Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dropper.Generic7.BLPW infection, help!


  • This topic is locked This topic is locked
32 replies to this topic

#1 traintracks81

traintracks81

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 16 February 2013 - 10:26 PM

I was trying to clean up a neighbors computer and this infection jumped to my flash drive. I now have it and it won't let me run anything (HijackThis, DDS, etc.) I will restart into SafeMode to see if I can get the initial logs for you.



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:20 AM

Posted 16 February 2013 - 10:37 PM

Greetings traintracks81 and welcome.gif to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. thumbup2.gif

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. smile.png
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the StartNewTopic.gif button but use the AddReply.gif button instead.
  • In the upper right hand corner of the topic you will see the WatchTopic.gif button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started thumbup2.gif
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Please tell me what operating system you are running.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 traintracks81

traintracks81
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 16 February 2013 - 10:48 PM

Windows 7 Pro 64-bit.

 

Here is my DDS file:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.13.2
Run by Brian at 21:35:17 on 2013-02-16
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16336.14720 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\userinit.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sftwred.info/redirect.cgi
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - 
BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension: {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [56dc] C:\Users\Brian\AppData\Roaming\40c\56dc.js
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
mRun: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [1] C:\Users\Brian\Downloads\mbam-chameleon-1.62.1.1000\mbam-chameleon.exe /r /p
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - 
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 208.67.220.220 68.94.156.1 68.64.157.1
TCP: Interfaces\{6231DCA7-DD16-4C69-BADF-6C355BC14B4E} : DHCPNameServer = 208.67.220.220 68.94.156.1 68.64.157.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\ph69jmhd.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.startup.homepage - hxxp://sftwred.info/redirect.cgi
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-27 16152]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2011-5-23 48992]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-9 39768]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-27 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-27 788760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-1 677480]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-12-5 2321560]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CrossLoopService;CrossLoop Service;C:\Users\Brian\AppData\Local\CrossLoop\CrossLoopService.exe [2012-6-9 569072]
S2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2012-7-18 310232]
S2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-20 165760]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-4-22 474168]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-18 1153368]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-20 364416]
S2 vToolbarUpdater14.1.7;vToolbarUpdater14.1.7;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe [2013-2-10 965296]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-2-12 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-2-12 9800]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 PS3 Media Server;PS3 Media Server;C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [2011-5-17 366872]
S3 PSSDK42;PSSDK42;C:\Windows\System32\drivers\pssdk42.sys [2012-9-8 53312]
S3 PSSDKLBF;PSSDKLBF;C:\Windows\System32\drivers\pssdklbf.sys [2012-9-8 65600]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-11-20 15712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tvnserver;TightVNC Server;C:\Users\Brian\AppData\Local\CrossLoop\tvnserver.exe [2012-6-9 814080]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-18 1255736]
.
=============== Created Last 30 ================
.
2013-02-17 03:04:37    388096    ----a-r-    C:\Users\Brian\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-17 03:04:37    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-02-17 02:57:53    972264    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{59EE024A-CE19-4E69-8BBC-C12481B00DFD}\gapaengine.dll
2013-02-17 02:57:50    9161176    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE490EE2-5E77-4D9D-AA54-B298D1051B2E}\mpengine.dll
2013-02-17 02:51:51    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2013-02-17 02:51:48    --------    d-----w-    C:\Program Files\Microsoft Security Client
2013-02-17 02:12:33    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2013-02-17 02:01:04    --------    d-sh--w-    C:\Users\Brian\AppData\Roaming\40c
2013-02-17 02:01:04    --------    d-sh--w-    C:\4192
2013-02-14 18:31:31    --------    d-----w-    C:\Users\Brian\AppData\Local\ezvid,_inc
2013-02-14 18:29:49    --------    d-----w-    C:\Program Files (x86)\File Shredder
2013-02-14 17:21:21    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-14 17:20:21    --------    d-----w-    C:\Users\Brian\AppData\Roaming\Flip Video
2013-02-14 17:20:07    --------    d-----w-    C:\ProgramData\Flip Video
2013-02-14 17:20:06    --------    d-----w-    C:\Program Files (x86)\Flip Video
2013-02-14 05:07:53    996352    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 05:07:53    768000    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 01:00:35    5553512    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-02-14 01:00:35    3967848    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-14 01:00:35    3913064    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-02-14 01:00:33    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-02-14 01:00:32    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-02-14 01:00:32    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-02-14 01:00:32    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-02-14 01:00:32    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-02-14 01:00:32    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-02-14 01:00:32    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-02-14 01:00:31    288088    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-14 01:00:31    1913192    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-02-14 00:54:54    --------    d-----w-    C:\GoogleChromePortable
2013-02-13 20:22:28    --------    d-----w-    C:\Program Files (x86)\ISO to USB
2013-02-13 05:03:47    --------    d-----w-    C:\Users\Brian\AppData\Roaming\Mael
2013-02-12 20:58:05    9800    ----a-w-    C:\Windows\System32\EuGdiDrv.sys
2013-02-12 20:58:05    9160    ----a-w-    C:\Windows\SysWow64\EuGdiDrv.sys
2013-02-12 20:58:05    87112    ----a-w-    C:\Windows\SysWow64\setupempdrv03.exe
2013-02-12 20:58:05    3376640    ----a-w-    C:\Windows\System32\BootMan.exe
2013-02-12 20:58:05    3316736    ----a-w-    C:\Windows\System32\¸´¼þ BootMan.exe
2013-02-12 20:58:05    2468520    ----a-w-    C:\Windows\SysWow64\BootMan.exe
2013-02-12 20:58:05    19840    ----a-w-    C:\Windows\SysWow64\EuEpmGdi.dll
2013-02-12 20:58:05    17480    ----a-w-    C:\Windows\System32\epmntdrv.sys
2013-02-12 20:58:05    16256    ----a-w-    C:\Windows\System32\EuEpmGdi.dll
2013-02-12 20:58:05    14920    ----a-w-    C:\Windows\SysWow64\epmntdrv.sys
2013-02-12 20:58:05    100936    ----a-w-    C:\Windows\System32\setupempdrvx64.exe
2013-02-12 18:25:57    5425496    ----a-w-    C:\Windows\System32\D3DX9_41.dll
2013-02-12 18:25:57    4178264    ----a-w-    C:\Windows\SysWow64\D3DX9_41.dll
2013-02-12 18:25:38    --------    d-----w-    C:\Program Files (x86)\Microsoft Mathematics Add-in
2013-01-23 04:45:44    --------    d-----w-    C:\Users\Brian\AppData\Local\Programs
2013-01-22 02:03:28    --------    d-----w-    C:\ProgramData\Garmin
2013-01-21 21:44:54    --------    d-----w-    C:\Program Files (x86)\Garmin GPS Plugin
2013-01-21 21:44:53    --------    d-----w-    C:\Program Files\Garmin GPS Plugin
2013-01-21 21:44:45    --------    d-----w-    C:\Program Files (x86)\Garmin
2013-01-21 21:44:38    --------    d-----w-    C:\Users\Brian\AppData\Roaming\Garmin
2013-01-19 17:42:25    --------    d-----w-    C:\Program Files (x86)\AMD AVT
2013-01-19 17:42:19    --------    d-----w-    C:\Program Files (x86)\AMD APP
.
==================== Find3M  ====================
.
2013-02-14 17:21:18    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-02-14 17:21:18    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-02-14 15:30:50    15712    ----a-w-    C:\Windows\System32\drivers\SWDUMon.sys
2013-02-10 23:29:45    39768    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-02-09 23:15:17    74096    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-09 23:15:17    697712    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-30 10:53:22    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-01-09 01:19:09    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-01-09 01:11:06    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2012-12-19 21:45:12    222720    ----a-w-    C:\Windows\System32\clinfo.exe
2012-12-19 21:44:48    76288    ----a-w-    C:\Windows\System32\OpenVideo64.dll
2012-12-19 21:44:42    65536    ----a-w-    C:\Windows\SysWow64\OpenVideo.dll
2012-12-19 21:44:36    64000    ----a-w-    C:\Windows\System32\OVDecode64.dll
2012-12-19 21:44:32    56320    ----a-w-    C:\Windows\SysWow64\OVDecode.dll
2012-12-19 21:44:20    34518016    ----a-w-    C:\Windows\System32\amdocl64.dll
2012-12-19 21:38:48    28732928    ----a-w-    C:\Windows\SysWow64\amdocl.dll
2012-12-19 21:34:40    54784    ----a-w-    C:\Windows\System32\OpenCL.dll
2012-12-19 21:34:38    50176    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2012-12-19 20:50:14    5630200    ----a-w-    C:\Windows\SysWow64\atiumdag.dll
2012-12-19 20:48:48    11278336    ----a-w-    C:\Windows\System32\drivers\atikmdag.sys
2012-12-19 20:29:36    23461376    ----a-w-    C:\Windows\System32\atio6axx.dll
2012-12-19 20:22:50    70144    ----a-w-    C:\Windows\System32\coinst_9.012.dll
2012-12-19 20:19:46    163840    ----a-w-    C:\Windows\System32\atiapfxx.exe
2012-12-19 20:18:04    51200    ----a-w-    C:\Windows\System32\aticalrt64.dll
2012-12-19 20:18:02    46080    ----a-w-    C:\Windows\SysWow64\aticalrt.dll
2012-12-19 20:17:54    44544    ----a-w-    C:\Windows\System32\aticalcl64.dll
2012-12-19 20:17:52    44032    ----a-w-    C:\Windows\SysWow64\aticalcl.dll
2012-12-19 20:17:40    16082944    ----a-w-    C:\Windows\System32\aticaldd64.dll
2012-12-19 20:13:24    13703168    ----a-w-    C:\Windows\SysWow64\aticaldd.dll
2012-12-19 20:12:44    18982400    ----a-w-    C:\Windows\SysWow64\atioglxx.dll
2012-12-19 20:09:52    960512    ----a-w-    C:\Windows\SysWow64\aticfx32.dll
2012-12-19 20:08:04    1151488    ----a-w-    C:\Windows\System32\aticfx64.dll
2012-12-19 20:06:00    6681088    ----a-w-    C:\Windows\SysWow64\atidxx32.dll
2012-12-19 19:59:44    5087744    ----a-w-    C:\Windows\System32\atiumd6a.dll
2012-12-19 19:57:00    442368    ----a-w-    C:\Windows\System32\atidemgy.dll
2012-12-19 19:56:46    550912    ----a-w-    C:\Windows\System32\atieclxx.exe
2012-12-19 19:56:00    240640    ----a-w-    C:\Windows\System32\atiesrxx.exe
2012-12-19 19:54:38    120320    ----a-w-    C:\Windows\System32\atitmm64.dll
2012-12-19 19:54:22    21504    ----a-w-    C:\Windows\System32\atimuixx.dll
2012-12-19 19:54:18    59392    ----a-w-    C:\Windows\System32\atiedu64.dll
2012-12-19 19:54:12    43520    ----a-w-    C:\Windows\SysWow64\ati2edxx.dll
2012-12-19 19:49:00    7370752    ----a-w-    C:\Windows\System32\atidxx64.dll
2012-12-19 19:44:28    4162048    ----a-w-    C:\Windows\SysWow64\atiumdva.dll
2012-12-19 19:44:12    6786560    ----a-w-    C:\Windows\System32\atiumd64.dll
2012-12-19 19:34:28    79360    ----a-w-    C:\Windows\System32\amdave64.dll
2012-12-19 19:34:22    78336    ----a-w-    C:\Windows\SysWow64\amdave32.dll
2012-12-19 19:34:10    74240    ----a-w-    C:\Windows\System32\atisamu64.dll
2012-12-19 19:34:04    71168    ----a-w-    C:\Windows\SysWow64\atisamu32.dll
2012-12-19 19:33:50    56320    ----a-w-    C:\Windows\System32\atimpc64.dll
2012-12-19 19:33:50    56320    ----a-w-    C:\Windows\System32\amdpcom64.dll
2012-12-19 19:33:42    619008    ----a-w-    C:\Windows\System32\atiadlxx.dll
2012-12-19 19:33:40    56832    ----a-w-    C:\Windows\SysWow64\atimpc32.dll
2012-12-19 19:33:40    56832    ----a-w-    C:\Windows\SysWow64\amdpcom32.dll
2012-12-19 19:33:32    421888    ----a-w-    C:\Windows\SysWow64\atiadlxy.dll
2012-12-19 19:33:18    17920    ----a-w-    C:\Windows\System32\atig6pxx.dll
2012-12-19 19:33:14    14848    ----a-w-    C:\Windows\SysWow64\atiglpxx.dll
2012-12-19 19:33:14    14848    ----a-w-    C:\Windows\System32\atiglpxx.dll
2012-12-19 19:33:10    41984    ----a-w-    C:\Windows\System32\atig6txx.dll
2012-12-19 19:33:04    33280    ----a-w-    C:\Windows\SysWow64\atigktxx.dll
2012-12-19 19:32:54    552960    ----a-w-    C:\Windows\System32\drivers\atikmpag.sys
2012-12-19 19:31:14    130048    ----a-w-    C:\Windows\System32\atiuxp64.dll
2012-12-19 19:31:08    109568    ----a-w-    C:\Windows\SysWow64\atiuxpag.dll
2012-12-19 19:31:00    104448    ----a-w-    C:\Windows\System32\atiu9p64.dll
2012-12-19 19:30:52    83968    ----a-w-    C:\Windows\SysWow64\atiu9pag.dll
2012-12-19 19:30:16    53248    ----a-w-    C:\Windows\System32\drivers\ati2erec.dll
2012-12-16 17:11:22    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2012-12-14 22:49:28    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2012-12-10 09:28:34    127328    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2012-12-07 13:20:16    441856    ----a-w-    C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31    2746368    ----a-w-    C:\Windows\System32\gameux.dll
2012-12-07 12:26:17    308736    ----a-w-    C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43    2576384    ----a-w-    C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04    30720    ----a-w-    C:\Windows\System32\usk.rs
2012-12-07 11:20:03    43520    ----a-w-    C:\Windows\System32\csrr.rs
2012-12-07 11:20:03    23552    ----a-w-    C:\Windows\System32\oflc.rs
2012-12-07 11:20:01    45568    ----a-w-    C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01    44544    ----a-w-    C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01    20480    ----a-w-    C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00    20480    ----a-w-    C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59    20480    ----a-w-    C:\Windows\System32\pegi.rs
2012-12-07 11:19:58    46592    ----a-w-    C:\Windows\System32\fpb.rs
2012-12-07 11:19:57    40960    ----a-w-    C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57    21504    ----a-w-    C:\Windows\System32\grb.rs
2012-12-07 11:19:57    15360    ----a-w-    C:\Windows\System32\djctq.rs
2012-12-07 11:19:56    55296    ----a-w-    C:\Windows\System32\cero.rs
2012-12-07 11:19:55    51712    ----a-w-    C:\Windows\System32\esrb.rs
.
============= FINISH: 21:35:53.63 ===============
 
