[I think I have spyware somewhere ?]

Will do.  Thank you again for your assistance !

[I think I have spyware somewhere ?]

Results of screen317's Security Check version 0.99.81

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 10 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Windows Firewall Disabled!

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Java 7 Update 51

Adobe Reader 9 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

[I think I have spyware somewhere ?]

Runs okay, no problems as far as i can tell.

[I think I have spyware somewhere ?]

attached.

mbar-log-2014-03-23 (12-21-47).txt

system-log.txt

[I think I have spyware somewhere ?]

<sub>ComboFix 14-03-23.01 - Aaron 03/22/2014  22:45:47.4.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4063.2371 [GMT -7:00]
Running from: c:\users\Aaron\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-23 to 2014-03-23  )))))))))))))))))))))))))))))))
.
.
2014-03-23 05:56 . 2014-03-23 05:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-03-23 05:56 . 2014-03-23 05:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-20 05:22 . 2014-03-21 22:02 -------- d-----w- C:\FRST
2014-03-19 05:24 . 2014-03-19 05:24 -------- d-----w- c:\users\Aaron\AppData\Roaming\AVAST Software
2014-03-19 05:19 . 2014-03-19 05:19 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-03-19 05:00 . 2014-03-19 05:00 -------- d-----w- c:\windows\ERUNT
2014-03-19 04:15 . 2014-03-19 04:44 -------- d-----w- C:\AdwCleaner
2014-03-12 04:43 . 2014-02-23 08:11 2648576 ----a-w- c:\windows\system32\iertutil.dll
2014-03-12 04:40 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-03-12 04:40 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-12 04:40 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-03-12 04:40 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-03-12 04:40 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 04:40 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 04:40 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-12 04:40 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-19 05:19 . 2013-04-06 17:33 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-19 05:19 . 2013-04-06 17:33 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-19 05:19 . 2012-06-22 03:25 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-19 05:19 . 2012-06-22 03:25 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-19 05:19 . 2012-06-22 03:25 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-19 05:19 . 2012-06-22 03:25 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-19 05:19 . 2012-06-22 03:25 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-19 05:19 . 2012-06-22 03:24 43152 ----a-w- c:\windows\avastSS.scr
2014-03-12 04:44 . 2009-11-05 00:38 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-12 03:50 . 2012-11-26 09:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 03:50 . 2012-11-26 09:18 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-22 13:52 . 2012-06-22 03:25 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-12-24 23:09 . 2014-02-12 03:02 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-12 03:02 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-13 09:22 . 2013-07-13 09:22 4188160 ----a-w- c:\program files (x86)\GUT787B.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAHeadless"="c:\program files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-06 615808]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"AmazonMP3DownloaderHelper"="c:\users\Aaron\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-09 400704]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-09-02 80384]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"VMSwitch"="c:\program files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe" [2009-07-29 538472]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"WMAAD"="c:\program files (x86)\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-17 110592]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-07-25 468112]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-19 3767096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ    scecli c:\program files\Protector Suite\psqlpwd.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]
R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ICScsiSV;Image Converter SCSI Service;c:\program files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe;c:\program files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [x]
R3 IcVzMonLauncher;IcVzMonLauncher;c:\program files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe;c:\program files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 MUsbFltr;BUFFALO Tilt Mouse;c:\windows\system32\drivers\MUsbFltr.sys;c:\windows\SYSNATIVE\drivers\MUsbFltr.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RTCore64;RTCore64;c:\users\Aaron\Desktop\rmclock_235_bin\RTCore64.sys;c:\users\Aaron\Desktop\rmclock_235_bin\RTCore64.sys [x]
R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe;c:\program files\Sony\VAIO Care\collsvc.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys;c:\windows\SYSNATIVE\DRIVERS\shpf.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);c:\windows\system32\Drivers\NEOFLTR_650_15991.SYS;c:\windows\SYSNATIVE\Drivers\NEOFLTR_650_15991.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe;c:\program files\Logitech\SolarApp\L4301_Solar.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [bU]
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-26 03:50]
.
2014-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 03:21]
.
2014-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 03:21]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3578647892-2928166785-2268897593-1001Core.job
- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 00:32]
.
2014-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3578647892-2928166785-2268897593-1001UA.job
- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 00:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-19 05:19 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2009-07-20 21:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2009-07-20 21:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-07-20 84744]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\system32\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: ticketmaster.com\www
TCP: DhcpNameServer = 192.168.1.254

.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Alias]
@=""
"0"="ActionsPane Schema for Add-Ins"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-03-22  23:13:24
ComboFix-quarantined-files.txt  2014-03-23 06:13
.
Pre-Run: 176,388,198,400 bytes free
Post-Run: 176,313,192,448 bytes free
.
- - End Of File - - 386F9DC554EA3636347F19273B215BE0
5C616939100B85E558DA92B899A0FC36</sub>
 

[I think I have spyware somewhere ?]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Aaron at 2014-03-21 15:02:31 Run:2
Running from C:\Users\Aaron\Desktop\Fix
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNzM3NTQ4NjE5LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNQMVMyKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzQ1MzYyLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMS1MMTBNKzItRjEwTTEyQVQrMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1TVDEyRk9JKzEtRjEwTTEyQVUrMQ"&"prod=90"&"ver=2012.0.1831"&"mid=c295cea7427a87111536fa9b9fede807-0f5db481345980a8c4b1d629e759d1ac41812328 [X]
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
C:\Users\Aaron\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Aaron\AppData\Local\Temp\Quarantine.exe

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => Value not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value not found.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKCR\PROTOCOLS\Handler\ipp\0x00000001 => Key not found.
HKCR\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} => Key not found.
"C:\Users\Aaron\AppData\Local\Temp\ntdll_dump.dll" => File/Directory not found.
"C:\Users\Aaron\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.

==== End of Fixlog ====

[I think I have spyware somewhere ?]

FRST.txt and Addition.txt attached to keep post clean.

FRST.txt

Addition.txt

[I think I have spyware somewhere ?]

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16844
Aaron :: HIMITSU2 [administrator]

3/19/2014 10:28:01 PM
mbam-log-2014-03-19 (22-28-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245131
Time elapsed: 8 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[I think I have spyware somewhere ?]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x64
Ran by Aaron on Tue 03/18/2014 at 22:00:49.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\freerip"
Successfully deleted: [Folder] "C:\Program Files (x86)\freerip3"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{0120E248-D3C3-4182-B2F7-4F04F4941E56}
Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{23FF907A-7185-4B7C-8D18-F04F02BD8C3B}
Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{4E977F02-1E03-4819-B5EC-72E5EA0FBAC0}
Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{60CBB7CF-6D81-43C9-971F-554DAD54AB95}
Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{72518A99-5812-415E-8CCC-767CC219C69C}
Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{89187F7E-FC59-46C7-A8EC-E7E8B419BD91}
Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{94CF4B33-9386-48E2-B544-938FB36CDCDE}
Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{963C2EA0-EB8E-4B61-B109-26E82053FB75}
Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{D958EA2C-502F-4C72-B8F1-162F757E9208}
Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{D9DD71B7-9CCA-49C5-85F6-D322A7BF5FE9}
Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{DDC79F3D-DE8B-48B4-81C9-526D681536DF}
Successfully deleted: [Empty Folder] C:\Users\Aaron\appdata\local\{F3B32CF9-20F2-411E-B377-6CD89CB4AE0E}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/18/2014 at 22:08:18.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[I think I have spyware somewhere ?]

# AdwCleaner v3.022 - Report created 18/03/2014 at 21:44:49
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Aaron - HIMITSU2
# Running from : C:\Users\Aaron\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Partner Service

***** [ Files / Folders ] *****

[x] Not Deleted : C:\ProgramData\FreeRIP
Folder Deleted : C:\ProgramData\Partner
[x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3
[x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[x] Not Deleted : C:\Program Files (x86)\FreeRIP3
[x] Not Deleted : C:\Program Files (x86)\myfree codec
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\Aaron\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Aaron\AppData\LocalLow\PriceGong

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASAPI32
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Conduit
[x] Not Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\systweak
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
[x] Not Deleted : [x64] HKCU\Software\Myfree Codec
Key Deleted : [x64] HKLM\SOFTWARE\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16843

-\\ Google Chrome v

[ File : C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6317 octets] - [18/03/2014 21:28:38]
AdwCleaner[s0].txt - [6317 octets] - [18/03/2014 21:44:49]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6377 octets] ##########

[I think I have spyware somewhere ?]

RK Report:

 

RogueKiller V8.8.11 _x64_ [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Aaron [Admin rights]
Mode : Scan -- Date : 03/18/2014 17:55:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 18 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : AmazonMP3DownloaderHelper (C:\Users\Aaron\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [7]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-3578647892-2928166785-2268897593-1001\[...]\Run : AmazonMP3DownloaderHelper (C:\Users\Aaron\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [7]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS723232L9SA60 +++++
--- User ---
[MBR] f5a946cb3c73b4d41171e2d4298cffcd
[bSP] b4edb318e6463599526d3e324c234c7e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 6310 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 12924928 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 13129728 | Size: 298833 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03182014_175526.txt >>

 

 

[I think I have spyware somewhere ?]

Rogue Killer keeps BSODing my computer.. Here is the error report from Windows:

 

Problem signature:
  Problem Event Name: BlueScreen
  OS Version: 6.1.7601.2.1.0.256.48
  Locale ID: 1033

Additional information about the problem:
  BCCode: 50
  BCP1: FFFFFA800D978840
  BCP2: 0000000000000001
  BCP3: FFFFF88005868830
  BCP4: 0000000000000002
  OS Version: 6_1_7601
  Service Pack: 1_0
  Product: 256_1

Files that help describe the problem:
  C:\Windows\Minidump\031714-29125-01.dmp
  C:\Users\Aaron\AppData\Local\Temp\WER-61573-0.sysdata.xml

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt

 

Help ?

[I think I have spyware somewhere ?]

Nothing detected, I did a scan and removal previously.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.17.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16844
Aaron :: HIMITSU2 [administrator]

3/17/2014 5:57:00 PM
mbam-log-2014-03-17 (17-57-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241710
Time elapsed: 6 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[I think I have spyware somewhere ?]

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16843  BrowserJavaVersion: 10.51.2
Run by Aaron at 14:14:53 on 2014-03-15
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4063.2071 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Protector Suite\upeksvr.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\Aaron\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Protector Suite\psqltray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
uRun: [Google Update] "C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [AmazonMP3DownloaderHelper] C:\Users\Aaron\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [VMSwitch] "C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe"
mRun: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [WMAAD] C:\Program Files (x86)\Sony\WALKMAN Launcher\WMAAD.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNzM3NTQ4NjE5LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNQMVMyKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzQ1MzYyLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMS1MMTBNKzItRjEwTTEyQVQrMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1TVDEyRk9JKzEtRjEwTTEyQVUrMQ"&"prod=90"&"ver=2012.0.1831"&"mid=c295cea7427a87111536fa9b9fede807-0f5db481345980a8c4b1d629e759d1ac41812328
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm











TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7}\07F6E623 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7}\37471697F6E6C696E656 : DHCPNameServer = 172.16.0.1
TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7}\84F657375602F66602C45656 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7}\D496B656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{10FF0534-E749-4209-8B6B-59AB8650A830} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{9E496D44-0552-48DF-AF8E-708D23F5BA00} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli C:\Program Files\Protector Suite\psqlpwd.dll
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [PSQLLauncher] "C:\Program Files\Protector Suite\launcher.exe" /startup
x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-Notify: psfus - C:\Program Files\Protector Suite\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-6 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-6 189936]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-2 55024]
R0 shpf;Sony HDD Protection Filter Driver;C:\Windows\System32\drivers\shpf.sys [2009-8-19 25120]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-6-21 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-6-21 378944]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2013-8-13 31136]
R1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);C:\Windows\System32\drivers\NEOFLTR_650_15991.SYS [2012-8-4 100472]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-3 238080]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-6-21 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-6-21 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-3-14 46808]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 L4301_Solar;Logitech Solar Keyboard Service;C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-19 189984]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-10-27 411496]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-8-19 292864]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2012-9-18 78648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2012-9-18 15160]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-6-7 5435904]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-8-19 11392]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-11-17 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-8-19 35104]
S3 cpuz135;cpuz135;C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-6-9 24368]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-11-17 103576]
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2009-11-4 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2009-11-4 67760]
S3 MUsbFltr;BUFFALO Tilt Mouse;C:\Windows\System32\drivers\MUsbFltr.sys [2007-4-18 12672]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-10-27 332272]
S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-10-27 167424]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-11-17 204568]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-16 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-26 1255736]
.
=============== File Associations ===============
.
ShellExec: VCExporterLaunch.exe: open="C:\Program Files (x86)\Sony\VAIO VP Utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
2014-03-12 04:40:29 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-12 04:40:29 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-12 04:40:28 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-12 04:40:28 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-12 04:40:27 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 04:40:27 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-12 04:40:27 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 04:40:26 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-19 07:49:57 -------- d-----r- C:\Program Files (x86)\Skype
2014-02-19 07:49:16 -------- d-----w- C:\Program Files\AuthenTec
.
==================== Find3M  ====================
.
2014-03-12 03:50:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 03:50:08 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-23 08:13:41 2241536 ----a-w- C:\Windows\System32\wininet.dll
2014-02-23 08:11:59 3960320 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-23 08:11:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-23 08:11:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-02-23 06:54:46 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-23 06:53:22 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-23 06:53:18 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-23 06:53:18 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-02-23 06:35:36 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-23 06:31:25 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-23 05:39:39 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-02-23 05:35:24 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-01-22 13:52:21 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-01-22 13:52:21 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-01-22 13:52:21 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-01-22 13:52:21 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-01-22 13:52:19 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-01-22 13:51:40 41664 ----a-w- C:\Windows\avastSS.scr
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 09:39:33 600064 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 07:56:10 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-12-19 05:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-13 09:22:52 4188160 ----a-w- C:\Program Files (x86)\GUT787B.tmp
.
============= FINISH: 14:15:17.26 ===============

 

 

 

 

Combofix.txt.

 

ComboFix 14-03-13.01 - Aaron 03/15/2014  14:18:40.2.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4063.2124 [GMT -7:00]
Running from: C:\Users\Aaron\Desktop\ComboFix.exe

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

C:\prefs.js
C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\{845697C1-3AB3-435F-AF5D-7DEDB7D15FD3}.xps
C:\Windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
C:\Windows\wininit.ini

(((((((((((((((((((((((((   Files Created from 2014-02-15 to 2014-03-15  )))))))))))))))))))))))))))))))

2014-03-15 21:56:26 . 2014-03-15 21:56:26 -------- d-----w- C:\Users\Public\AppData\Local\temp
2014-03-15 21:56:26 . 2014-03-15 21:56:26 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-03-12 04:43:59 . 2014-02-23 08:11:52 2648576 ----a-w- C:\Windows\system32\iertutil.dll
2014-03-12 04:40:29 . 2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\system32\win32k.sys
2014-03-12 04:40:29 . 2014-01-28 02:32:46 228864 ----a-w- C:\Windows\system32\wwansvc.dll
2014-03-12 04:40:28 . 2014-01-29 02:32:18 484864 ----a-w- C:\Windows\system32\wer.dll
2014-03-12 04:40:28 . 2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-12 04:40:27 . 2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\system32\WindowsCodecs.dll
2014-03-12 04:40:27 . 2014-02-04 02:32:12 624128 ----a-w- C:\Windows\system32\qedit.dll
2014-03-12 04:40:27 . 2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-12 04:40:26 . 2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-19 07:49:57 . 2014-02-19 07:49:57 -------- d-----w- C:\Program Files (x86)\Common Files\Skype
2014-02-19 07:49:57 . 2014-02-19 07:49:57 -------- d-----r- C:\Program Files (x86)\Skype
2014-02-19 07:49:16 . 2014-02-19 07:49:16 -------- d-----w- C:\Program Files\AuthenTec
.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-03-12 04:44:52 . 2009-11-05 00:38:18 90015360 ----a-w- C:\Windows\system32\MRT.exe
2014-03-12 03:50:08 . 2012-11-26 09:18:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 03:50:08 . 2012-11-26 09:18:19 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-22 13:52:21 . 2013-04-06 17:33:24 65336 ----a-w- C:\Windows\system32\drivers\aswRvrt.sys
2014-01-22 13:52:21 . 2013-04-06 17:33:24 189936 ----a-w- C:\Windows\system32\drivers\aswVmm.sys
2014-01-22 13:52:21 . 2012-06-22 03:25:45 378944 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2014-01-22 13:52:21 . 2012-06-22 03:25:42 72016 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys
2014-01-22 13:52:21 . 2012-06-22 03:25:41 64288 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2014-01-22 13:52:21 . 2012-06-22 03:25:40 1030952 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2014-01-22 13:52:19 . 2012-06-22 03:25:45 33400 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2014-01-22 13:52:19 . 2012-06-22 03:25:35 80816 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2014-01-22 13:51:40 . 2012-06-22 03:24:57 41664 ----a-w- C:\Windows\avastSS.scr
2014-01-22 13:51:08 . 2012-06-22 03:25:35 295544 ----a-w- C:\Windows\system32\aswBoot.exe
2013-12-24 23:09:41 . 2014-02-12 03:02:57 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 . 2014-02-12 03:02:57 2565120 ----a-w- C:\Windows\system32\d3d10warp.dll
2013-12-21 09:39:33 . 2014-02-12 03:08:43 600064 ----a-w- C:\Windows\system32\vbscript.dll
2013-12-21 07:56:10 . 2014-02-12 03:08:43 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-12-19 05:09:39 . 2014-01-20 05:46:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-13 09:22:52 . 2013-07-13 09:22:38 4188160 ----a-w- C:\Program Files (x86)\GUT787B.tmp

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-10-27 18:54:16 433648 ----a-w- C:\ProgramData\Partner\Partner.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAHeadless"="C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-06 12:40:00 615808]
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 23:43:26 59720]
"AmazonMP3DownloaderHelper"="C:\Users\Aaron\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-09 20:37:02 400704]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-27 18:54:06 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SmartWiHelper"="C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-09-02 23:45:44 80384]
"ISBMgr.exe"="C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 16:23:14 317288]
"VMSwitch"="C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe" [2009-07-29 03:45:34 538472]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 18:50:42 155648]
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 05:38:56 623992]
"googletalk"="C:\Program Files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 21:22:02 3739648]
"WMAAD"="C:\Program Files (x86)\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-17 02:41:36 110592]
"VirtualCloneDrive"="C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 11:44:11 85160]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 09:57:28 35760]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 23:57:56 948672]
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 19:27:46 89184]
"EEventManager"="C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 16:13:10 673616]
"FUFAXSTM"="C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 07:00:00 843776]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 08:52:12 43848]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2014-01-22 13:51:33 4858968]
"IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-07-25 18:10:34 468112]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 11:03:04 641704]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2013-05-01 10:59:04 421888]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 16:16:26 254336]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 16:27:00 152392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNzM3NTQ4NjE5LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNQMVMyKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzQ1MzYyLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMS1MMTBNKzItRjEwTTEyQVQrMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1TVDEyRk9JKzEtRjEwTTEyQVUrMQ∏=90&ver=2012.0.1831&mid=c295cea7427a87111536fa9b9fede807-0f5db481345980a8c4b1d629e759d1ac41812328" [?]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49:36 98304 ----a-w- C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ    scecli C:\Program Files\Protector Suite\psqlpwd.dll

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys;C:\Windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]
R3 cpuz135;cpuz135;C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys;C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);C:\Windows\system32\DRIVERS\dc3d.sys;C:\Windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys;C:\Windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ICScsiSV;Image Converter SCSI Service;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [x]
R3 IcVzMonLauncher;IcVzMonLauncher;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [x]
R3 MUsbFltr;BUFFALO Tilt Mouse;C:\Windows\system32\drivers\MUsbFltr.sys;C:\Windows\SYSNATIVE\drivers\MUsbFltr.sys [x]
R3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe;C:\ProgramData\Partner\Partner.exe [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64.sys;C:\Windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RTCore64;RTCore64;C:\Users\Aaron\Desktop\rmclock_235_bin\RTCore64.sys;C:\Users\Aaron\Desktop\rmclock_235_bin\RTCore64.sys [x]
R3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe;C:\Program Files\Sony\VAIO Care\collsvc.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS;C:\Windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS;C:\Windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS;C:\Windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys;C:\Windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys;C:\Windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 shpf;Sony HDD Protection Filter Driver;C:\Windows\system32\DRIVERS\shpf.sys;C:\Windows\SYSNATIVE\DRIVERS\shpf.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\system32\drivers\HWiNFO64A.SYS;C:\Windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS;C:\Windows\SYSNATIVE\Drivers\NEOFLTR_650_15991.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys;C:\Windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe;C:\Windows\SYSNATIVE\svchost.exe [x]
S2 L4301_Solar;Logitech Solar Keyboard Service;C:\Program Files\Logitech\SolarApp\L4301_Solar.exe;C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [x]
S2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [x]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys;C:\Windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys;C:\Windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys;C:\Windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys;C:\Windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys;C:\Windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys;C:\Windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]

Contents of the 'Scheduled Tasks' folder

2014-03-15 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-26 09:18:20 . 2014-03-12 03:50:09]

2014-03-15 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 03:21:32 . 2010-02-02 03:21:26]

2014-03-15 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 03:21:32 . 2010-02-02 03:21:26]

2014-03-15 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3578647892-2928166785-2268897593-1001Core.job
- C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 02:25:58 . 2010-03-18 00:32:52]

2014-03-15 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3578647892-2928166785-2268897593-1001UA.job
- C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 02:25:58 . 2010-03-18 00:32:52]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-10-27 18:54:16 750064 ----a-w- C:\ProgramData\Partner\Partner64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-22 13:51:06 133840 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2009-07-20 21:18:46 5943048 ----a-w- C:\Program Files\Protector Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2009-07-20 21:18:46 5943048 ----a-w- C:\Program Files\Protector Suite\farchns.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 04:34:01 7938080]
"Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 04:35:03 1833504]
"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 02:03:32 186904]
"PSQLLauncher"="C:\Program Files\Protector Suite\launcher.exe" [2009-07-20 18:42:24 84744]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 22:04:36 2399632]
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 17:42:10 2419512]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm

mLocal Page = C:\Windows\system32\blank.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: ticketmaster.com\www
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

 

END !
 

dds.txt

attach.txt

ComboFix.txt

[PUM.Hijack.StartMenu.]

it runs well but ESET detected stuff...

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.28.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Aaron :: HIMITSU2 [administrator]

11/27/2012 6:00:31 PM

mbam-log-2012-11-27 (18-00-31).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 217159

Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ESET:

C:\TDSSKiller_Quarantine\25.11.2012_17.45.15\zasubsys0000\file0000\tsk0000.dta Win64/Patched.B.Gen trojan

C:\_OTL\MovedFiles\06222012_091010\C_Users\Aaron\AppData\Local\Apple\AOL\dqzev.dll a variant of Win32/Kryptik.AHOG trojan

C:\_OTL\MovedFiles\06222012_091010\C_Windows\Installer\{88a3ef15-86f2-57de-1477-2fc96c2d87b1}\U\800000cb.@ Win64/Sirefef.T trojan

[PUM.Hijack.StartMenu.]

FSS report:

Farbar Service Scanner Version: 09-11-2012

Ran by Aaron (administrator) on 26-11-2012 at 20:35:05

Running from "C:\Users\Aaron\Desktop\New folder (2)"

Windows 7 Professional Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2012-11-13 17:34] - [2012-10-03 09:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

[PUM.Hijack.StartMenu.]

do you need any of the logs posted ?

[PUM.Hijack.StartMenu.]

Also, I restarted it in regular mode and there was a popup saying a command line from one of my registry entries could not be found (an .exe file, which I'm hoping/guessing was the trojan ?). So maybe it is clean now ?

