836 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:55:35.0759 0836 USBSTOR - ok
14:55:35.0806 0836 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:55:35.0806 0836 usbuhci - ok
14:55:35.0868 0836 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
14:55:35.0868 0836 usbvideo - ok
14:55:36.0009 0836 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:55:36.0009 0836 UxSms - ok
14:55:36.0102 0836 [ DCB1F83AD167D16D263CE57C94E9EEDF ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
14:55:36.0118 0836 VAIO Event Service - ok
14:55:36.0305 0836 [ EF7CF87F940F9104A3079F839BDC60C5 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
14:55:36.0305 0836 VAIO Power Management - ok
14:55:36.0321 0836 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:55:36.0336 0836 VaultSvc - ok
14:55:36.0430 0836 [ D00058C1FFF3F3DE990444A5734E9639 ] VCFw            C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
14:55:36.0461 0836 VCFw - ok
14:55:36.0539 0836 [ 4B7ED2D6F738219068361BB14D19CBDE ] VcmIAlzMgr      C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
14:55:36.0555 0836 VcmIAlzMgr - ok
14:55:36.0617 0836 [ 2F06D134554BA84FE253DBC481DCFE6D ] VcmINSMgr       C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
14:55:36.0617 0836 VcmINSMgr - ok
14:55:36.0664 0836 [ 32A3735F6874B7783C6209ED5CA36D9D ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
14:55:36.0680 0836 VcmXmlIfHelper - ok
14:55:37.0085 0836 [ D347D3ABE070AA09C22FC37121555D52 ] VCService       C:\Program Files\Sony\VAIO Care\VCService.exe
14:55:37.0085 0836 VCService - ok
14:55:37.0132 0836 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:55:37.0132 0836 vdrvroot - ok
14:55:37.0226 0836 [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:55:37.0272 0836 vds - ok
14:55:37.0413 0836 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:55:37.0428 0836 vga - ok
14:55:37.0460 0836 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:55:37.0460 0836 VgaSave - ok
14:55:37.0553 0836 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:55:37.0569 0836 vhdmp - ok
14:55:37.0600 0836 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:55:37.0600 0836 viaide - ok
14:55:37.0631 0836 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:55:37.0631 0836 volmgr - ok
14:55:37.0787 0836 [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:55:37.0803 0836 volmgrx - ok
14:55:37.0850 0836 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:55:37.0850 0836 volsnap - ok
14:55:37.0943 0836 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:55:37.0959 0836 vsmraid - ok
14:55:38.0084 0836 [ 0ED394BFBA3EB4740F063E0BA5EC7104 ] VSNService      C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
14:55:38.0130 0836 VSNService - ok
14:55:38.0552 0836 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:55:38.0598 0836 VSS - ok
14:55:38.0817 0836 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
14:55:38.0832 0836 vToolbarUpdater13.2.0 - ok
14:55:38.0864 0836 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:55:38.0864 0836 vwifibus - ok
14:55:38.0895 0836 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:55:38.0895 0836 vwififlt - ok
14:55:38.0910 0836 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:55:38.0910 0836 vwifimp - ok
14:55:38.0957 0836 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:55:38.0957 0836 W32Time - ok
14:55:39.0020 0836 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:55:39.0020 0836 WacomPen - ok
14:55:39.0066 0836 [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:55:39.0066 0836 WANARP - ok
14:55:39.0066 0836 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:55:39.0066 0836 Wanarpv6 - ok
14:55:39.0269 0836 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:55:39.0316 0836 WatAdminSvc - ok
14:55:39.0410 0836 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:55:39.0441 0836 wbengine - ok
14:55:39.0503 0836 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:55:39.0519 0836 WbioSrvc - ok
14:55:39.0862 0836 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:55:39.0878 0836 wcncsvc - ok
14:55:39.0909 0836 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:55:39.0909 0836 WcsPlugInService - ok
14:55:39.0971 0836 [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
14:55:39.0971 0836 Wd - ok
14:55:40.0065 0836 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:55:40.0080 0836 Wdf01000 - ok
14:55:40.0096 0836 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:55:40.0096 0836 WdiServiceHost - ok
14:55:40.0112 0836 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:55:40.0112 0836 WdiSystemHost - ok
14:55:40.0158 0836 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:55:40.0174 0836 WebClient - ok
14:55:40.0283 0836 [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:55:40.0299 0836 Wecsvc - ok
14:55:40.0346 0836 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:55:40.0361 0836 wercplsupport - ok
14:55:40.0408 0836 [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:55:40.0408 0836 WerSvc - ok