And HijackThis:
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:45:48 PM, on 2/16/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Safe mode with network support
 
Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sftwred.info/redirect.cgi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Users\Brian\AppData\Local\Temp\HBCD\SpybotSD\SDHelper.dll (file missing)
O2 - BHO: Bho - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
O4 - HKLM\..\Run: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [1] C:\Users\Brian\Downloads\mbam-chameleon-1.62.1.1000\mbam-chameleon.exe /r /p
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [56dc] C:\Users\Brian\AppData\Roaming\40c\56dc.js
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Users\Brian\AppData\Local\Temp\HBCD\SpybotSD\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Users\Brian\AppData\Local\Temp\HBCD\SpybotSD\SDHelper.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop - C:\Users\Brian\AppData\Local\CrossLoop\CrossLoopService.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: FlipShare Server (FlipShareServer) - Unknown owner - C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PS3 Media Server - Tanuki Software, Ltd. - C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Users\Brian\AppData\Local\CrossLoop\tvnserver.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.1.7 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 13778 bytes
 


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:20 AM

Posted 16 February 2013 - 10:50 PM

Greetings,

Nice work!

Please allow me a bit of time to review the information you have provided and I will post back soon.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:20 AM

Posted 16 February 2013 - 11:29 PM

Greetings Brian (?),

Let's do this first and see if we can make any headway. If not, I have another option standing by.

===================================================

Rkill

-------------------

  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:

Link 1
Link 2
Link 3
Link 4

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.

  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.

  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running

Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:

  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. icon_thumb.gif

  • RKill log
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:20 AM

Posted 16 February 2013 - 11:37 PM

Hi,

 

I am winding down for the evening but will look at your reply first thing in the morning.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 traintracks81

traintracks81
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 17 February 2013 - 01:13 AM

10-4! Thanks for the help tonight, here is the log for you to peruse tomorrow (p.s. some programs are being shut down before they can run (i.e. ComboFix, AVG, Malwarebytes, etc.) I have to run them through SafeMode:

 

 ComboFix 13-02-15.01 - Brian 02/16/2013  23:18:23.1.4 - x64 NETWORK

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16336.14531 [GMT -6:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WinPCap
c:\program files (x86)\WinPCap\daemon_mgm.exe
c:\program files (x86)\WinPCap\INSTALL.LOG
c:\program files (x86)\WinPCap\NetMonInstaller.exe
c:\program files (x86)\WinPCap\npf_mgm.exe
c:\program files (x86)\WinPCap\rpcapd.exe
c:\program files (x86)\WinPCap\Uninstall.exe
c:\users\Brian\AppData\Roaming\40c
c:\users\Brian\AppData\Roaming\40c\56dc.js
c:\windows\SysWow64\drivers\npf.sys
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
I:\Autorun.inf
I:\RECYCLER.lnk
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-17 to 2013-02-17  )))))))))))))))))))))))))))))))
.
.
2013-02-17 05:21 . 2013-02-17 05:21    --------    d-----w-    c:\users\DefaultAppPool\AppData\Local\temp
2013-02-17 05:21 . 2013-02-17 05:21    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-17 05:21 . 2013-02-17 05:21    --------    d-----w-    c:\users\Christa\AppData\Local\temp
2013-02-17 05:21 . 2013-02-17 05:21    --------    d-----w-    c:\users\Abbie\AppData\Local\temp
2013-02-17 05:00 . 2013-02-17 05:07    47368    ----a-w-    c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\009d0.js
2013-02-17 05:00 . 2013-02-17 05:07    47368    ----a-w-    c:\users\Abbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\009d0.js
2013-02-17 03:04 . 2013-02-17 03:04    388096    ----a-r-    c:\users\Brian\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-17 03:04 . 2013-02-17 03:04    --------    d-----w-    c:\program files (x86)\Trend Micro
2013-02-17 02:01 . 2013-02-17 02:01    --------    d-----w-    C:\4192
2013-02-14 18:31 . 2013-02-14 18:31    --------    d-----w-    c:\users\Brian\AppData\Local\ezvid,_inc
2013-02-14 18:29 . 2013-02-14 18:29    --------    d-----w-    c:\program files (x86)\File Shredder
2013-02-14 17:21 . 2013-02-14 17:21    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-14 17:20 . 2013-02-14 17:20    --------    d-----w-    c:\users\Brian\AppData\Roaming\Flip Video
2013-02-14 17:20 . 2013-02-14 17:20    --------    d-----w-    c:\programdata\Flip Video
2013-02-14 17:20 . 2013-02-14 17:20    --------    d-----w-    c:\program files (x86)\Flip Video
2013-02-14 05:07 . 2013-01-09 01:10    996352    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 05:07 . 2013-01-08 22:01    768000    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 01:00 . 2013-01-05 05:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-02-14 01:00 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 01:00 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 01:00 . 2013-01-04 03:26    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-02-14 01:00 . 2013-01-04 05:46    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-02-14 01:00 . 2013-01-04 04:51    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-02-14 01:00 . 2013-01-04 02:47    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-02-14 01:00 . 2013-01-04 02:47    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-02-14 01:00 . 2013-01-04 02:47    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-02-14 01:00 . 2013-01-04 02:47    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-02-14 01:00 . 2013-01-03 06:00    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-02-14 01:00 . 2013-01-03 06:00    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-14 00:54 . 2013-02-14 01:33    --------    d-----w-    C:\GoogleChromePortable
2013-02-13 20:22 . 2013-02-13 20:22    --------    d-----w-    c:\program files (x86)\ISO to USB
2013-02-13 05:03 . 2013-02-13 05:03    --------    d-----w-    c:\users\Brian\AppData\Roaming\Mael
2013-02-13 04:24 . 2013-02-13 04:24    --------    d-----w-    c:\program files\7-Zip
2013-02-12 20:58 . 2012-12-21 23:20    2468520    ----a-w-    c:\windows\SysWow64\BootMan.exe
2013-02-12 20:58 . 2012-12-21 19:54    14920    ----a-w-    c:\windows\SysWow64\epmntdrv.sys
2013-02-12 20:58 . 2012-12-21 19:53    9800    ----a-w-    c:\windows\system32\EuGdiDrv.sys
2013-02-12 20:58 . 2012-12-21 19:53    9160    ----a-w-    c:\windows\SysWow64\EuGdiDrv.sys
2013-02-12 20:58 . 2012-12-21 19:53    87112    ----a-w-    c:\windows\SysWow64\setupempdrv03.exe
2013-02-12 20:58 . 2012-12-21 19:53    17480    ----a-w-    c:\windows\system32\epmntdrv.sys
2013-02-12 20:58 . 2012-12-21 19:53    100936    ----a-w-    c:\windows\system32\setupempdrvx64.exe
2013-02-12 20:58 . 2012-12-20 20:46    3376640    ----a-w-    c:\windows\system32\BootMan.exe
2013-02-12 20:58 . 2012-05-15 17:13    3316736    ----a-w-    c:\windows\system32\¸´¼þ BootMan.exe
2013-02-12 20:58 . 2011-07-29 19:54    19840    ----a-w-    c:\windows\SysWow64\EuEpmGdi.dll
2013-02-12 20:58 . 2011-07-29 19:54    16256    ----a-w-    c:\windows\system32\EuEpmGdi.dll
2013-02-12 18:25 . 2009-03-09 21:27    5425496    ----a-w-    c:\windows\system32\D3DX9_41.dll
2013-02-12 18:25 . 2009-03-09 21:27    4178264    ----a-w-    c:\windows\SysWow64\D3DX9_41.dll
2013-02-12 18:25 . 2013-02-12 18:25    --------    d-----w-    c:\program files (x86)\Microsoft Mathematics Add-in
2013-01-31 12:10 . 2013-01-31 12:10    --------    d-----w-    c:\users\Default\AppData\Roaming\TuneUp Software
2013-01-27 01:33 . 2013-01-27 01:33    --------    d-----w-    c:\users\Christa\AppData\Roaming\Garmin
2013-01-26 00:28 . 2013-01-26 00:28    --------    d-----w-    c:\users\Abbie\AppData\Roaming\Garmin
2013-01-23 04:45 . 2013-01-23 04:45    --------    d-----w-    c:\users\Brian\AppData\Local\Programs
2013-01-22 02:03 . 2013-01-22 02:03    --------    d-----w-    c:\programdata\Garmin
2013-01-21 21:44 . 2013-01-21 21:44    --------    d-----w-    c:\program files (x86)\Garmin GPS Plugin
2013-01-21 21:44 . 2013-01-21 21:44    --------    d-----w-    c:\program files\Garmin GPS Plugin
2013-01-21 21:44 . 2013-01-22 03:39    --------    d-----w-    c:\program files (x86)\Garmin
2013-01-21 21:44 . 2013-01-22 02:04    --------    d-----w-    c:\users\Brian\AppData\Roaming\Garmin
2013-01-19 17:42 . 2013-01-19 17:42    --------    d-----w-    c:\programdata\ATI
2013-01-19 17:42 . 2013-01-19 17:42    --------    d-----w-    c:\program files (x86)\AMD AVT
2013-01-19 17:42 . 2013-01-19 17:42    --------    d-----w-    c:\program files (x86)\AMD APP
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-17 05:24 . 2012-11-20 22:21    15712    ----a-w-    c:\windows\system32\drivers\SWDUMon.sys
2013-02-14 17:21 . 2012-05-19 23:45    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-02-14 17:21 . 2012-05-19 23:45    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-02-14 05:09 . 2012-05-18 20:46    70004024    ----a-w-    c:\windows\system32\MRT.exe
2013-02-09 23:15 . 2012-05-18 22:47    74096    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-09 23:15 . 2012-05-18 22:47    697712    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-30 10:53 . 2010-11-21 03:27    273840    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-14 01:00    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2012-12-19 21:45 . 2012-12-19 21:45    222720    ----a-w-    c:\windows\system32\clinfo.exe
2012-12-19 21:44 . 2012-12-19 21:44    76288    ----a-w-    c:\windows\system32\OpenVideo64.dll
2012-12-19 21:44 . 2012-12-19 21:44    65536    ----a-w-    c:\windows\SysWow64\OpenVideo.dll
2012-12-19 21:44 . 2012-12-19 21:44    64000    ----a-w-    c:\windows\system32\OVDecode64.dll
2012-12-19 21:44 . 2012-12-19 21:44    56320    ----a-w-    c:\windows\SysWow64\OVDecode.dll
2012-12-19 21:44 . 2012-12-19 21:44    34518016    ----a-w-    c:\windows\system32\amdocl64.dll
2012-12-19 21:38 . 2012-12-19 21:38    28732928    ----a-w-    c:\windows\SysWow64\amdocl.dll
2012-12-19 21:34 . 2012-12-19 21:34    54784    ----a-w-    c:\windows\system32\OpenCL.dll
2012-12-19 21:34 . 2012-12-19 21:34    50176    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2012-12-19 20:50 . 2012-09-28 02:23    5630200    ----a-w-    c:\windows\SysWow64\atiumdag.dll
2012-12-19 20:48 . 2012-12-19 20:48    11278336    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2012-12-19 20:29 . 2012-12-19 20:29    23461376    ----a-w-    c:\windows\system32\atio6axx.dll
2012-12-19 20:22 . 2012-12-19 20:22    70144    ----a-w-    c:\windows\system32\coinst_9.012.dll
2012-12-19 20:19 . 2012-12-19 20:19    163840    ----a-w-    c:\windows\system32\atiapfxx.exe
2012-12-19 20:18 . 2012-12-19 20:18    51200    ----a-w-    c:\windows\system32\aticalrt64.dll
2012-12-19 20:18 . 2012-12-19 20:18    46080    ----a-w-    c:\windows\SysWow64\aticalrt.dll
2012-12-19 20:17 . 2012-12-19 20:17    44544    ----a-w-    c:\windows\system32\aticalcl64.dll
2012-12-19 20:17 . 2012-12-19 20:17    44032    ----a-w-    c:\windows\SysWow64\aticalcl.dll
2012-12-19 20:17 . 2012-12-19 20:17    16082944    ----a-w-    c:\windows\system32\aticaldd64.dll
2012-12-19 20:13 . 2012-12-19 20:13    13703168    ----a-w-    c:\windows\SysWow64\aticaldd.dll
2012-12-19 20:12 . 2012-12-19 20:12    18982400    ----a-w-    c:\windows\SysWow64\atioglxx.dll
2012-12-19 20:09 . 2012-09-28 01:43    960512    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2012-12-19 20:08 . 2012-02-01 03:17    1151488    ----a-w-    c:\windows\system32\aticfx64.dll
2012-12-19 20:06 . 2012-12-19 20:06    6681088    ----a-w-    c:\windows\SysWow64\atidxx32.dll
2012-12-19 19:59 . 2012-04-06 01:34    5087744    ----a-w-    c:\windows\system32\atiumd6a.dll
2012-12-19 19:57 . 2012-09-28 01:39    442368    ----a-w-    c:\windows\system32\atidemgy.dll
2012-12-19 19:56 . 2012-12-19 19:56    550912    ----a-w-    c:\windows\system32\atieclxx.exe
2012-12-19 19:56 . 2012-12-19 19:56    240640    ----a-w-    c:\windows\system32\atiesrxx.exe
2012-12-19 19:54 . 2012-12-19 19:54    120320    ----a-w-    c:\windows\system32\atitmm64.dll
2012-12-19 19:54 . 2012-12-19 19:54    21504    ----a-w-    c:\windows\system32\atimuixx.dll
2012-12-19 19:54 . 2012-12-19 19:54    59392    ----a-w-    c:\windows\system32\atiedu64.dll
2012-12-19 19:54 . 2012-12-19 19:54    43520    ----a-w-    c:\windows\SysWow64\ati2edxx.dll
2012-12-19 19:49 . 2012-02-01 02:52    7370752    ----a-w-    c:\windows\system32\atidxx64.dll
2012-12-19 19:44 . 2012-09-28 01:22    4162048    ----a-w-    c:\windows\SysWow64\atiumdva.dll
2012-12-19 19:44 . 2012-04-06 01:23    6786560    ----a-w-    c:\windows\system32\atiumd64.dll
2012-12-19 19:34 . 2012-12-19 19:34    79360    ----a-w-    c:\windows\system32\amdave64.dll
2012-12-19 19:34 . 2012-12-19 19:34    78336    ----a-w-    c:\windows\SysWow64\amdave32.dll
2012-12-19 19:34 . 2012-12-19 19:34    74240    ----a-w-    c:\windows\system32\atisamu64.dll
2012-12-19 19:34 . 2012-12-19 19:34    71168    ----a-w-    c:\windows\SysWow64\atisamu32.dll
2012-12-19 19:33 . 2012-12-19 19:33    56320    ----a-w-    c:\windows\system32\atimpc64.dll
2012-12-19 19:33 . 2012-12-19 19:33    56320    ----a-w-    c:\windows\system32\amdpcom64.dll
2012-12-19 19:33 . 2012-04-06 01:11    619008    ----a-w-    c:\windows\system32\atiadlxx.dll
2012-12-19 19:33 . 2012-12-19 19:33    56832    ----a-w-    c:\windows\SysWow64\atimpc32.dll
2012-12-19 19:33 . 2012-12-19 19:33    56832    ----a-w-    c:\windows\SysWow64\amdpcom32.dll
2012-12-19 19:33 . 2012-12-19 19:33    421888    ----a-w-    c:\windows\SysWow64\atiadlxy.dll
2012-12-19 19:33 . 2012-12-19 19:33    17920    ----a-w-    c:\windows\system32\atig6pxx.dll
2012-12-19 19:33 . 2012-12-19 19:33    14848    ----a-w-    c:\windows\SysWow64\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33    14848    ----a-w-    c:\windows\system32\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33    41984    ----a-w-    c:\windows\system32\atig6txx.dll
2012-12-19 19:33 . 2012-12-19 19:33    33280    ----a-w-    c:\windows\SysWow64\atigktxx.dll
2012-12-19 19:32 . 2012-12-19 19:32    552960    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2012-12-19 19:31 . 2012-02-01 02:12    130048    ----a-w-    c:\windows\system32\atiuxp64.dll
2012-12-19 19:31 . 2012-12-19 19:31    109568    ----a-w-    c:\windows\SysWow64\atiuxpag.dll
2012-12-19 19:31 . 2012-04-06 01:09    104448    ----a-w-    c:\windows\system32\atiu9p64.dll
2012-12-19 19:30 . 2012-09-28 01:10    83968    ----a-w-    c:\windows\SysWow64\atiu9pag.dll
2012-12-19 19:30 . 2012-12-19 19:30    53248    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2012-12-16 17:11 . 2012-12-21 09:00    46080    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 09:00    367616    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 09:00    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 09:00    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 18:43    441856    ----a-w-    c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 18:43    2746368    ----a-w-    c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 18:43    308736    ----a-w-    c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 18:43    2576384    ----a-w-    c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 18:43    30720    ----a-w-    c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 18:43    43520    ----a-w-    c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 18:43    23552    ----a-w-    c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 18:43    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 18:43    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 18:43    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 18:43    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 18:43    20480    ----a-w-    c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 18:43    46592    ----a-w-    c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 18:43    40960    ----a-w-    c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 18:43    21504    ----a-w-    c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 18:43    15360    ----a-w-    c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 18:43    55296    ----a-w-    c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 18:43    51712    ----a-w-    c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 18:43    43520    ----a-w-    c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 18:43    30720    ----a-w-    c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 18:43    45568    ----a-w-    c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 18:43    44544    ----a-w-    c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 18:43    23552    ----a-w-    c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 18:43    20480    ----a-w-    c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 18:43    20480    ----a-w-    c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 18:43    46592    ----a-w-    c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 18:43    20480    ----a-w-    c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 18:43    21504    ----a-w-    c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 18:43    40960    ----a-w-    c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 18:43    15360    ----a-w-    c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 18:43    55296    ----a-w-    c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 18:43    51712    ----a-w-    c:\windows\SysWow64\esrb.rs
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{73A89C60-CF59-4EC7-9215-9B7EF05ECEA4}]
2012-07-19 00:26    195448    ----a-w-    c:\program files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"56dc"="c:\users\Brian\AppData\Roaming\40c\56dc.js" [X]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-10-13 2068856]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-02-01 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-06-02 291608]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-04-22 724536]
"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2011-10-13 2068856]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" [2010-10-27 328992]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2012-03-19 380416]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"EaseUS EPM tray"="c:\program files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe" [2012-11-29 2086984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Abbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
009d0.js [2013-2-16 47368]
.
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
009d0.js [2013-2-16 47368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
R0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-12-21 17480]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-12-21 9800]
R3 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [2011-05-17 366872]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2012-09-13 53312]
R3 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys [2012-09-13 65600]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2013-02-17 15712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tvnserver;TightVNC Server;c:\users\Brian\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 814080]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-18 1255736]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-06-02 16152]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 CrossLoopService;CrossLoop Service;c:\users\Brian\AppData\Local\CrossLoop\CrossLoopService.exe [2012-01-06 569072]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2012-07-19 310232]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2000-01-01 165760]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-04-22 474168]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2000-01-01 364416]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-06-02 356120]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-06-02 788760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-06-02 677480]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs    REG_MULTI_SZ       w3svc was
apphost    REG_MULTI_SZ       apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 06:10    1607120    ----a-w-    c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 23:15]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-19 18:05]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-19 18:05]
.
2013-02-17 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2012-12-16 18:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2000-01-01 6548112]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://sftwred.info/redirect.cgi
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 208.67.220.220 68.94.156.1 68.64.157.1
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\ph69jmhd.default\
FF - user.js: browser.startup.homepage - hxxp://sftwred.info/redirect.cgi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
AddRemove-WinPcapInst - c:\program files (x86)\WinPcap\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-02-16  23:28:04 - machine was rebooted
ComboFix-quarantined-files.txt  2013-02-17 05:28
.
Pre-Run: 342,441,611,264 bytes free
Post-Run: 343,730,655,232 bytes free
.
- - End Of File - - 3AE8BAF9E76971EA8D01E1FD83533526
 
