Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Zbot / Trojan Fiesta on this laptop [Closed]

Started by RSFlorida , May 25 2014 07:23 AM

  • This topic is locked This topic is locked

#16
Valinorum
Posted 30 May 2014 - 08:41 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Step 1. :)
  • 0

Advertisements

#17
RSFlorida
Posted 30 May 2014 - 09:24 PM

RSFlorida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
RogueKiller V9.0.0.0 (x64) [May 29 2014] by Adlice Software
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Sean [Admin rights]
Mode : Scan -- Date : 05/30/2014  23:21:33
 
¤¤¤ Bad processes : 1 ¤¤¤
[ZeroAccess] SBAMSvc.exe -- [x] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 8 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-255613387-2719551760-702296935-1002\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-255613387-2719551760-702296935-1002\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 327 ¤¤¤
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoTaskMemFree : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f1130
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoCreateInstance : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a02100
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoDisableCallCancellation : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a2ac98
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CreateStreamOnHGlobal : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a25e40
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoEnableCallCancellation : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a2ace0
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoRegisterClassObject : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a2e424
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoRevokeClassObject : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a32978
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - PropVariantClear : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f7ff0
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoCancelCall : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53abe1d4
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoWaitForMultipleHandles : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a29a80
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoGetApartmentType : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f7f00
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoCreateFreeThreadedMarshaler : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a02f50
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoTaskMemRealloc : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f7ee0
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoInitializeEx : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f7c20
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoUninitialize : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f7460
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - StringFromGUID2 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a03170
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoFreeUnusedLibraries : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a69950
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CLSIDFromString : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a25060
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoTaskMemAlloc : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f1180
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoGetMalloc : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f7e50
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoGetInterfaceAndReleaseStream : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a309b0
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoMarshalInterThreadInterfaceInStream : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a30a24
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoReleaseMarshalData : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a046d0
[IAT:Addr] (explorer.exe) api-ms-win-power-base-l1-1-0.dll - GetPwrCapabilities : C:\Windows\SYSTEM32\powrprof.dll @ 0x7fd51471ae0
[IAT:Addr] (explorer.exe) api-ms-win-power-base-l1-1-0.dll - CallNtPowerInformation : C:\Windows\SYSTEM32\powrprof.dll @ 0x7fd51471050
[IAT:Addr] (explorer.exe) api-ms-win-core-com-private-l1-1-0.dll - CoRegisterMessageFilter : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a31b60
[IAT:Addr] (explorer.exe) api-ms-win-core-winrt-l1-1-0.dll - RoGetActivationFactory : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a382f0
[IAT:Addr] (explorer.exe) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsCreateString : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a2b8c0
[IAT:Addr] (explorer.exe) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsGetStringRawBuffer : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a6b470
[IAT:Addr] (explorer.exe) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsDeleteString : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a6b510
[EAT:Addr] (explorer.exe) GDI32.dll - CLSIDFromOle1Class : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a64044
[EAT:Addr] (explorer.exe) GDI32.dll - CLSIDFromProgID : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a63af8
[EAT:Addr] (explorer.exe) GDI32.dll - CLSIDFromString : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a25060
[EAT:Addr] (explorer.exe) GDI32.dll - CleanupOleStateInAllTls : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a65cf0
[EAT:Addr] (explorer.exe) GDI32.dll - CleanupTlsOleState : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f1ed0
[EAT:Addr] (explorer.exe) GDI32.dll - ClearCleanupFlag : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a6da40
[EAT:Addr] (explorer.exe) GDI32.dll - CoAddRefServerProcess : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a3fad0
[EAT:Addr] (explorer.exe) GDI32.dll - CoAllowUnmarshalerCLSID : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53abcb1c
[EAT:Addr] (explorer.exe) GDI32.dll - CoCancelCall : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53abe1d4
[EAT:Addr] (explorer.exe) GDI32.dll - CoCopyProxy : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a2f6ec
[EAT:Addr] (explorer.exe) GDI32.dll - CoCreateErrorInfo : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a64210
[EAT:Addr] (explorer.exe) GDI32.dll - CoCreateFreeThreadedMarshaler : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a02f50
[EAT:Addr] (explorer.exe) GDI32.dll - CoCreateGuid : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a25140
[EAT:Addr] (explorer.exe) GDI32.dll - CoCreateInstance : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a02100
[EAT:Addr] (explorer.exe) GDI32.dll - CoCreateInstanceEx : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a16670
[EAT:Addr] (explorer.exe) GDI32.dll - CoCreateInstanceFromApp : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a53530
[EAT:Addr] (explorer.exe) GDI32.dll - CoCreateObjectInContext : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac12c8
[EAT:Addr] (explorer.exe) GDI32.dll - CoDeactivateObject : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac2f88
[EAT:Addr] (explorer.exe) GDI32.dll - CoDecodeProxy : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac2ed8
[EAT:Addr] (explorer.exe) GDI32.dll - CoDecrementMTAUsage : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a6dd84
[EAT:Addr] (explorer.exe) GDI32.dll - CoDisableCallCancellation : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a2ac98
[EAT:Addr] (explorer.exe) GDI32.dll - CoDisconnectContext : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a606ec
[EAT:Addr] (explorer.exe) GDI32.dll - CoDisconnectObject : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a32d5c
[EAT:Addr] (explorer.exe) GDI32.dll - CoEnableCallCancellation : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a2ace0
[EAT:Addr] (explorer.exe) GDI32.dll - CoFreeUnusedLibraries : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a69950
[EAT:Addr] (explorer.exe) GDI32.dll - CoFreeUnusedLibrariesEx : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a69a08
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetActivationState : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac2e00
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetApartmentID : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac3d40
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetApartmentType : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f7f00
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetCallContext : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a09a90
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetCallState : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac2e30
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetCallerTID : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a4ac90
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetCancelObject : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53abe2e4
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetClassObject : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a2ce5c
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetClassVersion : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab9634
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetContextToken : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a238b0
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetCurrentLogicalThreadId : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a50f04
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetCurrentProcess : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a5a3f0
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetDefaultContext : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a5c84c
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetErrorInfo : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f1010
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetInstanceFromFile : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ad78b8
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetInstanceFromIStorage : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ad7840
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetInterfaceAndReleaseStream : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a309b0
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetMalloc : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f7e50
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetMarshalSizeMax : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a05d20
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetModuleType : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ae3b68
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetObjectContext : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a31c50
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetPSClsid : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac6614
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetProcessIdentifier : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac2e88
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetStandardMarshal : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a644c4
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetStdMarshalEx : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a3d9f8
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetSystemSecurityPermissions : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac2e6c
[EAT:Addr] (explorer.exe) GDI32.dll - CoGetTreatAsClass : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a2bb9c
[EAT:Addr] (explorer.exe) GDI32.dll - CoImpersonateClient : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a09b04
[EAT:Addr] (explorer.exe) GDI32.dll - CoIncrementMTAUsage : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a3dc9c
[EAT:Addr] (explorer.exe) GDI32.dll - CoInitializeEx : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f7c20
[EAT:Addr] (explorer.exe) GDI32.dll - CoInitializeSecurity : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a1c610
[EAT:Addr] (explorer.exe) GDI32.dll - CoInitializeWOW : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab999c
[EAT:Addr] (explorer.exe) GDI32.dll - CoInvalidateRemoteMachineBindings : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac2ec0
[EAT:Addr] (explorer.exe) GDI32.dll - CoIsHandlerConnected : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac3048
[EAT:Addr] (explorer.exe) GDI32.dll - CoLockObjectExternal : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a5a7b0
[EAT:Addr] (explorer.exe) GDI32.dll - CoMarshalHresult : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab976c
[EAT:Addr] (explorer.exe) GDI32.dll - CoMarshalInterThreadInterfaceInStream : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a30a24
[EAT:Addr] (explorer.exe) GDI32.dll - CoMarshalInterface : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a04ef0
[EAT:Addr] (explorer.exe) GDI32.dll - CoPopServiceDomain : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac77d0
[EAT:Addr] (explorer.exe) GDI32.dll - CoPushServiceDomain : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac77e8
[EAT:Addr] (explorer.exe) GDI32.dll - CoQueryAuthenticationServices : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac0418
[EAT:Addr] (explorer.exe) GDI32.dll - CoQueryClientBlanket : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a5bae4
[EAT:Addr] (explorer.exe) GDI32.dll - CoQueryProxyBlanket : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a15ee0
[EAT:Addr] (explorer.exe) GDI32.dll - CoReactivateObject : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac2ef8
[EAT:Addr] (explorer.exe) GDI32.dll - CoRegisterClassObject : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a2e424
[EAT:Addr] (explorer.exe) GDI32.dll - CoRegisterInitializeSpy : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a2a178
[EAT:Addr] (explorer.exe) GDI32.dll - CoRegisterMallocSpy : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aba560
[EAT:Addr] (explorer.exe) GDI32.dll - CoRegisterMessageFilter : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a31b60
[EAT:Addr] (explorer.exe) GDI32.dll - CoRegisterPSClsid : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a604e0
[EAT:Addr] (explorer.exe) GDI32.dll - CoRegisterSurrogate : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ad77dc
[EAT:Addr] (explorer.exe) GDI32.dll - CoRegisterSurrogateEx : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a35620
[EAT:Addr] (explorer.exe) GDI32.dll - CoReleaseMarshalData : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a046d0
[EAT:Addr] (explorer.exe) GDI32.dll - CoReleaseServerProcess : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a3fa58
[EAT:Addr] (explorer.exe) GDI32.dll - CoResumeClassObjects : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a63414
[EAT:Addr] (explorer.exe) GDI32.dll - CoRetireServer : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac2ea8
[EAT:Addr] (explorer.exe) GDI32.dll - CoRevertToSelf : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a09d74
[EAT:Addr] (explorer.exe) GDI32.dll - CoRevokeClassObject : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a32978
[EAT:Addr] (explorer.exe) GDI32.dll - CoRevokeInitializeSpy : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539ff324
[EAT:Addr] (explorer.exe) GDI32.dll - CoRevokeMallocSpy : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aba490
[EAT:Addr] (explorer.exe) GDI32.dll - CoSetCancelObject : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53abe224
[EAT:Addr] (explorer.exe) GDI32.dll - CoSetErrorInfo : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f1090
[EAT:Addr] (explorer.exe) GDI32.dll - CoSetProxyBlanket : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a15d4c
[EAT:Addr] (explorer.exe) GDI32.dll - CoSuspendClassObjects : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a614e4
[EAT:Addr] (explorer.exe) GDI32.dll - CoSwitchCallContext : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a15f5c
[EAT:Addr] (explorer.exe) GDI32.dll - CoTaskMemAlloc : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f1180
[EAT:Addr] (explorer.exe) GDI32.dll - CoTaskMemFree : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f1130
[EAT:Addr] (explorer.exe) GDI32.dll - CoTaskMemRealloc : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f7ee0
[EAT:Addr] (explorer.exe) GDI32.dll - CoTestCancel : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53abe190
[EAT:Addr] (explorer.exe) GDI32.dll - CoUninitialize : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f7460
[EAT:Addr] (explorer.exe) GDI32.dll - CoUnloadingWOW : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab994c
[EAT:Addr] (explorer.exe) GDI32.dll - CoUnmarshalHresult : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab96fc
[EAT:Addr] (explorer.exe) GDI32.dll - CoUnmarshalInterface : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a04dc0
[EAT:Addr] (explorer.exe) GDI32.dll - CoVrfCheckThreadState : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ad2a84
[EAT:Addr] (explorer.exe) GDI32.dll - CoVrfGetThreadState : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ad32ac
[EAT:Addr] (explorer.exe) GDI32.dll - CoVrfReleaseThreadState : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ad2a68
[EAT:Addr] (explorer.exe) GDI32.dll - CoWaitForMultipleHandles : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a29a80
[EAT:Addr] (explorer.exe) GDI32.dll - CoWaitForMultipleObjects : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac8fb0
[EAT:Addr] (explorer.exe) GDI32.dll - CreateErrorInfo : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a64210
[EAT:Addr] (explorer.exe) GDI32.dll - CreateStreamOnHGlobal : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a25e40
[EAT:Addr] (explorer.exe) GDI32.dll - DcomChannelSetHResult : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f35c0
[EAT:Addr] (explorer.exe) GDI32.dll - DllDebugObjectRPCHook : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53b56ee4
[EAT:Addr] (explorer.exe) GDI32.dll - DllGetActivationFactory : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a44220
[EAT:Addr] (explorer.exe) GDI32.dll - DllGetClassObject : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a52970
[EAT:Addr] (explorer.exe) GDI32.dll - EnableHookObject : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ababc8
[EAT:Addr] (explorer.exe) GDI32.dll - FreePropVariantArray : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a61124
[EAT:Addr] (explorer.exe) GDI32.dll - FreePropVariantArrayWorker : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a61130
[EAT:Addr] (explorer.exe) GDI32.dll - GetCatalogHelper : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a3d944
[EAT:Addr] (explorer.exe) GDI32.dll - GetErrorInfo : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f1010
[EAT:Addr] (explorer.exe) GDI32.dll - GetFuncDescs : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a3ad98
[EAT:Addr] (explorer.exe) GDI32.dll - GetHGlobalFromStream : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539fdff0
[EAT:Addr] (explorer.exe) GDI32.dll - GetHookInterface : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ababac
[EAT:Addr] (explorer.exe) GDI32.dll - GetRestrictedErrorInfo : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a3fbf8
[EAT:Addr] (explorer.exe) GDI32.dll - HSTRING_UserFree : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a3fab4
[EAT:Addr] (explorer.exe) GDI32.dll - HSTRING_UserFree64 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a40300
[EAT:Addr] (explorer.exe) GDI32.dll - HSTRING_UserMarshal : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a40348
[EAT:Addr] (explorer.exe) GDI32.dll - HSTRING_UserMarshal64 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a4027c
[EAT:Addr] (explorer.exe) GDI32.dll - HSTRING_UserSize : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a3ffe4
[EAT:Addr] (explorer.exe) GDI32.dll - HSTRING_UserSize64 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a40140
[EAT:Addr] (explorer.exe) GDI32.dll - HSTRING_UserUnmarshal : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a403f0
[EAT:Addr] (explorer.exe) GDI32.dll - HSTRING_UserUnmarshal64 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a40178
[EAT:Addr] (explorer.exe) GDI32.dll - HkOleRegisterObject : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53abab90
[EAT:Addr] (explorer.exe) GDI32.dll - IIDFromString : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a251d4
[EAT:Addr] (explorer.exe) GDI32.dll - InternalAppInvokeExceptionFilter : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8f44
[EAT:Addr] (explorer.exe) GDI32.dll - InternalCCFreeUnused : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8e4c
