Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IRP Hook detected - it disappears and comes back.


  • This topic is locked This topic is locked
30 replies to this topic

#1 Rieuna

Rieuna

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 AM

Posted 22 July 2013 - 08:35 PM

Hello! I don't know if I'm just paranoid, but it's a problem that's been bugging me. Several days ago I scanned my computer with AVG free and it detected 9 IRP hooks. I looked around online and tried to fix it on my own. After using TDSS killer, I used the "copy to quarantine" option and the errors detected would come back next scan, AVG's rootkit scan didn't pick up anything. The next day I scanned my computer again and AVG picked up 5 IRP hooks, I repeated the TDSS killer scan and AVG's scan turned up to zero. The day after the same thing happened except AVG initially only picked up 2 IRP hooks, I also didn't use TDSS killer this time. Today I did a scan and 1 IRP hook was detected as:

 

"IRP hook, \Driver\HidUsb_MJ_CREATE -> HIDCLASS.SYS +0x2710"

 

After the scan ended I immediately started up a full computer scan from AVG (without opening TDSS killer at all) and then nothing was detected. The IRP hook it found earlier vanished. And I did another AVG rootkit scan right after the full computer scan, and 0 detections.

 

I'm concerned, because I'm sure the next time I turn on my computer again, the next day, AVG will pick up another IRP hook.

 

I also scanned my computer with MBAM. The first time it caught "Trojan.Shutdowner". The days after that MBAM didn't pick up any malware.

 

 

Here is the DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635
Run by Rieuna at 17:54:13 on 2013-07-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.1656 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Rieuna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Users\Rieuna\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Users\Rieuna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\Rieuna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rieuna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rieuna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rieuna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rieuna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Users\Rieuna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rieuna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rieuna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Users\Rieuna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rieuna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rieuna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=AVBR
uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll
uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: uTorrentControl_v2 Toolbar: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [GoogleChromeAutoLaunch_45000608D465E7B75DDD3DB4E541D796] "C:\Users\Rieuna\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\Rieuna\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Rieuna\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~2.LNK - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TEGAKI~1.LNK - C:\Windows\Installer\{C47A4960-C507-48EE-8150-4F4C9F93B952}\_93DC6F70206D2A59616F6D.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Free YouTube Download - C:\Users\Rieuna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: $talisma_url$
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{39702FE2-846E-43C4-9E56-A6E438AD8184} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{39702FE2-846E-43C4-9E56-A6E438AD8184}\144545333363 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{39702FE2-846E-43C4-9E56-A6E438AD8184}\2375942554432353 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{39702FE2-846E-43C4-9E56-A6E438AD8184}\2375942554838393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{39702FE2-846E-43C4-9E56-A6E438AD8184}\255435E45445D27514252554E4 : DHCPNameServer = 132.239.0.252 128.54.16.2
TCP: Interfaces\{39702FE2-846E-43C4-9E56-A6E438AD8184}\44D2C496E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{39702FE2-846E-43C4-9E56-A6E438AD8184}\46C696E6B6 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rieuna\AppData\Roaming\Mozilla\Firefox\Profiles\2ir8y1zn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mitigated.wordpress.com/wp-admin/post-new.php
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B25837e29-8388-4e57-80a2-b4e00744bf01%7D&mid=a439d2d637da47d090ea429af85ce961-fd5517f335d741243a9c14bf7a758d18a073ef77&ds=AVG&v=12.2.5.34&lang=en&pr=pr&d=2012-09-18%2013%3A35%3A10&sap=ku&q=
FF - ExtSQL: 2013-06-16 00:14; ytd@mybrowserbar.com; C:\Program Files (x86)\YTD Toolbar\FF
FF - ExtSQL: !HIDDEN! 2011-03-27 20:00; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 DVMIO;DeviceVM IO Service;C:\Windows\System32\drivers\dvmio.sys [2010-1-29 20056]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2010-7-15 89600]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-2-8 338168]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-3 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-3 701512]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2012-9-8 441344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2011-3-20 8518008]
R2 TouchServiceWacom;Wacom Professional Touch Service;C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [2012-5-31 567672]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-15 2533400]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-30 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-10 158720]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-7-26 25928]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2012-5-31 13688]
S3 hpdoccardsvc;HP Documention Flash Card Detection Service;C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-3-24 83240]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-15 232992]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-15 295424]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2012-5-31 65912]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2011-3-20 13312]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2012-5-31 15736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-19 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-07-22 09:47:13 -------- d-----w- C:\Windows\System32\MRT
2013-07-20 03:24:31 -------- d-----w- C:\TDSSKiller_Quarantine
2013-07-20 00:32:15 -------- d-sh--w- C:\$RECYCLE.BIN
2013-07-20 00:14:17 98816 ----a-w- C:\Windows\sed.exe
2013-07-20 00:14:17 256000 ----a-w- C:\Windows\PEV.exe
2013-07-20 00:14:17 208896 ----a-w- C:\Windows\MBR.exe
2013-07-10 09:09:00 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-10 09:09:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-09 21:12:21 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-09 21:11:57 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-09 21:11:57 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-05 08:47:35 -------- d-----w- C:\Users\Rieuna\AppData\Roaming\To the Moon - Freebird Games
2013-07-05 08:47:06 291827 ----a-w- C:\Windows\To the Moon Uninstaller.exe
2013-07-05 08:47:02 -------- d-----w- C:\Program Files (x86)\To the Moon
.
==================== Find3M  ====================
.
2013-07-19 18:54:50 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-19 18:54:50 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-01 10:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 10:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
.
============= FINISH: 17:55:04.01 ===============
 

 

EDIT: I forgot to mention that I tried to to a system restore to an earlier date, but it always failed.

Attached Files


Edited by Rieuna, 22 July 2013 - 08:39 PM.


BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:04 AM

Posted 24 July 2013 - 10:32 AM

Hi and Welcome!!
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to this topic so that you can see when there are new responses.
  • IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
 
Having said that.... vegeta_zps7f4345cf.gifLet's get going!!
----------
 
aswmbr-1-1.jpg Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

aswmbrscan.jpg
Click the image to enlarge it
----------
 
 
adwcleaner.jpgAdwCleaner

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 Rieuna

Rieuna
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 AM

Posted 24 July 2013 - 04:28 PM

Hi Jeff! Thanks for the help!

 

Here is the aswMBR log:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-24 13:56:32
-----------------------------
13:56:32.630    OS Version: Windows x64 6.1.7601 Service Pack 1
13:56:32.630    Number of processors: 4 586 0x2505
13:56:32.631    ComputerName: VBAO  UserName: 
13:56:38.105    Initialize success
13:59:29.651    AVAST engine defs: 13072401
14:03:27.268    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:03:27.275    Disk 0 Vendor: TOSHIBA_ LH00 Size: 476940MB BusType: 3
14:03:27.385    Disk 0 MBR read successfully
14:03:27.390    Disk 0 MBR scan
14:03:27.397    Disk 0 unknown MBR code
14:03:27.409    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
14:03:27.418    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       455124 MB offset 409600
14:03:27.446    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        21512 MB offset 932503552
14:03:27.470    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
14:03:27.513    Disk 0 scanning C:\Windows\system32\drivers
14:03:39.396    Service scanning
14:04:04.189    Modules scanning
14:04:04.203    Disk 0 trace - called modules:
14:04:04.346    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll 
14:04:04.356    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f68060]
14:04:04.364    3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa800509db10]
14:04:04.372    5 hpdskflt.sys[fffff88001baa189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f3b050]
14:04:07.216    AVAST engine scan C:\Windows
14:04:11.498    AVAST engine scan C:\Windows\system32
14:08:10.606    AVAST engine scan C:\Windows\system32\drivers
14:08:22.023    AVAST engine scan C:\Users\Rieuna
14:10:39.368    Disk 0 MBR has been saved successfully to "C:\Users\Rieuna\Desktop\MBR.dat"
14:10:39.375    The log file has been saved successfully to "C:\Users\Rieuna\Desktop\aswMBRlog.txt"
 
 

 

 

And here is the AdwCleaner log:

 

# AdwCleaner v2.306 - Logfile created 07/24/2013 at 14:13:39
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Rieuna - VBAO
# Boot Mode : Normal
# Running from : C:\Users\Rieuna\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : DvmMDES
 
***** [Files / Folders] *****
 
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\uTorrentControl_v2
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\Users\Rieuna\AppData\Local\Conduit
Folder Deleted : C:\Users\Rieuna\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Rieuna\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Rieuna\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Rieuna\AppData\LocalLow\uTorrentControl_v2
Folder Deleted : C:\Users\Rieuna\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Rieuna\AppData\Roaming\Mozilla\Firefox\Profiles\2ir8y1zn.default\jetpack
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\uTorrentControl_v2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{263B59F8-56BF-402B-894F-F2EF1EFBE27E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33DDD1B1-720E-4A1D-AB5C-6CE0A6F6633D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v20.0.1 (en-US)
 
File : C:\Users\Rieuna\AppData\Roaming\Mozilla\Firefox\Profiles\2ir8y1zn.default\prefs.js
 
C:\Users\Rieuna\AppData\Roaming\Mozilla\Firefox\Profiles\2ir8y1zn.default\user.js ... Deleted !
 
Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("browser.bdtoolbar.orig_searchEngine", "Ask.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7B25837e29-8388-4e57-80a2-b4e00744bf01[...]
Deleted : user_pref("myqna.searchquotes", "Y");
Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3220468");
Deleted : user_pref("smartbar.machineId", "6TYAHXPQXXIP343PNNPKJLJBVFEPDUOBMH2VOYMVVYXLIVKS5I2YSHRLNWD3GH/Q46T[...]
 