 
 
AND RKILL:
 
Program started at: 02/16/2013 10:33:09 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Active Proxy Server Detected
 
 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.
 
Checking Registry for malware related settings:
 
 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
 
Backup Registry file created at:
 C:\Users\Brian\Desktop\rkill\rkill-02-16-2013-10-33-11.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1    www.007guard.com
  127.0.0.1    007guard.com
  127.0.0.1    008i.com
  127.0.0.1    www.008k.com
  127.0.0.1    008k.com
  127.0.0.1    www.00hq.com
  127.0.0.1    00hq.com
  127.0.0.1    010402.com
  127.0.0.1    www.032439.com
  127.0.0.1    032439.com
  127.0.0.1    www.0scan.com
  127.0.0.1    0scan.com
  127.0.0.1    1000gratisproben.com
  127.0.0.1    www.1000gratisproben.com
  127.0.0.1    1001namen.com
  127.0.0.1    www.1001namen.com
  127.0.0.1    www.100888290cs.com
  127.0.0.1    100888290cs.com
  127.0.0.1    100sexlinks.com
  127.0.0.1    www.100sexlinks.com
 
  20 out of 15330 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 02/16/2013 10:33:16 PM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)
 

Edited by traintracks81, 17 February 2013 - 02:56 AM.


#8 traintracks81

traintracks81
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 17 February 2013 - 01:41 PM

Also Gary, you may call me Brian! euro.gif



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:20 AM

Posted 17 February 2013 - 02:48 PM

Hi Brian,

There are some other entries popping up that I want to address. I am going to have you run some additional programs as well.

Thanks for being so prompt in your responses. I appreciate it.

===================================================

Spybot S&D No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

Further, most people don't understand Spybot's TeaTimer or how to use it and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and even prevent disinfection of malware by those tools.

I strongly recommend uninstalling Spybot Search & Destroy. The presence of this program can make cleaning your computer more difficult.

Please go to Start > Control Panel > Add/Remove Programs (or Programs and Features) and delete the program.

Reboot your computer prior to the next step.

===================================================

Running Combofix Script

-------------------
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text below into the Notepad document
File::
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\009d0.js
c:\users\Abbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\009d0.js
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"56dc"=-
DirLook::
C:\4192
  • Save this on your desktop as CFScript.txt

CFScriptB-4.gif

  • Referring to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.
===================================================

Run TDSSKiller by Kaspersky on Vista/7

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. icon_thumb.gif
  • Combofix log
  • TDSSKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 traintracks81

traintracks81
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 17 February 2013 - 03:26 PM

Combofix log ammended 2:49PM (I forgot to shut down my browser):

 

 