[EAT:Addr] (explorer.exe) GDI32.dll - InternalCCGetClassInformationForDde : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ad82c0
[EAT:Addr] (explorer.exe) GDI32.dll - InternalCCGetClassInformationFromKey : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ad82a8
[EAT:Addr] (explorer.exe) GDI32.dll - InternalCCSetDdeServerWindow : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ad8290
[EAT:Addr] (explorer.exe) GDI32.dll - InternalCMLSendReceive : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac6848
[EAT:Addr] (explorer.exe) GDI32.dll - InternalCallAsProxyExceptionFilter : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8f38
[EAT:Addr] (explorer.exe) GDI32.dll - InternalCallFrameExceptionFilter : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8f2c
[EAT:Addr] (explorer.exe) GDI32.dll - InternalCallerIsAppContainer : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8d80
[EAT:Addr] (explorer.exe) GDI32.dll - InternalCanMakeOutCall : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac68dc
[EAT:Addr] (explorer.exe) GDI32.dll - InternalCoIsSurrogateProcess : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8d9c
[EAT:Addr] (explorer.exe) GDI32.dll - InternalCoRegisterDisconnectCallback : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a5a42c
[EAT:Addr] (explorer.exe) GDI32.dll - InternalCoRegisterSurrogatedObject : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8d90
[EAT:Addr] (explorer.exe) GDI32.dll - InternalCoStdMarshalObject : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8e18
[EAT:Addr] (explorer.exe) GDI32.dll - InternalCoUnregisterDisconnectCallback : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a5a360
[EAT:Addr] (explorer.exe) GDI32.dll - InternalCompleteObjRef : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a5b078
[EAT:Addr] (explorer.exe) GDI32.dll - InternalCreateCAggId : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a5b5bc
[EAT:Addr] (explorer.exe) GDI32.dll - InternalCreateIdentityHandler : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac98c4
[EAT:Addr] (explorer.exe) GDI32.dll - InternalDoATClassCreate : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8eb8
[EAT:Addr] (explorer.exe) GDI32.dll - InternalFillLocalOXIDInfo : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a5b410
[EAT:Addr] (explorer.exe) GDI32.dll - InternalFreeObjRef : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a70824
[EAT:Addr] (explorer.exe) GDI32.dll - InternalGetWindowPropInterface : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a5b1c0
[EAT:Addr] (explorer.exe) GDI32.dll - InternalIrotEnumRunning : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8fa8
[EAT:Addr] (explorer.exe) GDI32.dll - InternalIrotGetObject : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8f88
[EAT:Addr] (explorer.exe) GDI32.dll - InternalIrotGetTimeOfLastChange : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8f70
[EAT:Addr] (explorer.exe) GDI32.dll - InternalIrotIsRunning : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8fb4
[EAT:Addr] (explorer.exe) GDI32.dll - InternalIrotNoteChangeTime : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8f7c
[EAT:Addr] (explorer.exe) GDI32.dll - InternalIrotRegister : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a5a5d0
[EAT:Addr] (explorer.exe) GDI32.dll - InternalIrotRevoke : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a5a298
[EAT:Addr] (explorer.exe) GDI32.dll - InternalIsApartmentInitialized : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a28b38
[EAT:Addr] (explorer.exe) GDI32.dll - InternalIsProcessInitialized : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a15744
[EAT:Addr] (explorer.exe) GDI32.dll - InternalMarshalObjRef : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a5b3e0
[EAT:Addr] (explorer.exe) GDI32.dll - InternalNotifyDDStartOrStop : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8f64
[EAT:Addr] (explorer.exe) GDI32.dll - InternalOleModalLoopBlockFn : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac69d0
[EAT:Addr] (explorer.exe) GDI32.dll - InternalRegisterWindowPropInterface : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a5b4c0
[EAT:Addr] (explorer.exe) GDI32.dll - InternalReleaseMarshalObjRef : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a5b2c0
[EAT:Addr] (explorer.exe) GDI32.dll - InternalSTAInvoke : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8db0
[EAT:Addr] (explorer.exe) GDI32.dll - InternalServerExceptionFilter : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8f38
[EAT:Addr] (explorer.exe) GDI32.dll - InternalSetAptCallCtrlOnTlsIfRequired : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ac68f4
[EAT:Addr] (explorer.exe) GDI32.dll - InternalSetOleThunkWowPtr : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8fc0
[EAT:Addr] (explorer.exe) GDI32.dll - InternalStubInvoke : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8df0
[EAT:Addr] (explorer.exe) GDI32.dll - InternalTlsAllocData : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8e58
[EAT:Addr] (explorer.exe) GDI32.dll - InternalUnmarshalObjRef : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a5b2e4
[EAT:Addr] (explorer.exe) GDI32.dll - NdrExtStubInitialize : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53b4b560
[EAT:Addr] (explorer.exe) GDI32.dll - NdrOleDllGetClassObject : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53b4e570
[EAT:Addr] (explorer.exe) GDI32.dll - NdrOleInitializeExtension : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a1bea4
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction10 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a61110
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction11 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a2f4d0
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction12 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a5c4e0
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction13 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a5c4f0
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction14 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aa8980
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction15 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aa8990
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction16 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aa89a0
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction17 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aa89b0
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction18 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aa89c0
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction19 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aa89d0
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction20 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aa89e0
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction21 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aa89f0
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction22 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aa8a00
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction23 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aa8a10
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction24 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aa8a20
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction25 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aa8a30
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction26 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aa8a40
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction27 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aa8a50
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction28 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aa8a60
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction29 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aa8a70
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction3 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a69770
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction30 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aa8a80
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction31 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aa8a90
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction32 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aa8aa0
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction4 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a60ff0
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction5 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a69790
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction6 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a61230
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction7 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a697b0
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction8 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a61100
[EAT:Addr] (explorer.exe) GDI32.dll - NdrProxyForwardingFunction9 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a2f4c0
[EAT:Addr] (explorer.exe) GDI32.dll - NdrpFindInterface : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53b536ac
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient10 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539fe7a0
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient11 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a29870
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient12 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a03380
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient13 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539fe7b0
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient14 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539fe7c0
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient15 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a30bb0
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient16 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a2bc00
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient17 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a2bc10
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient18 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f5520
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient19 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a06490
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient20 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a16850
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient21 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a251b0
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient22 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539fe7d0
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient23 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a30070
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient24 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a69240
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient25 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a30050
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient26 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a6c4b0
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient27 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a30060
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient28 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a157d0
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient29 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a6c4a0
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient3 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f4f70
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient30 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aa90a0
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient31 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a613b0
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient32 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a69780
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient4 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a032d0
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient5 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f80a0
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient6 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a03350
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient7 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539fe790
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient8 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539fe760
[EAT:Addr] (explorer.exe) GDI32.dll - ObjectStublessClient9 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f8280
[EAT:Addr] (explorer.exe) GDI32.dll - ProgIDFromCLSID : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a6f9c0
[EAT:Addr] (explorer.exe) GDI32.dll - PropVariantClear : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f7ff0
[EAT:Addr] (explorer.exe) GDI32.dll - PropVariantCopy : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a28d60
[EAT:Addr] (explorer.exe) GDI32.dll - ReleaseFuncDescs : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a3a938
[EAT:Addr] (explorer.exe) GDI32.dll - RoActivateInstance : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a388d0
[EAT:Addr] (explorer.exe) GDI32.dll - RoCaptureErrorContext : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aecd24
[EAT:Addr] (explorer.exe) GDI32.dll - RoFailFastWithErrorContext : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aec9d4
[EAT:Addr] (explorer.exe) GDI32.dll - RoFailFastWithErrorContextInternal : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aec9e4
[EAT:Addr] (explorer.exe) GDI32.dll - RoFreeParameterizedTypeExtra : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53af019c
[EAT:Addr] (explorer.exe) GDI32.dll - RoGetActivatableClassRegistration : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a47f78
[EAT:Addr] (explorer.exe) GDI32.dll - RoGetActivationFactory : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a382f0
[EAT:Addr] (explorer.exe) GDI32.dll - RoGetApartmentIdentifier : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab8ff0
[EAT:Addr] (explorer.exe) GDI32.dll - RoGetErrorReportingFlags : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aed13c
[EAT:Addr] (explorer.exe) GDI32.dll - RoGetParameterizedTypeInstanceIID : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a51bb4
[EAT:Addr] (explorer.exe) GDI32.dll - RoGetServerActivatableClasses : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a4eee8
[EAT:Addr] (explorer.exe) GDI32.dll - RoInitialize : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a0367c
[EAT:Addr] (explorer.exe) GDI32.dll - RoOriginateError : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a5aea4
[EAT:Addr] (explorer.exe) GDI32.dll - RoOriginateErrorW : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a6dd44
[EAT:Addr] (explorer.exe) GDI32.dll - RoParameterizedTypeExtraGetTypeSignature : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f3590
[EAT:Addr] (explorer.exe) GDI32.dll - RoRegisterActivationFactories : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a4f0a4
[EAT:Addr] (explorer.exe) GDI32.dll - RoRegisterForApartmentShutdown : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab9078
[EAT:Addr] (explorer.exe) GDI32.dll - RoReportCapabilityCheckFailure : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aecf80
[EAT:Addr] (explorer.exe) GDI32.dll - RoResolveRestrictedErrorInfoReference : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aefaf8
[EAT:Addr] (explorer.exe) GDI32.dll - RoRevokeActivationFactories : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a51690
[EAT:Addr] (explorer.exe) GDI32.dll - RoSetErrorReportingFlags : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aed11c
[EAT:Addr] (explorer.exe) GDI32.dll - RoTransformError : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a4a244
[EAT:Addr] (explorer.exe) GDI32.dll - RoTransformErrorW : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a4a118
[EAT:Addr] (explorer.exe) GDI32.dll - RoUninitialize : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a036a8
[EAT:Addr] (explorer.exe) GDI32.dll - RoUnregisterForApartmentShutdown : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53ab9034
[EAT:Addr] (explorer.exe) GDI32.dll - SetCleanupFlag : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a15758
[EAT:Addr] (explorer.exe) GDI32.dll - SetErrorInfo : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539f1090
[EAT:Addr] (explorer.exe) GDI32.dll - SetRestrictedErrorInfo : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aef9ec
[EAT:Addr] (explorer.exe) GDI32.dll - StringFromCLSID : C:\Windows\SYSTEM32\combase.dll @ 0x7fd539ff530
[EAT:Addr] (explorer.exe) GDI32.dll - StringFromGUID2 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a03170
[EAT:Addr] (explorer.exe) GDI32.dll - StringFromIID : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a62c58
[EAT:Addr] (explorer.exe) GDI32.dll - UpdateDCOMSettings : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53abb498
[EAT:Addr] (explorer.exe) GDI32.dll - UpdateProcessTracing : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53abb48c
[EAT:Addr] (explorer.exe) GDI32.dll - WdtpInterfacePointer_UserMarshal : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53b546d0
[EAT:Addr] (explorer.exe) GDI32.dll - WdtpInterfacePointer_UserMarshal64 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53b58010
[EAT:Addr] (explorer.exe) GDI32.dll - WdtpInterfacePointer_UserSize : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53b54808
[EAT:Addr] (explorer.exe) GDI32.dll - WdtpInterfacePointer_UserSize64 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53b58100
[EAT:Addr] (explorer.exe) GDI32.dll - WdtpInterfacePointer_UserUnmarshal : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53b544a8
[EAT:Addr] (explorer.exe) GDI32.dll - WdtpInterfacePointer_UserUnmarshal64 : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53b57fa0
[EAT:Addr] (explorer.exe) GDI32.dll - WindowsCompareStringOrdinal : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a2f8a0
[EAT:Addr] (explorer.exe) GDI32.dll - WindowsConcatString : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a3f9a4
[EAT:Addr] (explorer.exe) GDI32.dll - WindowsCreateString : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a2b8c0
[EAT:Addr] (explorer.exe) GDI32.dll - WindowsCreateStringReference : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a6b560
[EAT:Addr] (explorer.exe) GDI32.dll - WindowsDeleteString : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a6b510
[EAT:Addr] (explorer.exe) GDI32.dll - WindowsDeleteStringBuffer : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aec4b0
[EAT:Addr] (explorer.exe) GDI32.dll - WindowsDuplicateString : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a6b710
[EAT:Addr] (explorer.exe) GDI32.dll - WindowsGetStringLen : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a38cc4
[EAT:Addr] (explorer.exe) GDI32.dll - WindowsGetStringRawBuffer : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a6b470
[EAT:Addr] (explorer.exe) GDI32.dll - WindowsInspectString : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aec368
[EAT:Addr] (explorer.exe) GDI32.dll - WindowsIsStringEmpty : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a6b7a0
[EAT:Addr] (explorer.exe) GDI32.dll - WindowsPreallocateStringBuffer : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a38ba0
[EAT:Addr] (explorer.exe) GDI32.dll - WindowsPromoteStringBuffer : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a38c30
[EAT:Addr] (explorer.exe) GDI32.dll - WindowsReplaceString : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aec5d0
[EAT:Addr] (explorer.exe) GDI32.dll - WindowsStringHasEmbeddedNull : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a6b4a0
[EAT:Addr] (explorer.exe) GDI32.dll - WindowsSubstring : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a4edc0
[EAT:Addr] (explorer.exe) GDI32.dll - WindowsSubstringWithSpecifiedLength : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a4ee44
[EAT:Addr] (explorer.exe) GDI32.dll - WindowsTrimStringEnd : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53a539c8
[EAT:Addr] (explorer.exe) GDI32.dll - WindowsTrimStringStart : C:\Windows\SYSTEM32\combase.dll @ 0x7fd53aec4f8
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  TOSHIBA MQ01ABD +++++
--- User ---
[MBR] fd9c45f893067b4140b808bdc8664c76
[BSP] f5d2fdebf049248a4e68d20ee572f3c3 : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
--- LL2 ---
[MBR] NOT VALID
 