-\\ Google Chrome v28.0.1500.72
 
File : C:\Users\Rieuna\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [9009 octets] - [19/07/2013 18:21:14]
AdwCleaner[S1].txt - [357 octets] - [19/07/2013 18:21:46]
AdwCleaner[S2].txt - [8991 octets] - [24/07/2013 14:13:39]
 
########## EOF - C:\AdwCleaner[S2].txt - [9051 octets] ##########


#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:04 AM

Posted 24 July 2013 - 06:46 PM

ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 Rieuna

Rieuna
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 AM

Posted 24 July 2013 - 07:44 PM

Here are the results for the combofix scan:

 

ComboFix 13-07-24.03 - Rieuna 07/24/2013  17:02:31.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.2073 [GMT -7:00]
Running from: c:\users\Rieuna\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-25 to 2013-07-25  )))))))))))))))))))))))))))))))
.
.
2013-07-25 00:12 . 2013-07-25 00:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-25 00:12 . 2013-07-25 00:12 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-07-22 09:47 . 2013-07-22 09:49 -------- d-----w- c:\windows\system32\MRT
2013-07-20 03:24 . 2013-07-22 01:26 -------- d-----w- C:\TDSSKiller_Quarantine
2013-07-10 09:09 . 2013-06-07 03:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-10 09:09 . 2013-06-07 02:37 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-07-09 21:12 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-09 21:11 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-09 21:11 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-05 08:47 . 2013-07-06 04:08 -------- d-----w- c:\users\Rieuna\AppData\Roaming\To the Moon - Freebird Games
2013-07-05 08:47 . 2013-07-05 08:47 291827 ----a-w- c:\windows\To the Moon Uninstaller.exe
2013-07-05 08:47 . 2013-07-05 08:47 -------- d-----w- c:\program files (x86)\To the Moon
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-19 18:54 . 2012-04-02 17:21 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-19 18:54 . 2011-05-16 08:00 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-24 07:57 . 2011-03-20 06:22 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-05-13 05:51 . 2013-06-11 19:48 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-11 19:48 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-11 19:48 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-11 19:48 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-11 19:48 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-11 19:48 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-11 19:48 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-11 19:48 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-11 19:48 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-11 19:48 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-11 19:48 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-11 19:48 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-11 19:48 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-01 10:59 . 2013-05-01 10:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 10:59 . 2013-05-01 10:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-30 10:17 . 2013-04-30 10:17 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 10:17 . 2013-04-30 10:17 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 10:17 . 2013-04-30 10:17 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 10:17 . 2013-04-30 10:17 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-30 10:17 . 2013-04-30 10:17 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-30 10:17 . 2013-04-30 10:17 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-30 10:17 . 2013-04-30 10:17 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-30 10:17 . 2013-04-30 10:17 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-30 10:17 . 2013-04-30 10:17 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-30 10:17 . 2013-04-30 10:17 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 10:17 . 2013-04-30 10:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-30 10:17 . 2013-04-30 10:17 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-30 10:17 . 2013-04-30 10:17 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-30 10:17 . 2013-04-30 10:17 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 10:17 . 2013-04-30 10:17 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-30 10:17 . 2013-04-30 10:17 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-30 10:17 . 2013-04-30 10:17 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-30 10:17 . 2013-04-30 10:17 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-30 10:17 . 2013-04-30 10:17 441856 ----a-w- c:\windows\system32\html.iec
2013-04-30 10:17 . 2013-04-30 10:17 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 10:17 . 2013-04-30 10:17 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-30 10:17 . 2013-04-30 10:17 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-30 10:17 . 2013-04-30 10:17 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 10:17 . 2013-04-30 10:17 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-30 10:17 . 2013-04-30 10:17 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-30 10:17 . 2013-04-30 10:17 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-30 10:17 . 2013-04-30 10:17 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-30 10:17 . 2013-04-30 10:17 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 10:17 . 2013-04-30 10:17 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-30 10:17 . 2013-04-30 10:17 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-30 10:17 . 2013-04-30 10:17 235008 ----a-w- c:\windows\system32\url.dll
2013-04-30 10:17 . 2013-04-30 10:17 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 10:17 . 2013-04-30 10:17 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-30 10:17 . 2013-04-30 10:17 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-30 10:17 . 2013-04-30 10:17 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 10:17 . 2013-04-30 10:17 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 10:17 . 2013-04-30 10:17 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 10:17 . 2013-04-30 10:17 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 10:17 . 2013-04-30 10:17 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-30 10:17 . 2013-04-30 10:17 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-30 10:17 . 2013-04-30 10:17 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 10:17 . 2013-04-30 10:17 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 10:17 . 2013-04-30 10:17 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-30 10:17 . 2013-04-30 10:17 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 10:17 . 2013-04-30 10:17 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-30 10:17 . 2013-04-30 10:17 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 10:17 . 2013-04-30 10:17 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-30 10:17 . 2013-04-30 10:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 10:17 . 2013-04-30 10:17 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-26 05:51 . 2013-06-11 19:48 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-11 19:48 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Rieuna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Rieuna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Rieuna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-01-28 1712184]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2012-05-30 4331392]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-07-10 1672616]
"GoogleChromeAutoLaunch_45000608D465E7B75DDD3DB4E541D796"="c:\users\Rieuna\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-07-12 846288]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Envy Guides AutoPlay"="c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe" [2010-03-24 76584]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\Rieuna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Rieuna\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2013-4-24 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-3-25 113664]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
TEGAKI Messenger.lnk - c:\windows\Installer\{C47A4960-C507-48EE-8150-4F4C9F93B952}\_93DC6F70206D2A59616F6D.exe [2011-8-12 16958]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Appddb;Appddb; [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys;c:\windows\SYSNATIVE\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys;c:\windows\SYSNATIVE\DRIVERS\dvmio.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [x]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:54]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-21 09:47]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-21 09:47]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3586537-3623361871-3243585594-1000Core.job
- c:\users\Rieuna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31 17:04]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3586537-3623361871-3243585594-1000UA.job
- c:\users\Rieuna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31 17:04]
.
2013-07-15 c:\windows\Tasks\HPCeeScheduleForRieuna.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Rieuna\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Rieuna\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Rieuna\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Rieuna\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-14 487424]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=AVBR
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Free YouTube Download - c:\users\Rieuna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Rieuna\AppData\Roaming\Mozilla\Firefox\Profiles\2ir8y1zn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mitigated.wordpress.com/wp-admin/post-new.php
FF - ExtSQL: 2013-06-16 00:14; ytd@mybrowserbar.com; c:\program files (x86)\YTD Toolbar\FF
FF - ExtSQL: !HIDDEN! 2011-03-27 20:00; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-12880176.sys
SafeBoot-16833078.sys
SafeBoot-63634050.sys
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-24  17:26:21
ComboFix-quarantined-files.txt  2013-07-25 00:26
ComboFix2.txt  2013-07-20 00:50
.
Pre-Run: 90,010,824,704 bytes free
Post-Run: 89,735,995,392 bytes free
.
- - End Of File - - F29793C6A0F77E7DC4F8D54839333FDC
D41D8CD98F00B204E9800998ECF8427E
 

 



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:04 AM

Posted 25 July 2013 - 09:01 PM

Hi,
 
Sorry for any delay...I had extra work hours today and then coaching my son's football team.
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    DDS::
    Trusted Zone: $talisma_url$
     
    Firefox::
    FF - ProfilePath - c:\users\Rieuna\AppData\Roaming\Mozilla\Firefox\Profiles\2ir8y1zn.default\
    FF - ExtSQL: 2013-06-16 00:14; ytd@mybrowserbar.com; c:\program files (x86)\YTD Toolbar\FF

     

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

 

Post the new ComboFix log and let me know how your system is running now.   :)


Edited by jeffce, 25 July 2013 - 09:01 PM.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 Rieuna

Rieuna
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 AM

Posted 26 July 2013 - 12:16 AM

Hello! It's no biggie, we all have very busy lives. I'm glad to hear from you.

 

My computer has been slowing down lately. And at the beginning AVG scans didn't show anything. But I ran a scan just now and it picked up 9 rootkits. Below is what it said:

 

 

"";"IRP hook, \Driver\HidUsb IRP_MJ_CLOSE -> HIDCLASS.SYS +0x2710, C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"Cannot be cleaned
Remove manually"
"";"IRP hook, \Driver\HidUsb IRP_MJ_CREATE -> HIDCLASS.SYS +0x2710, C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"Cannot be cleaned
Remove manually"
"";"IRP hook, \Driver\HidUsb IRP_MJ_DEVICE_CONTROL -> HIDCLASS.SYS +0x2710, C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"Cannot be cleaned
Remove manually"
"";"IRP hook, \Driver\HidUsb IRP_MJ_INTERNAL_DEVICE_CONTROL -> HIDCLASS.SYS +0x2710, C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"Cannot be cleaned
Remove manually"
"";"IRP hook, \Driver\HidUsb IRP_MJ_PNP -> HIDCLASS.SYS +0x2710, C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"Cannot be cleaned
Remove manually"
"";"IRP hook, \Driver\HidUsb IRP_MJ_POWER -> HIDCLASS.SYS +0x2710, C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"Cannot be cleaned
Remove manually"
"";"IRP hook, \Driver\HidUsb IRP_MJ_READ -> HIDCLASS.SYS +0x2710, C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"Cannot be cleaned
Remove manually"
"";"IRP hook, \Driver\HidUsb IRP_MJ_SYSTEM_CONTROL -> HIDCLASS.SYS +0x2710, C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"Cannot be cleaned
Remove manually"
"";"IRP hook, \Driver\HidUsb IRP_MJ_WRITE -> HIDCLASS.SYS +0x2710, C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"Cannot be cleaned
Remove manually"
 
 
I ran a second scan with AVG after the one above finished and it didn't detect anything. These rootkits seem to come back every time I restart my computer.
 