ComboFix 13-02-15.01 - Brian 02/17/2013  14:43:18.3.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16336.12902 [GMT -6:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
Command switches used :: c:\users\Brian\Desktop\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Abbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\009d0.js"
"c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\009d0.js"
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-17 to 2013-02-17  )))))))))))))))))))))))))))))))
.
.
2013-02-17 20:45 . 2013-02-17 20:45    --------    d-----w-    c:\users\DefaultAppPool\AppData\Local\temp
2013-02-17 20:45 . 2013-02-17 20:45    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-17 20:45 . 2013-02-17 20:45    --------    d-----w-    c:\users\Christa\AppData\Local\temp
2013-02-17 20:45 . 2013-02-17 20:45    --------    d-----w-    c:\users\Abbie\AppData\Local\temp
2013-02-17 16:48 . 2013-02-17 16:48    --------    d-----w-    c:\users\Abbie\AppData\Roaming\AVG2013
2013-02-17 16:48 . 2013-02-17 17:20    --------    d-----w-    c:\users\Abbie\AppData\Local\Avg2013
2013-02-17 10:12 . 2013-02-17 10:12    --------    d-----w-    c:\users\Brian\AppData\Roaming\AVG2013
2013-02-17 10:08 . 2013-02-17 10:09    --------    d-----w-    c:\programdata\AVG2013
2013-02-17 10:03 . 2013-02-17 10:03    --------    d-----w-    c:\users\Brian\AppData\Local\Avg2013
2013-02-17 09:08 . 2013-02-17 09:08    --------    d-----w-    c:\windows\SysWow64\drivers\AVG
2013-02-17 09:08 . 2013-02-17 10:10    --------    d-----w-    C:\$AVG
2013-02-17 09:00 . 2013-02-17 09:55    47224    ----a-w-    c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0c0.js
2013-02-17 06:23 . 2013-01-18 18:15    9161176    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6E811A6-4A87-4E19-A4E1-A17CE147EE31}\mpengine.dll
2013-02-17 06:21 . 2013-02-17 19:08    --------    d-----w-    c:\programdata\MFAData
2013-02-17 06:21 . 2013-02-17 06:21    --------    d-----w-    c:\users\Brian\AppData\Local\MFAData
2013-02-17 06:07 . 2013-02-17 06:07    --------    d-----w-    c:\users\Brian\AppData\Roaming\{AFB0853A-ABDB-4D0B-8D48-E38A88EA82B1}
2013-02-17 03:04 . 2013-02-17 03:04    388096    ----a-r-    c:\users\Brian\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-17 03:04 . 2013-02-17 03:04    --------    d-----w-    c:\program files (x86)\Trend Micro
2013-02-17 02:01 . 2013-02-17 02:01    --------    d-----w-    C:\4192
2013-02-14 18:31 . 2013-02-14 18:31    --------    d-----w-    c:\users\Brian\AppData\Local\ezvid,_inc
2013-02-14 18:29 . 2013-02-14 18:29    --------    d-----w-    c:\program files (x86)\File Shredder
2013-02-14 17:21 . 2013-02-14 17:21    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-14 17:20 . 2013-02-14 17:20    --------    d-----w-    c:\users\Brian\AppData\Roaming\Flip Video
2013-02-14 17:20 . 2013-02-14 17:20    --------    d-----w-    c:\programdata\Flip Video
2013-02-14 17:20 . 2013-02-14 17:20    --------    d-----w-    c:\program files (x86)\Flip Video
2013-02-14 05:07 . 2013-01-09 01:10    996352    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 05:07 . 2013-01-08 22:01    768000    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 01:00 . 2013-01-05 05:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-02-14 01:00 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 01:00 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 01:00 . 2013-01-04 03:26    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-02-14 01:00 . 2013-01-04 05:46    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-02-14 01:00 . 2013-01-04 04:51    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-02-14 01:00 . 2013-01-04 02:47    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-02-14 01:00 . 2013-01-04 02:47    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-02-14 01:00 . 2013-01-04 02:47    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-02-14 01:00 . 2013-01-04 02:47    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-02-14 01:00 . 2013-01-03 06:00    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-02-14 01:00 . 2013-01-03 06:00    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-14 00:54 . 2013-02-14 01:33    --------    d-----w-    C:\GoogleChromePortable
2013-02-13 20:22 . 2013-02-13 20:22    --------    d-----w-    c:\program files (x86)\ISO to USB
2013-02-13 05:03 . 2013-02-13 05:03    --------    d-----w-    c:\users\Brian\AppData\Roaming\Mael
2013-02-13 04:24 . 2013-02-13 04:24    --------    d-----w-    c:\program files\7-Zip
2013-02-12 20:58 . 2012-12-21 23:20    2468520    ----a-w-    c:\windows\SysWow64\BootMan.exe
2013-02-12 20:58 . 2012-12-21 19:54    14920    ----a-w-    c:\windows\SysWow64\epmntdrv.sys
2013-02-12 20:58 . 2012-12-21 19:53    9800    ----a-w-    c:\windows\system32\EuGdiDrv.sys
2013-02-12 20:58 . 2012-12-21 19:53    9160    ----a-w-    c:\windows\SysWow64\EuGdiDrv.sys
2013-02-12 20:58 . 2012-12-21 19:53    87112    ----a-w-    c:\windows\SysWow64\setupempdrv03.exe
2013-02-12 20:58 . 2012-12-21 19:53    17480    ----a-w-    c:\windows\system32\epmntdrv.sys
2013-02-12 20:58 . 2012-12-21 19:53    100936    ----a-w-    c:\windows\system32\setupempdrvx64.exe
2013-02-12 20:58 . 2012-12-20 20:46    3376640    ----a-w-    c:\windows\system32\BootMan.exe
2013-02-12 20:58 . 2012-05-15 17:13    3316736    ----a-w-    c:\windows\system32\¸´¼þ BootMan.exe
2013-02-12 20:58 . 2011-07-29 19:54    19840    ----a-w-    c:\windows\SysWow64\EuEpmGdi.dll
2013-02-12 20:58 . 2011-07-29 19:54    16256    ----a-w-    c:\windows\system32\EuEpmGdi.dll
2013-02-12 18:25 . 2009-03-09 21:27    5425496    ----a-w-    c:\windows\system32\D3DX9_41.dll
2013-02-12 18:25 . 2009-03-09 21:27    4178264    ----a-w-    c:\windows\SysWow64\D3DX9_41.dll
2013-02-12 18:25 . 2013-02-12 18:25    --------    d-----w-    c:\program files (x86)\Microsoft Mathematics Add-in
2013-01-31 12:10 . 2013-01-31 12:10    --------    d-----w-    c:\users\Default\AppData\Roaming\TuneUp Software
2013-01-27 01:33 . 2013-01-27 01:33    --------    d-----w-    c:\users\Christa\AppData\Roaming\Garmin
2013-01-26 00:28 . 2013-01-26 00:28    --------    d-----w-    c:\users\Abbie\AppData\Roaming\Garmin
2013-01-23 04:45 . 2013-01-23 04:45    --------    d-----w-    c:\users\Brian\AppData\Local\Programs
2013-01-22 02:03 . 2013-01-22 02:03    --------    d-----w-    c:\programdata\Garmin
2013-01-21 21:44 . 2013-01-21 21:44    --------    d-----w-    c:\program files (x86)\Garmin GPS Plugin
2013-01-21 21:44 . 2013-01-21 21:44    --------    d-----w-    c:\program files\Garmin GPS Plugin
2013-01-21 21:44 . 2013-01-22 03:39    --------    d-----w-    c:\program files (x86)\Garmin
2013-01-21 21:44 . 2013-01-22 02:04    --------    d-----w-    c:\users\Brian\AppData\Roaming\Garmin
2013-01-19 17:42 . 2013-01-19 17:42    --------    d-----w-    c:\programdata\ATI
2013-01-19 17:42 . 2013-01-19 17:42    --------    d-----w-    c:\program files (x86)\AMD AVT
2013-01-19 17:42 . 2013-01-19 17:42    --------    d-----w-    c:\program files (x86)\AMD APP
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-17 18:29 . 2012-11-20 22:21    15712    ----a-w-    c:\windows\system32\drivers\SWDUMon.sys
2013-02-14 17:21 . 2012-05-19 23:45    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-02-14 17:21 . 2012-05-19 23:45    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-02-14 05:09 . 2012-05-18 20:46    70004024    ----a-w-    c:\windows\system32\MRT.exe
2013-02-09 23:15 . 2012-05-18 22:47    74096    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-09 23:15 . 2012-05-18 22:47    697712    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-17 07:28 . 2010-11-21 03:27    273840    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-14 01:00    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2012-12-19 21:45 . 2012-12-19 21:45    222720    ----a-w-    c:\windows\system32\clinfo.exe
2012-12-19 21:44 . 2012-12-19 21:44    76288    ----a-w-    c:\windows\system32\OpenVideo64.dll
2012-12-19 21:44 . 2012-12-19 21:44    65536    ----a-w-    c:\windows\SysWow64\OpenVideo.dll
2012-12-19 21:44 . 2012-12-19 21:44    64000    ----a-w-    c:\windows\system32\OVDecode64.dll
2012-12-19 21:44 . 2012-12-19 21:44    56320    ----a-w-    c:\windows\SysWow64\OVDecode.dll
2012-12-19 21:44 . 2012-12-19 21:44    34518016    ----a-w-    c:\windows\system32\amdocl64.dll
2012-12-19 21:38 . 2012-12-19 21:38    28732928    ----a-w-    c:\windows\SysWow64\amdocl.dll
2012-12-19 21:34 . 2012-12-19 21:34    54784    ----a-w-    c:\windows\system32\OpenCL.dll
2012-12-19 21:34 . 2012-12-19 21:34    50176    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2012-12-19 20:50 . 2012-09-28 02:23    5630200    ----a-w-    c:\windows\SysWow64\atiumdag.dll
2012-12-19 20:48 . 2012-12-19 20:48    11278336    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2012-12-19 20:29 . 2012-12-19 20:29    23461376    ----a-w-    c:\windows\system32\atio6axx.dll
2012-12-19 20:22 . 2012-12-19 20:22    70144    ----a-w-    c:\windows\system32\coinst_9.012.dll
2012-12-19 20:19 . 2012-12-19 20:19    163840    ----a-w-    c:\windows\system32\atiapfxx.exe
2012-12-19 20:18 . 2012-12-19 20:18    51200    ----a-w-    c:\windows\system32\aticalrt64.dll
2012-12-19 20:18 . 2012-12-19 20:18    46080    ----a-w-    c:\windows\SysWow64\aticalrt.dll
2012-12-19 20:17 . 2012-12-19 20:17    44544    ----a-w-    c:\windows\system32\aticalcl64.dll
2012-12-19 20:17 . 2012-12-19 20:17    44032    ----a-w-    c:\windows\SysWow64\aticalcl.dll
2012-12-19 20:17 . 2012-12-19 20:17    16082944    ----a-w-    c:\windows\system32\aticaldd64.dll
2012-12-19 20:13 . 2012-12-19 20:13    13703168    ----a-w-    c:\windows\SysWow64\aticaldd.dll
2012-12-19 20:12 . 2012-12-19 20:12    18982400    ----a-w-    c:\windows\SysWow64\atioglxx.dll
2012-12-19 20:09 . 2012-09-28 01:43    960512    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2012-12-19 20:08 . 2012-02-01 03:17    1151488    ----a-w-    c:\windows\system32\aticfx64.dll
2012-12-19 20:06 . 2012-12-19 20:06    6681088    ----a-w-    c:\windows\SysWow64\atidxx32.dll
2012-12-19 19:59 . 2012-04-06 01:34    5087744    ----a-w-    c:\windows\system32\atiumd6a.dll
2012-12-19 19:57 . 2012-09-28 01:39    442368    ----a-w-    c:\windows\system32\atidemgy.dll
2012-12-19 19:56 . 2012-12-19 19:56    550912    ----a-w-    c:\windows\system32\atieclxx.exe
2012-12-19 19:56 . 2012-12-19 19:56    240640    ----a-w-    c:\windows\system32\atiesrxx.exe
2012-12-19 19:54 . 2012-12-19 19:54    120320    ----a-w-    c:\windows\system32\atitmm64.dll
2012-12-19 19:54 . 2012-12-19 19:54    21504    ----a-w-    c:\windows\system32\atimuixx.dll
2012-12-19 19:54 . 2012-12-19 19:54    59392    ----a-w-    c:\windows\system32\atiedu64.dll
2012-12-19 19:54 . 2012-12-19 19:54    43520    ----a-w-    c:\windows\SysWow64\ati2edxx.dll
2012-12-19 19:49 . 2012-02-01 02:52    7370752    ----a-w-    c:\windows\system32\atidxx64.dll
2012-12-19 19:44 . 2012-09-28 01:22    4162048    ----a-w-    c:\windows\SysWow64\atiumdva.dll
2012-12-19 19:44 . 2012-04-06 01:23    6786560    ----a-w-    c:\windows\system32\atiumd64.dll
2012-12-19 19:34 . 2012-12-19 19:34    79360    ----a-w-    c:\windows\system32\amdave64.dll
2012-12-19 19:34 . 2012-12-19 19:34    78336    ----a-w-    c:\windows\SysWow64\amdave32.dll
2012-12-19 19:34 . 2012-12-19 19:34    74240    ----a-w-    c:\windows\system32\atisamu64.dll
2012-12-19 19:34 . 2012-12-19 19:34    71168    ----a-w-    c:\windows\SysWow64\atisamu32.dll
2012-12-19 19:33 . 2012-12-19 19:33    56320    ----a-w-    c:\windows\system32\atimpc64.dll
2012-12-19 19:33 . 2012-12-19 19:33    56320    ----a-w-    c:\windows\system32\amdpcom64.dll
2012-12-19 19:33 . 2012-04-06 01:11    619008    ----a-w-    c:\windows\system32\atiadlxx.dll
2012-12-19 19:33 . 2012-12-19 19:33    56832    ----a-w-    c:\windows\SysWow64\atimpc32.dll
2012-12-19 19:33 . 2012-12-19 19:33    56832    ----a-w-    c:\windows\SysWow64\amdpcom32.dll
2012-12-19 19:33 . 2012-12-19 19:33    421888    ----a-w-    c:\windows\SysWow64\atiadlxy.dll
2012-12-19 19:33 . 2012-12-19 19:33    17920    ----a-w-    c:\windows\system32\atig6pxx.dll
2012-12-19 19:33 . 2012-12-19 19:33    14848    ----a-w-    c:\windows\SysWow64\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33    14848    ----a-w-    c:\windows\system32\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33    41984    ----a-w-    c:\windows\system32\atig6txx.dll
2012-12-19 19:33 . 2012-12-19 19:33    33280    ----a-w-    c:\windows\SysWow64\atigktxx.dll
2012-12-19 19:32 . 2012-12-19 19:32    552960    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2012-12-19 19:31 . 2012-02-01 02:12    130048    ----a-w-    c:\windows\system32\atiuxp64.dll
2012-12-19 19:31 . 2012-12-19 19:31    109568    ----a-w-    c:\windows\SysWow64\atiuxpag.dll
2012-12-19 19:31 . 2012-04-06 01:09    104448    ----a-w-    c:\windows\system32\atiu9p64.dll
2012-12-19 19:30 . 2012-09-28 01:10    83968    ----a-w-    c:\windows\SysWow64\atiu9pag.dll
2012-12-19 19:30 . 2012-12-19 19:30    53248    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2012-12-16 17:11 . 2012-12-21 09:00    46080    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 09:00    367616    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 09:00    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 09:00    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 18:43    441856    ----a-w-    c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 18:43    2746368    ----a-w-    c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 18:43    308736    ----a-w-    c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 18:43    2576384    ----a-w-    c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 18:43    30720    ----a-w-    c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 18:43    43520    ----a-w-    c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 18:43    23552    ----a-w-    c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 18:43    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 18:43    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 18:43    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 18:43    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 18:43    20480    ----a-w-    c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 18:43    46592    ----a-w-    c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 18:43    40960    ----a-w-    c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 18:43    21504    ----a-w-    c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 18:43    15360    ----a-w-    c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 18:43    55296    ----a-w-    c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 18:43    51712    ----a-w-    c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 18:43    43520    ----a-w-    c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 18:43    30720    ----a-w-    c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 18:43    45568    ----a-w-    c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 18:43    44544    ----a-w-    c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 18:43    23552    ----a-w-    c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 18:43    20480    ----a-w-    c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 18:43    20480    ----a-w-    c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 18:43    46592    ----a-w-    c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 18:43    20480    ----a-w-    c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 18:43    21504    ----a-w-    c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 18:43    40960    ----a-w-    c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 18:43    15360    ----a-w-    c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 18:43    55296    ----a-w-    c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 18:43    51712    ----a-w-    c:\windows\SysWow64\esrb.rs
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\4192 ----
.
2013-02-17 02:01 . 2013-02-17 18:27    10    ----a-w-    c:\4192\5c8
2013-02-17 02:01 . 2013-02-17 02:01    12    ----a-w-    c:\4192\57c
2013-02-17 02:01 . 2013-02-17 02:01    10    ----a-w-    c:\4192\57d
2013-02-17 02:01 . 2013-02-17 02:01    7    ----a-w-    c:\4192\494
2013-02-17 02:01 . 2013-02-17 02:01    13    ----a-w-    c:\4192\4d4d
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{73A89C60-CF59-4EC7-9215-9B7EF05ECEA4}]
2012-07-19 00:26    195448    ----a-w-    c:\program files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-10-13 2068856]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-02-01 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-06-02 291608]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-04-22 724536]
"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2011-10-13 2068856]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" [2010-10-27 328992]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2012-03-19 380416]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"EaseUS EPM tray"="c:\program files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe" [2012-11-29 2086984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
0c0.js [2013-2-17 47224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 1 (0x1)
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CrossLoopService;CrossLoop Service;c:\users\Brian\AppData\Local\CrossLoop\CrossLoopService.exe [2012-01-06 569072]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-12-21 17480]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-12-21 9800]
R3 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [2011-05-17 366872]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2012-09-13 53312]
R3 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys [2012-09-13 65600]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2013-02-17 15712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tvnserver;TightVNC Server;c:\users\Brian\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 814080]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-18 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-06-02 16152]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2012-07-19 310232]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2000-01-01 165760]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-04-22 474168]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2000-01-01 364416]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-06-02 356120]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-06-02 788760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-06-02 677480]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 52419118
*NewlyCreated* - ASWMBR
*Deregistered* - 52419118
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs    REG_MULTI_SZ       w3svc was
apphost    REG_MULTI_SZ       apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 06:10    1607120    ----a-w-    c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 23:15]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-19 18:05]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-19 18:05]
.
2013-02-17 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2012-12-16 18:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2000-01-01 6548112]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://sftwred.info/redirect.cgi
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 208.67.220.220 68.94.156.1 68.64.157.1
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\ph69jmhd.default\
FF - user.js: browser.startup.homepage - hxxp://sftwred.info/redirect.cgi
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-WinPcapInst - c:\program files (x86)\WinPcap\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-17  14:46:48
ComboFix-quarantined-files.txt  2013-02-17 20:46
ComboFix2.txt  2013-02-17 20:06
ComboFix3.txt  2013-02-17 05:28
.
Pre-Run: 341,362,233,344 bytes free
Post-Run: 341,423,030,272 bytes free
.
- - End Of File - - 771BFA01496339BAD0F4485D85B8C706
 