+++++ PhysicalDrive1:  LITEONIT LMS-24 +++++
--- User ---
[MBR] 10368fd70e80283173c21b442e18739d
[BSP] 6b8b243d05837cb8c1580aa436cb30ee : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
--- LL2 ---
[MBR] NOT VALID
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 01
Ran by Sean (administrator) on ENVY15 on 30-05-2014 23:07:09
Running from C:\Users\Sean\Desktop
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7763256 2013-03-06] (Motorola Solutions, Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-255613387-2719551760-702296935-1002\...\Run: [GoogleChromeAutoLaunch_4C759CBE76051A54F37D4E70F0F48AE0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-13] (Google Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-03-07] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-03-07] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {D9D4DB28-DAD4-47F4-93F5-5E1343D2181B} URL = http://search.yahoo....p={SearchTerms}
SearchScopes: HKCU - {D9D4DB28-DAD4-47F4-93F5-5E1343D2181B} URL = http://search.yahoo....p={SearchTerms}
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: VIPRE Search Guard Helper - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSG.dll ()
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSG.dll ()
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @eonreality.com/EON,version=8.0.4.6479 - C:\Program Files (x86)\EON Reality\EON Viewer 8.0.4.6479\Bin\npEonXPlugin7.dll (EON Reality, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Sean\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-12-21]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://google.com/"
CHR Extension: (SEOquake) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2013-12-18]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-05-28]
CHR Extension: (Google Docs) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-18]
CHR Extension: (Google Drive) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-18]
CHR Extension: (QuickBooks) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimncnjihlhfmagneecomiloklpjeagl [2014-01-27]
CHR Extension: (Google Search) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-18]
CHR Extension: (Morpheon Dark - Aero) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnbbonpgadmkipdlclghcekaklebdpi [2013-12-18]
CHR Extension: (SiteAdvisor) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-12-21]
CHR Extension: (Website Logon) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2013-12-18]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-12-18]
CHR Extension: (Currency Converter) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbhghjdcfghfhlogkgdklfgmpodeglno [2014-02-08]
CHR Extension: (Scraper) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd [2014-05-10]
CHR Extension: (Google Wallet) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-18]
CHR Extension: (Evernote Web Clipper) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-12-18]
CHR Extension: (Gmail) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-18]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-13]
 