 
 
Here is the log from ComboFix:
 
ComboFix 13-07-25.02 - Rieuna 07/25/2013  21:20:13.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.2299 [GMT -7:00]
Running from: c:\users\Rieuna\Desktop\ComboFix.exe
Command switches used :: c:\users\Rieuna\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-26 to 2013-07-26  )))))))))))))))))))))))))))))))
.
.
2013-07-26 04:31 . 2013-07-26 04:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-26 04:31 . 2013-07-26 04:31 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-07-22 09:47 . 2013-07-22 09:49 -------- d-----w- c:\windows\system32\MRT
2013-07-20 03:24 . 2013-07-22 01:26 -------- d-----w- C:\TDSSKiller_Quarantine
2013-07-10 09:09 . 2013-06-07 03:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-10 09:09 . 2013-06-07 02:37 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-07-09 21:12 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-09 21:11 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-09 21:11 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-05 08:47 . 2013-07-06 04:08 -------- d-----w- c:\users\Rieuna\AppData\Roaming\To the Moon - Freebird Games
2013-07-05 08:47 . 2013-07-05 08:47 291827 ----a-w- c:\windows\To the Moon Uninstaller.exe
2013-07-05 08:47 . 2013-07-05 08:47 -------- d-----w- c:\program files (x86)\To the Moon
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-19 18:54 . 2012-04-02 17:21 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-19 18:54 . 2011-05-16 08:00 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-24 07:57 . 2011-03-20 06:22 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-05-13 05:51 . 2013-06-11 19:48 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-11 19:48 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-11 19:48 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-11 19:48 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-11 19:48 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-11 19:48 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-11 19:48 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-11 19:48 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-11 19:48 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-11 19:48 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-11 19:48 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-11 19:48 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-11 19:48 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-01 10:59 . 2013-05-01 10:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 10:59 . 2013-05-01 10:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-30 10:17 . 2013-04-30 10:17 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 10:17 . 2013-04-30 10:17 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 10:17 . 2013-04-30 10:17 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 10:17 . 2013-04-30 10:17 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-30 10:17 . 2013-04-30 10:17 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-30 10:17 . 2013-04-30 10:17 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-30 10:17 . 2013-04-30 10:17 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-30 10:17 . 2013-04-30 10:17 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-30 10:17 . 2013-04-30 10:17 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-30 10:17 . 2013-04-30 10:17 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 10:17 . 2013-04-30 10:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-30 10:17 . 2013-04-30 10:17 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-30 10:17 . 2013-04-30 10:17 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-30 10:17 . 2013-04-30 10:17 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 10:17 . 2013-04-30 10:17 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-30 10:17 . 2013-04-30 10:17 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-30 10:17 . 2013-04-30 10:17 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-30 10:17 . 2013-04-30 10:17 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-30 10:17 . 2013-04-30 10:17 441856 ----a-w- c:\windows\system32\html.iec
2013-04-30 10:17 . 2013-04-30 10:17 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 10:17 . 2013-04-30 10:17 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-30 10:17 . 2013-04-30 10:17 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-30 10:17 . 2013-04-30 10:17 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 10:17 . 2013-04-30 10:17 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-30 10:17 . 2013-04-30 10:17 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-30 10:17 . 2013-04-30 10:17 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-30 10:17 . 2013-04-30 10:17 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-30 10:17 . 2013-04-30 10:17 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 10:17 . 2013-04-30 10:17 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-30 10:17 . 2013-04-30 10:17 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-30 10:17 . 2013-04-30 10:17 235008 ----a-w- c:\windows\system32\url.dll
2013-04-30 10:17 . 2013-04-30 10:17 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 10:17 . 2013-04-30 10:17 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-30 10:17 . 2013-04-30 10:17 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-30 10:17 . 2013-04-30 10:17 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 10:17 . 2013-04-30 10:17 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 10:17 . 2013-04-30 10:17 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 10:17 . 2013-04-30 10:17 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 10:17 . 2013-04-30 10:17 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-30 10:17 . 2013-04-30 10:17 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-30 10:17 . 2013-04-30 10:17 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 10:17 . 2013-04-30 10:17 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 10:17 . 2013-04-30 10:17 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-30 10:17 . 2013-04-30 10:17 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 10:17 . 2013-04-30 10:17 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-30 10:17 . 2013-04-30 10:17 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 10:17 . 2013-04-30 10:17 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-30 10:17 . 2013-04-30 10:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 10:17 . 2013-04-30 10:17 77312 ----a-w- c:\windows\system32\tdc.ocx
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Rieuna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Rieuna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Rieuna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-01-28 1712184]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2012-05-30 4331392]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-07-10 1672616]
"GoogleChromeAutoLaunch_45000608D465E7B75DDD3DB4E541D796"="c:\users\Rieuna\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-07-12 846288]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Envy Guides AutoPlay"="c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe" [2010-03-24 76584]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\Rieuna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Rieuna\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2013-4-24 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-3-25 113664]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
TEGAKI Messenger.lnk - c:\windows\Installer\{C47A4960-C507-48EE-8150-4F4C9F93B952}\_93DC6F70206D2A59616F6D.exe [2011-8-12 16958]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Appddb;Appddb; [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys;c:\windows\SYSNATIVE\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys;c:\windows\SYSNATIVE\DRIVERS\dvmio.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [x]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:54]
.
2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-21 09:47]
.
2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-21 09:47]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3586537-3623361871-3243585594-1000Core.job
- c:\users\Rieuna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31 17:04]
.
2013-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3586537-3623361871-3243585594-1000UA.job
- c:\users\Rieuna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31 17:04]
.
2013-07-15 c:\windows\Tasks\HPCeeScheduleForRieuna.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Rieuna\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Rieuna\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Rieuna\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Rieuna\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-14 487424]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=AVBR
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Free YouTube Download - c:\users\Rieuna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Rieuna\AppData\Roaming\Mozilla\Firefox\Profiles\2ir8y1zn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mitigated.wordpress.com/wp-admin/post-new.php
FF - ExtSQL: 2013-06-16 00:14; ytd@mybrowserbar.com; c:\program files (x86)\YTD Toolbar\FF
FF - ExtSQL: !HIDDEN! 2011-03-27 20:00; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-25  21:42:51
ComboFix-quarantined-files.txt  2013-07-26 04:42
ComboFix2.txt  2013-07-25 00:26
ComboFix3.txt  2013-07-20 00:50
.
Pre-Run: 87,762,280,448 bytes free
Post-Run: 87,473,061,888 bytes free
.
- - End Of File - - 2D097996FD28523B0ABD0C927FB1A023
D41D8CD98F00B204E9800998ECF8427E
 

 

 
 

 



#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:04 AM

Posted 26 July 2013 - 06:50 AM

Hi,
 
Thanks for letting me know how your system is responding.   :)
 
mbarrrrr_zps191062b8.jpgMalwarebytes Anti-Rootkit
 
Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

If there is no malware found, please let me know as well.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 Rieuna

Rieuna
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 AM

Posted 27 July 2013 - 05:19 AM

Helllo! Sorry for taking so long to reply! I was backing up my data and it took over twelve hours to complete.

 

I scanned with MBAR and it didn't pick up any malware. Though the first time it was scanning, Windows crashed and blue screened. The second time the scan was completed and no malware was found.



#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:04 AM

Posted 27 July 2013 - 08:25 AM

TDSK.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 Rieuna

Rieuna
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 AM

Posted 27 July 2013 - 04:40 PM

Here is the log for the TDSS Killer scan:

 