 
 
TDSSKiller log:
 
14:08:43.0159 3436  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:08:44.0002 3436  ============================================================
14:08:44.0002 3436  Current date / time: 2013/02/17 14:08:44.0002
14:08:44.0002 3436  SystemInfo:
14:08:44.0002 3436  
14:08:44.0002 3436  OS Version: 6.1.7601 ServicePack: 1.0
14:08:44.0002 3436  Product type: Workstation
14:08:44.0002 3436  ComputerName: LITTLEOFFICE-PC
14:08:44.0002 3436  UserName: Brian
14:08:44.0002 3436  Windows directory: C:\Windows
14:08:44.0002 3436  System windows directory: C:\Windows
14:08:44.0002 3436  Running under WOW64
14:08:44.0002 3436  Processor architecture: Intel x64
14:08:44.0002 3436  Number of processors: 4
14:08:44.0002 3436  Page size: 0x1000
14:08:44.0002 3436  Boot type: Normal boot
14:08:44.0002 3436  ============================================================
14:08:44.0690 3436  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:08:44.0702 3436  Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:08:44.0740 3436  ============================================================
14:08:44.0740 3436  \Device\Harddisk0\DR0:
14:08:44.0740 3436  MBR partitions:
14:08:44.0740 3436  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:08:44.0740 3436  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32FD0, BlocksNum 0x420CBEEF
14:08:44.0760 3436  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x420FEEFE, BlocksNum 0xC34F28D
14:08:44.0774 3436  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x4E44E1CA, BlocksNum 0xFDE557D
14:08:44.0783 3436  \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x5E233786, BlocksNum 0xFDE557D
14:08:44.0792 3436  \Device\Harddisk0\DR0\Partition6: MBR, Type 0x7, StartLBA 0x6E018D42, BlocksNum 0x66ECC7F
14:08:44.0793 3436  \Device\Harddisk1\DR1:
14:08:44.0793 3436  MBR partitions:
14:08:44.0793 3436  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA6EE7C
14:08:44.0793 3436  ============================================================
14:08:44.0851 3436  C: <-> \Device\Harddisk0\DR0\Partition2
14:08:44.0881 3436  E: <-> \Device\Harddisk0\DR0\Partition3
14:08:44.0914 3436  F: <-> \Device\Harddisk0\DR0\Partition4
14:08:44.0929 3436  G: <-> \Device\Harddisk0\DR0\Partition5
14:08:44.0944 3436  H: <-> \Device\Harddisk0\DR0\Partition6
14:08:44.0969 3436  I: <-> \Device\Harddisk1\DR1\Partition1
14:08:44.0969 3436  ============================================================
14:08:44.0969 3436  Initialize success
14:08:44.0969 3436  ============================================================
14:08:50.0105 3296  ============================================================
14:08:50.0105 3296  Scan started
14:08:50.0105 3296  Mode: Manual; 
14:08:50.0105 3296  ============================================================
14:08:51.0081 3296  ================ Scan system memory ========================
14:08:51.0081 3296  System memory - ok
14:08:51.0082 3296  ================ Scan services =============================
14:08:51.0182 3296  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:08:51.0184 3296  1394ohci - ok
14:08:51.0226 3296  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:08:51.0228 3296  ACPI - ok
14:08:51.0244 3296  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:08:51.0245 3296  AcpiPmi - ok
14:08:51.0364 3296  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:08:51.0364 3296  AdobeARMservice - ok
14:08:51.0474 3296  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:08:51.0476 3296  AdobeFlashPlayerUpdateSvc - ok
14:08:51.0496 3296  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:08:51.0500 3296  adp94xx - ok
14:08:51.0517 3296  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:08:51.0519 3296  adpahci - ok
14:08:51.0533 3296  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:08:51.0535 3296  adpu320 - ok
14:08:51.0561 3296  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:08:51.0561 3296  AeLookupSvc - ok
14:08:51.0596 3296  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:08:51.0599 3296  AFD - ok
14:08:51.0608 3296  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:08:51.0609 3296  agp440 - ok
14:08:51.0622 3296  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:08:51.0623 3296  ALG - ok
14:08:51.0626 3296  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:08:51.0627 3296  aliide - ok
14:08:51.0669 3296  [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:08:51.0671 3296  AMD External Events Utility - ok
14:08:51.0674 3296  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:08:51.0675 3296  amdide - ok
14:08:51.0682 3296  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:08:51.0683 3296  AmdK8 - ok
14:08:51.0821 3296  [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:08:51.0860 3296  amdkmdag - ok
14:08:51.0881 3296  [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
14:08:51.0883 3296  amdkmdap - ok
14:08:51.0886 3296  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:08:51.0886 3296  AmdPPM - ok
14:08:51.0906 3296  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:08:51.0907 3296  amdsata - ok
14:08:51.0916 3296  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:08:51.0917 3296  amdsbs - ok
14:08:51.0944 3296  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:08:51.0945 3296  amdxata - ok
14:08:51.0991 3296  [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
14:08:51.0992 3296  AppHostSvc - ok
14:08:52.0029 3296  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:08:52.0030 3296  AppID - ok
14:08:52.0034 3296  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:08:52.0035 3296  AppIDSvc - ok
14:08:52.0046 3296  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
14:08:52.0047 3296  Appinfo - ok
14:08:52.0076 3296  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:08:52.0078 3296  AppMgmt - ok
14:08:52.0089 3296  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
14:08:52.0090 3296  arc - ok
14:08:52.0101 3296  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:08:52.0102 3296  arcsas - ok
14:08:52.0201 3296  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:08:52.0202 3296  aspnet_state - ok
14:08:52.0245 3296  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:08:52.0246 3296  AsyncMac - ok
14:08:52.0257 3296  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:08:52.0257 3296  atapi - ok
14:08:52.0302 3296  [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
14:08:52.0303 3296  AtiHDAudioService - ok
14:08:52.0336 3296  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:08:52.0338 3296  AudioEndpointBuilder - ok
14:08:52.0387 3296  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:08:52.0392 3296  AudioSrv - ok
14:08:52.0440 3296  [ 3D1FFAA3358CA0D8A298DEA8BECFC468 ] Avgfwfd         C:\Windows\system32\DRIVERS\avgfwd6a.sys
14:08:52.0441 3296  Avgfwfd - ok
14:08:52.0572 3296  [ D0BE22C910E46550C6308D50DDA76B94 ] avgfws          C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
14:08:52.0582 3296  avgfws - ok
14:08:52.0666 3296  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
14:08:52.0686 3296  AVGIDSAgent - ok
14:08:52.0727 3296  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
14:08:52.0727 3296  AVGIDSDriver - ok
14:08:52.0766 3296  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
14:08:52.0767 3296  AVGIDSHA - ok
14:08:52.0779 3296  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
14:08:52.0781 3296  Avgldx64 - ok
14:08:52.0836 3296  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
14:08:52.0837 3296  Avgloga - ok
14:08:52.0851 3296  [ 841C40C193889730848849AC220D9242 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
14:08:52.0852 3296  Avgmfx64 - ok
14:08:52.0883 3296  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
14:08:52.0884 3296  Avgrkx64 - ok
14:08:52.0903 3296  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
14:08:52.0904 3296  Avgtdia - ok
14:08:52.0920 3296  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
14:08:52.0922 3296  avgwd - ok
14:08:52.0966 3296  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:08:52.0967 3296  AxInstSV - ok
14:08:53.0015 3296  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:08:53.0019 3296  b06bdrv - ok
14:08:53.0058 3296  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:08:53.0061 3296  b57nd60a - ok
14:08:53.0074 3296  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:08:53.0076 3296  BDESVC - ok
14:08:53.0114 3296  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:08:53.0115 3296  Beep - ok
14:08:53.0171 3296  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:08:53.0176 3296  BFE - ok
14:08:53.0214 3296  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
14:08:53.0222 3296  BITS - ok
14:08:53.0232 3296  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:08:53.0233 3296  blbdrive - ok
14:08:53.0274 3296  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:08:53.0275 3296  bowser - ok
14:08:53.0297 3296  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:08:53.0298 3296  BrFiltLo - ok
14:08:53.0338 3296  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:08:53.0338 3296  BrFiltUp - ok
14:08:53.0389 3296  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:08:53.0390 3296  BridgeMP - ok
14:08:53.0415 3296  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:08:53.0417 3296  Browser - ok
14:08:53.0486 3296  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:08:53.0488 3296  Brserid - ok
14:08:53.0505 3296  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:08:53.0505 3296  BrSerWdm - ok
14:08:53.0526 3296  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:08:53.0527 3296  BrUsbMdm - ok
14:08:53.0539 3296  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:08:53.0539 3296  BrUsbSer - ok
14:08:53.0577 3296  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:08:53.0578 3296  BTHMODEM - ok
14:08:53.0634 3296  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:08:53.0635 3296  bthserv - ok
14:08:53.0663 3296  catchme - ok
14:08:53.0680 3296  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:08:53.0681 3296  cdfs - ok
14:08:53.0714 3296  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:08:53.0716 3296  cdrom - ok
14:08:53.0753 3296  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:08:53.0755 3296  CertPropSvc - ok
14:08:53.0770 3296  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
14:08:53.0771 3296  circlass - ok
14:08:53.0783 3296  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:08:53.0786 3296  CLFS - ok
14:08:53.0836 3296  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:08:53.0837 3296  clr_optimization_v2.0.50727_32 - ok
14:08:53.0865 3296  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:08:53.0866 3296  clr_optimization_v2.0.50727_64 - ok
14:08:53.0933 3296  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:08:53.0934 3296  clr_optimization_v4.0.30319_32 - ok
14:08:53.0963 3296  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:08:53.0964 3296  clr_optimization_v4.0.30319_64 - ok
14:08:53.0978 3296  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:08:53.0979 3296  CmBatt - ok
14:08:53.0991 3296  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:08:53.0991 3296  cmdide - ok
14:08:54.0022 3296  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
14:08:54.0025 3296  CNG - ok
14:08:54.0040 3296  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:08:54.0041 3296  Compbatt - ok
14:08:54.0077 3296  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
14:08:54.0077 3296  CompositeBus - ok
14:08:54.0081 3296  COMSysApp - ok
14:08:54.0176 3296  [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
14:08:54.0179 3296  cphs - ok
14:08:54.0188 3296  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:08:54.0188 3296  crcdisk - ok
14:08:54.0471 3296  [ 97558F429F8F09446AE51C1AA88C9B9B ] CrossLoopService C:\Users\Brian\AppData\Local\CrossLoop\CrossLoopService.exe
14:08:54.0476 3296  CrossLoopService - ok
14:08:54.0542 3296  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:08:54.0544 3296  CryptSvc - ok
14:08:54.0570 3296  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
14:08:54.0574 3296  CSC - ok
14:08:54.0590 3296  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
14:08:54.0596 3296  CscService - ok
14:08:54.0624 3296  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:08:54.0630 3296  DcomLaunch - ok
14:08:54.0657 3296  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:08:54.0660 3296  defragsvc - ok
14:08:54.0687 3296  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:08:54.0688 3296  DfsC - ok
14:08:54.0727 3296  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:08:54.0730 3296  Dhcp - ok
14:08:54.0737 3296  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:08:54.0737 3296  discache - ok
14:08:54.0775 3296  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
14:08:54.0776 3296  Disk - ok
14:08:54.0799 3296  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
14:08:54.0800 3296  dmvsc - ok
14:08:54.0854 3296  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:08:54.0856 3296  Dnscache - ok
14:08:54.0866 3296  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:08:54.0868 3296  dot3svc - ok
14:08:54.0874 3296  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:08:54.0876 3296  DPS - ok
14:08:54.0945 3296  [ E5B942DEF0EE620C4CC971EF437C4AF9 ] DragonSvc       C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
14:08:54.0947 3296  DragonSvc - ok
14:08:54.0970 3296  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:08:54.0970 3296  drmkaud - ok
14:08:54.0984 3296  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:08:54.0991 3296  DXGKrnl - ok
14:08:55.0009 3296  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:08:55.0010 3296  EapHost - ok
14:08:55.0060 3296  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:08:55.0077 3296  ebdrv - ok
14:08:55.0120 3296  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:08:55.0121 3296  EFS - ok
14:08:55.0190 3296  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:08:55.0194 3296  ehRecvr - ok
14:08:55.0200 3296  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:08:55.0201 3296  ehSched - ok
14:08:55.0214 3296  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:08:55.0217 3296  elxstor - ok
14:08:55.0257 3296  [ 6106653B08F4F72EEAA7F099E7C408A4 ] epmntdrv        C:\Windows\system32\epmntdrv.sys
14:08:55.0258 3296  epmntdrv - ok
14:08:55.0270 3296  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:08:55.0270 3296  ErrDev - ok
14:08:55.0368 3296  [ 991C04A31777ED77CB92A4F96F14C2E2 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
14:08:55.0369 3296  EuGdiDrv - ok
14:08:55.0395 3296  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:08:55.0398 3296  EventSystem - ok
14:08:55.0432 3296  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:08:55.0433 3296  exfat - ok
14:08:55.0479 3296  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:08:55.0481 3296  fastfat - ok
14:08:55.0576 3296  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:08:55.0582 3296  Fax - ok
14:08:55.0604 3296  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
14:08:55.0605 3296  fdc - ok
14:08:55.0662 3296  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:08:55.0663 3296  fdPHost - ok
14:08:55.0675 3296  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:08:55.0676 3296  FDResPub - ok
14:08:55.0689 3296  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:08:55.0690 3296  FileInfo - ok
14:08:55.0696 3296  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:08:55.0696 3296  Filetrace - ok
14:08:55.0769 3296  [ B8602C90D3C427D8A86CE60437615CF5 ] FlipShare Service C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
14:08:55.0773 3296  FlipShare Service - ok
14:08:56.0278 3296  [ AC5FB7094F31534594CAE48306972CBD ] FlipShareServer C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
14:08:56.0286 3296  FlipShareServer - ok
14:08:56.0311 3296  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:08:56.0312 3296  flpydisk - ok
14:08:56.0338 3296  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:08:56.0340 3296  FltMgr - ok
14:08:56.0382 3296  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
14:08:56.0391 3296  FontCache - ok
14:08:56.0430 3296  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:08:56.0430 3296  FontCache3.0.0.0 - ok
14:08:56.0440 3296  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:08:56.0441 3296  FsDepends - ok
14:08:56.0459 3296  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:08:56.0459 3296  Fs_Rec - ok
14:08:56.0481 3296  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:08:56.0483 3296  fvevol - ok
14:08:56.0510 3296  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:08:56.0511 3296  gagp30kx - ok
14:08:56.0531 3296  GEARAspiWDM - ok
14:08:56.0558 3296  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:08:56.0564 3296  gpsvc - ok
14:08:56.0625 3296  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:08:56.0626 3296  gupdate - ok
14:08:56.0630 3296  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:08:56.0631 3296  gupdatem - ok
14:08:56.0649 3296  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:08:56.0650 3296  hcw85cir - ok