==================== Services (Whitelisted) =================
 
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-04-16] (Intel)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-07] (DisplayLink Corp.)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-10] (Intel Corporation)
R2 Intel® Bluetooth Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [160712 2013-03-11] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-02-22] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [668984 2013-02-07] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-02-22] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155856 2014-05-23] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-08] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-03-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2013-09-27] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132408 2013-01-21] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1362232 2013-02-14] (Motorola Solutions, Inc.)
S3 DisplayLinkUsbIo_x64; C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.4.51572.0.sys [46384 2013-10-08] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-12-12] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-02-13] ()
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-09] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [450632 2013-02-22] (RTS Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [207768 2013-04-16] (Windows ® Win 7 DDK provider)
S3 VaneFltr; C:\Windows\system32\drivers\Lachesis.sys [30336 2007-08-17] (Razer (Asia-Pacific) Pte Ltd)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-05-28] ()
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\1394ohci.sys E890C46E4754F0DF51BAFCC8D2E07498
C:\Windows\System32\drivers\3ware.sys 4F18D4C7EA14F11A7211F60D553C03DB
C:\Windows\system32\DRIVERS\Accelerometer.sys F39180029723D7779C80360F9E255709
C:\Windows\System32\drivers\ACPI.sys 975AABEB243B800C23626D6B652C5A9C
C:\Windows\System32\Drivers\acpiex.sys DC968C37822117E576B933F34A2D130C
C:\Windows\System32\drivers\acpipagr.sys 0CA9F7C3A78227C21A0A7854E245CFB2
C:\Windows\System32\drivers\acpipmi.sys 8EB8DA03B142D3DD1EB9ED8107A76C43
C:\Windows\System32\drivers\acpitime.sys CBCE725C5D86ABA7D2604E22951AA9B8
C:\Windows\System32\drivers\adp94xx.sys 93C6388592B99925C1D1576E465BC80F
C:\Windows\System32\drivers\adpahci.sys D27763E0247292654E7F7D16444C7C72
C:\Windows\System32\drivers\adpu320.sys 67B90070FF48F794AF19F9FCF0080D75
C:\Windows\system32\drivers\afd.sys 7C0E0EDF18D6CC565D7BFBB451709FA5
C:\Windows\System32\drivers\agp440.sys 01590377A5AB19E792528C628A2A68F9
C:\Windows\System32\drivers\amdk8.sys 5A81054B824004B1ECC04F0034A1CDF9
C:\Windows\System32\drivers\amdppm.sys B849D453E644FAB9BC8EF6DC8CA9C4C6
C:\Windows\System32\drivers\amdsata.sys 35A0EB5AECB0FA3C41A2FB514A562304
C:\Windows\System32\drivers\amdsbs.sys 00452671904F5EE94B50BF0219C97164
C:\Windows\System32\drivers\amdxata.sys EA3FFE53E92E59C87E3ECA9BEB20D9B7
C:\Windows\system32\drivers\appid.sys 83B3682CE922FB0F415734B26D9D6233
C:\Windows\System32\drivers\arc.sys E933401B392387F4BE34DE8BAF1722A7
C:\Windows\System32\drivers\arcsas.sys 07CA323EF2E8247A568AB0F3662AD644
C:\Windows\System32\DRIVERS\asyncmac.sys 74DBAEC35366C4EE7670428808715A6A
C:\Windows\System32\drivers\atapi.sys A721FF570C2387E383BDDEA9632863C9
C:\Windows\System32\drivers\bxvbda.sys 87AB5BB072A3F128541D5B815F82FFDD
C:\Windows\System32\drivers\BasicDisplay.sys 81703BC5D68DEDBB086C2368FBE7B334
C:\Windows\System32\drivers\BasicRender.sys 5EC68164E14D25675C98BBB5F09E8606
C:\Windows\System32\Drivers\Beep.sys 9E7AEA59776D904607985AFFE7E5E183
C:\Windows\System32\DRIVERS\bowser.sys B17AC10B47C7FCB44D22A1F06415840E
C:\Windows\System32\drivers\BthAvrcpTg.sys 6695200F455E251F0BCC9CE4D0978D59
C:\Windows\System32\drivers\BthEnum.sys A8B20D852B07AE19A13B5D47EC4E4C3B
C:\Windows\System32\drivers\bthhfenum.sys 616EB8748C988AEE98D93DA141C3D3B4
C:\Windows\System32\drivers\BthHFHid.sys DCB4EBD928A6FB368BE6CAE522412DE1
C:\Windows\system32\DRIVERS\BthLEEnum.sys 42201C346F0B8C458E1E9CDE04D68A2C
C:\Windows\System32\drivers\bthmodem.sys 033916CE8784A848B9A3D686B7F66D97
C:\Windows\system32\DRIVERS\bthpan.sys 091BB978E9504D0AD14586929431A957
C:\Windows\System32\Drivers\BTHport.sys 13795CAA34239D97A7211E7F9D96E012
C:\Windows\System32\Drivers\BTHUSB.sys 1F715957F5236D30B6020A19A4271F6A
C:\Windows\system32\DRIVERS\btmaux.sys 7E65D1FB41C98C99E17FC2C8E1483D1C
C:\Windows\system32\DRIVERS\btmhsf.sys 6B6ED5D18816D9582C5CF1298D5E2E5D
C:\Windows\System32\DRIVERS\cdfs.sys 990B1BABE6E81FB18E65A87EBEFB1772
C:\Windows\System32\drivers\cdrom.sys 339BFF85D788268752DA8C9644B188EE
C:\Windows\System32\drivers\circlass.sys F64B7D1A37CC1D5F421D5359EEC81E2E
C:\Windows\System32\drivers\CLFS.sys 9905168708DB68849B879B5548F68AB3
C:\Windows\System32\drivers\CmBatt.sys 2DC8538A2260647484A6C921CA837313
C:\Windows\System32\Drivers\cng.sys DBF9E5346431557BF56F41E7F8EC0DC1
C:\Windows\System32\drivers\CompositeBus.sys 0E5B1E9E7122EDAAF1F6CE047965CA92
C:\Windows\System32\drivers\condrv.sys D9CB0782AF819548072AA45B70F8B22D
C:\Windows\System32\drivers\dam.sys FAEF4C245BE832DB41B15DAAC336AFB7
C:\Windows\System32\Drivers\dfsc.sys 431141C6859990824D17F71C30A78728
C:\Windows\System32\drivers\discache.sys 3C736FAE17BA6F91BA37594AAB139CD0
C:\Windows\System32\drivers\disk.sys AE3786294CC246A5403783E1B86A0168
C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.4.51572.0.sys 00770F01499F40A7477BFFA84A544E89
C:\Windows\system32\drivers\dlkmd.sys 68606C57F940117BB71103F4D4AF3761
C:\Windows\System32\drivers\dlkmdldr.sys 1EF1046C8F3859B2760655D599143274
C:\Windows\System32\drivers\dmvsc.sys 82A7C72593793FE1EADA7A305BD1567A
C:\Windows\system32\drivers\drmkaud.sys 9C7C183F937951AE17C5B8B3259CF3FF
C:\Windows\System32\drivers\dxgkrnl.sys E6AF4DF1817953D73C519B17CF849756
C:\Windows\System32\drivers\evbda.sys 5AB97B3282D7D6114949D1EB5C8598E4
C:\Windows\System32\drivers\EhStorClass.sys 66D60BD9A4C05616ABECA2A901475098
C:\Windows\System32\drivers\EhStorTcgDrv.sys A61D0F543024E458C0FE32352E1978E2
C:\Windows\System32\drivers\errdev.sys D790D058D67582DB9C84C2D33695FE6B
C:\Windows\System32\Drivers\exfat.sys 7A4D6FEB8C52B3FE855E4DCDF9107E03
C:\Windows\System32\Drivers\fastfat.sys 60996602A7111FD2D086E803F33E4282
C:\Windows\System32\drivers\fdc.sys 73B2D11DF0B6E03A0CB0323218ACB3E4
C:\Windows\System32\drivers\fileinfo.sys 88A9EBACD1058ABB237A6B4E96E7F397
C:\Windows\System32\drivers\filetrace.sys 9E4EE3A0B00FF7D5F42A4AF9744CBA02
C:\Windows\System32\drivers\flpydisk.sys B1D4C168FF7B8579E3745888658FFB1D
C:\Windows\System32\drivers\fltmgr.sys B33EC133AE4E6C1881D2302D93D2467D
C:\Windows\System32\drivers\FsDepends.sys A5F7873A39E4E9FAAAE59B7E9E36B705
C:\Windows\System32\Drivers\Fs_Rec.sys A6DD7D491F587F4BC13FB972977DC8E8
C:\Windows\System32\DRIVERS\fvevol.sys C1646A95EAC515F60CDB2A7A8A013C1E
C:\Windows\System32\drivers\fxppm.sys A969D92973DFA895E7776B4BFE36DBB2
C:\Windows\System32\drivers\gagp30kx.sys 52BC441E07A827EBAB70CDC7EAEDB28D
C:\Windows\System32\drivers\vmgencounter.sys 721F8EEF5E9747F32670DEFF7FB92541
C:\Windows\System32\drivers\gfiark.sys 4EA5458FCA8518344686C543749365B1
C:\Windows\System32\drivers\gfiutil.sys 16A23FF8621929ADC5B18DCCD5E206EE
C:\Windows\System32\Drivers\msgpioclx.sys FC2B8B06BDBD3B6457F5A3DA9AD2410E
C:\Windows\system32\drivers\HdAudio.sys 630555943E5A3FE21010CE91EC7FC84F
C:\Windows\System32\drivers\HDAudBus.sys 7D87B5B6C7188D553E11B59DC7F0B111
C:\Windows\System32\drivers\HidBatt.sys 3F76BBA53D65E85A7F53E7A71082082C
C:\Windows\System32\drivers\hidbth.sys 085F150D002B7F0153D3C06DDF33A143
C:\Windows\System32\drivers\hidi2c.sys CC4A07E51D89575CAB6F4EB590D87CD4
C:\Windows\System32\drivers\hidir.sys DC96F7DACB777CDEAEF9958A50BFDA06
C:\Windows\System32\drivers\hidusb.sys 012C354B4AB48E9A7A657DF39E3A2073
C:\Windows\System32\DRIVERS\hpdskflt.sys 8B8E6BD988EAF18C1B86704BF05E5C03
C:\Windows\System32\drivers\HpSAMD.sys 64DB7A8D97CA53DCCF93D0A1E08342CF
C:\Windows\System32\drivers\HTTP.sys F4A91D985EB9D1D2717D538F3424603C
C:\Windows\System32\drivers\hwpolicy.sys 2A98301068801700906C06649860FE94
C:\Windows\System32\drivers\hyperkbd.sys DC76901D82097C9E297F20C287CB9A27
C:\Windows\system32\DRIVERS\HyperVideo.sys 716413AB3CA12DE0A7222D28C1C9352C
C:\Windows\System32\drivers\i8042prt.sys C9E9CBF73AFFBFE3E801EFB516787BA3
C:\Windows\System32\drivers\iaStorA.sys 118CBC8D092787B604115F5267F77AE8
C:\Windows\System32\drivers\iaStorV.sys 5E394EBD26FD68AA9300332C46BEDD62
C:\Windows\system32\DRIVERS\iBtFltCoex.sys 7274E304EACD1FE0A4F5047CE6B4DC61
C:\Windows\system32\DRIVERS\igdkmd64.sys 7209139C75C6765DFA42912B98672F0B
C:\Windows\System32\drivers\iirsp.sys 24847A06B84339FEEDE5CABF3D27D320
C:\Windows\system32\DRIVERS\ikbevent.sys E18725531054FE222115873AC1CCB02B
C:\Windows\system32\DRIVERS\imsevent.sys 45060257BCA3D60204FEC29F6E6DE458
C:\Windows\system32\drivers\intelaud.sys FD2032D2EAE8D7F3381EBA5FA3E7FEEA
C:\Windows\system32\DRIVERS\IntcDAud.sys 0E0B99617ED3FDB6C5F0E2D62709B5DF
C:\Windows\System32\drivers\intelide.sys 4F37726CF764CA18A8A84F85EF3A7F24
C:\Windows\System32\drivers\intelppm.sys E15CDF68DD73423F15D4AC404793AF0D
C:\Windows\System32\DRIVERS\ipfltdrv.sys 8FCA66234A0933D796BB780B7953BAB9
C:\Windows\System32\drivers\IPMIDrv.sys A4071DA3AE419F9694BFCB267C7DB8D7
C:\Windows\System32\drivers\ipnat.sys 3969B9C218DD3FAA9F4ED2FFC3651C02
C:\Windows\System32\drivers\irenum.sys 25CD7C4BB2863FFC2B0B311F0AEBF77C
C:\Windows\System32\drivers\irstrtdv.sys 4D9B9A794F22415B8C3E0CCFBE61BC7A
C:\Windows\System32\drivers\isapnp.sys D940C5BB9DC92E588533C19ABCC3D2C2
C:\Windows\System32\drivers\msiscsi.sys E6530FD4F61B40F338BF4355A21B9A09
C:\Windows\System32\drivers\ISCTD64.sys 4EE2423C38F43D37F8497A672FD10BDC
C:\Windows\System32\drivers\iwdbus.sys C59B9CE2855E667809F9E63C20FC44A5
C:\Windows\System32\drivers\kbdclass.sys 8FBD94B69D6423E20ABCD59D86368B21
C:\Windows\System32\drivers\kbdhid.sys E88C932ABDF8185A62C8F2FC7B051FB6
C:\Windows\system32\DRIVERS\kdnic.sys FB6C185092E18011EF49989425C2AA87