14:37:10.0240 6740  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:37:11.0011 6740  ============================================================
14:37:11.0011 6740  Current date / time: 2013/07/27 14:37:11.0011
14:37:11.0011 6740  SystemInfo:
14:37:11.0011 6740  
14:37:11.0011 6740  OS Version: 6.1.7601 ServicePack: 1.0
14:37:11.0011 6740  Product type: Workstation
14:37:11.0011 6740  ComputerName: VBAO
14:37:11.0011 6740  UserName: Rieuna
14:37:11.0011 6740  Windows directory: C:\Windows
14:37:11.0011 6740  System windows directory: C:\Windows
14:37:11.0011 6740  Running under WOW64
14:37:11.0012 6740  Processor architecture: Intel x64
14:37:11.0012 6740  Number of processors: 4
14:37:11.0012 6740  Page size: 0x1000
14:37:11.0012 6740  Boot type: Normal boot
14:37:11.0012 6740  ============================================================
14:37:12.0125 6740  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:37:12.0134 6740  ============================================================
14:37:12.0134 6740  \Device\Harddisk0\DR0:
14:37:12.0134 6740  MBR partitions:
14:37:12.0135 6740  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
14:37:12.0135 6740  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x378EA000
14:37:12.0135 6740  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3794E000, BlocksNum 0x2A04000
14:37:12.0135 6740  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
14:37:12.0135 6740  ============================================================
14:37:12.0172 6740  C: <-> \Device\Harddisk0\DR0\Partition2
14:37:12.0207 6740  D: <-> \Device\Harddisk0\DR0\Partition3
14:37:12.0219 6740  E: <-> \Device\Harddisk0\DR0\Partition4
14:37:12.0219 6740  ============================================================
14:37:12.0219 6740  Initialize success
14:37:12.0219 6740  ============================================================
14:37:14.0405 6260  ============================================================
14:37:14.0405 6260  Scan started
14:37:14.0405 6260  Mode: Manual; 
14:37:14.0405 6260  ============================================================
14:37:15.0789 6260  ================ Scan system memory ========================
14:37:15.0790 6260  System memory - ok
14:37:15.0790 6260  ================ Scan services =============================
14:37:15.0990 6260  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:37:15.0996 6260  1394ohci - ok
14:37:16.0066 6260  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
14:37:16.0068 6260  Accelerometer - ok
14:37:16.0131 6260  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:37:16.0136 6260  ACPI - ok
14:37:16.0201 6260  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:37:16.0202 6260  AcpiPmi - ok
14:37:16.0342 6260  [ 5DDC0A8D2CD60BDA593DDAF45821CE08 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
14:37:16.0345 6260  Adobe LM Service - ok
14:37:16.0454 6260  [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:37:16.0456 6260  AdobeARMservice - ok
14:37:16.0648 6260  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:37:16.0654 6260  AdobeFlashPlayerUpdateSvc - ok
14:37:16.0733 6260  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:37:16.0741 6260  adp94xx - ok
14:37:16.0804 6260  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:37:16.0811 6260  adpahci - ok
14:37:16.0832 6260  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:37:16.0836 6260  adpu320 - ok
14:37:16.0868 6260  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:37:16.0870 6260  AeLookupSvc - ok
14:37:16.0995 6260  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe
14:37:16.0998 6260  AESTFilters - ok
14:37:17.0077 6260  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:37:17.0084 6260  AFD - ok
14:37:17.0151 6260  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:37:17.0153 6260  agp440 - ok
14:37:17.0188 6260  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:37:17.0191 6260  ALG - ok
14:37:17.0266 6260  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:37:17.0268 6260  aliide - ok
14:37:17.0334 6260  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:37:17.0336 6260  amdide - ok
14:37:17.0392 6260  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:37:17.0395 6260  AmdK8 - ok
14:37:17.0401 6260  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:37:17.0403 6260  AmdPPM - ok
14:37:17.0493 6260  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:37:17.0496 6260  amdsata - ok
14:37:17.0543 6260  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:37:17.0547 6260  amdsbs - ok
14:37:17.0604 6260  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:37:17.0605 6260  amdxata - ok
14:37:17.0645 6260  Appddb - ok
14:37:17.0688 6260  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:37:17.0690 6260  AppID - ok
14:37:17.0717 6260  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:37:17.0718 6260  AppIDSvc - ok
14:37:17.0791 6260  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
14:37:17.0793 6260  Appinfo - ok
14:37:17.0879 6260  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:37:17.0882 6260  Apple Mobile Device - ok
14:37:17.0960 6260  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:37:17.0963 6260  arc - ok
14:37:18.0036 6260  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:37:18.0039 6260  arcsas - ok
14:37:18.0268 6260  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:37:18.0289 6260  aspnet_state - ok
14:37:18.0348 6260  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:37:18.0349 6260  AsyncMac - ok
14:37:18.0429 6260  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:37:18.0438 6260  atapi - ok
14:37:18.0509 6260  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:37:18.0516 6260  AudioEndpointBuilder - ok
14:37:18.0527 6260  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:37:18.0531 6260  AudioSrv - ok
14:37:18.0810 6260  [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
14:37:18.0858 6260  AVGIDSAgent - ok
14:37:18.0937 6260  [ 139BD30C32BEE830D0CF39C5324D79DE ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
14:37:18.0941 6260  AVGIDSDriver - ok
14:37:18.0963 6260  [ 2940FACB6EF92BD1936E4A1E2502468E ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
14:37:18.0966 6260  AVGIDSHA - ok
14:37:19.0038 6260  [ 54B66C4AEEC6C4F742F3569EBA03EBB8 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
14:37:19.0042 6260  Avgldx64 - ok
14:37:19.0134 6260  [ 13667B5D6310228A9FEF2BA5FCD9081F ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
14:37:19.0140 6260  Avgloga - ok
14:37:19.0210 6260  [ BE82F9A1F2CCF4CE746D0C645D94079E ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
14:37:19.0213 6260  Avgmfx64 - ok
14:37:19.0271 6260  [ 5D11620DEF66F9DC9468FEE385A8429B ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
14:37:19.0273 6260  Avgrkx64 - ok
14:37:19.0324 6260  [ 69BD90E337625F96C718CACE7A9C9E29 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
14:37:19.0329 6260  Avgtdia - ok
14:37:19.0388 6260  [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
14:37:19.0393 6260  avgwd - ok
14:37:19.0464 6260  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:37:19.0467 6260  AxInstSV - ok
14:37:19.0527 6260  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
14:37:19.0533 6260  b06bdrv - ok
14:37:19.0617 6260  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:37:19.0622 6260  b57nd60a - ok
14:37:19.0647 6260  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:37:19.0650 6260  BDESVC - ok
14:37:19.0704 6260  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:37:19.0705 6260  Beep - ok
14:37:19.0786 6260  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:37:19.0796 6260  BFE - ok
14:37:19.0875 6260  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
14:37:19.0911 6260  BITS - ok
14:37:19.0961 6260  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:37:19.0963 6260  blbdrive - ok
14:37:20.0061 6260  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:37:20.0068 6260  Bonjour Service - ok
14:37:20.0123 6260  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:37:20.0125 6260  bowser - ok
14:37:20.0190 6260  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:37:20.0192 6260  BrFiltLo - ok
14:37:20.0205 6260  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:37:20.0207 6260  BrFiltUp - ok
14:37:20.0288 6260  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:37:20.0291 6260  BridgeMP - ok
14:37:20.0311 6260  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:37:20.0315 6260  Browser - ok
14:37:20.0337 6260  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:37:20.0342 6260  Brserid - ok
14:37:20.0352 6260  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:37:20.0355 6260  BrSerWdm - ok
14:37:20.0370 6260  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:37:20.0372 6260  BrUsbMdm - ok
14:37:20.0382 6260  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:37:20.0384 6260  BrUsbSer - ok
14:37:20.0398 6260  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:37:20.0400 6260  BTHMODEM - ok
14:37:20.0471 6260  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:37:20.0474 6260  bthserv - ok
14:37:20.0499 6260  catchme - ok
14:37:20.0533 6260  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:37:20.0536 6260  cdfs - ok
14:37:20.0633 6260  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:37:20.0636 6260  cdrom - ok
14:37:20.0702 6260  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:37:20.0704 6260  CertPropSvc - ok
14:37:20.0780 6260  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:37:20.0783 6260  circlass - ok
14:37:20.0842 6260  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:37:20.0848 6260  CLFS - ok
14:37:20.0895 6260  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:37:20.0898 6260  clr_optimization_v2.0.50727_32 - ok
14:37:20.0932 6260  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:37:20.0936 6260  clr_optimization_v2.0.50727_64 - ok
14:37:21.0028 6260  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:37:21.0142 6260  clr_optimization_v4.0.30319_32 - ok
14:37:21.0200 6260  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:37:21.0226 6260  clr_optimization_v4.0.30319_64 - ok
14:37:21.0291 6260  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:37:21.0293 6260  CmBatt - ok
14:37:21.0308 6260  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:37:21.0310 6260  cmdide - ok
14:37:21.0381 6260  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
14:37:21.0389 6260  CNG - ok
14:37:21.0414 6260  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:37:21.0415 6260  Compbatt - ok
14:37:21.0454 6260  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:37:21.0456 6260  CompositeBus - ok
14:37:21.0484 6260  COMSysApp - ok
14:37:21.0516 6260  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:37:21.0518 6260  crcdisk - ok
14:37:21.0584 6260  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:37:21.0588 6260  CryptSvc - ok
14:37:21.0684 6260  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:37:21.0692 6260  cvhsvc - ok
14:37:21.0719 6260  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:37:21.0725 6260  DcomLaunch - ok
14:37:21.0745 6260  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:37:21.0749 6260  defragsvc - ok
14:37:21.0761 6260  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:37:21.0764 6260  DfsC - ok
14:37:21.0781 6260  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:37:21.0785 6260  Dhcp - ok
14:37:21.0802 6260  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:37:21.0803 6260  discache - ok
14:37:21.0877 6260  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:37:21.0879 6260  Disk - ok
14:37:21.0944 6260  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:37:21.0947 6260  Dnscache - ok
14:37:21.0973 6260  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:37:21.0978 6260  dot3svc - ok
14:37:22.0047 6260  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
14:37:22.0050 6260  Dot4 - ok
14:37:22.0103 6260  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:37:22.0104 6260  Dot4Print - ok
14:37:22.0122 6260  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
14:37:22.0124 6260  dot4usb - ok
14:37:22.0153 6260  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:37:22.0157 6260  DPS - ok
14:37:22.0204 6260  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:37:22.0206 6260  drmkaud - ok
14:37:22.0235 6260  [ A298AEA9FCA253E7EFF040A08C7C6376 ] DVMIO           C:\Windows\system32\DRIVERS\dvmio.sys
14:37:22.0260 6260  DVMIO - ok
14:37:22.0308 6260  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:37:22.0323 6260  DXGKrnl - ok
14:37:22.0363 6260  EagleX64 - ok
14:37:22.0425 6260  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:37:22.0428 6260  EapHost - ok
14:37:22.0511 6260  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
14:37:22.0554 6260  ebdrv - ok
14:37:22.0615 6260  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:37:22.0617 6260  EFS - ok
14:37:22.0707 6260  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:37:22.0717 6260  ehRecvr - ok
14:37:22.0751 6260  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:37:22.0755 6260  ehSched - ok
14:37:22.0810 6260  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:37:22.0819 6260  elxstor - ok
14:37:22.0848 6260  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:37:22.0849 6260  ErrDev - ok
14:37:22.0921 6260  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:37:22.0927 6260  EventSystem - ok
14:37:22.0985 6260  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:37:22.0989 6260  exfat - ok
14:37:23.0015 6260  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:37:23.0019 6260  fastfat - ok
14:37:23.0097 6260  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:37:23.0106 6260  Fax - ok
14:37:23.0161 6260  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:37:23.0163 6260  fdc - ok
14:37:23.0181 6260  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:37:23.0183 6260  fdPHost - ok
14:37:23.0196 6260  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:37:23.0198 6260  FDResPub - ok
14:37:23.0207 6260  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:37:23.0209 6260  FileInfo - ok
14:37:23.0224 6260  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:37:23.0226 6260  Filetrace - ok
14:37:23.0302 6260  [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:37:23.0311 6260  FLEXnet Licensing Service - ok
14:37:23.0329 6260  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:37:23.0331 6260  flpydisk - ok
14:37:23.0349 6260  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:37:23.0353 6260  FltMgr - ok
14:37:23.0431 6260  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
14:37:23.0449 6260  FontCache - ok
14:37:23.0492 6260  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:37:23.0494 6260  FontCache3.0.0.0 - ok
14:37:23.0513 6260  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:37:23.0515 6260  FsDepends - ok
14:37:23.0542 6260  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:37:23.0544 6260  Fs_Rec - ok
14:37:23.0607 6260  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:37:23.0611 6260  fvevol - ok
14:37:23.0669 6260  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:37:23.0672 6260  gagp30kx - ok
14:37:23.0765 6260  [ E53EE18A21C025DEABCFE0F72FC481BB ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
14:37:23.0771 6260  GameConsoleService - ok
14:37:23.0825 6260  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:37:23.0827 6260  GEARAspiWDM - ok
14:37:23.0863 6260  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:37:23.0873 6260  gpsvc - ok
14:37:23.0952 6260  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:37:23.0955 6260  gupdate - ok
14:37:23.0987 6260  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:37:23.0989 6260  gupdatem - ok
14:37:24.0026 6260  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:37:24.0028 6260  hcw85cir - ok
14:37:24.0094 6260  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:37:24.0101 6260  HdAudAddService - ok
14:37:24.0152 6260  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:37:24.0154 6260  HDAudBus - ok
14:37:24.0221 6260  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
14:37:24.0223 6260  HECIx64 - ok
14:37:24.0240 6260  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:37:24.0242 6260  HidBatt - ok
14:37:24.0262 6260  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:37:24.0265 6260  HidBth - ok
14:37:24.0317 6260  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:37:24.0319 6260  HidIr - ok
14:37:24.0343 6260  [ 3CC53BC405F609F61D4A879F3E7EBC4A ] hidkmdf         C:\Windows\system32\DRIVERS\hidkmdf.sys
14:37:24.0345 6260  hidkmdf - ok
14:37:24.0366 6260  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
14:37:24.0368 6260  hidserv - ok
14:37:24.0433 6260  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:37:24.0434 6260  HidUsb - ok
14:37:24.0453 6260  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:37:24.0457 6260  hkmsvc - ok
14:37:24.0522 6260  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:37:24.0526 6260  HomeGroupListener - ok
14:37:24.0552 6260  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:37:24.0560 6260  HomeGroupProvider - ok
14:37:24.0659 6260  [ BE78357FB49759B79CCC01894BCFDDDB ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
14:37:24.0661 6260  HP Health Check Service - ok
14:37:24.0737 6260  [ A2DE0A67C77EBC6DFAD3D55232790ADD ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
14:37:24.0740 6260  HP Wireless Assistant Service - ok
14:37:24.0838 6260  [ CECF7CB10E778F921CF41858C653EA15 ] hpdoccardsvc    C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe
14:37:24.0841 6260  hpdoccardsvc - ok
14:37:24.0873 6260  [ 2DFB151FD34DF104DAC0ADF070EDA83C ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:37:24.0875 6260  HPDrvMntSvc.exe - ok
14:37:24.0902 6260  [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
14:37:24.0903 6260  hpdskflt - ok
14:37:24.0956 6260  [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:37:24.0961 6260  hpqcxs08 - ok
14:37:24.0971 6260  [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:37:24.0974 6260  hpqddsvc - ok