[PUM.Hijack.StartMenu.]

It runs fine (I think), except all my programs are missing their shortcuts. There doesn't appear to be any lag or anything of the sort. I've been running all my scans in safe mode/networking. I had the whole switch to black background, and lost all my Start>All Programs shortcuts. The directories are there, but they are all empty. Is it cleaned, and I just need to try restarting or is there more work to be done ?

FSS report:

Farbar Service Scanner Version: 09-11-2012

Ran by Aaron (administrator) on 25-11-2012 at 19:31:48

Running from "C:\Users\Aaron\Desktop"

Windows 7 Professional Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.

Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.

Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

bfe Service is not running. Checking service configuration:

The start type of bfe service is OK.

The ImagePath of bfe service is OK.

The ServiceDll of bfe service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

Action Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:

The start type of BITS service is set to Demand. The default start type is Auto.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:

The start type of EventSystem service is OK.

The ImagePath of EventSystem service is OK.

The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is OK.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2012-11-13 17:34] - [2012-10-03 09:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

ADW log:

# AdwCleaner v2.009 - Logfile created 11/25/2012 at 19:32:56

# Updated 24/11/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Aaron - HIMITSU2

# Boot Mode : Safe mode with networking

# Running from : C:\Users\Aaron\Desktop\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility

Folder Found : C:\Program Files (x86)\FreeRIP3

Folder Found : C:\ProgramData\FreeRIP

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3

Folder Found : C:\ProgramData\Partner

Folder Found : C:\Users\Aaron\AppData\LocalLow\Conduit

Folder Found : C:\Users\Aaron\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll

Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Found : HKLM\SOFTWARE\Classes\dnUpdate

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho

Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1798 octets] - [25/11/2012 19:32:56]

########## EOF - C:\AdwCleaner[R1].txt - [1858 octets] ##########

[PUM.Hijack.StartMenu.]

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16455

Run by Aaron at 19:17:09 on 2012-11-25

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4063.2941 [GMT -8:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US /HIDEBL

uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe

mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [VMSwitch] "C:\Program Files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe"

mRun: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart

mRun: [WMAAD] C:\Program Files (x86)\Sony\WALKMAN Launcher\WMAAD.exe

mRun: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNzM3NTQ4NjE5LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNQMVMyKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzQ1MzYyLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMS1MMTBNKzItRjEwTTEyQVQrMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1TVDEyRk9JKzEtRjEwTTEyQVUrMQ"&"prod=90"&"ver=2012.0.1831"&"mid=c295cea7427a87111536fa9b9fede807-0f5db481345980a8c4b1d629e759d1ac41812328

mRunOnce: [51BA15F4-9FC3-4697-8F34-76E41CE1D6BE] cmd.exe /C start /D "C:\Users\Aaron\AppData\Local\Temp" /B 51BA15F4-9FC3-4697-8F34-76E41CE1D6BE.exe -postboot

StartupFolder: C:\Users\Aaron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: HideFastUserSwitching = dword:1

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://www.nevadadot.com/ACGM/Acgm.cab

TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1

TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7}\07F6E623 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7}\84F657375602F66602C45656 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{0FDB6DF3-7F90-400A-88BB-35067E7A6DE7}\D496B656 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{10FF0534-E749-4209-8B6B-59AB8650A830} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

TCP: Interfaces\{9E496D44-0552-48DF-AF8E-708D23F5BA00} : DHCPNameServer = 172.16.0.1 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: VESWinlogon - VESWinlogon.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

x64-Run: [PSQLLauncher] "C:\Program Files\Protector Suite\launcher.exe" /startup

x64-Run: [EmsService] EmsServiceHelper.exe

x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-Notify: psfus - C:\Program Files\Protector Suite\psqlpwd.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 CmgShieldCEF;CmgShieldCEF;C:\Windows\System32\drivers\CMGShCEF.sys [2009-7-31 338544]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-2 55024]

R0 shpf;Sony HDD Protection Filter Driver;C:\Windows\System32\drivers\shpf.sys [2009-8-19 25120]

R1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);C:\Windows\System32\drivers\NEOFLTR_650_15991.SYS [2012-8-4 100472]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2012-9-18 78648]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2012-9-18 15160]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-6-7 5435904]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-8-19 11392]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-11-17 395264]

S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-6-21 969200]

S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-6-21 359464]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-19 203264]

S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-6-21 25232]

S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-6-21 71600]

S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-5 44808]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-6-9 23816]

S2 EMS;EMS;EMSService.exe --> EMSService.exe [?]

S2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]

S2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-19 189984]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-10-27 411496]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-8-19 35104]

S3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-8-19 292864]

S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2009-11-4 75952]

S3 IcVzMonLauncher;IcVzMonLauncher;C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2009-11-4 67760]

S3 MUsbFltr;BUFFALO Tilt Mouse;C:\Windows\System32\drivers\MUsbFltr.sys [2007-4-18 12672]

S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-10-27 332272]

S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-10-27 167424]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-16 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-26 1255736]

.

=============== File Associations ===============

.

ShellExec: VCExporterLaunch.exe: open="C:\Program Files (x86)\Sony\VAIO VP Utilities\VCELaunch.exe" "%1"

.

=============== Created Last 30 ================

.

2012-11-26 03:16:32 -------- d-sh--w- C:\$RECYCLE.BIN

2012-11-26 02:39:44 98816 ----a-w- C:\Windows\sed.exe

2012-11-26 02:39:44 256000 ----a-w- C:\Windows\PEV.exe

2012-11-26 02:39:44 208896 ----a-w- C:\Windows\MBR.exe

2012-11-26 01:46:06 -------- d-----w- C:\TDSSKiller_Quarantine

2012-11-25 03:14:51 -------- d-----w- C:\Users\Aaron\AppData\Local\{4E977F02-1E03-4819-B5EC-72E5EA0FBAC0}

2012-11-14 01:48:17 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-14 01:48:16 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-14 01:48:16 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-14 01:48:16 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-14 01:37:56 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-14 01:37:56 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-11-14 01:37:52 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-11-14 01:37:52 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-11-14 01:37:46 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-11-14 01:37:46 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-11-14 01:37:46 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-11-14 01:33:40 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-11-14 01:33:40 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-11-09 07:11:46 53248 ----a-r- C:\Users\Aaron\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-11-09 07:11:29 -------- d-----w- C:\Users\Aaron\AppData\Local\Logishrd

2012-11-09 07:10:21 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2012-11-09 07:04:18 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility

2012-11-09 06:57:26 -------- d-----w- C:\Users\Aaron\AppData\Roaming\Logishrd

.

==================== Find3M ====================

.

2012-11-26 01:48:04 328704 ----a-w- C:\Windows\System32\services.exe

2012-11-21 00:38:35 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-21 00:38:35 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-30 03:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-18 09:32:44 55096 ----a-w- C:\Windows\System32\LMouFiltCoInst.dll

2012-09-18 09:32:32 78648 ----a-w- C:\Windows\System32\drivers\LEqdUsb.sys

2012-09-18 09:32:32 75064 ----a-w- C:\Windows\System32\drivers\LHidFilt.Sys

2012-09-18 09:32:32 61240 ----a-w- C:\Windows\System32\drivers\LMouFilt.Sys

2012-09-18 09:32:32 1845560 ----a-w- C:\Windows\System32\LkmdfCoInst.dll

2012-09-18 09:32:32 15160 ----a-w- C:\Windows\System32\drivers\LHidEqd.sys

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

.

============= FINISH: 19:17:25.94 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 11/4/2009 5:20:29 PM

System Uptime: 11/25/2012 5:48:00 PM (2 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core2 Duo CPU P8700 @ 2.53GHz | N/A | 2526/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 292 GiB total, 120.139 GiB free.

D: is Removable

E: is Removable

F: is CDROM ()

G: is Removable

K: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: avast! Network Shield Support

Device ID: ROOT\LEGACY_ASWTDI\0000

Manufacturer:

Name: avast! Network Shield Support

PNP Device ID: ROOT\LEGACY_ASWTDI\0000

Service: aswTdi

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Add or Remove Adobe Creative Suite 3 Design Premium

Adobe Acrobat 8 Professional

Adobe Acrobat 8.1.5 - CPSID_49013

Adobe Acrobat 8.1.5 Professional

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe BridgeTalk Plugin CS3

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Creative Suite 3 Design Premium

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Flash Player 11 ActiveX

Adobe Flash Player 9 Plugin

Adobe Flash Video Encoder

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe InDesign CS3 Icon Handler

Adobe Linguistics CS3

Adobe MotionPicture Color Files

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Photoshop.com Inspiration Browser

Adobe Premiere Elements 1.0

Adobe Premiere Elements 8.0

Adobe Reader 9.3.1

Adobe Setup

Adobe Shockwave Player 11.5

Adobe SING CS3

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe Version Cue CS3 Server {ko_KR}

Adobe WAS CS3

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

AHV content for Acrobat and Flash

AIM 7

AOL Messaging Toolbar

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Application Manager for VAIO

ArcSoft WebCam Companion 3

ATI Catalyst Install Manager

Audacity 1.2.6

avast! Free Antivirus

BatteryBar (remove only)

BBSAK

BitTorrent

BlackBerry App World Browser Plugin

BlackBerry Desktop Software 7.1

BlackBerry Device Software Updater

BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone

Bonjour

BurnAware Professional 2.4.4

Canon Easy-WebPrint EX

Canon IJ Network Scanner Selector EX

Canon IJ Network Tool

Canon MP Navigator EX 5.1

Canon MX890 series MP Drivers

Canon MX890 series User Registration

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Click to Disc

Click to Disc Editor

Combined Community Codec Pack 2011-11-11

Compatibility Pack for the 2007 Office system

CPUID CPU-Z 1.60.1

CREDANT EMS 64-bit

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Diablo III

Download Updater (AOL Inc.)

DVD Shrink 3.2

EPSON Artisan 810 Series Printer Uninstall

Epson Event Manager

Epson FAX Utility

Epson PC-FAX Driver

Epson Print CD

EPSON Scan

EpsonNet Print

EpsonNet Setup

eReg

erLT

ERUNT 1.1j

EVE-ONLINE (remove only)

Everyday Auto Backup 2.0

ffdshow (remove only)

FreeRIP v3.66

Google Earth

Google Quick Search Box

Google Talk (remove only)

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

HandBrake 0.9.6

HDAUDIO SoftV92 Data Fax Modem with SmartCP

Image Converter 3

ImgBurn

Intel® Matrix Storage Manager

iTunes

Java 6 Update 24

Java 7 Update 5 (64-bit)

Java SE Development Kit 6 Update 15 (64-bit)

Juniper Networks Secure Application Manager

Juniper Networks Setup Client

Juniper Networks Setup Client Activex Control

Junk Mail filter update

LAME v3.98.2 for Audacity

LexisNexis® CD on Folio® 4

Logitech SetPoint 6.51

Malwarebytes Anti-Malware version 1.65.1.1000

Marvell Miniport Driver

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft AppLocale

Microsoft IntelliPoint 8.1

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Windows Application Compatibility Database

MixMeister BPM Analyzer 1.0

Move Media Player

Mp3tag v2.49b

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyDefrag v4.3.1

Noiseware Standard Edition

OpenMG Limited Patch 4.7-07-14-05-01

OpenMG Secure Module 4.7.00

PC Wizard 2012.2.0

PDF Manual NW-A800 Series

PDF Settings

Picasa 3

PlayReady PC Runtime amd64

Protector Suite 2009

Realtek HDMI Audio Driver for ATI

Realtek High Definition Audio Driver

SDFormatter

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

Setting Utility Series

Skype Toolbars

Skype™ 5.10

SmartSound Quicktracks for Premiere Elements 8.0

SmartWi Connection Utility

SonicStage 4.3

Sony Video Shared Library

Synaptics Pointing Device Driver

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VAIO Care

VAIO Control Center

VAIO Data Restore Tool

VAIO DVD Menu Data Basic

VAIO Event Service

VAIO Help and Support

VAIO Mode Switch

VAIO OOBE and Startup Assistant

VAIO Power Management

VAIO Presentation Support

VAIO Update 4

VAIO Wallpaper Contents

Ventrilo Client

Ventrilo Server

Video Downloader

VirtualCloneDrive

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

VLC media player 2.0.4

WALKMAN Launcher

WIDCOMM Bluetooth Software

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

11/25/2012 6:54:24 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/25/2012 6:52:06 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

11/25/2012 6:40:52 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

11/25/2012 6:39:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

11/25/2012 5:48:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/25/2012 5:48:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/25/2012 5:48:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/25/2012 5:48:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/25/2012 5:48:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache ElbyCDIO spldr Wanarpv6

11/25/2012 5:48:29 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

11/25/2012 5:48:29 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

11/25/2012 5:48:29 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

11/25/2012 2:55:52 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

11/25/2012 2:55:52 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

11/25/2012 2:45:28 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

11/25/2012 2:45:19 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter

11/25/2012 2:45:19 PM, Error: atikmdag [43029] - Display is not active

11/25/2012 2:03:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa80076d9b30, 0xfffffa80076d9e10, 0xfffff80003996460). A dump was saved in: C:\Windows\Minidump\112512-24757-01.dmp. Report Id: 112512-24757-01.