C:\Windows\System32\Drivers\ksecdd.sys 8B3EB6372436195B8EA8AE09A184BCE2
C:\Windows\System32\Drivers\ksecpkg.sys 3DD9C86EA88E8B5A51904AD87E1F2E78
C:\Windows\system32\drivers\ksthunk.sys 81492FEEBF2F26455B00EE8DBAE8A1B0
C:\Windows\system32\DRIVERS\lltdio.sys CEEFD29FC551F289810B0B9381B321DC
C:\Windows\System32\drivers\lsi_sas.sys 022CDD12161B063D7852B1075BF3FFF2
C:\Windows\System32\drivers\lsi_sas2.sys 07AD59D669B996F29F91817F0ECFA34F
C:\Windows\System32\drivers\lsi_scsi.sys 216FB796AA4E252ACCE93B1BCB80B5EC
C:\Windows\System32\drivers\lsi_sss.sys 5E80530AF37102488EE980B4A92AF99F
C:\Windows\system32\drivers\luafv.sys 2BDC5D711FA61307CE6190D47C956368
C:\Windows\System32\drivers\megasas.sys 9B0D829C3BE4E7472DB9DD2B79908E3C
C:\Windows\System32\drivers\MegaSR.sys ECC3F54C7AFC318271C4F0B4606D8DB0
C:\Windows\System32\drivers\HECIx64.sys 2BB3EAE2EA641515D4B205CAB29E1624
C:\Windows\System32\drivers\modem.sys 780098AD5DA8A4822E2563984C85EF7B
C:\Windows\System32\drivers\monitor.sys EA8EAD3F5B762F889CC7F3966625B48B
C:\Windows\System32\drivers\mouclass.sys 618446B98C79776654340CE27C73485E
C:\Windows\System32\drivers\mouhid.sys C0ADEBED913295803B579ED288936CBB
C:\Windows\System32\drivers\mountmgr.sys 89D263DBF08119CE16273991C120D6DD
C:\Windows\System32\drivers\mpsdrv.sys 4CCBBD4944777CA100B9A6C2F149A46F
C:\Windows\system32\drivers\mrxdav.sys 3D70147F55F1EC84EB9139ED7FFE48BC
C:\Windows\System32\DRIVERS\mrxsmb.sys 7A761AEE58658378BBA45D360F874CB0
C:\Windows\System32\DRIVERS\mrxsmb10.sys 06D5F2FA3C61E8EA91648EA8E9F99FD3
C:\Windows\System32\DRIVERS\mrxsmb20.sys 697B78CE3925E4FBFC544232A5E9E2EB
C:\Windows\system32\DRIVERS\bridge.sys 98487487D6B3797CA927E9D7B030AE13
C:\Windows\System32\Drivers\Msfs.sys 3886F1F2A4D2900ABAA7E4486BEEE6A2
C:\Windows\System32\drivers\msgpiowin32.sys C32A7A39B960A42BA9D4FBE47213CA03
C:\Windows\System32\drivers\mshidkmdf.sys D3857A767B91A061B408CCAB02DA4F40
C:\Windows\System32\drivers\mshidumdf.sys 839B48910FB1E887635C48F3EC11A05E
C:\Windows\System32\drivers\msisadrv.sys 55C0DB741E3AB7463242B185B1C2997C
C:\Windows\system32\drivers\MSKSSRV.sys 509809566E49F4411055864EA8D437CD
C:\Windows\system32\DRIVERS\mslldp.sys 63145201D6458E4958E572E7D6FC2604
C:\Windows\system32\drivers\MSPCLOCK.sys 99D526E803DB6D7FF290FD98B6204641
C:\Windows\system32\drivers\MSPQM.sys 06FA77C3E2A491ADCD704C5E73006269
C:\Windows\System32\Drivers\MsRPC.sys E134EC4DE11CF78CB01432D180710D84
C:\Windows\System32\drivers\mssmbios.sys B5AECF12F09DEE97C9FCAA5BA016CE1E
C:\Windows\system32\drivers\MSTEE.sys 72D66A05E0F99F2528F6C6204FD22AA1
C:\Windows\System32\drivers\MTConfig.sys 8AAAE399FC255FA105D4158CBA289001
C:\Windows\System32\Drivers\mup.sys 3BCB702F3E6CC622DCAFCAA45D7CDE0A
C:\Windows\System32\drivers\mvumis.sys 3A1E095277BBD406CEA8EA6B76950664
C:\Windows\system32\DRIVERS\nwifi.sys 43D7388A90A4C6EA346A4D6FF0377479
C:\Windows\System32\drivers\ndis.sys A10E176F3B2BF83EDE7B5C4658C93B66
C:\Windows\system32\DRIVERS\ndiscap.sys 39C8A1D9D46F5E83A016BCAB72455284
C:\Windows\system32\DRIVERS\NdisImPlatform.sys 762941932B7E4C588E48A577BA9D6440
C:\Windows\system32\DRIVERS\ndistapi.sys 7A6F8A6D0E01432EBA294EF29CDD0FA7
C:\Windows\system32\DRIVERS\ndisuio.sys 79AB68BB3FFF974AD4F41FA559F4EC67
C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8
C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8
C:\Windows\System32\Drivers\NDProxy.sys 3730942D7DB2F8BB5F84542B7FF6F650
C:\Windows\System32\drivers\Ndu.sys D3F60A4345FCA9C1BE68AD7D0D6DE770
C:\Windows\System32\DRIVERS\netbios.sys 7C203A76394F9AE68F69EEE5F9612C4A
C:\Windows\System32\DRIVERS\netbt.sys 7CEC25C682D319D484630B3952C31A11
C:\Windows\system32\DRIVERS\NETwew00.sys 75B9B86878CC159FBC40C4F9202ADBE3
C:\Windows\System32\drivers\nfrd960.sys 12DD2800E4EEA37DC9AE256AD62423B4
C:\Windows\System32\Drivers\Npfs.sys 17E19A742FB30C002F8B43575451DBE1
C:\Windows\System32\drivers\npsvctrig.sys 8ED299C30792544264E558BEA79F0947
C:\Windows\System32\drivers\nsiproxy.sys 689B3B1E95C70ABF7AFF29F9406EF1E0
C:\Windows\System32\Drivers\Ntfs.sys 7BE3EDFFA3216F989A6BDCB14795DD08
C:\Windows\System32\Drivers\Null.sys 4163ADE07DB51843AE31F65B94F5398D
C:\Windows\system32\DRIVERS\nvlddmkm.sys 2C32BF1B8D31545243092F48A3BE009B
C:\Windows\System32\DRIVERS\nvpciflt.sys CB189CC57439DD021389078217998637
C:\Windows\System32\drivers\nvraid.sys D6D34118263412D3AAA8348A9572B7F2
C:\Windows\System32\drivers\nvstor.sys 27AFC428D1D32ABD04A86763A4EDDEA9
C:\Windows\System32\drivers\nv_agp.sys 051CFB5107BAAE510419BDC41F8C4036
C:\Windows\System32\drivers\parport.sys 4563DAF8C6A740AD7F501E219BD10766
C:\Windows\System32\drivers\partmgr.sys D6ACCF9F2EEEEA711C14EFD976E573F3
C:\Windows\System32\drivers\pci.sys 4A003E8F718C1E6A2050CA98CD53E3E2
C:\Windows\System32\drivers\pciide.sys F9908D274D458220F91E89B54D78D837
C:\Windows\System32\drivers\pcmcia.sys 84D19CB6102627932DCB5DFDF89FE269
C:\Windows\System32\drivers\pcw.sys CEBBAD5391C2644560C55628A40BFD27
C:\Windows\System32\drivers\pdc.sys 0698DEDEAD6A00AD0D468C687D830FBF
C:\Windows\System32\drivers\peauth.sys 61FE70659CD43E07F94DA4DC31DEC493
C:\Windows\system32\DRIVERS\raspptp.sys 362D47E5B4D67270DE4B8606036F4ADD
C:\Windows\System32\drivers\processr.sys DD979EB6A7212F60E4AFBE96EDC7AE6D
C:\Windows\system32\DRIVERS\pacer.sys EB8034147D4820CD31BFCB11A2A652DF
C:\Windows\system32\drivers\qwavedrv.sys 13D47BB0CCA2FC51BD15F8E85C6A078E
C:\Windows\System32\DRIVERS\rasacd.sys 873C60F8178100557740A832FCE10B5F
C:\Windows\system32\DRIVERS\AgileVpn.sys 69B93F623B130976243ECA3D84CC99CA
C:\Windows\system32\DRIVERS\rasl2tp.sys A14D625C5AEE5FFE0F47D1A1D419FAAE
C:\Windows\system32\DRIVERS\raspppoe.sys 00695B9C2DB6111064499C529E90C042
C:\Windows\system32\DRIVERS\rassstp.sys A7F24D8CD1956B0A1FDCB86CC5114DE4
C:\Windows\System32\DRIVERS\rdbss.sys CA03D642ACE58E1BA54E4B383F91CD69
C:\Windows\System32\drivers\rdpbus.sys CA7DF5EC95D8DE0DD24BE7FF97369F68
C:\Windows\System32\drivers\rdpdr.sys B2A3AD74FF2E2FFA73AF2567108231B3
C:\Windows\System32\drivers\rdpvideominiport.sys 57F4787E4602A3FCA719C0A33137C6DA
C:\Windows\System32\Drivers\RDPWD.sys B3CB0721E81E30419CE7D837EF4EA151
C:\Windows\System32\drivers\rdyboost.sys 62C1F8A0685FE07E998AA296C4F697C4
C:\Windows\System32\drivers\rfcomm.sys CCBFCABDFE2BC22F0645CEAADDB36004
C:\Windows\system32\DRIVERS\rspndr.sys E04E770DD198B9399640717145E79EBF
C:\Windows\system32\DRIVERS\Rt630x64.sys D2768897FCEA8EEFAD3D69BAC9DC4180
C:\Windows\system32\DRIVERS\RtsPer.sys A66515E4B5C1EB3139705B115EC287F7
C:\Windows\System32\drivers\vms3cap.sys 752EC7DCD2F96871A3857EEE6AFE965A
C:\Windows\System32\DRIVERS\sbapifs.sys 7B7505F8674AC9C8418B55F807A06F1D
C:\Windows\System32\drivers\sbp2port.sys 9C7B28CE0D136DB226E24DB3BC817F92
C:\Windows\system32\DRIVERS\sbwtis.sys 97ECCE37DBAA0A871B4504CEF53EE76B
C:\Windows\System32\DRIVERS\scfilter.sys 5D7733A12756B267FCA021672B26BC9E
C:\Windows\System32\drivers\sdbus.sys F58B030A0664385C707B8C1C63682041
C:\Windows\System32\drivers\sdstor.sys BB107AA9980B0DA4E19A3A90C3BD4460
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\SerCx.sys 87C46B239A7EEF30FDFDD5E9BD46130C
C:\Windows\System32\drivers\serenum.sys 7A1F9347C85FD55E39B8A76B3A25C5AD
C:\Windows\System32\drivers\serial.sys F640A0A218BBF857F1D04A15D7D939F6
C:\Windows\System32\drivers\sermouse.sys F1A5F56B2620B862CC28FF96A0A6DAAB
C:\Windows\System32\drivers\sfloppy.sys 7EE65419B29302C795714FF8073969A1
C:\Windows\System32\drivers\SiSRaid2.sys 2560721D6F16D5B611C36A3A9D28C1B2
C:\Windows\System32\drivers\sisraid4.sys 3AA8FDE1DBF65BB8B88B053529554A0D
C:\Windows\System32\drivers\Smb_driver_AMDASF.sys 4193B29035FF31655A2A2D820FDEFCCA
C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys 410F4660C8472873818A288EBBE1FC8A
C:\Windows\System32\drivers\spaceport.sys 9110193D93960E38B8692E4519C75D72
C:\Windows\System32\drivers\SpbCx.sys 3D8679C8DF52EB26EB7583A4E0A29202
C:\Windows\System32\DRIVERS\srv.sys 0F1FCD575A03ABDE13FCA9D0ADE4DDA6
C:\Windows\System32\DRIVERS\srv2.sys 851149B9F9254BD67F907C44A9D2242D
C:\Windows\System32\DRIVERS\srvnet.sys BB0F9E19C5CE4DC765B263E2A5561DE1
C:\Windows\System32\drivers\stexstor.sys 4E85355B94CFCB67C135F6521A4895A7
C:\Windows\system32\DRIVERS\stwrt64.sys B1EFA62F5C0E4D3C39E24358FA40CC44
C:\Windows\System32\drivers\storahci.sys B240874B2CA0CD02E8CD11E140B14C57
C:\Windows\System32\DRIVERS\vmstorfl.sys F74DBC95A57B1EE866D3732EB5F79BE2
C:\Windows\System32\drivers\storvsc.sys 543CD3CC0E05B8D8815E0D4F040B6F59
C:\Windows\System32\drivers\swenum.sys 4AFD66AAE74FFB5986BC240744DC5FC9
C:\Windows\system32\DRIVERS\SynTP.sys 0F34FE968C91D02CE30D76C257F2BDA0
C:\Windows\System32\drivers\tcpip.sys B23882881EFD9404B62993906BC38709
C:\Windows\system32\DRIVERS\tcpip.sys B23882881EFD9404B62993906BC38709
C:\Windows\System32\drivers\tcpipreg.sys 8F2A13A5DF99D72FDDE87F502A66F989
C:\Windows\System32\DRIVERS\tdx.sys 73DC722CE5DF26D7638CE2446F2655C7
C:\Windows\System32\drivers\terminpt.sys F7C8AB5D8AFFAA318D6A21093D139BF4
C:\Windows\system32\drivers\tpm.sys E94F7A7B48C7638D1F3F8089344C97B7
C:\Windows\System32\drivers\tsusbflt.sys 4E7C5FB10A50435523DE0CAA37DE2BD3
C:\Windows\System32\drivers\TsUsbGD.sys 16D684A820872EE54F6370703AC0B513
C:\Windows\system32\DRIVERS\tunnel.sys 78C9EE193AC2B4CBDBC48B620314D740
C:\Windows\System32\drivers\uagp35.sys 6D4F67CA56ACA2085DFA2CD89EAFBC1A
C:\Windows\System32\drivers\uaspstor.sys 6FD6D03B7752C78712E5CFF29A305026
C:\Windows\System32\drivers\ucx01000.sys 061BA3EE0D2BE17944990544008CF190
C:\Windows\System32\DRIVERS\udfs.sys 25C50F4EDF70D0A831E0566BD181CCF2
C:\Windows\System32\drivers\uliagpkx.sys 07FEBCDF24FABA0D47B635D85A0FFB7A
C:\Windows\System32\drivers\umbus.sys 02CEB3FE6152668A7BA420B93B664860
C:\Windows\System32\drivers\umpass.sys 991EE6B5FC41EAEF99C8AF5B92F2CA09
C:\Windows\System32\drivers\usb3Hub.sys 75F8A310533E15D27115CDE2A881126F
C:\Windows\system32\drivers\usbaudio.sys 9E9F21FF91D7ECC0BCCB94D3FE52A959
C:\Windows\System32\drivers\usbccgp.sys C976C4306F9AE133D6BBD47FDFC3BF92
C:\Windows\System32\drivers\usbcir.sys 427B6DB8C05A5A977E8C3525370A2595
C:\Windows\System32\drivers\usbehci.sys B24FDEB1B18496F1B463782235AA3AF1