14:37:24.0999 6260  [ 184C500CB9F69585F3FE85E1D2667CD8 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
14:37:25.0006 6260  hpqwmiex - ok
14:37:25.0070 6260  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:37:25.0073 6260  HpSAMD - ok
14:37:25.0215 6260  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:37:25.0231 6260  HPSLPSVC - ok
14:37:25.0254 6260  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv           C:\Windows\system32\Hpservice.exe
14:37:25.0256 6260  hpsrv - ok
14:37:25.0323 6260  [ B6492D01712A22FF3FEA25A999DBD321 ] HPWMISVC        C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
14:37:25.0324 6260  HPWMISVC - ok
14:37:25.0395 6260  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:37:25.0405 6260  HTTP - ok
14:37:25.0428 6260  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:37:25.0429 6260  hwpolicy - ok
14:37:25.0495 6260  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:37:25.0498 6260  i8042prt - ok
14:37:25.0611 6260  [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
14:37:25.0617 6260  iaStor - ok
14:37:25.0683 6260  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:37:25.0690 6260  iaStorV - ok
14:37:25.0780 6260  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:37:25.0798 6260  IDriverT - ok
14:37:25.0855 6260  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:37:25.0868 6260  idsvc - ok
14:37:26.0118 6260  [ 1BE8D9CA4F2363B8E8015621878E0043 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
14:37:26.0295 6260  igfx - ok
14:37:26.0358 6260  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:37:26.0360 6260  iirsp - ok
14:37:26.0394 6260  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:37:26.0406 6260  IKEEXT - ok
14:37:26.0468 6260  [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
14:37:26.0471 6260  Impcd - ok
14:37:26.0537 6260  [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
14:37:26.0542 6260  IntcDAud - ok
14:37:26.0562 6260  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:37:26.0565 6260  intelide - ok
14:37:26.0603 6260  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:37:26.0604 6260  intelppm - ok
14:37:26.0663 6260  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:37:26.0666 6260  IPBusEnum - ok
14:37:26.0694 6260  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:37:26.0696 6260  IpFilterDriver - ok
14:37:26.0777 6260  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:37:26.0788 6260  iphlpsvc - ok
14:37:26.0807 6260  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:37:26.0810 6260  IPMIDRV - ok
14:37:26.0871 6260  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:37:26.0874 6260  IPNAT - ok
14:37:26.0964 6260  [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:37:26.0976 6260  iPod Service - ok
14:37:27.0029 6260  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:37:27.0031 6260  IRENUM - ok
14:37:27.0054 6260  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:37:27.0056 6260  isapnp - ok
14:37:27.0073 6260  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:37:27.0078 6260  iScsiPrt - ok
14:37:27.0104 6260  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
14:37:27.0106 6260  kbdclass - ok
14:37:27.0157 6260  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
14:37:27.0159 6260  kbdhid - ok
14:37:27.0175 6260  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:37:27.0177 6260  KeyIso - ok
14:37:27.0198 6260  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:37:27.0201 6260  KSecDD - ok
14:37:27.0226 6260  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:37:27.0230 6260  KSecPkg - ok
14:37:27.0257 6260  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:37:27.0258 6260  ksthunk - ok
14:37:27.0283 6260  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:37:27.0290 6260  KtmRm - ok
14:37:27.0323 6260  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:37:27.0329 6260  LanmanServer - ok
14:37:27.0352 6260  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:37:27.0356 6260  LanmanWorkstation - ok
14:37:27.0428 6260  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:37:27.0432 6260  lltdio - ok
14:37:27.0548 6260  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:37:27.0563 6260  lltdsvc - ok
14:37:27.0610 6260  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:37:27.0612 6260  lmhosts - ok
14:37:27.0769 6260  [ 6D515466AB8BFE61184092B635AE6EB4 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:37:27.0773 6260  LMS - ok
14:37:27.0867 6260  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:37:27.0870 6260  LSI_FC - ok
14:37:27.0902 6260  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:37:27.0906 6260  LSI_SAS - ok
14:37:27.0918 6260  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:37:27.0921 6260  LSI_SAS2 - ok
14:37:27.0934 6260  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:37:27.0936 6260  LSI_SCSI - ok
14:37:27.0951 6260  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:37:27.0953 6260  luafv - ok
14:37:28.0304 6260  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
14:37:28.0310 6260  MBAMProtector - ok
14:37:28.0403 6260  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:37:28.0408 6260  MBAMScheduler - ok
14:37:28.0487 6260  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:37:28.0494 6260  MBAMService - ok
14:37:28.0531 6260  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:37:28.0533 6260  Mcx2Svc - ok
14:37:28.0683 6260  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:37:28.0685 6260  megasas - ok
14:37:28.0738 6260  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:37:28.0744 6260  MegaSR - ok
14:37:28.0788 6260  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:37:28.0792 6260  MMCSS - ok
14:37:28.0845 6260  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:37:28.0846 6260  Modem - ok
14:37:28.0918 6260  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:37:28.0919 6260  monitor - ok
14:37:28.0974 6260  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:37:28.0975 6260  mouclass - ok
14:37:29.0062 6260  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:37:29.0064 6260  mouhid - ok
14:37:29.0086 6260  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:37:29.0088 6260  mountmgr - ok
14:37:29.0245 6260  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:37:29.0248 6260  MozillaMaintenance - ok
14:37:29.0283 6260  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:37:29.0286 6260  mpio - ok
14:37:29.0308 6260  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:37:29.0310 6260  mpsdrv - ok
14:37:29.0345 6260  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:37:29.0359 6260  MpsSvc - ok
14:37:29.0442 6260  [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50         C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
14:37:29.0445 6260  MREMP50 - ok
14:37:29.0472 6260  [ C2758DF79C83A0D12A5599A040CA1818 ] MREMP50a64      C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
14:37:29.0474 6260  MREMP50a64 - ok
14:37:29.0478 6260  MREMPR5 - ok
14:37:29.0484 6260  MRENDIS5 - ok
14:37:29.0553 6260  [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50         C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
14:37:29.0558 6260  MRESP50 - ok
14:37:29.0608 6260  [ 38BD5B32E0722752BE8465D2A6DA43D9 ] MRESP50a64      C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
14:37:29.0610 6260  MRESP50a64 - ok
14:37:29.0638 6260  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:37:29.0641 6260  MRxDAV - ok
14:37:29.0664 6260  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:37:29.0668 6260  mrxsmb - ok
14:37:29.0698 6260  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:37:29.0703 6260  mrxsmb10 - ok
14:37:29.0712 6260  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:37:29.0715 6260  mrxsmb20 - ok
14:37:29.0732 6260  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:37:29.0733 6260  msahci - ok
14:37:29.0828 6260  [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV      C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
14:37:29.0831 6260  MSCSPTISRV - ok
14:37:29.0849 6260  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:37:29.0852 6260  msdsm - ok
14:37:29.0883 6260  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:37:29.0887 6260  MSDTC - ok
14:37:29.0905 6260  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:37:29.0907 6260  Msfs - ok
14:37:29.0921 6260  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:37:29.0922 6260  mshidkmdf - ok
14:37:29.0926 6260  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:37:29.0928 6260  msisadrv - ok
14:37:29.0990 6260  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:37:29.0994 6260  MSiSCSI - ok
14:37:29.0999 6260  msiserver - ok
14:37:30.0051 6260  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:37:30.0053 6260  MSKSSRV - ok
14:37:30.0105 6260  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:37:30.0106 6260  MSPCLOCK - ok
14:37:30.0121 6260  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:37:30.0123 6260  MSPQM - ok
14:37:30.0155 6260  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:37:30.0161 6260  MsRPC - ok
14:37:30.0186 6260  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:37:30.0188 6260  mssmbios - ok
14:37:30.0206 6260  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:37:30.0208 6260  MSTEE - ok
14:37:30.0223 6260  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:37:30.0225 6260  MTConfig - ok
14:37:30.0239 6260  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:37:30.0241 6260  Mup - ok
14:37:30.0263 6260  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:37:30.0270 6260  napagent - ok
14:37:30.0330 6260  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:37:30.0334 6260  NativeWifiP - ok
14:37:30.0409 6260  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:37:30.0423 6260  NDIS - ok
14:37:30.0451 6260  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:37:30.0453 6260  NdisCap - ok
14:37:30.0505 6260  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:37:30.0507 6260  NdisTapi - ok
14:37:30.0531 6260  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:37:30.0534 6260  Ndisuio - ok
14:37:30.0559 6260  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:37:30.0563 6260  NdisWan - ok
14:37:30.0616 6260  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:37:30.0618 6260  NDProxy - ok
14:37:30.0737 6260  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:37:30.0740 6260  Net Driver HPZ12 - ok
14:37:30.0800 6260  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:37:30.0802 6260  NetBIOS - ok
14:37:30.0837 6260  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:37:30.0841 6260  NetBT - ok
14:37:30.0867 6260  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:37:30.0868 6260  Netlogon - ok
14:37:30.0896 6260  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:37:30.0902 6260  Netman - ok
14:37:30.0970 6260  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:37:31.0012 6260  NetMsmqActivator - ok
14:37:31.0018 6260  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:37:31.0020 6260  NetPipeActivator - ok
14:37:31.0039 6260  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:37:31.0047 6260  netprofm - ok
14:37:31.0054 6260  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:37:31.0056 6260  NetTcpActivator - ok
14:37:31.0062 6260  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:37:31.0064 6260  NetTcpPortSharing - ok
14:37:31.0260 6260  [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
14:37:31.0334 6260  NETw5s64 - ok
14:37:31.0501 6260  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
14:37:31.0559 6260  netw5v64 - ok
14:37:31.0621 6260  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:37:31.0623 6260  nfrd960 - ok
14:37:31.0672 6260  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:37:31.0678 6260  NlaSvc - ok
14:37:31.0692 6260  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:37:31.0694 6260  Npfs - ok
14:37:31.0718 6260  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:37:31.0721 6260  nsi - ok
14:37:31.0736 6260  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:37:31.0737 6260  nsiproxy - ok
14:37:31.0806 6260  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:37:31.0829 6260  Ntfs - ok
14:37:31.0847 6260  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:37:31.0849 6260  Null - ok
14:37:31.0908 6260  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:37:31.0912 6260  nvraid - ok
14:37:31.0929 6260  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:37:31.0933 6260  nvstor - ok
14:37:32.0003 6260  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:37:32.0006 6260  nv_agp - ok
14:37:32.0034 6260  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:37:32.0037 6260  ohci1394 - ok
14:37:32.0103 6260  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:37:32.0107 6260  ose - ok
14:37:32.0254 6260  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:37:32.0300 6260  osppsvc - ok
14:37:32.0334 6260  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:37:32.0340 6260  p2pimsvc - ok
14:37:32.0362 6260  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:37:32.0369 6260  p2psvc - ok
14:37:32.0441 6260  [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR      C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
14:37:32.0455 6260  PACSPTISVR - ok
14:37:32.0487 6260  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:37:32.0490 6260  Parport - ok
14:37:32.0515 6260  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:37:32.0518 6260  partmgr - ok
14:37:32.0535 6260  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:37:32.0539 6260  PcaSvc - ok
14:37:32.0577 6260  [ 77AD75784AF474528D99495BCA306135 ] pcCMService64   C:\Program Files\Common Files\Motive\pcCMService.exe
14:37:32.0584 6260  pcCMService64 - ok
14:37:32.0642 6260  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:37:32.0646 6260  pci - ok
14:37:32.0667 6260  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:37:32.0669 6260  pciide - ok
14:37:32.0690 6260  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:37:32.0695 6260  pcmcia - ok
14:37:32.0701 6260  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:37:32.0704 6260  pcw - ok
14:37:32.0729 6260  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:37:32.0740 6260  PEAUTH - ok
14:37:32.0805 6260  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:37:32.0808 6260  PerfHost - ok
14:37:32.0863 6260  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:37:32.0883 6260  pla - ok
14:37:32.0956 6260  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:37:32.0963 6260  PlugPlay - ok
14:37:33.0039 6260  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:37:33.0042 6260  Pml Driver HPZ12 - ok
14:37:33.0069 6260  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:37:33.0072 6260  PNRPAutoReg - ok
14:37:33.0093 6260  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:37:33.0097 6260  PNRPsvc - ok
14:37:33.0125 6260  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:37:33.0133 6260  PolicyAgent - ok
14:37:33.0161 6260  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:37:33.0165 6260  Power - ok
14:37:33.0225 6260  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:37:33.0228 6260  PptpMiniport - ok
14:37:33.0250 6260  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:37:33.0252 6260  Processor - ok
14:37:33.0277 6260  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:37:33.0281 6260  ProfSvc - ok
14:37:33.0292 6260  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:37:33.0293 6260  ProtectedStorage - ok
14:37:33.0345 6260  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:37:33.0348 6260  Psched - ok
14:37:33.0391 6260  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:37:33.0412 6260  ql2300 - ok
14:37:33.0428 6260  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:37:33.0431 6260  ql40xx - ok
14:37:33.0453 6260  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:37:33.0459 6260  QWAVE - ok
14:37:33.0473 6260  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:37:33.0475 6260  QWAVEdrv - ok
14:37:33.0490 6260  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:37:33.0491 6260  RasAcd - ok
14:37:33.0544 6260  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:37:33.0546 6260  RasAgileVpn - ok
14:37:33.0601 6260  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:37:33.0606 6260  RasAuto - ok
14:37:33.0618 6260  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:37:33.0622 6260  Rasl2tp - ok
14:37:33.0650 6260  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:37:33.0655 6260  RasMan - ok
14:37:33.0665 6260  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:37:33.0667 6260  RasPppoe - ok
14:37:33.0683 6260  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:37:33.0686 6260  RasSstp - ok
14:37:33.0700 6260  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:37:33.0704 6260  rdbss - ok
14:37:33.0716 6260  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:37:33.0718 6260  rdpbus - ok
14:37:33.0765 6260  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:37:33.0766 6260  RDPCDD - ok
14:37:33.0775 6260  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:37:33.0776 6260  RDPENCDD - ok
14:37:33.0802 6260  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:37:33.0803 6260  RDPREFMP - ok
14:37:33.0847 6260  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:37:33.0851 6260  RDPWD - ok
14:37:33.0879 6260  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:37:33.0883 6260  rdyboost - ok
14:37:33.0942 6260  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:37:33.0945 6260  RemoteAccess - ok
14:37:33.0961 6260  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:37:33.0966 6260  RemoteRegistry - ok
14:37:33.0986 6260  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:37:33.0989 6260  RpcEptMapper - ok
14:37:34.0007 6260  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:37:34.0009 6260  RpcLocator - ok
14:37:34.0038 6260  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:37:34.0044 6260  RpcSs - ok
14:37:34.0111 6260  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:37:34.0114 6260  rspndr - ok