14:08:56.0676 3296  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:08:56.0679 3296  HdAudAddService - ok
14:08:56.0715 3296  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:08:56.0716 3296  HDAudBus - ok
14:08:56.0725 3296  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:08:56.0726 3296  HidBatt - ok
14:08:56.0768 3296  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:08:56.0769 3296  HidBth - ok
14:08:56.0805 3296  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:08:56.0806 3296  HidIr - ok
14:08:56.0819 3296  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
14:08:56.0820 3296  hidserv - ok
14:08:56.0832 3296  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:08:56.0833 3296  HidUsb - ok
14:08:56.0845 3296  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:08:56.0847 3296  hkmsvc - ok
14:08:56.0853 3296  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:08:56.0856 3296  HomeGroupListener - ok
14:08:56.0875 3296  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:08:56.0878 3296  HomeGroupProvider - ok
14:08:56.0894 3296  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:08:56.0894 3296  HpSAMD - ok
14:08:56.0917 3296  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:08:56.0923 3296  HTTP - ok
14:08:56.0927 3296  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:08:56.0928 3296  hwpolicy - ok
14:08:56.0939 3296  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:08:56.0940 3296  i8042prt - ok
14:08:56.0972 3296  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:08:56.0975 3296  iaStorV - ok
14:08:57.0025 3296  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:08:57.0031 3296  idsvc - ok
14:08:57.0232 3296  [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
14:08:57.0283 3296  igfx - ok
14:08:57.0309 3296  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:08:57.0309 3296  iirsp - ok
14:08:57.0332 3296  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:08:57.0339 3296  IKEEXT - ok
14:08:57.0469 3296  [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:08:57.0484 3296  IntcAzAudAddService - ok
14:08:57.0583 3296  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
14:08:57.0588 3296  Intel® Capability Licensing Service Interface - ok
14:08:57.0601 3296  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:08:57.0602 3296  intelide - ok
14:08:57.0634 3296  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:08:57.0635 3296  intelppm - ok
14:08:57.0643 3296  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:08:57.0645 3296  IPBusEnum - ok
14:08:57.0677 3296  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:08:57.0678 3296  IpFilterDriver - ok
14:08:57.0708 3296  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:08:57.0712 3296  iphlpsvc - ok
14:08:57.0727 3296  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:08:57.0728 3296  IPMIDRV - ok
14:08:57.0743 3296  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:08:57.0744 3296  IPNAT - ok
14:08:57.0755 3296  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:08:57.0755 3296  IRENUM - ok
14:08:57.0763 3296  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:08:57.0764 3296  isapnp - ok
14:08:57.0778 3296  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:08:57.0779 3296  iScsiPrt - ok
14:08:57.0805 3296  [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
14:08:57.0805 3296  iusb3hcs - ok
14:08:57.0817 3296  [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
14:08:57.0820 3296  iusb3hub - ok
14:08:57.0841 3296  [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
14:08:57.0846 3296  iusb3xhc - ok
14:08:57.0909 3296  [ 3C4002D339491AF73D663FFC7F6E5ECB ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
14:08:57.0910 3296  jhi_service - ok
14:08:57.0919 3296  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:08:57.0920 3296  kbdclass - ok
14:08:57.0929 3296  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
14:08:57.0929 3296  kbdhid - ok
14:08:57.0937 3296  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:08:57.0939 3296  KeyIso - ok
14:08:57.0972 3296  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:08:57.0973 3296  KSecDD - ok
14:08:58.0001 3296  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:08:58.0002 3296  KSecPkg - ok
14:08:58.0006 3296  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:08:58.0006 3296  ksthunk - ok
14:08:58.0025 3296  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:08:58.0027 3296  KtmRm - ok
14:08:58.0098 3296  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:08:58.0100 3296  LanmanServer - ok
14:08:58.0127 3296  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:08:58.0131 3296  LanmanWorkstation - ok
14:08:58.0170 3296  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:08:58.0171 3296  lltdio - ok
14:08:58.0190 3296  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:08:58.0193 3296  lltdsvc - ok
14:08:58.0206 3296  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:08:58.0207 3296  lmhosts - ok
14:08:58.0304 3296  [ 4269D44BB47A6DA5D80B11F4C8536458 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:08:58.0306 3296  LMS - ok
14:08:58.0346 3296  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:08:58.0347 3296  LSI_FC - ok
14:08:58.0356 3296  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:08:58.0357 3296  LSI_SAS - ok
14:08:58.0368 3296  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:08:58.0369 3296  LSI_SAS2 - ok
14:08:58.0373 3296  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:08:58.0374 3296  LSI_SCSI - ok
14:08:58.0389 3296  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:08:58.0390 3296  luafv - ok
14:08:58.0413 3296  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:08:58.0415 3296  Mcx2Svc - ok
14:08:58.0421 3296  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:08:58.0422 3296  megasas - ok
14:08:58.0432 3296  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:08:58.0434 3296  MegaSR - ok
14:08:58.0448 3296  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
14:08:58.0449 3296  MEIx64 - ok
14:08:58.0458 3296  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:08:58.0459 3296  MMCSS - ok
14:08:58.0495 3296  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:08:58.0495 3296  Modem - ok
14:08:58.0507 3296  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:08:58.0508 3296  monitor - ok
14:08:58.0543 3296  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:08:58.0544 3296  mouclass - ok
14:08:58.0551 3296  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:08:58.0551 3296  mouhid - ok
14:08:58.0555 3296  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:08:58.0556 3296  mountmgr - ok
14:08:58.0609 3296  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:08:58.0610 3296  MozillaMaintenance - ok
14:08:58.0615 3296  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:08:58.0617 3296  mpio - ok
14:08:58.0634 3296  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:08:58.0635 3296  mpsdrv - ok
14:08:58.0669 3296  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:08:58.0676 3296  MpsSvc - ok
14:08:58.0691 3296  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:08:58.0692 3296  MRxDAV - ok
14:08:58.0715 3296  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:08:58.0716 3296  mrxsmb - ok
14:08:58.0734 3296  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:08:58.0736 3296  mrxsmb10 - ok
14:08:58.0754 3296  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:08:58.0755 3296  mrxsmb20 - ok
14:08:58.0764 3296  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:08:58.0765 3296  msahci - ok
14:08:58.0784 3296  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:08:58.0785 3296  msdsm - ok
14:08:58.0801 3296  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:08:58.0803 3296  MSDTC - ok
14:08:58.0842 3296  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:08:58.0843 3296  Msfs - ok
14:08:58.0849 3296  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:08:58.0849 3296  mshidkmdf - ok
14:08:58.0856 3296  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:08:58.0857 3296  msisadrv - ok
14:08:58.0873 3296  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:08:58.0875 3296  MSiSCSI - ok
14:08:58.0878 3296  msiserver - ok
14:08:58.0907 3296  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:08:58.0907 3296  MSKSSRV - ok
14:08:58.0916 3296  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:08:58.0916 3296  MSPCLOCK - ok
14:08:58.0925 3296  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:08:58.0926 3296  MSPQM - ok
14:08:58.0940 3296  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:08:58.0943 3296  MsRPC - ok
14:08:58.0958 3296  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:08:58.0959 3296  mssmbios - ok
14:08:58.0976 3296  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:08:58.0976 3296  MSTEE - ok
14:08:58.0986 3296  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:08:58.0987 3296  MTConfig - ok
14:08:58.0995 3296  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:08:58.0996 3296  Mup - ok
14:08:59.0049 3296  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:08:59.0054 3296  napagent - ok
14:08:59.0106 3296  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:08:59.0107 3296  NativeWifiP - ok
14:08:59.0186 3296  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:08:59.0191 3296  NDIS - ok
14:08:59.0199 3296  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:08:59.0200 3296  NdisCap - ok
14:08:59.0208 3296  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:08:59.0209 3296  NdisTapi - ok
14:08:59.0219 3296  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:08:59.0219 3296  Ndisuio - ok
14:08:59.0235 3296  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:08:59.0235 3296  NdisWan - ok
14:08:59.0249 3296  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:08:59.0250 3296  NDProxy - ok
14:08:59.0287 3296  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:08:59.0287 3296  NetBIOS - ok
14:08:59.0296 3296  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:08:59.0298 3296  NetBT - ok
14:08:59.0304 3296  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:08:59.0305 3296  Netlogon - ok
14:08:59.0328 3296  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:08:59.0331 3296  Netman - ok
14:08:59.0403 3296  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:08:59.0404 3296  NetMsmqActivator - ok
14:08:59.0425 3296  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:08:59.0426 3296  NetPipeActivator - ok
14:08:59.0451 3296  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:08:59.0456 3296  netprofm - ok
14:08:59.0478 3296  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:08:59.0480 3296  NetTcpActivator - ok
14:08:59.0483 3296  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:08:59.0485 3296  NetTcpPortSharing - ok
14:08:59.0505 3296  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:08:59.0506 3296  nfrd960 - ok
14:08:59.0538 3296  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:08:59.0541 3296  NlaSvc - ok
14:08:59.0584 3296  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:08:59.0585 3296  Npfs - ok
14:08:59.0591 3296  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:08:59.0593 3296  nsi - ok
14:08:59.0596 3296  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:08:59.0596 3296  nsiproxy - ok
14:08:59.0648 3296  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:08:59.0660 3296  Ntfs - ok
14:08:59.0674 3296  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:08:59.0674 3296  Null - ok
14:08:59.0721 3296  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:08:59.0722 3296  nvraid - ok
14:08:59.0738 3296  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:08:59.0739 3296  nvstor - ok
14:08:59.0779 3296  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:08:59.0781 3296  nv_agp - ok
14:08:59.0793 3296  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:08:59.0794 3296  ohci1394 - ok
14:08:59.0841 3296  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:08:59.0842 3296  ose - ok
14:08:59.0995 3296  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:09:00.0013 3296  osppsvc - ok
14:09:00.0088 3296  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:09:00.0090 3296  p2pimsvc - ok
14:09:00.0122 3296  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:09:00.0126 3296  p2psvc - ok
14:09:00.0133 3296  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
14:09:00.0134 3296  Parport - ok
14:09:00.0156 3296  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:09:00.0157 3296  partmgr - ok
14:09:00.0223 3296  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:09:00.0224 3296  PcaSvc - ok
14:09:00.0245 3296  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:09:00.0246 3296  pci - ok
14:09:00.0269 3296  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:09:00.0269 3296  pciide - ok
14:09:00.0287 3296  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:09:00.0289 3296  pcmcia - ok
14:09:00.0307 3296  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:09:00.0307 3296  pcw - ok
14:09:00.0337 3296  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:09:00.0341 3296  PEAUTH - ok
14:09:00.0376 3296  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:09:00.0384 3296  PeerDistSvc - ok
14:09:00.0477 3296  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:09:00.0478 3296  PerfHost - ok
14:09:00.0511 3296  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:09:00.0523 3296  pla - ok
14:09:00.0581 3296  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:09:00.0586 3296  PlugPlay - ok
14:09:00.0653 3296  [ 3072137896BFCCF4B190D248F583B48E ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
14:09:00.0657 3296  PMBDeviceInfoProvider - ok
14:09:00.0661 3296  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:09:00.0663 3296  PNRPAutoReg - ok
14:09:00.0680 3296  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:09:00.0684 3296  PNRPsvc - ok
14:09:00.0710 3296  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:09:00.0714 3296  PolicyAgent - ok
14:09:00.0741 3296  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:09:00.0744 3296  Power - ok
14:09:00.0775 3296  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:09:00.0776 3296  PptpMiniport - ok
14:09:00.0810 3296  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
14:09:00.0811 3296  Processor - ok
14:09:00.0837 3296  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:09:00.0840 3296  ProfSvc - ok
14:09:00.0846 3296  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:09:00.0847 3296  ProtectedStorage - ok
14:09:00.0916 3296  [ E2E47486F9D39145DAEA03D007587A02 ] PS3 Media Server C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe
14:09:00.0919 3296  PS3 Media Server - ok
14:09:00.0955 3296  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:09:00.0956 3296  Psched - ok
14:09:01.0010 3296  [ CD33CB6FECF65520466F95AB89CC4AF5 ] PSSDK42         C:\Windows\system32\Drivers\pssdk42.sys
14:09:01.0010 3296  PSSDK42 - ok
14:09:01.0027 3296  [ 07A3500CF1C3325568D1B85683CE4517 ] PSSDKLBF        C:\Windows\system32\Drivers\pssdklbf.sys
14:09:01.0028 3296  PSSDKLBF - ok
14:09:01.0077 3296  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:09:01.0088 3296  ql2300 - ok
14:09:01.0116 3296  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:09:01.0117 3296  ql40xx - ok
14:09:01.0142 3296  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:09:01.0145 3296  QWAVE - ok
14:09:01.0152 3296  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:09:01.0153 3296  QWAVEdrv - ok
14:09:01.0169 3296  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:09:01.0169 3296  RasAcd - ok
14:09:01.0184 3296  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:09:01.0184 3296  RasAgileVpn - ok
14:09:01.0191 3296  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:09:01.0193 3296  RasAuto - ok
14:09:01.0206 3296  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:09:01.0208 3296  Rasl2tp - ok
14:09:01.0219 3296  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:09:01.0223 3296  RasMan - ok
14:09:01.0236 3296  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:09:01.0237 3296  RasPppoe - ok
14:09:01.0248 3296  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:09:01.0248 3296  RasSstp - ok
14:09:01.0260 3296  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:09:01.0263 3296  rdbss - ok
14:09:01.0268 3296  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:09:01.0268 3296  rdpbus - ok
14:09:01.0301 3296  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:09:01.0301 3296  RDPCDD - ok
14:09:01.0320 3296  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:09:01.0322 3296  RDPDR - ok
14:09:01.0325 3296  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:09:01.0326 3296  RDPENCDD - ok
14:09:01.0330 3296  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:09:01.0331 3296  RDPREFMP - ok
14:09:01.0360 3296  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:09:01.0361 3296  RDPWD - ok
14:09:01.0367 3296  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:09:01.0368 3296  rdyboost - ok
14:09:01.0388 3296  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:09:01.0390 3296  RemoteAccess - ok