C:\Windows\System32\drivers\usbhub.sys F8C2A832DF9403F5EA8080CBDBDA95FB
C:\Windows\System32\drivers\UsbHub3.sys E5F7328B1D29BCE791862CD3C0DD382A
C:\Windows\System32\drivers\usbohci.sys 325F6179009B5A7F6118951A5BA422AB
C:\Windows\System32\drivers\usbprint.sys 9FDBA6982582A6F2354144980F641E7B
C:\Windows\System32\drivers\USBSTOR.SYS BFC7FE4AAEB61317A921871B4085EF4B
C:\Windows\System32\drivers\usbuhci.sys 1ABF657259DB57F7E5558E4DF1357C0C
C:\Windows\System32\Drivers\usbvideo.sys 9EF7C01D3ACCBC243B5CB1A95865B2FF
C:\Windows\System32\drivers\USBXHCI.SYS 8DC398D7B8E02C929A2096E74A170970
C:\Windows\system32\drivers\Lachesis.sys 81A9F455BF2C9180348949F7C8D93E66
C:\Windows\System32\drivers\vdrvroot.sys BACECBFF9C97F7627A60B0E0F1FE7EE8
C:\Windows\System32\drivers\VerifierExt.sys 74FA2D4368DE6F6CE14393EDF1F342BE
C:\Windows\System32\drivers\vhdmp.sys 500BE6B2E49883720D0AE8BB859ED7A3
C:\Windows\System32\drivers\viaide.sys F5B4A14B00E89250C50982AC762DDD1D
C:\Windows\System32\drivers\vmbus.sys 78DB50F7329F6D1311658DABFFFC8BE0
C:\Windows\System32\drivers\VMBusHID.sys ECFEE2F2BA3932C7880D1A8F67D68F91
C:\Windows\System32\drivers\volmgr.sys CB60FAAED8B49B812EBBF77EB87D9B18
C:\Windows\System32\drivers\volmgrx.sys A74101DA9809251BCD0E5A26BAE0F824
C:\Windows\System32\drivers\volsnap.sys 78A5BBA3819FFFC62FFEC3E2220D102D
C:\Windows\System32\drivers\vpci.sys A8DA1C1B52ECEA3726DEBED4FF1B700D
C:\Windows\System32\drivers\vsmraid.sys 38A60CD9C009C55C6D3B5586F8E6A353
C:\Windows\System32\drivers\vstxraid.sys A0F6FE0FC2F647C22BBFD6BD4249DBCC
C:\Windows\System32\drivers\vwifibus.sys 62460A45435A26A334907E3F2EA45611
C:\Windows\system32\DRIVERS\vwififlt.sys 095E943D27025E4D588AF0A72CC2318F
C:\Windows\system32\DRIVERS\vwifimp.sys 73FA1A41A97A5C34ADC03B3577FF1A86
C:\Windows\System32\drivers\wacompen.sys 6B806E893714019969E2B50D7EF6A4D9
C:\Windows\system32\DRIVERS\wanarp.sys 61F6972FF9AC9A8D0B4D62076DC30051
C:\Windows\system32\DRIVERS\wanarp.sys 61F6972FF9AC9A8D0B4D62076DC30051
C:\Windows\System32\drivers\wd.sys B3A4D918DAB90505B6BC7B70632913CB
C:\Windows\system32\drivers\WdBoot.sys 3772FF85F0098686B0DCD77076AE0786
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\system32\drivers\WdFilter.sys AB6F7DE8BFBF61A42F8764D9A621BD8B
C:\Windows\System32\DRIVERS\wfplwfs.sys 44BB9C31E6242C4BD1CE7C2B440C2533
C:\Windows\System32\drivers\wimmount.sys A3C7624A42A3447EF5EDD1ED37FE4E60
C:\Windows\System32\drivers\WinUSB.sys BB20956C424531003F7FA6CD36F11D5D
C:\Windows\System32\drivers\WirelessButtonDriver64.sys 4F2A80D65AE6F845776E2F06AE6782ED
C:\Windows\System32\drivers\wmiacpi.sys E2A596CACFC6504306CDB7B593B90084
C:\Windows\System32\DRIVERS\wpcfltr.sys C6FF953D5D6F2EAE3B8883474D5076B3
C:\Windows\System32\drivers\WpdUpFltr.sys 0346CAFC181C91C6E2330332EB332ED6
C:\Windows\System32\drivers\WPRO_41_2001.sys 7CA09731EB7FC99B910C7F239E57720F
C:\Windows\system32\drivers\ws2ifsl.sys BC8B5CB336E63BB25EAD1CE8EDD34B81
C:\Windows\System32\drivers\WSDPrint.sys 74EFDA0526862C3D8D01A776182798EA
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\drivers\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\drivers\xusb22.sys D107AA09E4E233E1AAE126255D8A4057
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-28 22:45 - 2014-05-28 22:45 - 00003722 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-05-28 22:45 - 2014-05-28 22:45 - 00003476 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2014-05-28 22:40 - 2014-05-28 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-05-28 22:39 - 2014-05-28 22:39 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-05-26 09:35 - 2014-05-26 09:30 - 02347384 _____ (ESET) C:\Users\Sean\Desktop\esetsmartinstaller_enu.exe
2014-05-26 09:30 - 2014-05-26 09:30 - 02347384 _____ (ESET) C:\Users\Sean\Downloads\esetsmartinstaller_enu.exe
2014-05-26 09:25 - 2014-05-26 09:25 - 00001041 _____ () C:\Users\Sean\Desktop\MBscan.txt
2014-05-26 09:08 - 2014-05-28 22:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 09:08 - 2014-05-26 09:08 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-26 09:08 - 2014-05-26 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-26 09:08 - 2014-05-26 09:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-26 09:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-26 09:08 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-26 09:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-26 09:07 - 2014-05-26 09:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sean\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-25 12:43 - 2014-05-25 12:43 - 00854367 _____ () C:\Users\Sean\Downloads\SecurityCheck.exe
2014-05-25 12:43 - 2014-05-25 12:43 - 00854367 _____ () C:\Users\Sean\Desktop\SecurityCheck.exe
2014-05-25 12:39 - 2014-05-25 12:39 - 00059377 _____ () C:\Users\Sean\Desktop\Shortcut.txt
2014-05-25 12:39 - 2014-05-25 12:39 - 00029592 _____ () C:\Users\Sean\Desktop\Addition.txt
2014-05-25 12:38 - 2014-05-30 23:07 - 00042483 _____ () C:\Users\Sean\Desktop\FRST.txt
2014-05-25 12:37 - 2014-05-30 23:07 - 00000000 ____D () C:\FRST
2014-05-25 12:37 - 2014-05-25 12:34 - 02066944 _____ (Farbar) C:\Users\Sean\Desktop\FRST64.exe
2014-05-25 12:34 - 2014-05-25 12:34 - 02066944 _____ (Farbar) C:\Users\Sean\Downloads\FRST64.exe
2014-05-25 01:54 - 2014-04-19 05:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-05-25 01:54 - 2014-04-19 04:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-25 01:54 - 2014-04-19 04:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-25 01:54 - 2014-04-19 02:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-25 01:54 - 2014-04-19 02:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-25 01:54 - 2014-03-28 04:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-25 01:54 - 2014-03-28 02:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-25 01:53 - 2014-04-12 05:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-25 01:53 - 2014-04-12 05:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-25 01:53 - 2014-04-12 05:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-25 01:53 - 2014-04-12 05:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-25 01:53 - 2014-04-12 05:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-25 01:53 - 2014-04-12 05:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-25 01:53 - 2014-04-12 05:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-25 01:53 - 2014-04-12 05:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-25 01:53 - 2014-04-12 05:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-25 01:53 - 2014-04-12 05:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-25 01:53 - 2014-04-12 05:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-25 01:53 - 2014-04-12 03:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-25 01:53 - 2014-04-12 03:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-25 01:53 - 2014-04-12 03:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-25 01:53 - 2014-04-12 03:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-25 01:53 - 2014-04-12 03:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-25 01:53 - 2014-04-12 03:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-25 01:53 - 2014-04-12 03:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-25 01:53 - 2014-04-12 02:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-25 01:53 - 2014-03-28 15:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-25 01:53 - 2014-03-23 18:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-25 01:53 - 2014-03-10 23:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-25 01:53 - 2014-03-10 23:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-25 01:53 - 2014-03-10 20:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-25 01:53 - 2014-03-10 20:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-25 01:53 - 2014-03-10 20:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-25 01:53 - 2014-03-10 20:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-25 01:53 - 2014-03-10 20:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-25 01:53 - 2014-03-10 20:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-25 01:53 - 2014-03-10 20:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-25 01:53 - 2014-03-10 20:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-25 01:53 - 2014-03-10 20:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-25 01:53 - 2014-03-10 20:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-25 01:53 - 2014-03-10 20:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-25 01:53 - 2014-03-09 23:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-25 01:53 - 2014-03-09 21:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-25 01:53 - 2014-03-03 19:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-25 01:52 - 2014-05-06 01:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-25 01:52 - 2014-05-06 01:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-25 01:52 - 2014-05-05 23:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-25 01:52 - 2014-05-05 23:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-25 01:52 - 2014-05-05 23:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-25 01:52 - 2014-05-05 23:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-25 01:52 - 2014-03-28 04:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-25 01:52 - 2014-03-01 05:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-25 01:52 - 2014-03-01 05:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-25 01:52 - 2014-03-01 04:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-25 01:52 - 2014-03-01 02:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-25 01:52 - 2014-02-26 19:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-25 01:52 - 2014-02-26 19:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-25 01:52 - 2014-02-26 19:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-25 01:52 - 2014-02-26 19:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-25 01:52 - 2014-02-15 00:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
 