11/25/2012 1:53:27 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

11/25/2012 1:19:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.

.

==== End Of File ===========================

[PUM.Hijack.StartMenu.]

Thanks for your help. Hopefully it wont be too much damage.

Combofix Report:

ComboFix 12-11-25.01 - Aaron 11/25/2012 18:41:27.1.2 - x64 NETWORK

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4063.3227 [GMT -8:00]

Running from: c:\users\Aaron\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\programdata\sqj.pad

c:\windows\apppatch\AppLoc.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-26 to 2012-11-26 )))))))))))))))))))))))))))))))

.

.

2012-11-26 02:52 . 2012-11-26 02:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-26 01:46 . 2012-11-26 01:46 -------- d-----w- C:\TDSSKiller_Quarantine

2012-11-26 01:36 . 2012-11-26 01:36 -------- d-----w- c:\program files (x86)\ERUNT

2012-11-14 01:48 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-14 01:48 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-14 01:48 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-14 01:48 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-14 01:37 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-14 01:37 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-14 01:37 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-14 01:37 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-14 01:37 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-14 01:37 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-14 01:37 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-14 01:33 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-11-14 01:33 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

2012-11-09 07:11 . 2012-11-09 07:11 53248 ----a-r- c:\users\Aaron\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-11-09 07:11 . 2012-11-09 07:11 -------- d-----w- c:\users\Aaron\AppData\Local\Logishrd

2012-11-09 07:10 . 2012-11-10 06:05 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-11-09 07:09 . 2012-11-09 07:12 -------- d-----w- c:\programdata\Logitech

2012-11-09 07:09 . 2012-11-09 07:11 -------- d-----w- c:\programdata\Logishrd

2012-11-09 07:09 . 2012-11-09 07:09 -------- d-----w- c:\program files\Logitech

2012-11-09 07:08 . 2012-11-09 07:11 -------- d-----w- c:\program files\Common Files\Logishrd

2012-11-09 07:04 . 2012-11-09 07:04 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility

2012-11-09 06:57 . 2012-11-09 06:57 -------- d-----w- c:\users\Aaron\AppData\Roaming\Logishrd

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-26 01:48 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe

2012-11-21 00:38 . 2012-03-30 06:13 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-21 00:38 . 2011-06-14 05:55 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-14 01:39 . 2009-11-05 00:38 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-09-30 03:54 . 2009-11-05 05:31 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-18 09:32 . 2012-09-18 09:32 55096 ----a-w- c:\windows\system32\LMouFiltCoInst.dll

2012-09-18 09:32 . 2012-09-18 09:32 78648 ----a-w- c:\windows\system32\drivers\LEqdUsb.sys

2012-09-18 09:32 . 2012-09-18 09:32 75064 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys

2012-09-18 09:32 . 2012-09-18 09:32 61240 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys

2012-09-18 09:32 . 2012-09-18 09:32 1845560 ----a-w- c:\windows\system32\LkmdfCoInst.dll

2012-09-18 09:32 . 2012-09-18 09:32 15160 ----a-w- c:\windows\system32\drivers\LHidEqd.sys

2012-09-14 19:19 . 2012-10-10 01:15 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 01:15 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:19 . 2012-10-10 01:08 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-10 01:14 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 01:14 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12 . 2012-10-10 01:14 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2009-10-27 18:54 433648 ----a-w- c:\programdata\Partner\Partner.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]

2012-11-04 17:42 366904 ----a-w- c:\program files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-27 39408]

"Aim"="c:\program files (x86)\AIM\aim.exe" [2012-05-30 4331392]

"CAHeadless"="c:\program files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-06 615808]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-09-02 80384]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]

"VMSwitch"="c:\program files (x86)\Sony\VAIO Mode Switch\VMSwitch.exe" [2009-07-29 538472]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]

"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"WMAAD"="c:\program files (x86)\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-17 110592]

"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-12 122880]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]

"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-07-25 468112]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNzM3NTQ4NjE5LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNQMVMyKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzQ1MzYyLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMS1MMTBNKzItRjEwTTEyQVQrMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1TVDEyRk9JKzEtRjEwTTEyQVUrMQ∏=90&ver=2012.0.1831&mid=c295cea7427a87111536fa9b9fede807-0f5db481345980a8c4b1d629e759d1ac41812328" [?]

"51BA15F4-9FC3-4697-8F34-76E41CE1D6BE"="start" [X]

.

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"HideFastUserSwitching"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-07-01 18:49 98304 ------w- c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll

.

R1 aswSnx;aswSnx; [x]

R1 aswSP;aswSP; [x]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-27 203264]

R2 aswFsBlk;aswFsBlk; [x]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2012-03-09 23816]

R2 EMS;EMS;EMSService.exe [x]

R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

R2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-07-24 189984]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-08-03 35104]

R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-07-31 292864]

R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632]

R3 ICScsiSV;Image Converter SCSI Service;c:\program files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 75952]

R3 IcVzMonLauncher;IcVzMonLauncher;c:\program files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-01-26 67760]

R3 MUsbFltr;BUFFALO Tilt Mouse;c:\windows\system32\drivers\MUsbFltr.sys [2007-04-18 12672]

R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-10-27 332272]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]

R3 RTCore64;RTCore64;c:\users\Aaron\Desktop\rmclock_235_bin\RTCore64.sys [x]

R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2008-09-29 167424]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-26 1255736]

S0 CmgShieldCEF;CmgShieldCEF;c:\windows\system32\DRIVERS\CMGShCEF.sys [2009-07-31 338544]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]

S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2009-05-28 25120]

S1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);c:\windows\system32\Drivers\NEOFLTR_650_15991.SYS [2010-06-08 100472]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2012-09-18 78648]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2012-09-18 15160]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-05 5435904]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-11-17 395264]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 11692322

*NewlyCreated* - 66463596

*Deregistered* - 11692322

*Deregistered* - 66463596

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:38]

.

2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 03:21]

.

2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 03:21]

.

2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3578647892-2928166785-2268897593-1001Core.job

- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 00:32]

.

2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3578647892-2928166785-2268897593-1001UA.job

- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 00:32]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2009-10-27 18:54 750064 ----a-w- c:\programdata\Partner\Partner64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2009-07-20 21:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2009-07-20 21:18 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-07-20 84744]

"EmsService"="EmsServiceHelper.exe" [2009-07-31 2295656]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

Trusted Zone: ticketmaster.com\www

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab

DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-ISUSPM - c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe

SafeBoot-11692322.sys

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-25 18:57:27

ComboFix-quarantined-files.txt 2012-11-26 02:57

.

Pre-Run: 128,431,398,912 bytes free

Post-Run: 128,903,831,552 bytes free

.

- - End Of File - - DDBBA2E6FDC66E7A3A3C51FBE8D312F1

[PUM.Hijack.StartMenu.]

Any help is much appreciated, thank you !!!

aswMBR Report:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-11-25 17:41:01

-----------------------------

17:41:01.421 OS Version: Windows x64 6.1.7601 Service Pack 1

17:41:01.421 Number of processors: 2 586 0x170A

17:41:01.421 ComputerName: HIMITSU2 UserName: Aaron

17:41:02.045 Initialize success

17:41:02.092 AVAST engine defs: 12112501

17:41:09.221 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

17:41:09.221 Disk 0 Vendor: Hitachi_ FC4O Size: 305245MB BusType: 3

17:41:09.237 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007c

17:41:09.237 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0

17:41:09.237 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007d

17:41:09.237 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0

17:41:09.268 Disk 0 MBR read successfully

17:41:09.268 Disk 0 MBR scan

17:41:09.268 Disk 0 Windows VISTA default MBR code

17:41:09.283 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 6310 MB offset 2048

17:41:09.299 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 12924928

17:41:09.315 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 298833 MB offset 13129728

17:41:09.315 Disk 0 scanning C:\Windows\system32\drivers

17:41:17.395 Service scanning

17:41:43.557 Modules scanning

17:41:43.557 Scan finished successfully

17:42:26.145 Disk 0 MBR has been saved successfully to "C:\Users\Aaron\Desktop\MBR.dat"

17:42:26.145 The log file has been saved successfully to "C:\Users\Aaron\Desktop\aswMBR.txt"

TDSS Report

17:45:15.0356 1700 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

17:45:15.0871 1700 ============================================================

17:45:15.0871 1700 Current date / time: 2012/11/25 17:45:15.0871

17:45:15.0871 1700 SystemInfo:

17:45:15.0871 1700

17:45:15.0871 1700 OS Version: 6.1.7601 ServicePack: 1.0

17:45:15.0871 1700 Product type: Workstation

17:45:15.0871 1700 ComputerName: HIMITSU2

17:45:15.0871 1700 UserName: Aaron

17:45:15.0871 1700 Windows directory: C:\Windows

17:45:15.0871 1700 System windows directory: C:\Windows

17:45:15.0871 1700 Running under WOW64

17:45:15.0871 1700 Processor architecture: Intel x64

17:45:15.0871 1700 Number of processors: 2

17:45:15.0871 1700 Page size: 0x1000

17:45:15.0871 1700 Boot type: Safe boot with network

17:45:15.0871 1700 ============================================================

17:45:17.0696 1700 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:45:17.0696 1700 ============================================================

17:45:17.0696 1700 \Device\Harddisk0\DR0:

17:45:17.0712 1700 MBR partitions:

17:45:17.0712 1700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC53800, BlocksNum 0x32000

17:45:17.0712 1700 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC85800, BlocksNum 0x247A8AB0

17:45:17.0712 1700 ============================================================

17:45:17.0774 1700 C: <-> \Device\Harddisk0\DR0\Partition2

17:45:17.0774 1700 ============================================================

17:45:17.0774 1700 Initialize success

17:45:17.0774 1700 ============================================================

17:45:24.0857 1124 ============================================================

17:45:24.0857 1124 Scan started

17:45:24.0857 1124 Mode: Manual;

17:45:24.0857 1124 ============================================================

17:45:25.0075 1124 ================ Scan system memory ========================

17:45:25.0075 1124 System memory - ok

17:45:25.0075 1124 ================ Scan services =============================

17:45:25.0340 1124 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

17:45:25.0340 1124 1394ohci - ok

17:45:25.0403 1124 [ E0A8525A951ADDB4655BC2068566407D ] 61883 C:\Windows\system32\DRIVERS\61883.sys

17:45:25.0403 1124 61883 - ok

17:45:25.0559 1124 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

17:45:25.0559 1124 ACDaemon - ok

17:45:25.0606 1124 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

17:45:25.0621 1124 ACPI - ok

17:45:25.0621 1124 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

17:45:25.0621 1124 AcpiPmi - ok

17:45:25.0777 1124 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue CS3 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

17:45:25.0777 1124 Adobe Version Cue CS3 - ok

17:45:25.0918 1124 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

17:45:25.0918 1124 AdobeFlashPlayerUpdateSvc - ok

17:45:25.0980 1124 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

17:45:25.0996 1124 adp94xx - ok

17:45:26.0011 1124 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

17:45:26.0027 1124 adpahci - ok

17:45:26.0027 1124 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

17:45:26.0027 1124 adpu320 - ok

17:45:26.0120 1124 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

17:45:26.0120 1124 AeLookupSvc - ok

17:45:26.0183 1124 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

17:45:26.0198 1124 AFD - ok

17:45:26.0230 1124 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

17:45:26.0230 1124 agp440 - ok

17:45:26.0245 1124 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

17:45:26.0261 1124 ALG - ok

17:45:26.0261 1124 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

17:45:26.0276 1124 aliide - ok

17:45:26.0323 1124 [ 322A2C5D390109A4E50679AB58DEA870 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

17:45:26.0339 1124 AMD External Events Utility - ok

17:45:26.0339 1124 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

17:45:26.0339 1124 amdide - ok

17:45:26.0401 1124 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

17:45:26.0401 1124 AmdK8 - ok

17:45:26.0401 1124 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

17:45:26.0417 1124 AmdPPM - ok

17:45:26.0479 1124 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

17:45:26.0479 1124 amdsata - ok

17:45:26.0479 1124 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

17:45:26.0495 1124 amdsbs - ok

17:45:26.0526 1124 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

17:45:26.0526 1124 amdxata - ok

17:45:26.0557 1124 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

17:45:26.0557 1124 AppID - ok

17:45:26.0588 1124 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

17:45:26.0588 1124 AppIDSvc - ok

17:45:26.0651 1124 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

17:45:26.0651 1124 Appinfo - ok

17:45:26.0822 1124 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

17:45:26.0822 1124 Apple Mobile Device - ok

17:45:26.0885 1124 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

17:45:26.0885 1124 AppMgmt - ok

17:45:26.0947 1124 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

17:45:26.0947 1124 arc - ok

17:45:26.0947 1124 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

17:45:26.0963 1124 arcsas - ok

17:45:27.0041 1124 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys

17:45:27.0041 1124 aswFsBlk - ok

17:45:27.0041 1124 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys

17:45:27.0056 1124 aswMonFlt - ok

17:45:27.0056 1124 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys

17:45:27.0056 1124 aswRdr - ok

17:45:27.0088 1124 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys

17:45:27.0103 1124 aswSnx - ok

17:45:27.0150 1124 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys

17:45:27.0166 1124 aswSP - ok

17:45:27.0212 1124 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys

17:45:27.0212 1124 aswTdi - ok

17:45:27.0244 1124 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

17:45:27.0259 1124 AsyncMac - ok

17:45:27.0290 1124 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

17:45:27.0290 1124 atapi - ok

17:45:27.0337 1124 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys

17:45:27.0368 1124 athr - ok

17:45:27.0493 1124 [ DE0EDE41BC530F1759C6FFFCB8C7A0CF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

17:45:27.0571 1124 atikmdag - ok

17:45:27.0665 1124 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

17:45:27.0680 1124 AudioEndpointBuilder - ok

17:45:27.0696 1124 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

17:45:27.0696 1124 AudioSrv - ok

17:45:27.0836 1124 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

17:45:27.0836 1124 avast! Antivirus - ok

17:45:27.0899 1124 [ 16FABE84916623D0607E4A975544032C ] Avc C:\Windows\system32\DRIVERS\avc.sys

17:45:27.0899 1124 Avc - ok

17:45:27.0977 1124 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

17:45:27.0977 1124 AxInstSV - ok

17:45:28.0055 1124 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

17:45:28.0055 1124 b06bdrv - ok

17:45:28.0102 1124 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

17:45:28.0102 1124 b57nd60a - ok

17:45:28.0164 1124 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

17:45:28.0164 1124 BDESVC - ok

17:45:28.0195 1124 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

17:45:28.0195 1124 Beep - ok

17:45:28.0258 1124 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

17:45:28.0320 1124 BITS - ok

17:45:28.0336 1124 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

17:45:28.0336 1124 blbdrive - ok

17:45:28.0429 1124 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

17:45:28.0429 1124 Bonjour Service - ok

17:45:28.0492 1124 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

17:45:28.0492 1124 bowser - ok

17:45:28.0538 1124 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:45:28.0538 1124 BrFiltLo - ok

17:45:28.0538 1124 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:45:28.0538 1124 BrFiltUp - ok

17:45:28.0601 1124 [ 5C2F352A4E961D72518261257AAE204B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys

17:45:28.0601 1124 Bridge - ok

17:45:28.0616 1124 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

17:45:28.0632 1124 BridgeMP - ok

17:45:28.0679 1124 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

17:45:28.0679 1124 Browser - ok

17:45:28.0694 1124 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

17:45:28.0694 1124 Brserid - ok

17:45:28.0694 1124 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

17:45:28.0710 1124 BrSerWdm - ok

17:45:28.0710 1124 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

17:45:28.0710 1124 BrUsbMdm - ok

17:45:28.0726 1124 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

17:45:28.0726 1124 BrUsbSer - ok

17:45:28.0788 1124 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

17:45:28.0788 1124 BthEnum - ok

17:45:28.0804 1124 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

17:45:28.0804 1124 BTHMODEM - ok

17:45:28.0819 1124 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

17:45:28.0819 1124 BthPan - ok

17:45:28.0882 1124 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

17:45:28.0882 1124 BTHPORT - ok

17:45:28.0944 1124 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

17:45:28.0944 1124 bthserv - ok

17:45:28.0960 1124 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

17:45:28.0960 1124 BTHUSB - ok

17:45:29.0006 1124 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys

17:45:29.0006 1124 btwaudio - ok

17:45:29.0053 1124 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys

17:45:29.0053 1124 btwavdt - ok

17:45:29.0131 1124 [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

17:45:29.0147 1124 btwdins - ok

17:45:29.0162 1124 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys

17:45:29.0162 1124 btwl2cap - ok

17:45:29.0162 1124 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys

17:45:29.0162 1124 btwrchid - ok

17:45:29.0225 1124 [ D1787E11C6A0078DDEAF8CF3EE2AB293 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys

17:45:29.0225 1124 CAXHWAZL - ok

17:45:29.0240 1124 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

17:45:29.0240 1124 cdfs - ok

17:45:29.0318 1124 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

17:45:29.0318 1124 cdrom - ok

17:45:29.0381 1124 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

17:45:29.0381 1124 CertPropSvc - ok

17:45:29.0412 1124 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

17:45:29.0428 1124 circlass - ok

17:45:29.0459 1124 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

17:45:29.0474 1124 CLFS - ok

17:45:29.0568 1124 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:45:29.0568 1124 clr_optimization_v2.0.50727_32 - ok

17:45:29.0615 1124 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

17:45:29.0615 1124 clr_optimization_v2.0.50727_64 - ok

17:45:29.0740 1124 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:45:29.0786 1124 clr_optimization_v4.0.30319_32 - ok

17:45:29.0818 1124 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

17:45:29.0818 1124 clr_optimization_v4.0.30319_64 - ok

17:45:29.0864 1124 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

17:45:29.0880 1124 CmBatt - ok

17:45:29.0911 1124 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

17:45:29.0911 1124 cmdide - ok

17:45:29.0974 1124 [ B1AC6CFD33EC67AD3D08A15A453FD60F ] CmgShieldCEF C:\Windows\system32\DRIVERS\CMGShCEF.sys

17:45:29.0989 1124 CmgShieldCEF - ok

17:45:30.0036 1124 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

17:45:30.0052 1124 CNG - ok

17:45:30.0052 1124 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

17:45:30.0052 1124 Compbatt - ok

17:45:30.0098 1124 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

17:45:30.0098 1124 CompositeBus - ok

17:45:30.0114 1124 COMSysApp - ok

17:45:30.0176 1124 cpuz134 - ok

17:45:30.0254 1124 [ 75DBD5DB9892D7451D0429BEC1AABE1A ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys

17:45:30.0254 1124 cpuz135 - ok

17:45:30.0270 1124 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

17:45:30.0286 1124 crcdisk - ok

17:45:30.0332 1124 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

17:45:30.0332 1124 CryptSvc - ok

17:45:30.0426 1124 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

17:45:30.0442 1124 CSC - ok

17:45:30.0473 1124 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

17:45:30.0488 1124 CscService - ok

17:45:30.0551 1124 [ 7F61FBE259C18666D8DDF862F13A5EB0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys

17:45:30.0566 1124 dc3d - ok

17:45:30.0613 1124 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

17:45:30.0629 1124 DcomLaunch - ok

17:45:30.0691 1124 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

17:45:30.0691 1124 defragsvc - ok

17:45:30.0754 1124 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

17:45:30.0754 1124 DfsC - ok

17:45:30.0785 1124 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

17:45:30.0785 1124 Dhcp - ok

17:45:30.0847 1124 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

17:45:30.0847 1124 discache - ok

17:45:30.0878 1124 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

17:45:30.0878 1124 Disk - ok

17:45:30.0941 1124 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

17:45:30.0941 1124 Dnscache - ok

17:45:31.0003 1124 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

17:45:31.0003 1124 dot3svc - ok

17:45:31.0050 1124 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

17:45:31.0066 1124 DPS - ok

17:45:31.0081 1124 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

17:45:31.0081 1124 drmkaud - ok

17:45:31.0144 1124 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

17:45:31.0159 1124 DXGKrnl - ok

17:45:31.0206 1124 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

17:45:31.0206 1124 EapHost - ok

17:45:31.0300 1124 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

17:45:31.0346 1124 ebdrv - ok

17:45:31.0393 1124 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

17:45:31.0393 1124 EFS - ok

17:45:31.0487 1124 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

17:45:31.0502 1124 ehRecvr - ok

17:45:31.0534 1124 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

17:45:31.0534 1124 ehSched - ok

17:45:31.0627 1124 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys

17:45:31.0627 1124 ElbyCDIO - ok

17:45:31.0705 1124 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

17:45:31.0705 1124 elxstor - ok

17:45:31.0721 1124 EMS - ok

17:45:31.0830 1124 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

17:45:31.0830 1124 EpsonBidirectionalService - ok

17:45:31.0830 1124 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

17:45:31.0830 1124 ErrDev - ok

17:45:31.0924 1124 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

17:45:31.0924 1124 EventSystem - ok

17:45:31.0955 1124 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

17:45:31.0955 1124 exfat - ok

17:45:31.0970 1124 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

17:45:31.0986 1124 fastfat - ok

17:45:32.0048 1124 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

17:45:32.0064 1124 Fax - ok

17:45:32.0064 1124 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

17:45:32.0064 1124 fdc - ok

17:45:32.0126 1124 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

17:45:32.0126 1124 fdPHost - ok

17:45:32.0142 1124 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

17:45:32.0142 1124 FDResPub - ok

17:45:32.0189 1124 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

17:45:32.0189 1124 FileInfo - ok

17:45:32.0189 1124 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

17:45:32.0189 1124 Filetrace - ok

17:45:32.0251 1124 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

17:45:32.0267 1124 FLEXnet Licensing Service - ok

17:45:32.0282 1124 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

17:45:32.0282 1124 flpydisk - ok

17:45:32.0345 1124 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

17:45:32.0345 1124 FltMgr - ok

17:45:32.0407 1124 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

17:45:32.0438 1124 FontCache - ok

17:45:32.0516 1124 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

17:45:32.0532 1124 FontCache3.0.0.0 - ok

17:45:32.0563 1124 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

17:45:32.0563 1124 FsDepends - ok

17:45:32.0594 1124 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

17:45:32.0594 1124 Fs_Rec - ok

17:45:32.0657 1124 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

17:45:32.0657 1124 fvevol - ok

17:45:32.0688 1124 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

17:45:32.0688 1124 gagp30kx - ok

17:45:32.0766 1124 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:45:32.0766 1124 GEARAspiWDM - ok

17:45:32.0828 1124 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

17:45:32.0828 1124 gpsvc - ok

17:45:33.0016 1124 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:45:33.0016 1124 gupdate - ok

17:45:33.0031 1124 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:45:33.0031 1124 gupdatem - ok

17:45:33.0094 1124 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

17:45:33.0094 1124 gusvc - ok

17:45:33.0156 1124 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

17:45:33.0156 1124 hcw85cir - ok

17:45:33.0203 1124 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

17:45:33.0203 1124 HdAudAddService - ok

17:45:33.0265 1124 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

17:45:33.0265 1124 HDAudBus - ok

17:45:33.0265 1124 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

17:45:33.0265 1124 HidBatt - ok

17:45:33.0265 1124 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

17:45:33.0265 1124 HidBth - ok

17:45:33.0281 1124 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

17:45:33.0281 1124 HidIr - ok

17:45:33.0328 1124 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

17:45:33.0328 1124 hidserv - ok

17:45:33.0343 1124 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

17:45:33.0359 1124 HidUsb - ok

17:45:33.0390 1124 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

17:45:33.0406 1124 hkmsvc - ok

17:45:33.0452 1124 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

17:45:33.0452 1124 HomeGroupListener - ok

17:45:33.0468 1124 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

17:45:33.0468 1124 HomeGroupProvider - ok

17:45:33.0499 1124 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

17:45:33.0499 1124 HpSAMD - ok

17:45:33.0640 1124 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll

17:45:33.0702 1124 HsfXAudioService - ok

17:45:33.0749 1124 [ 26C5D00321937E49B6BC91029947D094 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys

17:45:33.0764 1124 HSF_DPV - ok

17:45:33.0842 1124 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

17:45:33.0842 1124 HTTP - ok

17:45:33.0858 1124 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

17:45:33.0858 1124 hwpolicy - ok

17:45:33.0920 1124 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

17:45:33.0920 1124 i8042prt - ok

17:45:34.0030 1124 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

17:45:34.0045 1124 IAANTMON - ok

17:45:34.0092 1124 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

17:45:34.0092 1124 iaStor - ok

17:45:34.0154 1124 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

17:45:34.0170 1124 iaStorV - ok

17:45:34.0310 1124 [ 4B2CD05E33D86EBD486DAA0B403743F9 ] ICScsiSV C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe

17:45:34.0310 1124 ICScsiSV - ok

17:45:34.0310 1124 [ F3DA2B062A361C2BC9DC6E42F6D283F0 ] IcVzMonLauncher C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe

17:45:34.0326 1124 IcVzMonLauncher - ok

17:45:34.0404 1124 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

17:45:34.0404 1124 IDriverT - ok

17:45:34.0498 1124 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

17:45:34.0513 1124 idsvc - ok

17:45:34.0685 1124 [ DFEAF0A1D98D397035012C8E28D1520F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

17:45:34.0778 1124 igfx - ok

17:45:34.0825 1124 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

17:45:34.0825 1124 iirsp - ok

17:45:34.0888 1124 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

17:45:34.0888 1124 IKEEXT - ok

17:45:34.0919 1124 [ FE9BF2EF80A435BA0B5F8FD9C926D5A8 ] Image Converter video recording monitor for VAIO Entertainment C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\IcVzMon.exe

17:45:34.0919 1124 Image Converter video recording monitor for VAIO Entertainment - ok

17:45:35.0012 1124 [ B16FC828CE7A76A8F1CE682E6EAD2627 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

17:45:35.0044 1124 IntcAzAudAddService - ok

17:45:35.0059 1124 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

17:45:35.0059 1124 intelide - ok

17:45:35.0122 1124 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

17:45:35.0122 1124 intelppm - ok

17:45:35.0168 1124 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

17:45:35.0168 1124 IPBusEnum - ok

17:45:35.0200 1124 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:45:35.0200 1124 IpFilterDriver - ok

17:45:35.0246 1124 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

17:45:35.0262 1124 IPMIDRV - ok

17:45:35.0278 1124 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

17:45:35.0278 1124 IPNAT - ok

17:45:35.0402 1124 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

17:45:35.0418 1124 iPod Service - ok

17:45:35.0449 1124 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

17:45:35.0449 1124 IRENUM - ok

17:45:35.0449 1124 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

17:45:35.0449 1124 isapnp - ok

17:45:35.0480 1124 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

17:45:35.0480 1124 iScsiPrt - ok

17:45:35.0496 1124 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

17:45:35.0496 1124 kbdclass - ok

17:45:35.0527 1124 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

17:45:35.0527 1124 kbdhid - ok

17:45:35.0543 1124 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

17:45:35.0543 1124 KeyIso - ok

17:45:35.0590 1124 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

17:45:35.0590 1124 KSecDD - ok

17:45:35.0636 1124 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

17:45:35.0636 1124 KSecPkg - ok

17:45:35.0699 1124 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

17:45:35.0699 1124 ksthunk - ok

17:45:35.0761 1124 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

17:45:35.0761 1124 KtmRm - ok

17:45:35.0824 1124 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

17:45:35.0855 1124 LanmanServer - ok

17:45:35.0870 1124 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

17:45:35.0870 1124 LanmanWorkstation - ok

17:45:36.0058 1124 [ 95EC0CB52692894E050CFC3573ABC3B2 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

17:45:36.0073 1124 LBTServ - ok

17:45:36.0136 1124 [ 4838EA42D5BBE1CA6BEE9BBA35E8D2E5 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys

17:45:36.0136 1124 LEqdUsb - ok

17:45:36.0136 1124 [ 6F63F8A7FF6D4671973619BCF821B2F5 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys

17:45:36.0151 1124 LHidEqd - ok

17:45:36.0167 1124 [ E536A1D8502D0CA79B928CAB9EAEB807 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys

17:45:36.0167 1124 LHidFilt - ok

17:45:36.0229 1124 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

17:45:36.0229 1124 lltdio - ok

17:45:36.0292 1124 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

17:45:36.0292 1124 lltdsvc - ok

17:45:36.0307 1124 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

17:45:36.0307 1124 lmhosts - ok

17:45:36.0307 1124 [ 2E6D0110DACC769AE478ADE6C2572E37 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys

17:45:36.0307 1124 LMouFilt - ok

17:45:36.0354 1124 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

17:45:36.0354 1124 LSI_FC - ok

17:45:36.0354 1124 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

17:45:36.0354 1124 LSI_SAS - ok

17:45:36.0370 1124 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:45:36.0370 1124 LSI_SAS2 - ok

17:45:36.0370 1124 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:45:36.0370 1124 LSI_SCSI - ok

17:45:36.0401 1124 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

17:45:36.0401 1124 luafv - ok

17:45:36.0448 1124 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

17:45:36.0448 1124 Mcx2Svc - ok

17:45:36.0510 1124 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys

17:45:36.0510 1124 mdmxsdk - ok

17:45:36.0510 1124 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

17:45:36.0510 1124 megasas - ok

17:45:36.0557 1124 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

17:45:36.0557 1124 MegaSR - ok

17:45:36.0666 1124 Microsoft SharePoint Workspace Audit Service - ok

17:45:36.0713 1124 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

17:45:36.0728 1124 MMCSS - ok

17:45:36.0760 1124 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

17:45:36.0760 1124 Modem - ok

17:45:36.0791 1124 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

17:45:36.0791 1124 monitor - ok

17:45:36.0853 1124 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

17:45:36.0853 1124 mouclass - ok

17:45:36.0916 1124 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

17:45:36.0916 1124 mouhid - ok

17:45:36.0962 1124 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

17:45:36.0978 1124 mountmgr - ok

17:45:36.0978 1124 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

17:45:36.0978 1124 mpio - ok

17:45:37.0009 1124 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

17:45:37.0009 1124 mpsdrv - ok

17:45:37.0056 1124 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

17:45:37.0056 1124 MRxDAV - ok

17:45:37.0087 1124 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

17:45:37.0087 1124 mrxsmb - ok

17:45:37.0134 1124 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:45:37.0134 1124 mrxsmb10 - ok

17:45:37.0134 1124 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:45:37.0134 1124 mrxsmb20 - ok

17:45:37.0150 1124 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

17:45:37.0150 1124 msahci - ok

17:45:37.0290 1124 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

17:45:37.0290 1124 MSCSPTISRV - ok

17:45:37.0306 1124 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

17:45:37.0306 1124 msdsm - ok

17:45:37.0337 1124 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

17:45:37.0352 1124 MSDTC - ok

17:45:37.0399 1124 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys

17:45:37.0399 1124 MSDV - ok

17:45:37.0415 1124 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

17:45:37.0415 1124 Msfs - ok

17:45:37.0415 1124 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

17:45:37.0415 1124 mshidkmdf - ok

17:45:37.0430 1124 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

17:45:37.0430 1124 msisadrv - ok

17:45:37.0493 1124 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

17:45:37.0493 1124 MSiSCSI - ok

17:45:37.0508 1124 msiserver - ok

17:45:37.0540 1124 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

17:45:37.0540 1124 MSKSSRV - ok

17:45:37.0540 1124 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

17:45:37.0555 1124 MSPCLOCK - ok

17:45:37.0555 1124 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

17:45:37.0555 1124 MSPQM - ok

17:45:37.0602 1124 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

17:45:37.0618 1124 MsRPC - ok

17:45:37.0618 1124 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

17:45:37.0618 1124 mssmbios - ok

17:45:37.0633 1124 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

17:45:37.0633 1124 MSTEE - ok

17:45:37.0633 1124 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

17:45:37.0633 1124 MTConfig - ok

17:45:37.0664 1124 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

17:45:37.0664 1124 Mup - ok

17:45:37.0696 1124 [ C1049DA04C05F3D7AAF83345B9C86EB0 ] MUsbFltr C:\Windows\system32\drivers\MUsbFltr.sys

17:45:37.0696 1124 MUsbFltr - ok

17:45:37.0727 1124 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

17:45:37.0742 1124 napagent - ok

17:45:37.0805 1124 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

17:45:37.0805 1124 NativeWifiP - ok

17:45:37.0883 1124 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

17:45:37.0898 1124 NDIS - ok

17:45:37.0914 1124 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

17:45:37.0930 1124 NdisCap - ok

17:45:37.0945 1124 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

17:45:37.0945 1124 NdisTapi - ok

17:45:37.0992 1124 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

17:45:37.0992 1124 Ndisuio - ok

17:45:37.0992 1124 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

17:45:37.0992 1124 NdisWan - ok

17:45:38.0023 1124 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

17:45:38.0023 1124 NDProxy - ok

17:45:38.0117 1124 [ 85E3DF39B5C7F5249EFD120907C0E2D2 ] NEOFLTR_650_15991 C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS

17:45:38.0117 1124 NEOFLTR_650_15991 - ok

17:45:38.0132 1124 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

17:45:38.0148 1124 NetBIOS - ok

17:45:38.0148 1124 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

17:45:38.0164 1124 NetBT - ok

17:45:38.0179 1124 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

17:45:38.0179 1124 Netlogon - ok

17:45:38.0242 1124 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

17:45:38.0257 1124 Netman - ok

17:45:38.0273 1124 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

17:45:38.0273 1124 netprofm - ok

17:45:38.0320 1124 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:45:38.0335 1124 NetTcpPortSharing - ok

17:45:38.0491 1124 [ 705283C02177809CA9FA7CC58A4F1E77 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys

17:45:38.0569 1124 netw5v64 - ok

17:45:38.0632 1124 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

17:45:38.0632 1124 nfrd960 - ok

17:45:38.0694 1124 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

17:45:38.0710 1124 NlaSvc - ok

17:45:38.0725 1124 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

17:45:38.0725 1124 Npfs - ok

17:45:38.0772 1124 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

17:45:38.0772 1124 nsi - ok

17:45:38.0788 1124 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

17:45:38.0788 1124 nsiproxy - ok

17:45:38.0850 1124 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

17:45:38.0881 1124 Ntfs - ok

17:45:38.0928 1124 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

17:45:38.0928 1124 Null - ok

17:45:38.0959 1124 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

17:45:38.0959 1124 nvraid - ok

17:45:38.0990 1124 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

17:45:38.0990 1124 nvstor - ok

17:45:39.0006 1124 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

17:45:39.0006 1124 nv_agp - ok

17:45:39.0006 1124 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

17:45:39.0006 1124 ohci1394 - ok

17:45:39.0100 1124 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:45:39.0100 1124 ose - ok

17:45:39.0287 1124 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

17:45:39.0365 1124 osppsvc - ok

17:45:39.0412 1124 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

17:45:39.0427 1124 p2pimsvc - ok

17:45:39.0443 1124 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

17:45:39.0443 1124 p2psvc - ok

17:45:39.0505 1124 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

17:45:39.0505 1124 PACSPTISVR - ok

17:45:39.0552 1124 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

17:45:39.0568 1124 Parport - ok

17:45:39.0599 1124 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

17:45:39.0615 1124 partmgr - ok

17:45:39.0708 1124 [ 9665402B7FA59302D520AD845DDFC026 ] Partner Service C:\ProgramData\Partner\Partner.exe

17:45:39.0708 1124 Partner Service - ok

17:45:39.0724 1124 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

17:45:39.0739 1124 PcaSvc - ok

17:45:39.0739 1124 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

17:45:39.0739 1124 pci - ok

17:45:39.0771 1124 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

17:45:39.0771 1124 pciide - ok

17:45:39.0786 1124 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

17:45:39.0786 1124 pcmcia - ok

17:45:39.0786 1124 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

17:45:39.0786 1124 pcw - ok

17:45:39.0817 1124 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

17:45:39.0833 1124 PEAUTH - ok

17:45:39.0911 1124 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

17:45:39.0927 1124 PeerDistSvc - ok

17:45:39.0973 1124 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

17:45:39.0973 1124 PerfHost - ok

17:45:40.0051 1124 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

17:45:40.0067 1124 pla - ok

17:45:40.0129 1124 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

17:45:40.0145 1124 PlugPlay - ok

17:45:40.0176 1124 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

17:45:40.0176 1124 PNRPAutoReg - ok

17:45:40.0207 1124 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

17:45:40.0207 1124 PNRPsvc - ok

17:45:40.0254 1124 [ 33328FA8A580885AB0065BE6DB266E9F ] Point64 C:\Windows\system32\DRIVERS\point64.sys

17:45:40.0254 1124 Point64 - ok

17:45:40.0317 1124 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

17:45:40.0332 1124 PolicyAgent - ok

17:45:40.0363 1124 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

17:45:40.0363 1124 Power - ok

17:45:40.0426 1124 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

17:45:40.0426 1124 PptpMiniport - ok

17:45:40.0473 1124 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

17:45:40.0488 1124 Processor - ok

17:45:40.0519 1124 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

17:45:40.0519 1124 ProfSvc - ok

17:45:40.0566 1124 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

17:45:40.0566 1124 ProtectedStorage - ok

17:45:40.0629 1124 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

17:45:40.0629 1124 Psched - ok

17:45:40.0707 1124 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

17:45:40.0707 1124 PxHlpa64 - ok

17:45:40.0738 1124 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

17:45:40.0769 1124 ql2300 - ok

17:45:40.0769 1124 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

17:45:40.0785 1124 ql40xx - ok

17:45:40.0816 1124 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

17:45:40.0831 1124 QWAVE - ok

17:45:40.0831 1124 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

17:45:40.0831 1124 QWAVEdrv - ok

17:45:40.0847 1124 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

17:45:40.0847 1124 RasAcd - ok

17:45:40.0909 1124 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

17:45:40.0909 1124 RasAgileVpn - ok

17:45:40.0909 1124 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

17:45:40.0909 1124 RasAuto - ok

17:45:40.0925 1124 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

17:45:40.0925 1124 Rasl2tp - ok

17:45:40.0987 1124 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

17:45:40.0987 1124 RasMan - ok

17:45:41.0019 1124 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

17:45:41.0019 1124 RasPppoe - ok

17:45:41.0050 1124 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

17:45:41.0050 1124 RasSstp - ok

17:45:41.0065 1124 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

17:45:41.0065 1124 rdbss - ok

17:45:41.0081 1124 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

17:45:41.0081 1124 rdpbus - ok

17:45:41.0097 1124 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

17:45:41.0097 1124 RDPCDD - ok

17:45:41.0159 1124 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

17:45:41.0159 1124 RDPDR - ok

17:45:41.0175 1124 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

17:45:41.0175 1124 RDPENCDD - ok

17:45:41.0175 1124 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

17:45:41.0175 1124 RDPREFMP - ok

17:45:41.0206 1124 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

17:45:41.0206 1124 RDPWD - ok

17:45:41.0253 1124 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

17:45:41.0253 1124 rdyboost - ok

17:45:41.0315 1124 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

17:45:41.0315 1124 RemoteAccess - ok

17:45:41.0346 1124 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

17:45:41.0362 1124 RemoteRegistry - ok

17:45:41.0377 1124 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

17:45:41.0377 1124 RFCOMM - ok

17:45:41.0424 1124 [ 9AE85FE1CDB4F89A38B7F47E0E68BD71 ] rimsptsk C:\Windows\system32\DRIVERS\rimssn64.sys

17:45:41.0424 1124 rimsptsk - ok

17:45:41.0487 1124 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys

17:45:41.0487 1124 RimUsb - ok

17:45:41.0549 1124 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

17:45:41.0549 1124 RimVSerPort - ok

17:45:41.0596 1124 [ 71E182A0DE1CECB3F912960716345405 ] risdptsk C:\Windows\system32\DRIVERS\risdsn64.sys

17:45:41.0596 1124 risdptsk - ok

17:45:41.0674 1124 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys

17:45:41.0674 1124 ROOTMODEM - ok

17:45:41.0689 1124 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

17:45:41.0689 1124 RpcEptMapper - ok

17:45:41.0736 1124 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

17:45:41.0736 1124 RpcLocator - ok

17:45:41.0783 1124 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

17:45:41.0783 1124 RpcSs - ok

17:45:41.0814 1124 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

17:45:41.0814 1124 rspndr - ok

17:45:41.0892 1124 RTCore64 - ok

17:45:41.0939 1124 [ 34F05C417F038FFA3BEF69B798D7D7DD ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys

17:45:41.0939 1124 RTHDMIAzAudService - ok

17:45:42.0048 1124 [ 01E6A1E53E39A0B1E2B6AE62BF52E8EC ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

17:45:42.0048 1124 RtkAudioService - ok

17:45:42.0095 1124 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

17:45:42.0095 1124 s3cap - ok

17:45:42.0235 1124 [ 9A5FB8DE6567BC86FCCDE2F0336857A3 ] SampleCollector C:\Program Files\Sony\VAIO Care\collsvc.exe

17:45:42.0235 1124 SampleCollector - ok

17:45:42.0251 1124 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

17:45:42.0251 1124 SamSs - ok

17:45:42.0267 1124 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

17:45:42.0267 1124 sbp2port - ok

17:45:42.0313 1124 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

17:45:42.0329 1124 SCardSvr - ok

17:45:42.0376 1124 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

17:45:42.0376 1124 scfilter - ok

17:45:42.0438 1124 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

17:45:42.0454 1124 Schedule - ok

17:45:42.0469 1124 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

17:45:42.0469 1124 SCPolicySvc - ok

17:45:42.0516 1124 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys

17:45:42.0516 1124 sdbus - ok

17:45:42.0547 1124 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

17:45:42.0563 1124 SDRSVC - ok

17:45:42.0641 1124 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

17:45:42.0641 1124 secdrv - ok

17:45:42.0657 1124 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

17:45:42.0657 1124 seclogon - ok

17:45:42.0703 1124 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

17:45:42.0719 1124 SENS - ok

17:45:42.0735 1124 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

17:45:42.0735 1124 SensrSvc - ok

17:45:42.0750 1124 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

17:45:42.0750 1124 Serenum - ok

17:45:42.0750 1124 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

17:45:42.0750 1124 Serial - ok

17:45:42.0766 1124 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

17:45:42.0766 1124 sermouse - ok

17:45:42.0828 1124 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

17:45:42.0828 1124 SessionEnv - ok

17:45:42.0891 1124 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys

17:45:42.0891 1124 SFEP - ok

17:45:42.0891 1124 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

17:45:42.0891 1124 sffdisk - ok

17:45:42.0891 1124 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

17:45:42.0906 1124 sffp_mmc - ok

17:45:42.0906 1124 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

17:45:42.0906 1124 sffp_sd - ok

17:45:42.0906 1124 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

17:45:42.0906 1124 sfloppy - ok

17:45:42.0969 1124 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

17:45:42.0969 1124 ShellHWDetection - ok

17:45:42.0984 1124 [ C06CCD29F5C15B610237E86F82085E77 ] shpf C:\Windows\system32\DRIVERS\shpf.sys

17:45:42.0984 1124 shpf - ok

17:45:43.0000 1124 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:45:43.0000 1124 SiSRaid2 - ok

17:45:43.0000 1124 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

17:45:43.0015 1124 SiSRaid4 - ok

17:45:43.0109 1124 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

17:45:43.0125 1124 SkypeUpdate - ok

17:45:43.0140 1124 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

17:45:43.0140 1124 Smb - ok

17:45:43.0203 1124 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

17:45:43.0218 1124 SNMPTRAP - ok

17:45:43.0281 1124 [ 977AAA4398D7D6FA65D973F5B3F54E40 ] SonicStage Back-End Service C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe

17:45:43.0281 1124 SonicStage Back-End Service - ok

17:45:43.0296 1124 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

17:45:43.0296 1124 spldr - ok

17:45:43.0343 1124 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

17:45:43.0359 1124 Spooler - ok

17:45:43.0452 1124 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

17:45:43.0515 1124 sppsvc - ok

17:45:43.0546 1124 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

17:45:43.0561 1124 sppuinotify - ok

17:45:43.0608 1124 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe

17:45:43.0608 1124 SPTISRV - ok

17:45:43.0624 1124 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

17:45:43.0639 1124 srv - ok

17:45:43.0671 1124 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

17:45:43.0671 1124 srv2 - ok

17:45:43.0749 1124 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

17:45:43.0749 1124 SrvHsfHDA - ok

17:45:43.0795 1124 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

17:45:43.0811 1124 SrvHsfV92 - ok

17:45:43.0827 1124 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

17:45:43.0842 1124 SrvHsfWinac - ok

17:45:43.0889 1124 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

17:45:43.0905 1124 srvnet - ok

17:45:43.0951 1124 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

17:45:43.0967 1124 SSDPSRV - ok

17:45:44.0014 1124 [ 756E371B3B86A3D3039926D32EAC0E8D ] SSScsiSV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe

17:45:44.0014 1124 SSScsiSV - ok

17:45:44.0029 1124 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

17:45:44.0029 1124 SstpSvc - ok

17:45:44.0076 1124 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

17:45:44.0076 1124 stexstor - ok

17:45:44.0139 1124 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

17:45:44.0139 1124 stisvc - ok

17:45:44.0170 1124 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

17:45:44.0170 1124 storflt - ok

17:45:44.0217 1124 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll

17:45:44.0217 1124 StorSvc - ok

17:45:44.0232 1124 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

17:45:44.0232 1124 storvsc - ok

17:45:44.0248 1124 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

17:45:44.0248 1124 swenum - ok

17:45:44.0279 1124 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

17:45:44.0295 1124 swprv - ok

17:45:44.0341 1124 [ BE7311DA9D6833FA69ED04B744A1C8F8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

17:45:44.0341 1124 SynTP - ok

17:45:44.0435 1124 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

17:45:44.0466 1124 SysMain - ok

17:45:44.0513 1124 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

17:45:44.0513 1124 TabletInputService - ok

17:45:44.0560 1124 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

17:45:44.0560 1124 TapiSrv - ok

17:45:44.0622 1124 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

17:45:44.0622 1124 TBS - ok

17:45:44.0716 1124 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

17:45:44.0747 1124 Tcpip - ok

17:45:44.0778 1124 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

17:45:44.0778 1124 TCPIP6 - ok

17:45:44.0794 1124 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

17:45:44.0809 1124 tcpipreg - ok

17:45:44.0856 1124 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

17:45:44.0856 1124 TDPIPE - ok

17:45:44.0887 1124 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

17:45:44.0887 1124 TDTCP - ok

17:45:44.0919 1124 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

17:45:44.0919 1124 tdx - ok

17:45:44.0965 1124 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

17:45:44.0965 1124 TermDD - ok

17:45:45.0028 1124 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

17:45:45.0043 1124 TermService - ok

17:45:45.0090 1124 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

17:45:45.0090 1124 Themes - ok

17:45:45.0137 1124 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

17:45:45.0137 1124 THREADORDER - ok

17:45:45.0153 1124 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys

17:45:45.0153 1124 TPM - ok

17:45:45.0153 1124 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

17:45:45.0168 1124 TrkWks - ok

17:45:45.0215 1124 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

17:45:45.0231 1124 TrustedInstaller - ok

17:45:45.0231 1124 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

17:45:45.0231 1124 tssecsrv - ok

17:45:45.0262 1124 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

17:45:45.0262 1124 TsUsbFlt - ok

17:45:45.0340 1124 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

17:45:45.0340 1124 tunnel - ok

17:45:45.0371 1124 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

17:45:45.0371 1124 uagp35 - ok

17:45:45.0387 1124 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

17:45:45.0402 1124 udfs - ok

17:45:45.0418 1124 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

17:45:45.0418 1124 UI0Detect - ok

17:45:45.0433 1124 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

17:45:45.0433 1124 uliagpkx - ok

17:45:45.0480 1124 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

17:45:45.0496 1124 umbus - ok

17:45:45.0496 1124 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

17:45:45.0496 1124 UmPass - ok

17:45:45.0558 1124 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

17:45:45.0574 1124 UmRdpService - ok

17:45:45.0621 1124 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

17:45:45.0621 1124 upnphost - ok

17:45:45.0667 1124 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

17:45:45.0667 1124 USBAAPL64 - ok

17:45:45.0683 1124 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

17:45:45.0699 1124 usbccgp - ok

17:45:45.0714 1124 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

17:45:45.0714 1124 usbcir - ok

17:45:45.0745 1124 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

17:45:45.0761 1124 usbehci - ok

17:45:45.0792 1124 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

17:45:45.0792 1124 usbhub - ok

17:45:45.0839 1124 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

17:45:45.0839 1124 usbohci - ok

17:45:45.0870 1124 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

17:45:45.0870 1124 usbprint - ok

17:45:45.0901 1124 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

17:45:45.0901 1124 usbscan - ok

17:45:45.0917 1124 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:45:45.0917 1124 USBSTOR - ok

17:45:45.0948 1124 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

17:45:45.0948 1124 usbuhci - ok

17:45:45.0964 1124 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

17:45:45.0979 1124 usbvideo - ok

17:45:46.0026 1124 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

17:45:46.0026 1124 UxSms - ok

17:45:46.0135 1124 [ D4197CF0C8567046FD4AF28FF47AF528 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

17:45:46.0135 1124 VAIO Event Service - ok

17:45:46.0229 1124 [ 2D6605C1F0BBD0F71A4CB3A5B1E07240 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe

17:45:46.0229 1124 VAIO Power Management - ok

17:45:46.0245 1124 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

17:45:46.0245 1124 VaultSvc - ok

17:45:46.0307 1124 [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone C:\Windows\system32\DRIVERS\VClone.sys

17:45:46.0307 1124 VClone - ok

17:45:46.0338 1124 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

17:45:46.0338 1124 vdrvroot - ok

17:45:46.0385 1124 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

17:45:46.0401 1124 vds - ok

17:45:46.0447 1124 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

17:45:46.0447 1124 vga - ok

17:45:46.0479 1124 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

17:45:46.0479 1124 VgaSave - ok

17:45:46.0510 1124 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

17:45:46.0510 1124 vhdmp - ok

17:45:46.0510 1124 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

17:45:46.0510 1124 viaide - ok

17:45:46.0525 1124 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

17:45:46.0525 1124 vmbus - ok

17:45:46.0525 1124 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

17:45:46.0525 1124 VMBusHID - ok

17:45:46.0541 1124 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

17:45:46.0541 1124 volmgr - ok

17:45:46.0572 1124 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

17:45:46.0572 1124 volmgrx - ok

17:45:46.0588 1124 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

17:45:46.0588 1124 volsnap - ok

17:45:46.0603 1124 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

17:45:46.0603 1124 vsmraid - ok

17:45:46.0650 1124 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

17:45:46.0666 1124 VSS - ok

17:45:46.0697 1124 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

17:45:46.0697 1124 vwifibus - ok

17:45:46.0728 1124 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

17:45:46.0728 1124 vwififlt - ok

17:45:46.0791 1124 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

17:45:46.0791 1124 W32Time - ok

17:45:46.0822 1124 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

17:45:46.0822 1124 WacomPen - ok

17:45:46.0869 1124 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

17:45:46.0869 1124 WANARP - ok

17:45:46.0869 1124 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

17:45:46.0884 1124 Wanarpv6 - ok

17:45:46.0978 1124 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

17:45:46.0993 1124 WatAdminSvc - ok

17:45:47.0056 1124 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

17:45:47.0087 1124 wbengine - ok

17:45:47.0149 1124 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

17:45:47.0149 1124 WbioSrvc - ok

17:45:47.0196 1124 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

17:45:47.0196 1124 wcncsvc - ok

17:45:47.0212 1124 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

17:45:47.0227 1124 WcsPlugInService - ok

17:45:47.0259 1124 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

17:45:47.0259 1124 Wd - ok

17:45:47.0321 1124 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

17:45:47.0321 1124 Wdf01000 - ok

17:45:47.0337 1124 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

17:45:47.0337 1124 WdiServiceHost - ok

17:45:47.0337 1124 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

17:45:47.0352 1124 WdiSystemHost - ok

17:45:47.0368 1124 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

17:45:47.0383 1124 WebClient - ok

17:45:47.0383 1124 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

17:45:47.0399 1124 Wecsvc - ok

17:45:47.0415 1124 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

17:45:47.0415 1124 wercplsupport - ok

17:45:47.0446 1124 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

17:45:47.0446 1124 WerSvc - ok

17:45:47.0461 1124 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

17:45:47.0461 1124 WfpLwf - ok

17:45:47.0477 1124 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

17:45:47.0477 1124 WIMMount - ok

17:45:47.0539 1124 [ A6EA7A3FC4B00F48535B506DB1E86EFD ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys

17:45:47.0555 1124 winachsf - ok

17:45:47.0555 1124 WinHttpAutoProxySvc - ok

17:45:47.0649 1124 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

17:45:47.0664 1124 Winmgmt - ok

17:45:47.0742 1124 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

17:45:47.0773 1124 WinRM - ok

17:45:47.0851 1124 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys

17:45:47.0851 1124 WinUsb - ok

17:45:47.0914 1124 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

17:45:47.0929 1124 Wlansvc - ok

17:45:48.0101 1124 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

17:45:48.0132 1124 wlidsvc - ok

17:45:48.0195 1124 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

17:45:48.0195 1124 WmiAcpi - ok

17:45:48.0241 1124 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

17:45:48.0241 1124 wmiApSrv - ok

17:45:48.0288 1124 WMPNetworkSvc - ok

17:45:48.0351 1124 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

17:45:48.0351 1124 WPCSvc - ok

17:45:48.0397 1124 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

17:45:48.0397 1124 WPDBusEnum - ok

17:45:48.0460 1124 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

17:45:48.0460 1124 ws2ifsl - ok

17:45:48.0460 1124 WSearch - ok

17:45:48.0553 1124 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

17:45:48.0585 1124 wuauserv - ok

17:45:48.0647 1124 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

17:45:48.0647 1124 WudfPf - ok

17:45:48.0663 1124 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

17:45:48.0663 1124 WUDFRd - ok

17:45:48.0709 1124 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

17:45:48.0709 1124 wudfsvc - ok

17:45:48.0756 1124 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

17:45:48.0756 1124 WwanSvc - ok

17:45:48.0819 1124 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys

17:45:48.0819 1124 XAudio - ok

17:45:48.0881 1124 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys

17:45:48.0897 1124 yukonw7 - ok

17:45:48.0912 1124 ================ Scan global ===============================

17:45:48.0959 1124 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

17:45:48.0990 1124 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

17:45:49.0006 1124 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

17:45:49.0037 1124 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

17:45:49.0099 1124 [ 014A9CB92514E27C0107614DF764BC06 ] C:\Windows\system32\services.exe

17:45:49.0099 1124 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected

17:45:49.0099 1124 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)

17:45:49.0099 1124 ================ Scan MBR ==================================

17:45:49.0115 1124 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

17:45:49.0287 1124 \Device\Harddisk0\DR0 - ok

17:45:49.0287 1124 ================ Scan VBR ==================================

17:45:49.0287 1124 [ 673E1CF02DD28FBBD4C17737C41A0E5D ] \Device\Harddisk0\DR0\Partition1

17:45:49.0287 1124 \Device\Harddisk0\DR0\Partition1 - ok

17:45:49.0302 1124 [ 673248BD6CCCC0ED193064107A731EE3 ] \Device\Harddisk0\DR0\Partition2

17:45:49.0302 1124 \Device\Harddisk0\DR0\Partition2 - ok

17:45:49.0302 1124 ============================================================

17:45:49.0302 1124 Scan finished

17:45:49.0302 1124 ============================================================

17:45:49.0302 1448 Detected object count: 1

17:45:49.0302 1448 Actual detected object count: 1

17:46:06.0649 1448 C:\Windows\system32\services.exe - copied to quarantine

17:46:26.0383 1448 Backup copy found, using it..

17:46:26.0493 1448 C:\Windows\system32\services.exe - will be cured on reboot

17:46:26.0493 1448 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure

17:47:07.0770 1980 Deinitialize success

RKR Report

RogueKiller V8.3.1 [Nov 25 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...13-roguekiller/

Website : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User : Aaron [Admin rights]

Mode : Scan -- Date : 11/25/2012 17:49:48

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 25 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Artisan 810(Network) (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Users\Aaron\AppData\Local\Temp\E_S733C.tmp" /EF "HKCU") -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3578647892-2928166785-2268897593-1001[...]\Run : Artisan 810(Network) (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Users\Aaron\AppData\Local\Temp\E_S733C.tmp" /EF "HKCU") -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : 51BA15F4-9FC3-4697-8F34-76E41CE1D6BE (cmd.exe /C start /D "C:\Users\Aaron\AppData\Local\Temp" /B 51BA15F4-9FC3-4697-8F34-76E41CE1D6BE.exe -postboot) -> FOUND

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (C:\Windows\system32\DRIVERS\61883.sys) -> FOUND

[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (C:\Windows\system32\DRIVERS\61883.sys) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3578647892-2928166785-2268897593-1001\$88a3ef1586f257de14772fc96c2d87b1\n.) -> FOUND

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$88a3ef1586f257de14772fc96c2d87b1\n.) -> FOUND

[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$88a3ef1586f257de14772fc96c2d87b1\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$88a3ef1586f257de14772fc96c2d87b1\@ --> FOUND

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3578647892-2928166785-2268897593-1001\$88a3ef1586f257de14772fc96c2d87b1\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$88a3ef1586f257de14772fc96c2d87b1\U --> FOUND

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3578647892-2928166785-2268897593-1001\$88a3ef1586f257de14772fc96c2d87b1\U --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$88a3ef1586f257de14772fc96c2d87b1\L --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3578647892-2928166785-2268897593-1001\$88a3ef1586f257de14772fc96c2d87b1\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS723232L9SA60 +++++

--- User ---

[MBR] f5a946cb3c73b4d41171e2d4298cffcd

[bSP] b4edb318e6463599526d3e324c234c7e : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 6310 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 12924928 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 13129728 | Size: 298833 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_11252012_02d1749.txt >>

RKreport[1]_S_11252012_02d1749.txt

**End of reports**