14:55:40.0455 0836 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:55:40.0455 0836 WfpLwf - ok
14:55:40.0580 0836 [ 64DE79BF805724F0606FE7B3B2F13784 ] WiMAXAppSrv     C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
14:55:40.0595 0836 WiMAXAppSrv - ok
14:55:40.0658 0836 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:55:40.0658 0836 WIMMount - ok
14:55:40.0704 0836 WinDefend - ok
14:55:40.0736 0836 WinHttpAutoProxySvc - ok
14:55:40.0845 0836 [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:55:40.0845 0836 Winmgmt - ok
14:55:41.0001 0836 [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM           C:\Windows\system32\WsmSvc.dll
14:55:41.0063 0836 WinRM - ok
14:55:41.0375 0836 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:55:41.0391 0836 WinUsb - ok
14:55:41.0438 0836 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:55:41.0438 0836 Wlansvc - ok
14:55:41.0500 0836 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:55:41.0500 0836 wlcrasvc - ok
14:55:41.0859 0836 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:55:41.0921 0836 wlidsvc - ok
14:55:41.0968 0836 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:55:41.0968 0836 WmiAcpi - ok
14:55:42.0015 0836 [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:55:42.0015 0836 wmiApSrv - ok
14:55:42.0077 0836 WMPNetworkSvc - ok
14:55:42.0124 0836 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:55:42.0124 0836 WPCSvc - ok
14:55:42.0171 0836 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:55:42.0186 0836 WPDBusEnum - ok
14:55:42.0233 0836 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:55:42.0233 0836 ws2ifsl - ok
14:55:42.0280 0836 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
14:55:42.0280 0836 wscsvc - ok
14:55:42.0296 0836 WSearch - ok
14:55:42.0576 0836 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:55:42.0873 0836 wuauserv - ok
14:55:43.0013 0836 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:55:43.0013 0836 WudfPf - ok
14:55:43.0060 0836 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:55:43.0060 0836 WUDFRd - ok
14:55:43.0107 0836 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:55:43.0107 0836 wudfsvc - ok
14:55:43.0154 0836 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:55:43.0154 0836 WwanSvc - ok
14:55:43.0200 0836 ================ Scan global ===============================
14:55:43.0263 0836 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:55:43.0356 0836 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:55:43.0372 0836 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:55:43.0481 0836 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:55:43.0528 0836 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:55:43.0544 0836 [Global] - ok
14:55:43.0544 0836 ================ Scan MBR ==================================
14:55:43.0575 0836 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:55:43.0575 0836 Suspicious mbr (Forged): \Device\Harddisk0\DR0
14:55:43.0653 0836 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:55:43.0653 0836 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:55:43.0653 0836 ================ Scan VBR ==================================
14:55:43.0653 0836 [ CC71453685173589AFF7384AC5582E22 ] \Device\Harddisk0\DR0\Partition1
14:55:43.0668 0836 \Device\Harddisk0\DR0\Partition1 - ok
14:55:43.0746 0836 [ 0F627EDBF10E84761C6A7DEADC8F856A ] \Device\Harddisk0\DR0\Partition2
14:55:43.0746 0836 \Device\Harddisk0\DR0\Partition2 - ok
14:55:43.0746 0836 ============================================================
14:55:43.0746 0836 Scan finished
14:55:43.0746 0836 ============================================================
14:55:43.0762 0800 Detected object count: 2
14:55:43.0762 0800 Actual detected object count: 2
14:55:50.0454 0800 18361117 ( ForgedFile.Multi.Generic ) - skipped by user
14:55:50.0454 0800 18361117 ( ForgedFile.Multi.Generic ) - User select action: Skip
14:55:52.0014 0800 \Device\Harddisk0\DR0\# - copied to quarantine
14:55:52.0014 0800 \Device\Harddisk0\DR0 - copied to quarantine
14:55:52.0077 0800 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:55:52.0077 0800 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:55:52.0077 0800 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:55:52.0077 0800 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:55:52.0077 0800 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:55:52.0092 0800 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:55:52.0092 0800 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:55:52.0092 0800 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:55:52.0092 0800 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:55:52.0092 0800 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:55:52.0092 0800 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:55:52.0092 0800 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
14:55:52.0170 0800 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
14:55:52.0186 0800 \Device\Harddisk0\DR0 - ok
14:55:52.0311 0800 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
14:55:55.0899 3480 Deinitialize success