14:09:01.0395 3296  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:09:01.0397 3296  RemoteRegistry - ok
14:09:01.0418 3296  rpcapd - ok
14:09:01.0438 3296  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:09:01.0440 3296  RpcEptMapper - ok
14:09:01.0452 3296  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:09:01.0454 3296  RpcLocator - ok
14:09:01.0466 3296  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:09:01.0471 3296  RpcSs - ok
14:09:01.0480 3296  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:09:01.0481 3296  rspndr - ok
14:09:01.0531 3296  [ 8181B5E7BFC040E0B26349C73E719335 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
14:09:01.0536 3296  RTL8167 - ok
14:09:01.0561 3296  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
14:09:01.0561 3296  s3cap - ok
14:09:01.0571 3296  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:09:01.0572 3296  SamSs - ok
14:09:01.0585 3296  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:09:01.0586 3296  sbp2port - ok
14:09:01.0597 3296  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:09:01.0600 3296  SCardSvr - ok
14:09:01.0611 3296  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:09:01.0612 3296  scfilter - ok
14:09:01.0636 3296  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:09:01.0645 3296  Schedule - ok
14:09:01.0671 3296  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:09:01.0672 3296  SCPolicySvc - ok
14:09:01.0680 3296  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:09:01.0683 3296  SDRSVC - ok
14:09:01.0695 3296  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:09:01.0696 3296  secdrv - ok
14:09:01.0709 3296  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:09:01.0711 3296  seclogon - ok
14:09:01.0762 3296  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
14:09:01.0764 3296  SENS - ok
14:09:01.0769 3296  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:09:01.0771 3296  SensrSvc - ok
14:09:01.0796 3296  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:09:01.0796 3296  Serenum - ok
14:09:01.0817 3296  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:09:01.0818 3296  Serial - ok
14:09:01.0916 3296  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:09:01.0917 3296  sermouse - ok
14:09:01.0945 3296  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:09:01.0947 3296  SessionEnv - ok
14:09:01.0987 3296  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:09:01.0987 3296  sffdisk - ok
14:09:01.0990 3296  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:09:01.0990 3296  sffp_mmc - ok
14:09:02.0021 3296  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:09:02.0021 3296  sffp_sd - ok
14:09:02.0028 3296  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:09:02.0028 3296  sfloppy - ok
14:09:02.0083 3296  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:09:02.0087 3296  SharedAccess - ok
14:09:02.0105 3296  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:09:02.0109 3296  ShellHWDetection - ok
14:09:02.0121 3296  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:09:02.0121 3296  SiSRaid2 - ok
14:09:02.0133 3296  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:09:02.0134 3296  SiSRaid4 - ok
14:09:02.0147 3296  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:09:02.0148 3296  Smb - ok
14:09:02.0190 3296  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:09:02.0191 3296  SNMPTRAP - ok
14:09:02.0200 3296  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:09:02.0200 3296  spldr - ok
14:09:02.0235 3296  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
14:09:02.0239 3296  Spooler - ok
14:09:02.0295 3296  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:09:02.0311 3296  sppsvc - ok
14:09:02.0322 3296  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:09:02.0323 3296  sppuinotify - ok
14:09:02.0369 3296  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:09:02.0373 3296  srv - ok
14:09:02.0402 3296  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:09:02.0405 3296  srv2 - ok
14:09:02.0420 3296  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:09:02.0421 3296  srvnet - ok
14:09:02.0431 3296  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:09:02.0434 3296  SSDPSRV - ok
14:09:02.0443 3296  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:09:02.0445 3296  SstpSvc - ok
14:09:02.0458 3296  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:09:02.0459 3296  stexstor - ok
14:09:02.0499 3296  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:09:02.0506 3296  stisvc - ok
14:09:02.0533 3296  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
14:09:02.0534 3296  storflt - ok
14:09:02.0543 3296  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
14:09:02.0545 3296  StorSvc - ok
14:09:02.0553 3296  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:09:02.0554 3296  storvsc - ok
14:09:02.0609 3296  [ 6F715D00024CB60C2B60278425AD6EC2 ] SWDUMon         C:\Windows\system32\DRIVERS\SWDUMon.sys
14:09:02.0610 3296  SWDUMon - ok
14:09:02.0619 3296  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:09:02.0620 3296  swenum - ok
14:09:02.0632 3296  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:09:02.0637 3296  swprv - ok
14:09:02.0668 3296  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:09:02.0682 3296  SysMain - ok
14:09:02.0705 3296  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:09:02.0707 3296  TabletInputService - ok
14:09:02.0723 3296  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:09:02.0728 3296  TapiSrv - ok
14:09:02.0777 3296  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:09:02.0780 3296  TBS - ok
14:09:02.0901 3296  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:09:02.0908 3296  Tcpip - ok
14:09:02.0935 3296  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:09:02.0942 3296  TCPIP6 - ok
14:09:03.0020 3296  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:09:03.0021 3296  tcpipreg - ok
14:09:03.0035 3296  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:09:03.0036 3296  TDPIPE - ok
14:09:03.0066 3296  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:09:03.0067 3296  TDTCP - ok
14:09:03.0079 3296  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:09:03.0080 3296  tdx - ok
14:09:03.0112 3296  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:09:03.0113 3296  TermDD - ok
14:09:03.0128 3296  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:09:03.0135 3296  TermService - ok
14:09:03.0143 3296  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:09:03.0145 3296  Themes - ok
14:09:03.0167 3296  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:09:03.0169 3296  THREADORDER - ok
14:09:03.0177 3296  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:09:03.0180 3296  TrkWks - ok
14:09:03.0225 3296  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:09:03.0226 3296  TrustedInstaller - ok
14:09:03.0241 3296  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:09:03.0242 3296  tssecsrv - ok
14:09:03.0251 3296  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:09:03.0252 3296  TsUsbFlt - ok
14:09:03.0264 3296  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:09:03.0265 3296  TsUsbGD - ok
14:09:03.0302 3296  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:09:03.0304 3296  tunnel - ok
14:09:03.0397 3296  [ 7694DCA064D0B7E0D1A6972BB9C71B39 ] tvnserver       C:\Users\Brian\AppData\Local\CrossLoop\tvnserver.exe
14:09:03.0404 3296  tvnserver - ok
14:09:03.0420 3296  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:09:03.0421 3296  uagp35 - ok
14:09:03.0438 3296  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:09:03.0441 3296  udfs - ok
14:09:03.0453 3296  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:09:03.0455 3296  UI0Detect - ok
14:09:03.0490 3296  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:09:03.0491 3296  uliagpkx - ok
14:09:03.0504 3296  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:09:03.0505 3296  umbus - ok
14:09:03.0514 3296  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
14:09:03.0514 3296  UmPass - ok
14:09:03.0541 3296  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
14:09:03.0544 3296  UmRdpService - ok
14:09:03.0621 3296  [ DBE2E6388379D5CC78099650541E9566 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:09:03.0624 3296  UNS - ok
14:09:03.0642 3296  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:09:03.0647 3296  upnphost - ok
14:09:03.0691 3296  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
14:09:03.0692 3296  usbaudio - ok
14:09:03.0727 3296  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:09:03.0729 3296  usbccgp - ok
14:09:03.0737 3296  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:09:03.0739 3296  usbcir - ok
14:09:03.0777 3296  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:09:03.0777 3296  usbehci - ok
14:09:03.0884 3296  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:09:03.0887 3296  usbhub - ok
14:09:03.0921 3296  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:09:03.0922 3296  usbohci - ok
14:09:03.0992 3296  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:09:03.0992 3296  usbprint - ok
14:09:04.0069 3296  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:09:04.0070 3296  usbscan - ok
14:09:04.0095 3296  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:09:04.0096 3296  USBSTOR - ok
14:09:04.0133 3296  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:09:04.0134 3296  usbuhci - ok
14:09:04.0145 3296  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:09:04.0147 3296  UxSms - ok
14:09:04.0163 3296  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:09:04.0164 3296  VaultSvc - ok
14:09:04.0173 3296  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:09:04.0174 3296  vdrvroot - ok
14:09:04.0195 3296  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:09:04.0201 3296  vds - ok
14:09:04.0211 3296  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:09:04.0212 3296  vga - ok
14:09:04.0216 3296  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:09:04.0216 3296  VgaSave - ok
14:09:04.0226 3296  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:09:04.0227 3296  vhdmp - ok
14:09:04.0240 3296  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:09:04.0240 3296  viaide - ok
14:09:04.0258 3296  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
14:09:04.0259 3296  vmbus - ok
14:09:04.0268 3296  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
14:09:04.0268 3296  VMBusHID - ok
14:09:04.0302 3296  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:09:04.0303 3296  volmgr - ok
14:09:04.0313 3296  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:09:04.0316 3296  volmgrx - ok
14:09:04.0339 3296  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:09:04.0341 3296  volsnap - ok
14:09:04.0358 3296  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:09:04.0359 3296  vsmraid - ok
14:09:04.0391 3296  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:09:04.0403 3296  VSS - ok
14:09:04.0423 3296  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:09:04.0423 3296  vwifibus - ok
14:09:04.0438 3296  [ 1C9D80CC3849B3788048078C26486E1A ] w32time         C:\Windows\system32\w32time.dll
14:09:04.0442 3296  w32time - ok
14:09:04.0517 3296  [ B32009DB1972E7F2C227499289C4384A ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
14:09:04.0521 3296  W3SVC - ok
14:09:04.0536 3296  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:09:04.0537 3296  WacomPen - ok
14:09:04.0551 3296  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:09:04.0552 3296  WANARP - ok
14:09:04.0557 3296  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:09:04.0557 3296  Wanarpv6 - ok
14:09:04.0587 3296  [ B32009DB1972E7F2C227499289C4384A ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
14:09:04.0590 3296  WAS - ok
14:09:04.0638 3296  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:09:04.0646 3296  WatAdminSvc - ok
14:09:04.0675 3296  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:09:04.0685 3296  wbengine - ok
14:09:04.0706 3296  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:09:04.0709 3296  WbioSrvc - ok
14:09:04.0722 3296  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:09:04.0725 3296  wcncsvc - ok
14:09:04.0738 3296  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:09:04.0740 3296  WcsPlugInService - ok
14:09:04.0751 3296  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
14:09:04.0752 3296  Wd - ok
14:09:04.0826 3296  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:09:04.0832 3296  Wdf01000 - ok
14:09:04.0903 3296  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:09:04.0906 3296  WdiServiceHost - ok
14:09:04.0909 3296  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:09:04.0912 3296  WdiSystemHost - ok
14:09:04.0930 3296  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:09:04.0934 3296  WebClient - ok
14:09:04.0970 3296  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:09:04.0973 3296  Wecsvc - ok
14:09:05.0014 3296  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:09:05.0016 3296  wercplsupport - ok
14:09:05.0074 3296  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:09:05.0076 3296  WerSvc - ok
14:09:05.0100 3296  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:09:05.0101 3296  WfpLwf - ok
14:09:05.0129 3296  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:09:05.0129 3296  WIMMount - ok
14:09:05.0152 3296  WinDefend - ok
14:09:05.0158 3296  WinHttpAutoProxySvc - ok
14:09:05.0204 3296  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:09:05.0206 3296  Winmgmt - ok
14:09:05.0244 3296  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:09:05.0259 3296  WinRM - ok
14:09:05.0324 3296  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:09:05.0325 3296  WinUsb - ok
14:09:05.0344 3296  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:09:05.0353 3296  Wlansvc - ok
14:09:05.0357 3296  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
14:09:05.0357 3296  WmiAcpi - ok
14:09:05.0386 3296  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:09:05.0388 3296  wmiApSrv - ok
14:09:05.0392 3296  WMPNetworkSvc - ok
14:09:05.0397 3296  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:09:05.0400 3296  WPCSvc - ok
14:09:05.0408 3296  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:09:05.0411 3296  WPDBusEnum - ok
14:09:05.0421 3296  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:09:05.0421 3296  ws2ifsl - ok
14:09:05.0461 3296  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
14:09:05.0464 3296  wscsvc - ok
14:09:05.0467 3296  WSearch - ok
14:09:05.0528 3296  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:09:05.0545 3296  wuauserv - ok
14:09:05.0566 3296  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:09:05.0567 3296  WudfPf - ok
14:09:05.0598 3296  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:09:05.0599 3296  WUDFRd - ok
14:09:05.0609 3296  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:09:05.0612 3296  wudfsvc - ok
14:09:05.0625 3296  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:09:05.0629 3296  WwanSvc - ok
14:09:05.0635 3296  ================ Scan global ===============================
14:09:05.0657 3296  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:09:05.0692 3296  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:09:05.0700 3296  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:09:05.0720 3296  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:09:05.0749 3296  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:09:05.0753 3296  [Global] - ok
14:09:05.0754 3296  ================ Scan MBR ==================================
14:09:05.0761 3296  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:09:06.0199 3296  \Device\Harddisk0\DR0 - ok
14:09:06.0202 3296  [ 988D3C46CBD13EC7F482B833C55264C8 ] \Device\Harddisk1\DR1
14:09:06.0792 3296  \Device\Harddisk1\DR1 - ok
14:09:06.0792 3296  ================ Scan VBR ==================================
14:09:06.0794 3296  [ DC26475DEB4773A1F8BF3AC123F753D4 ] \Device\Harddisk0\DR0\Partition1
14:09:06.0795 3296  \Device\Harddisk0\DR0\Partition1 - ok
14:09:06.0809 3296  [ A9F98DAC869D48C1B9343A9866BEEBAF ] \Device\Harddisk0\DR0\Partition2
14:09:06.0810 3296  \Device\Harddisk0\DR0\Partition2 - ok
14:09:06.0831 3296  [ AB93658DD05666183B356D1B10B97790 ] \Device\Harddisk0\DR0\Partition3
14:09:06.0834 3296  \Device\Harddisk0\DR0\Partition3 - ok
14:09:06.0845 3296  [ C79564B7F37100622EC976C332A18F59 ] \Device\Harddisk0\DR0\Partition4
14:09:06.0847 3296  \Device\Harddisk0\DR0\Partition4 - ok
14:09:06.0863 3296  [ D87AE573D2F1F4998F520DE65BD7FB0C ] \Device\Harddisk0\DR0\Partition5
14:09:06.0865 3296  \Device\Harddisk0\DR0\Partition5 - ok
14:09:06.0880 3296  [ C075E4587F69F3135CDE7917ACD8FFE7 ] \Device\Harddisk0\DR0\Partition6
14:09:06.0882 3296  \Device\Harddisk0\DR0\Partition6 - ok
14:09:06.0885 3296  [ CB08EED30D5756B9B5DD40CD841FCF12 ] \Device\Harddisk1\DR1\Partition1
14:09:06.0887 3296  \Device\Harddisk1\DR1\Partition1 - ok
14:09:06.0887 3296  ============================================================
14:09:06.0887 3296  Scan finished
14:09:06.0887 3296  ============================================================
14:09:06.0898 5156  Detected object count: 0
14:09:06.0898 5156  Actual detected object count: 0
 