14:37:34.0194 6260  [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
14:37:34.0198 6260  RSUSBSTOR - ok
14:37:34.0280 6260  [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
14:37:34.0285 6260  RTL8167 - ok
14:37:34.0300 6260  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:37:34.0302 6260  SamSs - ok
14:37:34.0343 6260  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:37:34.0346 6260  sbp2port - ok
14:37:34.0383 6260  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:37:34.0388 6260  SCardSvr - ok
14:37:34.0406 6260  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:37:34.0408 6260  scfilter - ok
14:37:34.0443 6260  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:37:34.0460 6260  Schedule - ok
14:37:34.0478 6260  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:37:34.0479 6260  SCPolicySvc - ok
14:37:34.0540 6260  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
14:37:34.0544 6260  sdbus - ok
14:37:34.0571 6260  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:37:34.0576 6260  SDRSVC - ok
14:37:34.0648 6260  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:37:34.0650 6260  secdrv - ok
14:37:34.0709 6260  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:37:34.0712 6260  seclogon - ok
14:37:34.0735 6260  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
14:37:34.0738 6260  SENS - ok
14:37:34.0786 6260  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:37:34.0789 6260  SensrSvc - ok
14:37:34.0841 6260  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:37:34.0843 6260  Serenum - ok
14:37:34.0858 6260  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:37:34.0861 6260  Serial - ok
14:37:34.0923 6260  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:37:34.0925 6260  sermouse - ok
14:37:34.0958 6260  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:37:34.0961 6260  SessionEnv - ok
14:37:34.0974 6260  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:37:34.0976 6260  sffdisk - ok
14:37:34.0989 6260  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:37:34.0998 6260  sffp_mmc - ok
14:37:35.0011 6260  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:37:35.0012 6260  sffp_sd - ok
14:37:35.0021 6260  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:37:35.0023 6260  sfloppy - ok
14:37:35.0098 6260  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
14:37:35.0110 6260  Sftfs - ok
14:37:35.0154 6260  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:37:35.0161 6260  sftlist - ok
14:37:35.0182 6260  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:37:35.0188 6260  Sftplay - ok
14:37:35.0203 6260  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:37:35.0205 6260  Sftredir - ok
14:37:35.0217 6260  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
14:37:35.0219 6260  Sftvol - ok
14:37:35.0232 6260  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:37:35.0236 6260  sftvsa - ok
14:37:35.0295 6260  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:37:35.0302 6260  SharedAccess - ok
14:37:35.0340 6260  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:37:35.0348 6260  ShellHWDetection - ok
14:37:35.0406 6260  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:37:35.0408 6260  SiSRaid2 - ok
14:37:35.0421 6260  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:37:35.0424 6260  SiSRaid4 - ok
14:37:35.0529 6260  [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:37:35.0532 6260  SkypeUpdate - ok
14:37:35.0586 6260  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:37:35.0589 6260  Smb - ok
14:37:35.0675 6260  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:37:35.0678 6260  SNMPTRAP - ok
14:37:35.0746 6260  [ 977AAA4398D7D6FA65D973F5B3F54E40 ] SonicStage Back-End Service C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe
14:37:35.0749 6260  SonicStage Back-End Service - ok
14:37:35.0762 6260  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:37:35.0763 6260  spldr - ok
14:37:35.0799 6260  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
14:37:35.0808 6260  Spooler - ok
14:37:35.0886 6260  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:37:35.0923 6260  sppsvc - ok
14:37:35.0938 6260  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:37:35.0941 6260  sppuinotify - ok
14:37:36.0004 6260  [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV         C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
14:37:36.0006 6260  SPTISRV - ok
14:37:36.0043 6260  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:37:36.0051 6260  srv - ok
14:37:36.0065 6260  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:37:36.0072 6260  srv2 - ok
14:37:36.0136 6260  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:37:36.0142 6260  SrvHsfHDA - ok
14:37:36.0183 6260  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:37:36.0203 6260  SrvHsfV92 - ok
14:37:36.0225 6260  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:37:36.0233 6260  SrvHsfWinac - ok
14:37:36.0238 6260  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:37:36.0241 6260  srvnet - ok
14:37:36.0260 6260  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:37:36.0264 6260  SSDPSRV - ok
14:37:36.0324 6260  [ 756E371B3B86A3D3039926D32EAC0E8D ] SSScsiSV        C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe
14:37:36.0327 6260  SSScsiSV - ok
14:37:36.0343 6260  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:37:36.0346 6260  SstpSvc - ok
14:37:36.0430 6260  [ 5752BACEF32A6803528D05A6FB266758 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe
14:37:36.0434 6260  STacSV - ok
14:37:36.0494 6260  Steam Client Service - ok
14:37:36.0507 6260  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:37:36.0516 6260  stexstor - ok
14:37:36.0591 6260  [ 936A4D05F7A790B8AAB3B6BE61651E0E ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
14:37:36.0599 6260  STHDA - ok
14:37:36.0679 6260  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:37:36.0688 6260  stisvc - ok
14:37:36.0708 6260  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:37:36.0711 6260  swenum - ok
14:37:36.0817 6260  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:37:36.0826 6260  SwitchBoard - ok
14:37:36.0856 6260  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:37:36.0866 6260  swprv - ok
14:37:37.0021 6260  [ 33E6A285DAA5134D8EA2247914C86C09 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
14:37:37.0042 6260  SynTP - ok
14:37:37.0093 6260  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:37:37.0111 6260  SysMain - ok
14:37:37.0131 6260  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:37:37.0134 6260  TabletInputService - ok
14:37:37.0417 6260  [ 17A341D41F30FEA2EFF7223148899FEC ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
14:37:37.0498 6260  TabletServiceWacom - ok
14:37:37.0531 6260  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:37:37.0536 6260  TapiSrv - ok
14:37:37.0556 6260  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:37:37.0558 6260  TBS - ok
14:37:37.0688 6260  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:37:37.0712 6260  Tcpip - ok
14:37:37.0762 6260  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:37:37.0773 6260  TCPIP6 - ok
14:37:37.0810 6260  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:37:37.0812 6260  tcpipreg - ok
14:37:37.0834 6260  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:37:37.0835 6260  TDPIPE - ok
14:37:37.0857 6260  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:37:37.0858 6260  TDTCP - ok
14:37:37.0888 6260  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:37:37.0891 6260  tdx - ok
14:37:37.0948 6260  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:37:37.0950 6260  TermDD - ok
14:37:37.0975 6260  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:37:37.0984 6260  TermService - ok
14:37:38.0006 6260  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:37:38.0008 6260  Themes - ok
14:37:38.0030 6260  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:37:38.0032 6260  THREADORDER - ok
14:37:38.0099 6260  [ A15A789141C74AAD7971FBCB4847A593 ] TouchServiceWacom C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
14:37:38.0106 6260  TouchServiceWacom - ok
14:37:38.0116 6260  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:37:38.0120 6260  TrkWks - ok
14:37:38.0166 6260  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:37:38.0168 6260  TrustedInstaller - ok
14:37:38.0189 6260  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:37:38.0191 6260  tssecsrv - ok
14:37:38.0218 6260  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:37:38.0221 6260  TsUsbFlt - ok
14:37:38.0283 6260  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:37:38.0286 6260  tunnel - ok
14:37:38.0309 6260  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:37:38.0312 6260  uagp35 - ok
14:37:38.0345 6260  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:37:38.0350 6260  udfs - ok
14:37:38.0380 6260  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:37:38.0383 6260  UI0Detect - ok
14:37:38.0452 6260  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:37:38.0454 6260  uliagpkx - ok
14:37:38.0507 6260  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
14:37:38.0509 6260  umbus - ok
14:37:38.0525 6260  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:37:38.0527 6260  UmPass - ok
14:37:38.0673 6260  [ 0FADD949576A164B4E51E716F46B6C33 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:37:38.0695 6260  UNS - ok
14:37:38.0748 6260  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:37:38.0752 6260  upnphost - ok
14:37:38.0817 6260  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
14:37:38.0819 6260  USBAAPL64 - ok
14:37:38.0847 6260  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:37:38.0850 6260  usbccgp - ok
14:37:38.0921 6260  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:37:38.0924 6260  usbcir - ok
14:37:38.0947 6260  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:37:38.0950 6260  usbehci - ok
14:37:38.0965 6260  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:37:38.0971 6260  usbhub - ok
14:37:38.0988 6260  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:37:38.0990 6260  usbohci - ok
14:37:39.0074 6260  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:37:39.0076 6260  usbprint - ok
14:37:39.0094 6260  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:37:39.0096 6260  usbscan - ok
14:37:39.0118 6260  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:37:39.0121 6260  USBSTOR - ok
14:37:39.0137 6260  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:37:39.0139 6260  usbuhci - ok
14:37:39.0206 6260  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:37:39.0210 6260  usbvideo - ok
14:37:39.0236 6260  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:37:39.0239 6260  UxSms - ok
14:37:39.0259 6260  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:37:39.0260 6260  VaultSvc - ok
14:37:39.0274 6260  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:37:39.0276 6260  vdrvroot - ok
14:37:39.0310 6260  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:37:39.0320 6260  vds - ok
14:37:39.0335 6260  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:37:39.0337 6260  vga - ok
14:37:39.0356 6260  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:37:39.0358 6260  VgaSave - ok
14:37:39.0383 6260  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:37:39.0387 6260  vhdmp - ok
14:37:39.0443 6260  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:37:39.0445 6260  viaide - ok
14:37:39.0453 6260  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:37:39.0456 6260  volmgr - ok
14:37:39.0476 6260  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:37:39.0481 6260  volmgrx - ok
14:37:39.0498 6260  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:37:39.0503 6260  volsnap - ok
14:37:39.0563 6260  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:37:39.0566 6260  vsmraid - ok
14:37:39.0655 6260  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:37:39.0678 6260  VSS - ok
14:37:39.0698 6260  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:37:39.0700 6260  vwifibus - ok
14:37:39.0746 6260  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:37:39.0749 6260  vwififlt - ok
14:37:39.0817 6260  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:37:39.0825 6260  W32Time - ok
14:37:39.0895 6260  [ 7CB1898A29188FB8DB102406EF0D8D9E ] WacHidRouter    C:\Windows\system32\DRIVERS\wachidrouter.sys
14:37:39.0898 6260  WacHidRouter - ok
14:37:39.0955 6260  [ FE75777289278A4941FE6139E82B3BD9 ] wacmoumonitor   C:\Windows\system32\DRIVERS\wacmoumonitor.sys
14:37:39.0957 6260  wacmoumonitor - ok
14:37:39.0962 6260  wacommousefilter - ok
14:37:39.0980 6260  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:37:39.0983 6260  WacomPen - ok
14:37:40.0039 6260  [ B59EC4DD1026F059CD95C1627562F3F3 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
14:37:40.0041 6260  wacomrouterfilter - ok
14:37:40.0071 6260  wacomvhid - ok
14:37:40.0113 6260  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:37:40.0116 6260  WANARP - ok
14:37:40.0121 6260  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:37:40.0123 6260  Wanarpv6 - ok
14:37:40.0215 6260  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:37:40.0234 6260  WatAdminSvc - ok
14:37:40.0282 6260  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:37:40.0299 6260  wbengine - ok
14:37:40.0323 6260  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:37:40.0328 6260  WbioSrvc - ok
14:37:40.0359 6260  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:37:40.0365 6260  wcncsvc - ok
14:37:40.0384 6260  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:37:40.0387 6260  WcsPlugInService - ok
14:37:40.0406 6260  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:37:40.0408 6260  Wd - ok
14:37:40.0438 6260  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:37:40.0447 6260  Wdf01000 - ok
14:37:40.0460 6260  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:37:40.0463 6260  WdiServiceHost - ok
14:37:40.0469 6260  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:37:40.0471 6260  WdiSystemHost - ok
14:37:40.0497 6260  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:37:40.0501 6260  WebClient - ok
14:37:40.0513 6260  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:37:40.0517 6260  Wecsvc - ok
14:37:40.0529 6260  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:37:40.0532 6260  wercplsupport - ok
14:37:40.0610 6260  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:37:40.0614 6260  WerSvc - ok
14:37:40.0670 6260  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:37:40.0672 6260  WfpLwf - ok
14:37:40.0689 6260  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:37:40.0691 6260  WIMMount - ok
14:37:40.0715 6260  WinDefend - ok
14:37:40.0745 6260  WinHttpAutoProxySvc - ok
14:37:40.0823 6260  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:37:40.0826 6260  Winmgmt - ok
14:37:40.0901 6260  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:37:40.0930 6260  WinRM - ok
14:37:41.0011 6260  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:37:41.0013 6260  WinUsb - ok
14:37:41.0046 6260  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:37:41.0059 6260  Wlansvc - ok
14:37:41.0119 6260  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:37:41.0120 6260  WmiAcpi - ok
14:37:41.0140 6260  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:37:41.0145 6260  wmiApSrv - ok
14:37:41.0210 6260  WMPNetworkSvc - ok
14:37:41.0260 6260  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:37:41.0263 6260  WPCSvc - ok
14:37:41.0298 6260  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:37:41.0301 6260  WPDBusEnum - ok
14:37:41.0323 6260  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:37:41.0324 6260  ws2ifsl - ok
14:37:41.0345 6260  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
14:37:41.0348 6260  wscsvc - ok
14:37:41.0356 6260  WSearch - ok
14:37:41.0414 6260  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:37:41.0438 6260  wuauserv - ok
14:37:41.0458 6260  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:37:41.0461 6260  WudfPf - ok
14:37:41.0521 6260  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:37:41.0525 6260  WUDFRd - ok
14:37:41.0560 6260  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:37:41.0573 6260  wudfsvc - ok
14:37:41.0619 6260  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:37:41.0626 6260  WwanSvc - ok
14:37:41.0703 6260  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
14:37:41.0709 6260  yukonw7 - ok
14:37:41.0741 6260  ================ Scan global ===============================
14:37:41.0777 6260  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:37:41.0793 6260  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:37:41.0802 6260  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:37:41.0821 6260  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:37:41.0853 6260  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:37:41.0860 6260  [Global] - ok
14:37:41.0861 6260  ================ Scan MBR ==================================
14:37:41.0870 6260  [ 9818B3A1A5AC3CBDF707D51AF18309FD ] \Device\Harddisk0\DR0
14:37:42.0087 6260  \Device\Harddisk0\DR0 - ok
14:37:42.0087 6260  ================ Scan VBR ==================================
14:37:42.0091 6260  [ 57D9DE99C172C45E28D9AF8DEE84650A ] \Device\Harddisk0\DR0\Partition1
14:37:42.0093 6260  \Device\Harddisk0\DR0\Partition1 - ok
14:37:42.0106 6260  [ 46BD12EF75F7ED4F30023F51F464932A ] \Device\Harddisk0\DR0\Partition2
14:37:42.0107 6260  \Device\Harddisk0\DR0\Partition2 - ok
14:37:42.0132 6260  [ 51F3FD15C8AC5F4A7F3E80FA743B64F5 ] \Device\Harddisk0\DR0\Partition3
14:37:42.0134 6260  \Device\Harddisk0\DR0\Partition3 - ok
14:37:42.0147 6260  [ A4D1A07D03C67D4B1D67467EC6D17481 ] \Device\Harddisk0\DR0\Partition4
14:37:42.0148 6260  \Device\Harddisk0\DR0\Partition4 - ok
14:37:42.0149 6260  ============================================================
14:37:42.0149 6260  Scan finished
14:37:42.0149 6260  ============================================================
14:37:42.0162 7000  Detected object count: 0
14:37:42.0162 7000  Actual detected object count: 0
 