About to run avast now the file name for this is dated today but the log says feb 11 didnt know if that made a difference

#13 spgrimm21

New Member

Members
12 posts

Posted 24 February 2013 - 05:03 PM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-24 15:07:20
-----------------------------
15:07:20.994    OS Version: Windows x64 6.1.7601 Service Pack 1
15:07:20.994    Number of processors: 8 586 0x2A07
15:07:20.994    ComputerName: LINDSAY-VAIO UserName: Lindsay
15:07:23.958    Initialize success
15:09:18.946    AVAST engine defs: 13022400
15:09:31.192    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:09:31.192    Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
15:09:31.239    Disk 0 MBR read successfully
15:09:31.239    Disk 0 MBR scan
15:09:31.239    Disk 0 Windows 7 default MBR code
15:09:31.255    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        11881 MB offset 2048
15:09:31.286    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 24334336
15:09:31.301    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       703421 MB offset 24539136
15:09:31.348    Disk 0 scanning C:\Windows\system32\drivers
15:09:43.563    Service scanning
15:10:32.157    Modules scanning
15:10:32.173    Disk 0 trace - called modules:
15:10:32.204    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
15:10:32.204    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a6a790]
15:10:32.220    3 CLASSPNP.SYS[fffff88001b0a43f] -> nt!IofCallDriver -> [0xfffffa800757a630]
15:10:32.220    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800784a050]
15:10:34.123    AVAST engine scan C:\Windows
15:10:38.304    AVAST engine scan C:\Windows\system32
15:15:29.503    AVAST engine scan C:\Windows\system32\drivers
15:15:44.572    AVAST engine scan C:\Users\Lindsay
15:42:56.235    AVAST engine scan C:\ProgramData
15:49:32.694    Scan finished successfully
16:57:15.348    Disk 0 MBR has been saved successfully to "C:\Users\Lindsay\Desktop\MBR.dat"
16:57:15.348    The log file has been saved successfully to "C:\Users\Lindsay\Desktop\aswMBR.txt"

MBR.zip   565bytes   0 downloads

#14 nasdaq

Forum Addict

Malware Response Team
10,944 posts

Gender:Male
Location:Montreal, QC. Canada

Posted 25 February 2013 - 08:53 AM

Your time is correct, the tool was issued on Feb 11 2013

14:54:53.0061 2604 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

14:54:53.0357 2604 ============================================================

14:54:53.0357 2604 Current date / time: 2013/02/24 14:54:53.0357

That was a good clean-up.

Please run ComboFix one more time and post a fresh log.

You may be prompted to update the tool, please do.

Let me know if the problem persists.

#15 spgrimm21

New Member

Members
12 posts

Posted 25 February 2013 - 08:15 PM

ComboFix 13-02-24.01 - Lindsay 02/25/2013 19:57:34.10.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8173.5704 [GMT -5:00]
Running from: c:\users\Lindsay\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lindsay\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll
c:\windows\svchost.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-26 to 2013-02-26 )))))))))))))))))))))))))))))))
.
.
2013-02-26 01:03 . 2013-02-26 01:03   --------   d-----w-   c:\users\UpdatusUser\AppData\Local\temp
2013-02-26 01:03 . 2013-02-26 01:03   --------   d-----w-   c:\users\Public\AppData\Local\temp
2013-02-26 01:03 . 2013-02-26 01:03   --------   d-----w-   c:\users\Mcx1-LINDSAY-VAIO\AppData\Local\temp
2013-02-26 01:03 . 2013-02-26 01:03   --------   d-----w-   c:\users\Mcx1-LINDSAY-VAIO.Lindsay-VAIO\AppData\Local\temp
2013-02-26 01:03 . 2013-02-26 01:03   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-02-24 19:45 . 2013-02-24 19:55   --------   d-----w-   C:\TDSSKiller_Quarantine
2013-02-19 21:44 . 2013-02-19 21:44   --------   d-----w-   c:\program files (x86)\Common Files\Java
2013-02-19 21:43 . 2013-02-19 21:43   95648   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-18 20:34 . 2013-02-18 20:34   121   ----a-w-   c:\windows\DeleteOnReboot.bat
2013-02-18 16:32 . 2013-01-09 01:10   996352   ----a-w-   c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-18 16:32 . 2013-01-08 22:01   768000   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-18 15:56 . 2013-01-04 03:26   3153408   ----a-w-   c:\windows\system32\win32k.sys
2013-02-18 15:55 . 2013-01-04 05:46   215040   ----a-w-   c:\windows\system32\winsrv.dll
2013-02-18 15:55 . 2013-01-04 04:51   5120   ----a-w-   c:\windows\SysWow64\wow32.dll
2013-02-18 15:55 . 2013-01-04 02:47   25600   ----a-w-   c:\windows\SysWow64\setup16.exe
2013-02-18 15:55 . 2013-01-04 02:47   7680   ----a-w-   c:\windows\SysWow64\instnm.exe
2013-02-18 15:55 . 2013-01-04 02:47   2048   ----a-w-   c:\windows\SysWow64\user.exe
2013-02-18 15:55 . 2013-01-04 02:47   14336   ----a-w-   c:\windows\SysWow64\ntvdm64.dll
2013-02-18 15:55 . 2013-01-03 06:00   1913192   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-02-18 00:28 . 2013-01-05 05:53   5553512   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-02-18 00:28 . 2013-01-05 05:00   3967848   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2013-02-18 00:28 . 2013-01-05 05:00   3913064   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2013-02-18 00:27 . 2013-01-03 06:00   288088   ----a-w-   c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-01 23:43 . 2012-11-09 04:43   492032   ----a-w-   c:\windows\SysWow64\win32spl.dll
2013-02-01 23:43 . 2012-11-01 05:43   2002432   ----a-w-   c:\windows\system32\msxml6.dll
2013-02-01 23:43 . 2012-11-01 05:43   1882624   ----a-w-   c:\windows\system32\msxml3.dll
2013-02-01 23:43 . 2012-11-01 04:47   1389568   ----a-w-   c:\windows\SysWow64\msxml6.dll
2013-02-01 23:43 . 2012-11-01 04:47   1236992   ----a-w-   c:\windows\SysWow64\msxml3.dll
2013-02-01 23:43 . 2012-11-20 04:51   220160   ----a-w-   c:\windows\SysWow64\ncrypt.dll
2013-02-01 23:43 . 2012-11-22 05:44   800768   ----a-w-   c:\windows\system32\usp10.dll
2013-02-01 23:43 . 2012-11-22 04:45   626688   ----a-w-   c:\windows\SysWow64\usp10.dll
2013-02-01 23:41 . 2012-11-30 05:41   424448   ----a-w-   c:\windows\system32\KernelBase.dll
2013-02-01 23:32 . 2013-02-01 23:32   --------   d-----w-   c:\users\Default\AppData\Roaming\TuneUp Software
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-19 21:47 . 2012-04-17 02:38   691568   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-19 21:47 . 2011-09-04 15:21   71024   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-19 21:43 . 2012-07-26 03:54   861088   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2013-02-19 21:43 . 2011-05-03 08:33   782240   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2013-02-18 16:39 . 2011-07-26 18:28   70004024   ----a-w-   c:\windows\system32\MRT.exe
2013-01-04 04:43 . 2013-02-18 15:55   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-24 03:27   46080   ----a-w-   c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-24 03:27   367616   ----a-w-   c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-24 03:27   295424   ----a-w-   c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-24 03:27   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
2012-12-14 21:49 . 2011-11-13 21:47   24176   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-12-10 08:28 . 2012-12-10 08:28   127328   ----a-w-   c:\windows\system32\drivers\avgidsdrivera.sys
2012-12-07 12:26 . 2013-01-19 20:04   308736   ----a-w-   c:\windows\SysWow64\Wpc.dll
2012-11-30 05:45 . 2013-01-19 19:59   362496   ----a-w-   c:\windows\system32\wow64win.dll
2012-11-30 05:43 . 2013-01-12 20:43   16384   ----a-w-   c:\windows\system32\ntvdm64.dll
2012-11-30 02:38 . 2013-01-12 20:43   6144   ---ha-w-   c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-07 960440]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-07 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-01-25 2127896]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-12-5 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-24 1219360]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 11725186;11725186; [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-19 546608]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-26 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2012-01-21 52856]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-11-08 307040]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-10 30568]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-02 5174392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-01-25 166408]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-02-27 499200]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-02-15 47104]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2011-03-01 102400]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsnxc64.sys [2011-03-01 98816]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-03-07 2656280]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-02-15 550080]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-10 711112]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-02-27 885248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-12-10 127328]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-02-17 75264]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-02-17 174080]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-02-17 81920]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-04-01 436776]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-04-01 39976]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-07 413800]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 21:47]
.
2013-02-24 c:\windows\Tasks\One-Click Tweak.job
- c:\program files (x86)\Advanced PC Tweaker\OneClick.exe [2011-11-13 16:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCUDelayStartup.exe" [2011-03-02 718336]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
FF - ProfilePath - c:\users\Lindsay\AppData\Roaming\Mozilla\Firefox\Profiles\il5ygold.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
SafeBoot-18361117.sys
SafeBoot-93219568.sys
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:8e,7c,f0,b8,f6,51,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\01\16\13(*\05"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Completion time: 2013-02-25 20:10:12 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-26 01:10
ComboFix2.txt 2013-02-18 16:24
.
Pre-Run: 494,347,079,680 bytes free
Post-Run: 494,528,827,392 bytes free
.
- - End Of File - - C63CD4051BB6BCE7F3B7371614473614