 
aswMBR log (av Quickscan):

 

 

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-17 14:13:29
-----------------------------
14:13:29.502    OS Version: Windows x64 6.1.7601 Service Pack 1
14:13:29.502    Number of processors: 4 586 0x2A07
14:13:29.502    ComputerName: LITTLEOFFICE-PC  UserName: Brian
14:13:30.226    Initialize success
14:17:41.330    AVAST engine defs: 13021700
14:18:22.080    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
14:18:22.082    Disk 0 Vendor: ST1000DM003-9YN162 CC4C Size: 953869MB BusType: 11
14:18:22.109    Disk 0 MBR read successfully
14:18:22.112    Disk 0 MBR scan
14:18:22.116    Disk 0 Windows 7 default MBR code
14:18:22.123    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:18:22.132    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       541079 MB offset 208848
14:18:22.137    Disk 0 Partition - 00     0F Extended LBA            412685 MB offset 1108340415
14:18:22.154    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        99998 MB offset 1108340478
14:18:22.160    Disk 0 Partition - 00     05     Extended            129994 MB offset 1313137035
14:18:22.176    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       129994 MB offset 1313137098
14:18:22.183    Disk 0 Partition - 00     05     Extended            129994 MB offset 1784162835
14:18:22.202    Disk 0 Partition 5 00     07    HPFS/NTFS NTFS       129994 MB offset 1579366278
14:18:22.211    Disk 0 Partition - 00     05     Extended             52697 MB offset 2316621195
14:18:22.228    Disk 0 Partition 6 00     07    HPFS/NTFS NTFS        52697 MB offset 1845595458
14:18:22.275    Disk 0 scanning C:\Windows\system32\drivers
14:18:31.168    Service scanning
14:18:44.752    Modules scanning
14:18:44.760    Disk 0 trace - called modules:
14:18:44.780    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
14:18:44.786    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d7d0060]
14:18:44.791    3 CLASSPNP.SYS[fffff8800141743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800d239060]
14:18:45.957    AVAST engine scan C:\Windows
14:18:48.099    AVAST engine scan C:\Windows\system32
14:21:05.761    AVAST engine scan C:\Windows\system32\drivers
14:21:24.894    AVAST engine scan C:\Users\Brian
14:24:02.567    AVAST engine scan C:\ProgramData
14:24:34.749    Scan finished successfully
14:24:54.147    Disk 0 MBR has been saved successfully to "C:\Users\Brian\Desktop\MBR.dat"
14:24:54.150    The log file has been saved successfully to "C:\Users\Brian\Desktop\aswMBR.txt"

Edited by traintracks81, 17 February 2013 - 03:50 PM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:20 AM

Posted 17 February 2013 - 03:52 PM

Hi Brian,

We need to dig even deeper into your computer. It is continuing to be reinfected. Please do this for me.

===================================================

GET xPUD MBR Dump

--------------------

For this step you will need a USB device and a blank CD. I have provided step by step instructions for this process in order to simplify the detailed task.
  • Download GETxPUD.exe to the desktop of your clean computer
  • Double click the Getxpud1.jpg icon
  • Click Run
  • Double click the Getxpudfolder.jpg folder which should now be on your desktop
  • Double click on getburn.jpg
  • The program will download xpud_0.9.2.iso, and when it is finished it will open a BurnCDCC window

BurnCDCC.jpg

  • Click on Start, insert a blank CD when instructed, then click OK
  • When completed, the CD will eject for removal
  • Remove the CD and insert it and the USB device into the infected computer
  • Boot the infected computer with the CD you just burned
  • As the computer boots up gently tap F12 and choose to boot from the CD by using the keyboard arrow keys to highlight CD/DVD and then hit Enter
  • At the first screen select English
  • A Welcome to xPUD screen will appear
  • Press File
  • Under File System on the left hand side click on the triangle symbol to expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Double click on the folder that represents your USB drive (sdb1 ?).
  • If you do not see it, please remove the USB device, wait about 5 seconds, reinsert it, then click on the Refresh icon to the left of the house icon near the top of your screen. It should be added under mnt
  • On the top bar select Tool then select Open Terminal
  • Now please type the following and press Enter. Makes sure there is a space between the different colors.

dd if=/dev/sda of=mbr.bin bs=512 count=1

  • After it has finished (within just a few seconds) a file will be located on your USB drive named mbr.bin. Please ensure the file is there
  • Remove the USB drive, insert it back in your working computer
  • Navigate to mbr.bin, zip the file, and attach it to your next reply.
===================================================

Things I would like to see in your next reply. icon_thumb.gif
  • mbr.zip

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 traintracks81

traintracks81
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 17 February 2013 - 04:25 PM

I burned two copies of the xPud, but when I reboot to the CD I select English and then NO GUI. Throws errors that no screens were found. Suggestions?



#13 traintracks81

traintracks81
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 17 February 2013 - 04:37 PM

Also anything that was created on 2013/2/17 I can say is suspicious:

 

 

"c:\users\Abbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\009d0.js"
"c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\009d0.js"

 

2013-02-17 09:00 . 2013-02-17 09:55    47224    ----a-w-    c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0c0.js

2013-02-17 02:01 . 2013-02-17 02:01    --------    d-----w-    C:\4192

 

 

 Directory of C:\4192 ----
.
2013-02-17 02:01 . 2013-02-17 18:27    10    ----a-w-    c:\4192\5c8
2013-02-17 02:01 . 2013-02-17 02:01    12    ----a-w-    c:\4192\57c
2013-02-17 02:01 . 2013-02-17 02:01    10    ----a-w-    c:\4192\57d
2013-02-17 02:01 . 2013-02-17 02:01    7    ----a-w-    c:\4192\494
2013-02-17 02:01 . 2013-02-17 02:01    13    ----a-w-    c:\4192\4d4d
 
 
and anything else that calls for <random numbers>.js
 
I don't know if this helps any, but I'm trying.  I'll shut up now and let you do your magic!guitar.gif


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:20 AM

Posted 17 February 2013 - 05:36 PM

Hi Brian,

Thanks for trying. That error is related to a video driver issue. We are going to try to use a different program.

You are very observant! Those entries are troublesome and variations keep reappearing.

Let's do this.

===================================================

Ubuntu MRB Report Using a USB

--------------
  • You will need a USB device with at least 2 GB of space. Warning: During this process all information will be removed from your USB device.
  • Download Ubuntu Live Ubuntu 12.04 LTS (either 64 or 32 bit) and save it to your desktop. This is a large file so allow it some time to download.
  • Download Pen Drive Linux's USB Installer and save it to your desktop
  • Double click the Universal-USB-Installer icon, select Run, then I Agree
  • On the dropdown list under Step 1 select Ubuntu 12.04 Desktop you downloaded to your desktop

create-usb-windows-1-12.png

  • Select the Browse button under Step 2, locate, and double click the Ubuntu file you downloaded to your desktop

create-usb-windows-2-12.png
create-usb-windows-3.png

  • Select your USB device under Step 3

create-usb-windows-4-12.png

  • Place a check mark in the Format (your USB drive letter, i.e E):\ Drive (Erases Content) box
  • Disregard Step 4
  • Click Create, then Yes
  • Once the process has completed click Close
  • With the USB device inserted into the infected computer restart your computer
  • If your computer does not automatically boot from the USB device please see here
  • Select Run from USB device
  • Please allow the program to automatically load to the Ubuntu desktop
  • Select English, then click Try Ubuntu
  • Click on the Dash Home icon located just underneath the Ubuntu Desktop title bar at the top
  • Type terminal in the search box then press Enter
  • A command prompt window
  • Now please type the following and press Enter. Makes sure there is a space between the different colors.

sudo dd if=/dev/sda of=mbr.txt bs=512 count=1

  • Type Exit then press Enter
  • A mbr.txt file will be created in your Home folder
  • Type Exit then press Enter
  • Click on the Home Folder which is most likely the third icon down on the left
  • Under Devices please check to make sure PENDRIVE is listed (if that is not present remove the USB device and plug it back in)
  • Drag and Drop the mbr.txt file from the Home folder into PENDRIVE
  • Left click on PENDRIVE and make sure mbr.txt is listed to the right
  • In the upper right hand corner of your screen select the icon just to the right of the time
  • Click Shut down...
  • Remove the USB device from your computer and insert it into your clean computer
  • Attach (do not copy and paste) the mbr.txt file in your reply
==================================================
 
Things I would like to see in your next reply. icon_thumb.gif
  • mbr.txt attachment

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 traintracks81

traintracks81
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 17 February 2013 - 06:37 PM

Hope this is what you needed!

Attached Files

  • Attached File  mbr.txt   512bytes   2 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users