 
 
When I scanned with all the parameters checked these showed up (I couldn't post the whole log because it was too large):
12:44:49.0935 1464  Scan finished
12:44:49.0935 1464  ============================================================
12:44:49.0950 6404  Detected object count: 36
12:44:49.0950 6404  Actual detected object count: 36
12:51:11.0241 6404  1394ohci ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0241 6404  1394ohci ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0241 6404  AcpiPmi ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0241 6404  AcpiPmi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0241 6404  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0241 6404  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0241 6404  AeLookupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0241 6404  AeLookupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0256 6404  AESTFilters ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0256 6404  AESTFilters ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0256 6404  AFD ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0256 6404  AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0256 6404  ALG ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0256 6404  ALG ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0256 6404  AmdK8 ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0256 6404  AmdK8 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0256 6404  AmdPPM ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0256 6404  AmdPPM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0256 6404  AppID ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0256 6404  AppID ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0256 6404  AppIDSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0256 6404  AppIDSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0256 6404  Appinfo ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0256 6404  Appinfo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0272 6404  AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0272 6404  AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0272 6404  AudioEndpointBuilder ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0272 6404  AudioEndpointBuilder ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0272 6404  AudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0272 6404  AudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0272 6404  AxInstSV ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0272 6404  AxInstSV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0272 6404  b06bdrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0272 6404  b06bdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0272 6404  b57nd60a ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0272 6404  b57nd60a ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0272 6404  BDESVC ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0272 6404  BDESVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0272 6404  Beep ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0272 6404  Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0272 6404  BFE ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0272 6404  BFE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0272 6404  BITS ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0272 6404  BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0272 6404  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0272 6404  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0287 6404  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0287 6404  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0287 6404  HPWMISVC ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0287 6404  HPWMISVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0287 6404  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0287 6404  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0287 6404  MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0287 6404  MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0287 6404  MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0287 6404  MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0287 6404  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0287 6404  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0287 6404  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0287 6404  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0287 6404  PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0287 6404  PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0287 6404  pcCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0287 6404  pcCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0287 6404  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0287 6404  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0287 6404  SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0287 6404  SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0287 6404  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0287 6404  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:51:11.0287 6404  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:11.0287 6404  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:53:05.0616 2636  Deinitialize success
 