==================== One Month Modified Files and Folders =======
 
2014-05-30 23:07 - 2014-05-25 12:38 - 00042483 _____ () C:\Users\Sean\Desktop\FRST.txt
2014-05-30 23:07 - 2014-05-25 12:37 - 00000000 ____D () C:\FRST
2014-05-30 23:05 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-30 20:59 - 2014-04-11 11:15 - 01776106 _____ () C:\Windows\WindowsUpdate.log
2014-05-30 20:55 - 2013-12-18 00:12 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-30 20:50 - 2013-12-17 20:22 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E4100F29-2B99-45FE-BCB7-EFCEC2934E77}
2014-05-30 20:49 - 2013-12-21 18:52 - 00000000 ____D () C:\Users\Sean\AppData\Local\CrashDumps
2014-05-29 21:55 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
2014-05-28 22:45 - 2014-05-28 22:45 - 00003722 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-05-28 22:45 - 2014-05-28 22:45 - 00003476 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2014-05-28 22:45 - 2013-11-03 10:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-28 22:45 - 2012-07-26 03:28 - 00006638 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-28 22:40 - 2014-05-28 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-05-28 22:40 - 2013-12-18 00:12 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-28 22:40 - 2013-12-17 20:23 - 00000000 ___RD () C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-28 22:40 - 2013-12-17 20:23 - 00000000 ___RD () C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-28 22:40 - 2013-11-03 10:48 - 00003278 _____ () C:\Windows\System32\Tasks\Intel® Rapid Start Technology Manager
2014-05-28 22:39 - 2014-05-28 22:39 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-05-28 22:39 - 2013-12-21 09:12 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-28 22:39 - 2013-11-03 10:54 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-05-28 22:39 - 2012-08-03 18:23 - 00467102 _____ () C:\Windows\PFRO.log
2014-05-28 22:39 - 2012-07-26 04:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-28 22:39 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-28 22:39 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-28 22:39 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore
2014-05-28 22:39 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-28 22:39 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-28 22:39 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-28 22:39 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 22:39 - 2012-07-26 01:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-05-28 22:37 - 2014-05-26 09:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 22:33 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-26 09:30 - 2014-05-26 09:35 - 02347384 _____ (ESET) C:\Users\Sean\Desktop\esetsmartinstaller_enu.exe
2014-05-26 09:30 - 2014-05-26 09:30 - 02347384 _____ (ESET) C:\Users\Sean\Downloads\esetsmartinstaller_enu.exe
2014-05-26 09:25 - 2014-05-26 09:25 - 00001041 _____ () C:\Users\Sean\Desktop\MBscan.txt
2014-05-26 09:08 - 2014-05-26 09:08 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-26 09:08 - 2014-05-26 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-26 09:08 - 2014-05-26 09:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-26 09:08 - 2014-03-19 22:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 09:07 - 2014-05-26 09:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sean\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-26 08:47 - 2013-09-27 14:49 - 00000000 ____D () C:\ProgramData\WildTangent
2014-05-26 08:47 - 2013-09-27 14:49 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-05-25 12:43 - 2014-05-25 12:43 - 00854367 _____ () C:\Users\Sean\Downloads\SecurityCheck.exe
2014-05-25 12:43 - 2014-05-25 12:43 - 00854367 _____ () C:\Users\Sean\Desktop\SecurityCheck.exe
2014-05-25 12:39 - 2014-05-25 12:39 - 00059377 _____ () C:\Users\Sean\Desktop\Shortcut.txt
2014-05-25 12:39 - 2014-05-25 12:39 - 00029592 _____ () C:\Users\Sean\Desktop\Addition.txt
2014-05-25 12:34 - 2014-05-25 12:37 - 02066944 _____ (Farbar) C:\Users\Sean\Desktop\FRST64.exe
2014-05-25 12:34 - 2014-05-25 12:34 - 02066944 _____ (Farbar) C:\Users\Sean\Downloads\FRST64.exe
2014-05-25 04:02 - 2013-12-17 21:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-25 04:01 - 2013-12-17 21:48 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-25 04:01 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-25 01:56 - 2013-12-18 00:12 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-25 01:50 - 2013-12-18 00:12 - 00003880 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-25 01:50 - 2013-12-18 00:12 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-17 17:30 - 2013-12-17 20:35 - 00000000 ____D () C:\ProgramData\VIPRE
2014-05-15 19:52 - 2012-07-26 03:21 - 00039648 _____ () C:\Windows\setupact.log
2014-05-12 07:26 - 2014-05-26 09:08 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-26 09:08 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-26 09:08 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-06 01:14 - 2014-05-25 01:52 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 01:14 - 2014-05-25 01:52 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 23:48 - 2014-05-25 01:52 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:48 - 2014-05-25 01:52 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 23:37 - 2014-05-25 01:52 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 23:26 - 2014-05-25 01:52 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-01 16:37 - 2012-07-26 04:14 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 16:37 - 2012-07-26 04:14 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
Some content of TEMP:
====================
C:\Users\Sean\AppData\Local\Temp\Sys_Drivere.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe
[2014-05-25 01:53] - [2014-04-12 05:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== BCD ================================
 
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {18522d37-4496-11e3-be6e-806e6f6e6963}
                        {5eba50a6-44be-11e3-be74-806e6f6e6963}
                        {6a359694-449e-11e3-a91a-d8dc54c2cef8}
                        {6a359695-449e-11e3-a91a-d8dc54c2cef8}
timeout                 0
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
integrityservices       Enable
default                 {572bcd60-ffa7-11d9-aae0-0007e994107d}
resumeobject            {6a359699-449e-11e3-a91a-d8dc54c2cef8}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Firmware Application (101fffff)
-------------------------------
identifier              {18522d37-4496-11e3-be6e-806e6f6e6963}
description             Internal Hard Disk or Solid State Disk
 
Firmware Application (101fffff)
-------------------------------
identifier              {5eba50a6-44be-11e3-be74-806e6f6e6963}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
 
Firmware Application (101fffff)
-------------------------------
identifier              {6a359694-449e-11e3-a91a-d8dc54c2cef8}
description             USB Drive (UEFI)
 
Firmware Application (101fffff)
-------------------------------
identifier              {6a359695-449e-11e3-a91a-d8dc54c2cef8}
description             Internal CD/DVD ROM Drive (UEFI)
 
Firmware Application (101fffff)
-------------------------------
identifier              {6a359696-449e-11e3-a91a-d8dc54c2cef8}
description             Internal Hard Disk or Solid State Disk
 
Firmware Application (101fffff)
-------------------------------
identifier              {6a359698-449e-11e3-a91a-d8dc54c2cef8}
description             Internal Hard Disk or Solid State Disk
 
Firmware Application (101fffff)
-------------------------------
identifier              {91fda990-44be-11e3-8fce-806e6f6e6963}
description             Internal Hard Disk or Solid State Disk
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.efi
description             Windows 8
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {825c7daf-44a1-11e3-be72-00c2c603a94d}
integrityservices       Enable
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {6a359699-449e-11e3-a91a-d8dc54c2cef8}
nx                      OptIn
bootmenupolicy          Standard
 
Windows Boot Loader
-------------------
identifier              {825c7daf-44a1-11e3-be72-00c2c603a94d}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{825c7db0-44a1-11e3-be72-00c2c603a94d}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{825c7db0-44a1-11e3-be72-00c2c603a94d}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {6a359699-449e-11e3-a91a-d8dc54c2cef8}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {825c7daf-44a1-11e3-be72-00c2c603a94d}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-us
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {825c7db0-44a1-11e3-be72-00c2c603a94d}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
 
LastRegBack: 2014-05-29 19:48
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 01
Ran by Sean at 2014-05-30 23:07:50
Running from C:\Users\Sean\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
 
==================== Installed Programs ======================
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 10.1.0.1871 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.1.0.1871 - Bullzip)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.2.4128 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.3.2606 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6117 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.6.6117 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayLink Core Software (HKLM\...\{61A641A9-9CC7-421F-85CD-A8CDDEE4E3F2}) (Version: 7.4.51572.0 - DisplayLink Corp.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKCU\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 77) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{0FEE0C28-850D-4AC0-92E7-57D214134102}) (Version: 1.2.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Recovery Manager (x32 Version: 9.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6454.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3071 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1303-148929CC1385}) (Version: 3.0.1303.0326 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1008 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.7.1002 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.0.7.1002 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Smart Connect Technology 4.0 x64 (HKLM\...\{5D1D65C3-E6D3-4751-AEFD-CAB4E3EB85F2}) (Version: 4.0.41.2072 - Intel)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® WiDi (HKLM\...\{C605440F-2748-435F-9F29-EB1C8134856F}) (Version: 4.1.17.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.187 - McAfee, Inc.)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA Control Panel 311.41 (Version: 311.41 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.41 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21220 - Realtek Semiconductor Corp.)
SIDEKIQ (HKLM-x32\...\SIDEKIQ) (Version: 1.0.1 - EON Reality, Inc.)
SIDEKIQ (x32 Version: 1.0.1 - EON Reality, Inc.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
Validity WBF DDK (HKLM\...\{B80C52A3-7666-4068-A371-7867F51E68EB}) (Version: 4.5.122.0 - Validity Sensors, Inc.)
VIPRE Antivirus (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)
VIPRE Antivirus (x32 Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
05-05-2014 03:43:40 Scheduled Checkpoint
17-05-2014 23:48:20 Scheduled Checkpoint
25-05-2014 08:00:05 Windows Update
 
==================== Hosts content: ==========================
 
2012-07-26 01:26 - 2014-04-11 09:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0631470B-A96F-4CFB-BF6C-7C599B8E9FC5} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1B88B073-F253-4226-9898-B3C7D6DA87E6} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-01-17] (CyberLink)
Task: {1E5EE5C4-E3BE-4536-8E06-AA0BBC761DB9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN2BC9KGZ0 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {1FB05F33-CCCB-4590-A7F2-A60A5E36CCA2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-18] (Google Inc.)
Task: {22E83F24-FFA4-4F5E-AA1B-3FBA48963F4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {285BD172-E226-4CC4-9DC3-F960725AB675} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {67956219-A626-462E-B3EF-B60BDAC30DCC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-18] (Google Inc.)
Task: {69651B1F-B927-40BA-9998-A906C822B78E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {6E10C98F-21C6-40BD-8A34-3FC2F9D170F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe
Task: {9438A3B6-7BAA-4033-BC21-677493E185E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {A1D48298-66D6-4F0F-8CC7-739DB2CD81A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CDE01C21-1DAF-48D6-ADC5-9CC6FF894A48} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F0FAB14F-0F27-4CCE-A265-78A6CCDE5177} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-02-07] (Intel)
Task: {FBA9A09D-CA73-4917-AEF7-1C52BA2B460E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-02-13 14:35 - 2013-02-13 14:35 - 00180200 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-02-13 14:35 - 2013-02-13 14:35 - 00060392 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-03-19 18:21 - 2013-03-19 18:21 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2013-02-07 13:19 - 2013-02-07 13:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2013-12-17 22:10 - 2013-12-17 22:10 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-03-29 18:49 - 2014-03-29 18:49 - 00492544 _____ () C:\Users\Sean\AppData\Local\Packages\134D4F5B.Box_2qk4zy5s3qmee\AC\Microsoft\CLR_v4.0\NativeImages\Box.Agent.WinRT\096e4df5e46a5457e08c81c0a2d91baf\Box.Agent.WinRT.ni.dll
2014-03-29 18:49 - 2014-03-29 18:49 - 01062912 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\bcd2cf320a924534fb4ac8ee2e384f39\Windows.ApplicationModel.ni.dll
2014-03-29 18:49 - 2014-03-29 18:49 - 00152064 _____ () C:\Users\Sean\AppData\Local\Packages\134D4F5B.Box_2qk4zy5s3qmee\AC\Microsoft\CLR_v4.0\NativeImages\nVentive.Um114fe9fe#\99d385a0c5dcbe1c65cd7571a6e5e60b\nVentive.Umbrella.Services.Contract.WinRT.ni.dll
2014-03-29 18:49 - 2014-03-29 18:49 - 00201216 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.System\2a13aacfbb3ed3557a387a89b5616ef9\Windows.System.ni.dll
2014-03-29 18:50 - 2014-03-29 18:50 - 01328640 _____ () C:\Users\Sean\AppData\Local\Packages\134D4F5B.Box_2qk4zy5s3qmee\AC\Microsoft\CLR_v4.0\NativeImages\nVentive.Um9106121c#\4d7b31446da5c5dc28487f517fddfa80\nVentive.Umbrella.Web.WinRT.ni.dll
2014-03-29 18:49 - 2014-03-29 18:49 - 01121792 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Storage\738f3b9ed394a8767cc173192f31746b\Windows.Storage.ni.dll
2014-03-29 18:49 - 2014-03-29 18:49 - 00295936 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\674a093211b1f8a3e570f640741e3b98\Windows.Foundation.ni.dll
2014-03-29 18:49 - 2014-03-29 18:49 - 01179136 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\cce138051887d83dccffdc206031b09f\Windows.UI.ni.dll
2014-03-29 18:49 - 2014-03-29 18:49 - 00787456 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Networking\543e76ed6aca1b57287f8e67db0677fb\Windows.Networking.ni.dll
2014-03-29 18:49 - 2014-03-29 18:49 - 00351232 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\c355b610137057eab41db4660c5c19e1\Windows.Data.ni.dll
2012-02-20 23:26 - 2012-02-20 23:26 - 00160768 _____ () C:\Program Files (x86)\VIPRE\unrar.dll
2014-05-25 01:56 - 2014-05-13 19:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-25 01:56 - 2014-05-13 19:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2013-12-17 20:36 - 2014-05-04 10:26 - 00190752 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll
2013-12-17 20:36 - 2014-05-04 10:26 - 00178464 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll
2014-05-25 01:56 - 2014-05-13 19:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-25 01:56 - 2014-05-13 19:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-25 01:56 - 2014-05-13 19:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2013-11-03 10:47 - 2013-02-15 20:17 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/30/2014 09:12:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156
 