 

 



#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:04 AM

Posted 28 July 2013 - 08:16 AM

There are no rootkits being found by any of our tools so far...

Download RogueKiller to your Desktop.

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • There will be a pre-scan that will run automatically (this is normal)
  • Once the pre-scan has finished, press the Scan button.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
  • Once the Scan is complete, press the Report button to generate the results.

Please post the contents of the RKreport.txt in your next Reply.

----------------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 Rieuna

Rieuna
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 AM

Posted 28 July 2013 - 03:54 PM

Yeah, I really don't know what the problem is >__< I'm sorry this is such a hassle!

 

Here is the log:

 

RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Rieuna [Admin rights]
Mode : Scan -- Date : 07/28/2013 13:52:43
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\Rieuna\AppData\Local\Temp\IHU4D73.tmp.exe [x][x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: TOSHIBA MK5056GSY +++++
--- User ---
[MBR] 49d87554bb7ea0149925dcc56a537f5b
[BSP] 4e4761c3347a61f7146b5b7ccb125dbc : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 455124 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 932503552 | Size: 21512 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_07282013_135243.txt >>


#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:04 AM

Posted 28 July 2013 - 06:48 PM

Hi,
 
No problem at all.   :)  Let's do a more thorough rootkit check.  What I suspect is that AVG is detecting something that may not be a problem at all.
 
Download GMER Rootkit Scanner from here or here.

  • Extract the contents of the zipped file to desktop.
  • Right-click and Run as Administrator GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
     
    GMER_thumb.jpg
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 Rieuna

Rieuna
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 AM

Posted 28 July 2013 - 07:27 PM

Do I need to check the box that says "3rd Party" (it's located below the "Show All" box)?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users