Error: (05/30/2014 09:12:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156
 
Error: (05/30/2014 09:12:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/30/2014 08:49:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McChHost.exe, version: 3.7.0.128, time stamp: 0x535937af
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x00051f81
Faulting process id: 0x1984
Faulting application start time: 0xMcChHost.exe0
Faulting application path: McChHost.exe1
Faulting module path: McChHost.exe2
Report Id: McChHost.exe3
Faulting package full name: McChHost.exe4
Faulting package-relative application ID: McChHost.exe5
 
Error: (05/29/2014 10:27:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1172
 
Error: (05/29/2014 10:27:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1172
 
Error: (05/29/2014 10:27:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/29/2014 10:19:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1062
 
Error: (05/29/2014 10:19:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1062
 
Error: (05/29/2014 10:19:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (05/28/2014 10:39:01 PM) (Source: DCOM) (EventID: 10010) (User: ENVY15)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (05/28/2014 10:39:01 PM) (Source: DCOM) (EventID: 10010) (User: ENVY15)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (05/25/2014 01:48:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error: 
%%1053
 
Error: (05/25/2014 01:48:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error: 
%%1053
 
Error: (05/25/2014 01:48:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
 
Error: (05/25/2014 01:48:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
 
Error: (05/25/2014 01:48:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
 
Error: (05/25/2014 01:48:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
 
Error: (05/25/2014 01:48:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
 
Error: (05/25/2014 01:48:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (05/30/2014 09:12:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156
 
Error: (05/30/2014 09:12:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156
 
Error: (05/30/2014 09:12:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/30/2014 08:49:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McChHost.exe3.7.0.128535937afntdll.dll6.2.9200.16578515fac6ec000000500051f81198401cf7ae7587ceebeC:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exeC:\Windows\SYSTEM32\ntdll.dll70642d4a-e85d-11e3-be8a-00c2c603a94d
 
Error: (05/29/2014 10:27:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1172
 
Error: (05/29/2014 10:27:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1172
 
Error: (05/29/2014 10:27:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/29/2014 10:19:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1062
 
Error: (05/29/2014 10:19:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1062
 
Error: (05/29/2014 10:19:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-04-11 09:50:24.064
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 29%
Total physical RAM: 8124.02 MB
Available physical RAM: 5688.18 MB
Total Pagefile: 9340.02 MB
Available Pagefile: 6743 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:671.73 GB) (Free:621.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:26.13 GB) (Free:2.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 1E1F4777)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 813802DA)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

#18
Valinorum
Posted 30 May 2014 - 10:18 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi RSFlorida, :)

This is odd. Your anti-virus file is showing infected. This may be the cause. But let's check just to be sure.
  • Step #8 Upload File(s) to Virus-Total
    I want you to upload the following suspicious file(s) to an online virus-scanner to scan.
    • Please go to www.virustotal.com
    • Click on Choose File;
    • Go to C:\Program Files (x86)\VIPRE\SBAMSvc.exe
    • Click on Open;
    • Click on Scan it;
    • Copy and Paste the link of the result page in your reply;
 
  • Step #9 SystemLook Search
    • Please download SystemLook by jpshortstuff to your Desktop from the suitable link below.
    • Right-click and choose Run as administrator;
    • In the search box, copy and pasted the following code in the code-box.
      :filefind
SBAMSvc.*
    • Click on Look;
    • After the scan a log will be opened;
    • Post the log in your next reply.
 
  • Required Log(s):
    • VirusTotal Link
    • SystemLook Scan
Regards,
Valinorum
  • 0

#19
RSFlorida
Posted 01 June 2014 - 10:56 AM

RSFlorida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
SystemLook 30.07.11 by jpshortstuff
Log created at 12:54 on 01/06/2014 by Sean
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "SBAMSvc.*"
C:\Program Files (x86)\VIPRE\SBAMSvc.dll --a---- 139152 bytes [02:02 06/09/2013] [02:02 06/09/2013] D647784EAFE895026FC93E3FCAE517AB
C:\Program Files (x86)\VIPRE\SBAMSvc.exe --a---- 3937472 bytes [02:32 06/09/2013] [02:32 06/09/2013] 2B6A9111B4C48E44692CB9ADD30629A5
C:\Windows\assembly\NativeImages_v4.0.30319_32\SBAMSvc\b85c1ae5217f148d708035a57c8d8f9f\SBAMSvc.ni.dll --a---- 367616 bytes [22:48 29/03/2014] [22:48 29/03/2014] 176C73E3D910CF1F79E333D60FE97996
C:\Windows\assembly\NativeImages_v4.0.30319_32\SBAMSvc\b85c1ae5217f148d708035a57c8d8f9f\SBAMSvc.ni.dll.aux --a---- 316 bytes [22:48 29/03/2014] [22:48 29/03/2014] B0FA17F3368B337EAF1C44E5757B6F59
C:\Windows\Prefetch\SBAMSVC.EXE-0049E13C.pf --a---- 119962 bytes [03:14 31/05/2014] [03:18 31/05/2014] CA15BE0FACD95A7A4508B64B0B4C12B2
 
-= EOF =-
 
 

  • 0

#20
Valinorum
Posted 02 June 2014 - 02:17 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi RSFlorida, :)

Can you uninstall VIPRE and re-install it? After re-installation perform a full scan. :)
  • Step #10 Fix with RogueKiller
    • Re-run RogueKiller. If you do not have it on your Desktop download it from the suitable link below.
    • Let the pre-scan finish. After that click on Scan and wait for the scan to finish;
    • Click on Delete;
    • Now again click on Scan and wait for the scan to finish;
    • Click on Report and a log file will open;
    • Copy and paste the whole content of that report in your next reply.
 
  • Required Log(s):
    • RogueKiller Report
Regards,
Valinorum
  • 0

#21
RSFlorida
Posted 04 June 2014 - 09:29 PM

RSFlorida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

i removed Vipre and downloaded anew.  Upon scanning, it quarantined Trojan.Win32.Generic!BT.

 

i then ran rogue killer from my desktop and it flagged Vipre again like the first time.  It prompted me to update the version and so i chose yes and went to site and then tried to download the update and then Vipre blocked the download and McAfee site advisor warned of a bad site.  From there the machine slowed down and i had to restart - it slowed the machine down to a crawl.  I then downloaded again from the geeks site and ran it per your instructions.  Here is the log...

 

RogueKiller V9.0.2.0 (x64) [Jun  3 2014] by Adlice Software
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Sean [Admin rights]
Mode : Scan -- Date : 06/04/2014  23:24:46
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 8 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-255613387-2719551760-702296935-1002\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-255613387-2719551760-702296935-1002\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  TOSHIBA MQ01ABD +++++
--- User ---
[MBR] fd9c45f893067b4140b808bdc8664c76
[BSP] f5d2fdebf049248a4e68d20ee572f3c3 : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!
 
+++++ PhysicalDrive1:  LITEONIT LMS-24 +++++
--- User ---
[MBR] 10368fd70e80283173c21b442e18739d
[BSP] 6b8b243d05837cb8c1580aa436cb30ee : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!
 
 
============================================
RKreport_SCN_05302014_232133.log - RKreport_SCN_06042014_231915.log - RKreport_DEL_06042014_231930.log - RKreport_SCN_06042014_231938.log
RKreport_DEL_06042014_231952.log

  • 0

#22
Valinorum
Posted 04 June 2014 - 09:35 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Re-run RougueKiller and cliok Scan. Make sure that everything is checked under the Registry tab. Now hit Delete. After that click Scan again and click Report to post here.
  • 0

#23
RSFlorida
Posted 05 June 2014 - 05:36 PM

RSFlorida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

The prescreen ran and flagged:   scrncap.exe

 

Here is the log....

 

RogueKiller V9.0.2.0 (x64) [Jun  3 2014] by Adlice Software
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Sean [Admin rights]
Mode : Scan -- Date : 06/05/2014  19:34:06
 
¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] scrncap.exe -- C:\Windows\TEMP\irstrtsv\scrncap.exe[-] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 8 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-255613387-2719551760-702296935-1002\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-255613387-2719551760-702296935-1002\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  TOSHIBA MQ01ABD +++++
--- User ---
[MBR] fd9c45f893067b4140b808bdc8664c76
[BSP] f5d2fdebf049248a4e68d20ee572f3c3 : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!
 
+++++ PhysicalDrive1:  LITEONIT LMS-24 +++++
--- User ---
[MBR] 10368fd70e80283173c21b442e18739d
[BSP] 6b8b243d05837cb8c1580aa436cb30ee : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!
 
 
============================================
RKreport_DEL_06042014_231930.log - RKreport_DEL_06042014_231952.log - RKreport_SCN_05302014_232133.log - RKreport_SCN_06042014_231915.log
RKreport_SCN_06042014_231938.log - RKreport_SCN_06042014_232446.log

  • 0

#24
Valinorum
Posted 05 June 2014 - 08:15 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
The suspicious path is legit. Let's try a different rootkit scanner to check the Zbot trace.
  • Step #11
    • Please download Malwarebytes Anti-Rootkit from here
    • Unzip the contents to a folder in a convenient location.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
 
  • Required Log(s):
    • MBAR Log
  • Regards,
    Valinorum

  • 0

#25
RSFlorida
Posted 05 June 2014 - 08:40 PM

RSFlorida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

got this...what to do?

Attached Thumbnails

  • Screenshot (3).png

  • 0

Advertisements

#26
Valinorum
Posted 05 June 2014 - 08:53 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Press Yes.
  • 0

#27
RSFlorida
Posted 05 June 2014 - 09:42 PM

RSFlorida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
No malware found!...
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
 
Database version: v2014.06.05.13
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16899
Sean :: ENVY15 [administrator]
 
6/5/2014 11:05:26 PM
mbar-log-2014-06-05 (23-05-26).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 329255
Time elapsed: 15 minute(s), 2 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
 
Database version: v2014.06.05.13
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16899
Sean :: ENVY15 [administrator]
 
6/5/2014 11:05:26 PM
mbar-log-2014-06-05 (23-05-26).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 329255
Time elapsed: 15 minute(s), 2 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 

  • 0

#28
Valinorum
Posted 05 June 2014 - 10:43 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Can you try a VIPRE scan again?
  • 0

#29
RSFlorida
Posted 06 June 2014 - 06:44 PM

RSFlorida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Vipre found nothing.


  • 0

#30
Valinorum
Posted 06 June 2014 - 10:11 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Are you facing any current issue?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP