david_einhorn

Members

View Profile See their activity

Posts
9
Joined
April 19, 2013
Last visited
May 5, 2013

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by david_einhorn

Infected, all of my online passwords stopped working/ Trojan:JS/Medfos.A

david_einhorn replied to david_einhorn's topic in Resolved Malware Removal Logs

You are right Maurice, the Ez Vid files that were tagged were the sole reason I actually made this topic. I downloaded it after checking with various websites, forum boards and I even checked with McAfee site advisor about their website. But turned out it it's indeed malicious.. And yeah, I've heard about how vulerable Java is and I guess I'll be using two browsers for now on. Firefox for basic browse and chrome for the one with Java. As for the scan, below is the log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.22.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 mantik :: MANTIK-HP [administrator] 5/3/2013 12:43:00 AM mbam-log-2013-05-03 (00-43-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 223042 Time elapsed: 6 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Thank you for you help so far Maurice, I really appreciate it!
- May 3, 2013
- 17 replies
- - password
  - malware
  - (and 3 more)
    Tagged with:
    
    password
    
    malware
    
    hack
    
    conduit search engine
    
    ezvid
Infected, all of my online passwords stopped working/ Trojan:JS/Medfos.A

david_einhorn replied to david_einhorn's topic in Resolved Malware Removal Logs

Hi Maurice, really sorry for the late response, here's the log of eset online scan: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK That's the only thing I found on the log, so I decided to copy the scan results here as well: C:\TDSSKiller_Quarantine\24.07.2012_16.22.56\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\24.07.2012_16.22.56\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\24.07.2012_16.22.56\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\24.07.2012_16.22.56\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\24.07.2012_16.22.56\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\24.07.2012_16.22.56\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\24.07.2012_16.22.56\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\24.07.2012_16.22.56\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\24.07.2012_17.06.43\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\24.07.2012_17.06.43\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\24.07.2012_17.06.43\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\24.07.2012_17.06.43\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\24.07.2012_17.06.43\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\24.07.2012_17.06.43\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\24.07.2012_17.06.43\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\24.07.2012_17.06.43\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined C:\Users\mantik\Downloads\EZVID_Setup (1).exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined C:\Users\mantik\Downloads\EZVID_Setup.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined C:\Users\mantik\Downloads\firstrowsportapp_setup(14).exe Win32/Adware.1ClickDownload.G application cleaned by deleting - quarantined C:\Users\mantik\Downloads\firstrowsportapp_setup(34).exe Win32/Adware.1ClickDownload.G application cleaned by deleting - quarantined
- April 30, 2013
- 17 replies
- - password
  - malware
  - (and 3 more)
    Tagged with:
    
    password
    
    malware
    
    hack
    
    conduit search engine
    
    ezvid
Infected, all of my online passwords stopped working/ Trojan:JS/Medfos.A

david_einhorn replied to david_einhorn's topic in Resolved Malware Removal Logs

Maurice, I ran the TFC as instructed, however, I was not able to run the MS Safety Scanner. It said it was not a valid win32 application. I downloaded the 64 bit version (my computer is a 64 bit system) and I also tried to it cut & paste it to desktop but it still won't load. Is there any other website to download it?
- April 24, 2013
- 17 replies
- - password
  - malware
  - (and 3 more)
    Tagged with:
    
    password
    
    malware
    
    hack
    
    conduit search engine
    
    ezvid
Infected, all of my online passwords stopped working/ Trojan:JS/Medfos.A

david_einhorn replied to david_einhorn's topic in Resolved Malware Removal Logs

Maurice, You are right, MBAM's full scan did find rootkits. Below are the logs: aswMBR log aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-04-21 21:33:02 ----------------------------- 21:33:02.163 OS Version: Windows x64 6.1.7601 Service Pack 1 21:33:02.163 Number of processors: 4 586 0x2A07 21:33:02.164 ComputerName: MANTIK-HP UserName: mantik 21:33:03.983 Initialize success 21:33:35.381 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 21:33:35.385 Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 3 21:33:35.485 Disk 0 MBR read successfully 21:33:35.489 Disk 0 MBR scan 21:33:35.495 Disk 0 Windows 7 default MBR code 21:33:35.501 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 21:33:35.514 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 584766 MB offset 409600 21:33:35.546 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21450 MB offset 1198010368 21:33:35.568 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4063 MB offset 1241939968 21:33:35.695 Disk 0 scanning C:\Windows\system32\drivers 21:33:43.485 Service scanning 21:34:01.853 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32 21:34:09.506 Modules scanning 21:34:09.525 Scan finished successfully 21:34:39.864 Disk 0 MBR has been saved successfully to "C:\Users\mantik\Desktop\MBR.dat" 21:34:39.869 The log file has been saved successfully to "C:\Users\mantik\Desktop\aswMBR.txt" Screen 317 log Results of screen317's Security Check version 0.99.62 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` McAfee SiteAdvisor Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 24 Java 6 Update 31 Java version out of Date! Adobe Flash Player 11.6.602.180 Adobe Reader 10.1.2 Adobe Reader out of Date! Mozilla Firefox (20.0.1) Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` MBAM log Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.22.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 mantik :: MANTIK-HP [administrator] 4/21/2013 10:16:27 PM mbam-log-2013-04-21 (22-16-27).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 466623 Time elapsed: 1 hour(s), 7 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\7DED.tmp.vir (Rootkit.ZeroAccess) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\7DEE.tmp.vir (Rootkit.ZeroAccess) -> Quarantined and deleted successfully. (end)
- April 22, 2013
- 17 replies
- - password
  - malware
  - (and 3 more)
    Tagged with:
    
    password
    
    malware
    
    hack
    
    conduit search engine
    
    ezvid
Infected, all of my online passwords stopped working/ Trojan:JS/Medfos.A

david_einhorn replied to david_einhorn's topic in Resolved Malware Removal Logs

Maurice, I did all the tasks per your instruction. I'm not sure about the system but I tried logging in to my skype, yahoo mail and and some of my online forum accounts and all my passwords are working now, which is such a relief. Below are the logs, hopefully my computer is 100% safe now Rkill: Rkill 2.4.7 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 04/20/2013 03:53:45 AM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [incorrect ImagePath] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 04/20/2013 03:54:04 AM Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s) JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.8.6 (04.19.2013:1) OS: Windows 7 Home Premium x64 Ran by mantik on Sat 04/20/2013 at 3:56:50.55 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{81017ea9-9aa8-4a6a-9734-7af40e7d593f} ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin.1 Successfully deleted: [Registry Key] hkey_current_user\software\pc optimizer pro Successfully deleted: [Registry Key] hkey_classes_root\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} ~~~ Files Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll Successfully deleted: [File] C:\Users\mantik\appdata\local\{701F1BB2-CC14-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul [Trojan:JS/Medfos.A] ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\mantik\appdata\local\{0D40B8E7-E4D1-4F4E-830D-CAA7D29CE358} Successfully deleted: [Empty Folder] C:\Users\mantik\appdata\local\{8DB60CA1-94FE-4281-930A-9E7B7ACC9B68} Successfully deleted: [Empty Folder] C:\Users\mantik\appdata\local\{F8E2C776-FDEA-4DEC-9EF0-C10163029E9F} Successfully deleted: [Folder] C:\Users\mantik\appdata\local\{701F1BB2-CC14-11E1-8270-B8AC6F996F26} [Trojan:JS/Medfos.A] ~~~ FireFox Emptied folder: C:\Users\mantik\AppData\Roaming\mozilla\firefox\profiles\aauyn24f.default\minidumps [8 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 04/20/2013 at 4:07:43.68 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Combofix log: ComboFix 13-04-20.01 - mantik 04/20/2013 4:22.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4054 [GMT -5:00] Running from: c:\users\mantik\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\go_0molg.pad c:\programdata\l_u0_0.pad c:\programdata\Microsoft\Windows\DRM\7DED.tmp c:\programdata\Microsoft\Windows\DRM\7DEE.tmp c:\users\mantik\AppData\Local\Temp\_MEI41402\_ctypes.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\_elementtree.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\_hashlib.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\_socket.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\_ssl.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\pyexpat.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\pysqlite2._sqlite.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\python27.dll c:\users\mantik\AppData\Local\Temp\_MEI41402\pythoncom27.dll c:\users\mantik\AppData\Local\Temp\_MEI41402\PyWinTypes27.dll c:\users\mantik\AppData\Local\Temp\_MEI41402\select.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\unicodedata.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\win32api.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\win32com.shell.shell.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\win32crypt.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\win32event.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\win32file.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\win32inet.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\win32pdh.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\win32process.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\win32profile.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\win32security.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\win32ts.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\windows._cacheinvalidation.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\wx._controls_.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\wx._core_.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\wx._gdi_.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\wx._html2.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\wx._misc_.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\wx._windows_.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\wx._wizard.pyd c:\users\mantik\AppData\Local\Temp\_MEI41402\wxbase294u_net_vc90.dll c:\users\mantik\AppData\Local\Temp\_MEI41402\wxbase294u_vc90.dll c:\users\mantik\AppData\Local\Temp\_MEI41402\wxmsw294u_adv_vc90.dll c:\users\mantik\AppData\Local\Temp\_MEI41402\wxmsw294u_core_vc90.dll c:\users\mantik\AppData\Local\Temp\_MEI41402\wxmsw294u_html_vc90.dll c:\users\mantik\AppData\Local\Temp\_MEI41402\wxmsw294u_webview_vc90.dll . . ((((((((((((((((((((((((( Files Created from 2013-03-20 to 2013-04-20 ))))))))))))))))))))))))))))))) . . 2013-04-20 08:56 . 2013-04-20 08:56 -------- d-----w- c:\windows\ERUNT 2013-04-20 08:55 . 2013-04-20 08:55 -------- d-----w- C:\JRT 2013-04-19 20:25 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31AB9ABE-1C4A-4B69-86CF-2B97B19207B7}\mpengine.dll 2013-04-19 18:58 . 2013-04-19 18:58 -------- d-----w- c:\program files (x86)\ERUNT 2013-04-18 20:53 . 2013-04-18 20:53 -------- d-----w- c:\programdata\AVS4YOU 2013-04-18 20:53 . 2013-04-18 20:53 -------- d-----w- c:\users\mantik\AppData\Roaming\AVS4YOU 2013-04-18 20:52 . 2013-04-18 20:52 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia 2013-04-18 20:52 . 2013-04-18 20:52 -------- d-----w- c:\program files (x86)\AVS4YOU 2013-04-18 20:52 . 2011-06-23 18:26 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll 2013-04-18 20:52 . 2011-06-23 18:25 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll 2013-04-18 20:47 . 2013-04-18 20:47 -------- d-----w- c:\users\mantik\AppData\Local\ezvid,_inc 2013-04-18 20:17 . 2013-04-18 20:28 -------- d-----w- c:\users\mantik\AppData\Local\WeatherBug 2013-04-18 20:17 . 2013-04-18 20:17 -------- d-----w- c:\users\mantik\AppData\Roaming\WeatherBug 2013-04-18 20:17 . 2013-04-18 20:17 -------- d-----w- c:\program files (x86)\AWS 2013-04-18 20:16 . 2013-04-18 20:16 -------- d-----w- c:\users\mantik\AppData\Local\CRE 2013-04-10 04:22 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-04-10 04:22 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 04:22 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-10 04:22 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-10 04:22 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-10 04:22 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-10 04:22 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-10 04:22 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-10 04:22 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe 2013-04-07 05:49 . 2013-04-07 05:49 -------- d-----w- c:\program files (x86)\Common Files\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-11 14:22 . 2011-05-31 16:18 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2013-04-10 08:02 . 2012-12-05 18:52 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-03-19 09:24 . 2013-03-19 07:51 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-19 09:24 . 2011-07-17 01:27 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-19 08:02 . 2013-03-19 08:02 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-19 08:02 . 2013-03-19 08:02 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-19 08:02 . 2013-03-19 08:02 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-19 08:02 . 2013-03-19 08:02 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-19 08:02 . 2013-03-19 08:02 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-19 08:02 . 2013-03-19 08:02 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-19 08:02 . 2013-03-19 08:02 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-19 08:02 . 2013-03-19 08:02 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-19 08:02 . 2013-03-19 08:02 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-19 08:02 . 2013-03-19 08:02 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-19 08:02 . 2013-03-19 08:02 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-19 08:02 . 2013-03-19 08:02 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-19 08:02 . 2013-03-19 08:02 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-19 08:02 . 2013-03-19 08:02 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-19 08:02 . 2013-03-19 08:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-19 08:02 . 2013-03-19 08:02 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-19 08:02 . 2013-03-19 08:02 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-19 08:02 . 2013-03-19 08:02 441856 ----a-w- c:\windows\system32\html.iec 2013-03-19 08:02 . 2013-03-19 08:02 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-19 08:02 . 2013-03-19 08:02 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-19 08:02 . 2013-03-19 08:02 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-19 08:02 . 2013-03-19 08:02 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-19 08:02 . 2013-03-19 08:02 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-19 08:02 . 2013-03-19 08:02 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-19 08:02 . 2013-03-19 08:02 235008 ----a-w- c:\windows\system32\url.dll 2013-03-19 08:02 . 2013-03-19 08:02 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-19 08:02 . 2013-03-19 08:02 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-19 08:02 . 2013-03-19 08:02 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-19 08:02 . 2013-03-19 08:02 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-19 08:02 . 2013-03-19 08:02 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-19 08:02 . 2013-03-19 08:02 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-19 08:02 . 2013-03-19 08:02 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-19 08:02 . 2013-03-19 08:02 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-19 08:02 . 2013-03-19 08:02 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-19 08:02 . 2013-03-19 08:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-19 08:02 . 2013-03-19 08:02 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-19 08:02 . 2013-03-19 08:02 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-19 08:02 . 2013-03-19 08:02 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-19 08:02 . 2013-03-19 08:02 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-19 08:02 . 2013-03-19 08:02 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-19 08:02 . 2013-03-19 08:02 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-19 08:02 . 2013-03-19 08:02 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-19 08:02 . 2013-03-19 08:02 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-19 08:02 . 2013-03-19 08:02 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-19 08:02 . 2013-03-19 08:02 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-19 08:02 . 2013-03-19 08:02 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-19 08:02 . 2013-03-19 08:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-19 08:02 . 2013-03-19 08:02 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-19 08:02 . 2013-03-19 08:02 102912 ----a-w- c:\windows\system32\inseng.dll 2013-03-12 06:10 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe 2013-02-25 00:49 . 2013-02-25 00:49 110080 ----a-r- c:\users\mantik\AppData\Roaming\Microsoft\Installer\{28DE691E-A3FE-4361-B240-9C7EFA3805DA}\IconF7A21AF7.exe 2013-02-25 00:49 . 2013-02-25 00:49 110080 ----a-r- c:\users\mantik\AppData\Roaming\Microsoft\Installer\{28DE691E-A3FE-4361-B240-9C7EFA3805DA}\IconD7F16134.exe 2013-02-25 00:49 . 2013-02-25 00:49 110080 ----a-r- c:\users\mantik\AppData\Roaming\Microsoft\Installer\{28DE691E-A3FE-4361-B240-9C7EFA3805DA}\Icon1226A4C5.exe 2013-02-12 05:45 . 2013-03-13 21:44 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 21:44 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 21:44 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 21:44 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 21:44 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 21:44 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-20 20:16 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\mantik\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\mantik\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\mantik\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\mantik\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-03-07 19357112] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024] "Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2012-11-20 1653760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-04-08 586808] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-06-13 336440] "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-05-31 1342008] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-09-18 296096] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] . c:\users\mantik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\mantik\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 246368] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-03-29 29808] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-25 337512] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-10 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [2011-05-16 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [2012-05-22 1129120] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2011-12-01 1157240] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [2012-06-07 167072] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-17 279616] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120210.002\IDSvia64.sys [2011-12-15 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [2012-04-18 190072] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [2012-04-18 405624] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-25 260424] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-04-08 26680] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-12-04 103472] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [2012-06-16 138272] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936] . . Contents of the 'Scheduled Tasks' folder . 2013-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 09:24] . 2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-05 07:56] . 2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-05 07:56] . 2013-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903844174-127359237-2735500901-1000Core.job - c:\users\mantik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-10 06:01] . 2013-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903844174-127359237-2735500901-1000UA.job - c:\users\mantik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-10 06:01] . 2013-04-15 c:\windows\Tasks\HPCeeScheduleFormantik.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\mantik\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\mantik\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\mantik\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\mantik\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-03-07 21:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-03-07 21:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-03-07 21:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-03-07 21:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130209,17117,0,18,0 uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;<local> IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 10.1.10.1 192.168.1.1 FF - ProfilePath - c:\users\mantik\AppData\Roaming\Mozilla\Firefox\Profiles\aauyn24f.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= . - - - - ORPHANS REMOVED - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-sl-dlc - c:\program files (x86)\OApps\sl-dlc_uninstall.exe AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*] @=hex:bb,d9,b6,73,94,60,cd,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*] @=hex:62,87,e7,73,94,60,cd,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*] @=hex:3a,d4,4f,70,94,60,cd,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Completion time: 2013-04-20 04:58:52 - machine was rebooted ComboFix-quarantined-files.txt 2013-04-20 09:58 . Pre-Run: 433,123,741,696 bytes free Post-Run: 434,421,231,616 bytes free . - - End Of File - - FC9E719295792EAC808DFED9F2996609
- April 20, 2013
- 17 replies
- - password
  - malware
  - (and 3 more)
    Tagged with:
    
    password
    
    malware
    
    hack
    
    conduit search engine
    
    ezvid
Infected, all of my online passwords stopped working/ Trojan:JS/Medfos.A

david_einhorn replied to david_einhorn's topic in Resolved Malware Removal Logs

Maurice, The Rogue Killer worked but it seemed like it only deleted 2 out of the 3 disableregistrytools. Rogue Killer Report: RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : mantik [Admin rights] Mode : Remove -- Date : 04/19/2013 16:42:48 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547564A9E384 +++++ --- User --- [MBR] 9dc9b0ca9e93bcac8bae42a07bd88afe [bSP] 82112811282040d6543f26e603ab8fd6 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 584766 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1198010368 | Size: 21450 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1241939968 | Size: 4063 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] b19f9ae0b6b3bbf81970b536b60a4b53 [bSP] 82112811282040d6543f26e603ab8fd6 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo 1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo 2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo 3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 1000 Mo Finished : << RKreport[3]_D_04192013_02d1642.txt >> RKreport[1]_S_04192013_02d1424.txt ; RKreport[2]_S_04192013_02d1641.txt ; RKreport[3]_D_04192013_02d1642.txt For the Adwcleaner, after reboot I got a pop up that said this: Error saving file C:\Windows\ERDNT\AutoBackup\4-19-2013\SAM! Continue with next file [RegCreateKeyEx:5 - Access is denied] Yes/No I tried clicking on Yes but it kept poping up so I clicked no in the end. Below is the log: # AdwCleaner v2.200 - Logfile created 04/19/2013 at 16:47:36 # Updated 02/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : mantik - MANTIK-HP # Boot Mode : Normal # Running from : C:\Users\mantik\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : DefaultTabUpdate ***** [Files / Folders] ***** File Deleted : C:\END File Deleted : C:\Users\mantik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage File Deleted : C:\Users\mantik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal Folder Deleted : C:\Program Files (x86)\OApps Folder Deleted : C:\ProgramData\APN Folder Deleted : C:\Users\mantik\AppData\LocalLow\Conduit Folder Deleted : C:\Users\mantik\AppData\Roaming\DefaultTab Folder Deleted : C:\Users\mantik\AppData\Roaming\Mozilla\Firefox\Profiles\aauyn24f.default\extensions\plugin@selectionlinks.com ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\Default Tab Key Deleted : HKCU\Software\DefaultTab Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD Key Deleted : HKLM\Software\Default Tab Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (en-US) File : C:\Users\mantik\AppData\Roaming\Mozilla\Firefox\Profiles\aauyn24f.default\prefs.js C:\Users\mantik\AppData\Roaming\Mozilla\Firefox\Profiles\aauyn24f.default\user.js ... Deleted ! [OK] File is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\mantik\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.2603] : homepage = "hxxp://search.conduit.com/?ctid=CT3290238&SearchSource=48&CUI=UN34933723791385137&UM[...] ************************* AdwCleaner[R1].txt - [5247 octets] - [19/04/2013 14:03:51] AdwCleaner[s1].txt - [5102 octets] - [19/04/2013 16:47:36] ########## EOF - C:\AdwCleaner[s1].txt - [5162 octets] ##########
- April 19, 2013
- 17 replies
- - password
  - malware
  - (and 3 more)
    Tagged with:
    
    password
    
    malware
    
    hack
    
    conduit search engine
    
    ezvid
Infected, all of my online passwords stopped working/ Trojan:JS/Medfos.A

david_einhorn replied to david_einhorn's topic in Resolved Malware Removal Logs

Thank you for your help Maurice, here are the requested logs: AdwCleaner R1 : # AdwCleaner v2.200 - Logfile created 04/19/2013 at 14:03:51 # Updated 02/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : mantik - MANTIK-HP # Boot Mode : Normal # Running from : C:\Users\mantik\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** Found : DefaultTabUpdate ***** [Files / Folders] ***** File Found : C:\END File Found : C:\Users\mantik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage File Found : C:\Users\mantik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal Folder Found : C:\Program Files (x86)\OApps Folder Found : C:\ProgramData\APN Folder Found : C:\Users\mantik\AppData\LocalLow\Conduit Folder Found : C:\Users\mantik\AppData\Roaming\DefaultTab Folder Found : C:\Users\mantik\AppData\Roaming\Mozilla\Firefox\Profiles\aauyn24f.default\extensions\plugin@selectionlinks.com ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\AppDataLow\Software\DefaultTab Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\Cr_Installer Key Found : HKCU\Software\Default Tab Key Found : HKCU\Software\DefaultTab Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Found : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD Key Found : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD Key Found : HKLM\Software\Default Tab Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKU\S-1-5-21-3903844174-127359237-2735500901-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (en-US) File : C:\Users\mantik\AppData\Roaming\Mozilla\Firefox\Profiles\aauyn24f.default\prefs.js [OK] File is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\mantik\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.2603] : homepage = "hxxp://search.conduit.com/?ctid=CT3290238&SearchSource=48&CUI=UN34933723791385137&UM=2", ************************* AdwCleaner[R1].txt - [5126 octets] - [19/04/2013 14:03:51] ########## EOF - C:\AdwCleaner[R1].txt - [5186 octets] ########## TDSSKILLER Log: 14:17:14.0859 1560 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 14:17:15.0401 1560 ============================================================ 14:17:15.0401 1560 Current date / time: 2013/04/19 14:17:15.0401 14:17:15.0401 1560 SystemInfo: 14:17:15.0401 1560 14:17:15.0401 1560 OS Version: 6.1.7601 ServicePack: 1.0 14:17:15.0401 1560 Product type: Workstation 14:17:15.0401 1560 ComputerName: MANTIK-HP 14:17:15.0401 1560 UserName: mantik 14:17:15.0401 1560 Windows directory: C:\Windows 14:17:15.0401 1560 System windows directory: C:\Windows 14:17:15.0401 1560 Running under WOW64 14:17:15.0401 1560 Processor architecture: Intel x64 14:17:15.0401 1560 Number of processors: 4 14:17:15.0401 1560 Page size: 0x1000 14:17:15.0401 1560 Boot type: Normal boot 14:17:15.0401 1560 ============================================================ 14:17:15.0976 1560 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:17:15.0981 1560 ============================================================ 14:17:15.0981 1560 \Device\Harddisk0\DR0: 14:17:15.0981 1560 MBR partitions: 14:17:15.0981 1560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 14:17:15.0981 1560 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x4761F000 14:17:15.0981 1560 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x47683000, BlocksNum 0x29E5000 14:17:15.0981 1560 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A068000, BlocksNum 0x7EFAB0 14:17:15.0981 1560 ============================================================ 14:17:16.0021 1560 C: <-> \Device\Harddisk0\DR0\Partition2 14:17:16.0065 1560 D: <-> \Device\Harddisk0\DR0\Partition3 14:17:16.0083 1560 E: <-> \Device\Harddisk0\DR0\Partition4 14:17:16.0083 1560 ============================================================ 14:17:16.0083 1560 Initialize success 14:17:16.0083 1560 ============================================================ 14:17:20.0456 1516 ============================================================ 14:17:20.0456 1516 Scan started 14:17:20.0456 1516 Mode: Manual; 14:17:20.0456 1516 ============================================================ 14:17:20.0908 1516 ================ Scan system memory ======================== 14:17:20.0909 1516 System memory - ok 14:17:20.0910 1516 ================ Scan services ============================= 14:17:21.0245 1516 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 14:17:21.0252 1516 1394ohci - ok 14:17:21.0338 1516 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys 14:17:21.0340 1516 Accelerometer - ok 14:17:21.0448 1516 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 14:17:21.0460 1516 ACPI - ok 14:17:21.0493 1516 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 14:17:21.0495 1516 AcpiPmi - ok 14:17:21.0589 1516 [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe 14:17:21.0594 1516 AdobeActiveFileMonitor9.0 - ok 14:17:21.0731 1516 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 14:17:21.0733 1516 AdobeARMservice - ok 14:17:21.0908 1516 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 14:17:21.0912 1516 AdobeFlashPlayerUpdateSvc - ok 14:17:21.0959 1516 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 14:17:21.0971 1516 adp94xx - ok 14:17:22.0036 1516 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 14:17:22.0044 1516 adpahci - ok 14:17:22.0069 1516 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 14:17:22.0073 1516 adpu320 - ok 14:17:22.0105 1516 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:17:22.0107 1516 AeLookupSvc - ok 14:17:22.0174 1516 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe 14:17:22.0175 1516 AESTFilters - ok 14:17:22.0219 1516 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 14:17:22.0228 1516 AFD - ok 14:17:22.0265 1516 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 14:17:22.0268 1516 agp440 - ok 14:17:22.0311 1516 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 14:17:22.0313 1516 ALG - ok 14:17:22.0347 1516 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 14:17:22.0349 1516 aliide - ok 14:17:22.0362 1516 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 14:17:22.0364 1516 amdide - ok 14:17:22.0413 1516 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 14:17:22.0415 1516 AmdK8 - ok 14:17:22.0437 1516 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 14:17:22.0439 1516 AmdPPM - ok 14:17:22.0478 1516 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 14:17:22.0482 1516 amdsata - ok 14:17:22.0518 1516 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 14:17:22.0522 1516 amdsbs - ok 14:17:22.0535 1516 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 14:17:22.0537 1516 amdxata - ok 14:17:22.0585 1516 [ 5F87E363F83E8A6F5606991C256F703A ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys 14:17:22.0593 1516 ApfiltrService - ok 14:17:22.0634 1516 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 14:17:22.0637 1516 AppID - ok 14:17:22.0666 1516 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 14:17:22.0668 1516 AppIDSvc - ok 14:17:22.0682 1516 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 14:17:22.0684 1516 Appinfo - ok 14:17:22.0782 1516 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 14:17:22.0785 1516 Apple Mobile Device - ok 14:17:22.0868 1516 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 14:17:22.0871 1516 arc - ok 14:17:22.0909 1516 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 14:17:22.0912 1516 arcsas - ok 14:17:22.0935 1516 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:17:22.0937 1516 AsyncMac - ok 14:17:22.0965 1516 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 14:17:22.0966 1516 atapi - ok 14:17:23.0013 1516 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:17:23.0024 1516 AudioEndpointBuilder - ok 14:17:23.0036 1516 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 14:17:23.0043 1516 AudioSrv - ok 14:17:23.0072 1516 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 14:17:23.0074 1516 AxInstSV - ok 14:17:23.0114 1516 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 14:17:23.0121 1516 b06bdrv - ok 14:17:23.0160 1516 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 14:17:23.0165 1516 b57nd60a - ok 14:17:23.0263 1516 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe 14:17:23.0268 1516 BBSvc - ok 14:17:23.0292 1516 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe 14:17:23.0296 1516 BBUpdate - ok 14:17:23.0351 1516 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 14:17:23.0373 1516 BCM43XX - ok 14:17:23.0408 1516 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 14:17:23.0410 1516 BDESVC - ok 14:17:23.0448 1516 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 14:17:23.0450 1516 Beep - ok 14:17:23.0504 1516 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 14:17:23.0515 1516 BFE - ok 14:17:23.0690 1516 [ 1D757A7E020C577C4259A755F21B7152 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120207.003\BHDrvx64.sys 14:17:23.0712 1516 BHDrvx64 - ok 14:17:23.0744 1516 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 14:17:23.0757 1516 BITS - ok 14:17:23.0794 1516 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 14:17:23.0796 1516 blbdrive - ok 14:17:23.0849 1516 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 14:17:23.0856 1516 Bonjour Service - ok 14:17:23.0882 1516 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:17:23.0884 1516 bowser - ok 14:17:23.0909 1516 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 14:17:23.0911 1516 BrFiltLo - ok 14:17:23.0923 1516 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 14:17:23.0924 1516 BrFiltUp - ok 14:17:23.0978 1516 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 14:17:23.0981 1516 BridgeMP - ok 14:17:24.0033 1516 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 14:17:24.0037 1516 Browser - ok 14:17:24.0070 1516 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 14:17:24.0077 1516 Brserid - ok 14:17:24.0107 1516 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 14:17:24.0110 1516 BrSerWdm - ok 14:17:24.0129 1516 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 14:17:24.0131 1516 BrUsbMdm - ok 14:17:24.0151 1516 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 14:17:24.0153 1516 BrUsbSer - ok 14:17:24.0179 1516 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 14:17:24.0181 1516 BTHMODEM - ok 14:17:24.0217 1516 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 14:17:24.0219 1516 bthserv - ok 14:17:24.0306 1516 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys 14:17:24.0311 1516 ccSet_NIS - ok 14:17:24.0349 1516 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:17:24.0353 1516 cdfs - ok 14:17:24.0388 1516 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 14:17:24.0392 1516 cdrom - ok 14:17:24.0428 1516 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 14:17:24.0431 1516 CertPropSvc - ok 14:17:24.0461 1516 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 14:17:24.0463 1516 circlass - ok 14:17:24.0511 1516 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 14:17:24.0519 1516 CLFS - ok 14:17:24.0580 1516 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:17:24.0582 1516 clr_optimization_v2.0.50727_32 - ok 14:17:24.0647 1516 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:17:24.0650 1516 clr_optimization_v2.0.50727_64 - ok 14:17:24.0738 1516 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:17:24.0742 1516 clr_optimization_v4.0.30319_32 - ok 14:17:24.0802 1516 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:17:24.0807 1516 clr_optimization_v4.0.30319_64 - ok 14:17:24.0904 1516 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys 14:17:24.0907 1516 clwvd - ok 14:17:24.0927 1516 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 14:17:24.0929 1516 CmBatt - ok 14:17:24.0944 1516 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:17:24.0946 1516 cmdide - ok 14:17:24.0988 1516 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 14:17:24.0995 1516 CNG - ok 14:17:25.0034 1516 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 14:17:25.0036 1516 Compbatt - ok 14:17:25.0068 1516 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 14:17:25.0070 1516 CompositeBus - ok 14:17:25.0088 1516 COMSysApp - ok 14:17:25.0104 1516 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 14:17:25.0105 1516 crcdisk - ok 14:17:25.0150 1516 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:17:25.0153 1516 CryptSvc - ok 14:17:25.0200 1516 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 14:17:25.0210 1516 DcomLaunch - ok 14:17:25.0383 1516 [ 34AE0DFA3EE3B5B9975042D87332D0B7 ] DefaultTabUpdate C:\Users\mantik\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe 14:17:25.0386 1516 DefaultTabUpdate - ok 14:17:25.0406 1516 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 14:17:25.0410 1516 defragsvc - ok 14:17:25.0444 1516 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:17:25.0446 1516 DfsC - ok 14:17:25.0486 1516 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 14:17:25.0491 1516 Dhcp - ok 14:17:25.0554 1516 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 14:17:25.0555 1516 discache - ok 14:17:25.0688 1516 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 14:17:25.0691 1516 Disk - ok 14:17:25.0718 1516 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:17:25.0724 1516 Dnscache - ok 14:17:25.0756 1516 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 14:17:25.0760 1516 dot3svc - ok 14:17:25.0774 1516 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 14:17:25.0777 1516 DPS - ok 14:17:25.0803 1516 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:17:25.0804 1516 drmkaud - ok 14:17:25.0855 1516 [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 14:17:25.0859 1516 dtsoftbus01 - ok 14:17:25.0890 1516 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:17:25.0903 1516 DXGKrnl - ok 14:17:25.0938 1516 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 14:17:25.0941 1516 EapHost - ok 14:17:26.0056 1516 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 14:17:26.0152 1516 ebdrv - ok 14:17:26.0194 1516 [ 0C3F9EFF8DDD9F9EB56D754B4620155F ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 14:17:26.0203 1516 eeCtrl - ok 14:17:26.0247 1516 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 14:17:26.0249 1516 EFS - ok 14:17:26.0312 1516 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 14:17:26.0323 1516 ehRecvr - ok 14:17:26.0363 1516 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 14:17:26.0365 1516 ehSched - ok 14:17:26.0416 1516 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 14:17:26.0423 1516 elxstor - ok 14:17:26.0459 1516 [ 8C0F9B877BC0B7FFD327EF55F9EFB642 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 14:17:26.0461 1516 EraserUtilRebootDrv - ok 14:17:26.0481 1516 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 14:17:26.0482 1516 ErrDev - ok 14:17:26.0512 1516 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 14:17:26.0518 1516 EventSystem - ok 14:17:26.0604 1516 [ 54FC81B0162478A72A93DBBEAFB35671 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 14:17:26.0620 1516 EvtEng - ok 14:17:26.0647 1516 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 14:17:26.0650 1516 exfat - ok 14:17:26.0665 1516 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:17:26.0667 1516 fastfat - ok 14:17:26.0710 1516 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 14:17:26.0718 1516 Fax - ok 14:17:26.0746 1516 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 14:17:26.0747 1516 fdc - ok 14:17:26.0769 1516 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 14:17:26.0770 1516 fdPHost - ok 14:17:26.0794 1516 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 14:17:26.0795 1516 FDResPub - ok 14:17:26.0825 1516 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:17:26.0828 1516 FileInfo - ok 14:17:26.0843 1516 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:17:26.0845 1516 Filetrace - ok 14:17:26.0918 1516 [ D778107D7C2A19D7E7A884A9F0D79581 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 14:17:26.0932 1516 FLEXnet Licensing Service - ok 14:17:26.0965 1516 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 14:17:26.0966 1516 flpydisk - ok 14:17:26.0985 1516 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:17:26.0989 1516 FltMgr - ok 14:17:27.0051 1516 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 14:17:27.0068 1516 FontCache - ok 14:17:27.0111 1516 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:17:27.0113 1516 FontCache3.0.0.0 - ok 14:17:27.0183 1516 [ 6AA4E6B4EA50620AB622A048394C4AA2 ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe 14:17:27.0189 1516 FPLService - ok 14:17:27.0220 1516 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 14:17:27.0221 1516 FsDepends - ok 14:17:27.0256 1516 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:17:27.0257 1516 Fs_Rec - ok 14:17:27.0293 1516 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 14:17:27.0295 1516 fvevol - ok 14:17:27.0315 1516 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 14:17:27.0317 1516 gagp30kx - ok 14:17:27.0370 1516 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 14:17:27.0373 1516 GamesAppService - ok 14:17:27.0425 1516 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 14:17:27.0426 1516 GEARAspiWDM - ok 14:17:27.0471 1516 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 14:17:27.0482 1516 gpsvc - ok 14:17:27.0594 1516 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:17:27.0597 1516 gupdate - ok 14:17:27.0616 1516 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:17:27.0619 1516 gupdatem - ok 14:17:27.0681 1516 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 14:17:27.0685 1516 gusvc - ok 14:17:27.0720 1516 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 14:17:27.0722 1516 hcw85cir - ok 14:17:27.0762 1516 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:17:27.0771 1516 HdAudAddService - ok 14:17:27.0813 1516 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 14:17:27.0815 1516 HDAudBus - ok 14:17:27.0835 1516 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 14:17:27.0836 1516 HidBatt - ok 14:17:27.0855 1516 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 14:17:27.0856 1516 HidBth - ok 14:17:27.0886 1516 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 14:17:27.0888 1516 HidIr - ok 14:17:27.0911 1516 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 14:17:27.0913 1516 hidserv - ok 14:17:27.0945 1516 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 14:17:27.0947 1516 HidUsb - ok 14:17:27.0988 1516 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 14:17:27.0992 1516 hkmsvc - ok 14:17:28.0018 1516 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 14:17:28.0024 1516 HomeGroupListener - ok 14:17:28.0057 1516 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 14:17:28.0063 1516 HomeGroupProvider - ok 14:17:28.0134 1516 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 14:17:28.0137 1516 HP Support Assistant Service - ok 14:17:28.0185 1516 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 14:17:28.0193 1516 HPClientSvc - ok 14:17:28.0236 1516 [ C958976C7DAAF47084A33EBBC6E28B84 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 14:17:28.0239 1516 HPDrvMntSvc.exe - ok 14:17:28.0283 1516 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys 14:17:28.0285 1516 hpdskflt - ok 14:17:28.0342 1516 [ 09FBD4C4DB2FD84B9AB1C5BFDCC95559 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 14:17:28.0359 1516 hpqwmiex - ok 14:17:28.0392 1516 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 14:17:28.0394 1516 HpSAMD - ok 14:17:28.0417 1516 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe 14:17:28.0419 1516 hpsrv - ok 14:17:28.0468 1516 [ 28E15C3D39DCD27A79251BA0BF216A11 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 14:17:28.0470 1516 HPWMISVC - ok 14:17:28.0510 1516 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:17:28.0522 1516 HTTP - ok 14:17:28.0543 1516 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 14:17:28.0545 1516 hwpolicy - ok 14:17:28.0577 1516 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 14:17:28.0580 1516 i8042prt - ok 14:17:28.0621 1516 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 14:17:28.0628 1516 iaStor - ok 14:17:28.0694 1516 [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 14:17:28.0695 1516 IAStorDataMgrSvc - ok 14:17:28.0725 1516 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 14:17:28.0738 1516 iaStorV - ok 14:17:28.0869 1516 [ 3A0FF117B4ADC5ABE4D968E26A337158 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe 14:17:28.0913 1516 IconMan_R - ok 14:17:28.0964 1516 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:17:28.0976 1516 idsvc - ok 14:17:29.0025 1516 [ 18C40C3F368323B203ACE403CB430DB1 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120210.002\IDSvia64.sys 14:17:29.0031 1516 IDSVia64 - ok 14:17:29.0300 1516 [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 14:17:29.0525 1516 igfx - ok 14:17:29.0568 1516 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 14:17:29.0569 1516 iirsp - ok 14:17:29.0599 1516 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 14:17:29.0611 1516 IKEEXT - ok 14:17:29.0656 1516 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys 14:17:29.0657 1516 intaud_WaveExtensible - ok 14:17:29.0690 1516 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 14:17:29.0695 1516 IntcDAud - ok 14:17:29.0712 1516 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 14:17:29.0714 1516 intelide - ok 14:17:29.0723 1516 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 14:17:29.0724 1516 intelppm - ok 14:17:29.0743 1516 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 14:17:29.0745 1516 IPBusEnum - ok 14:17:29.0775 1516 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:17:29.0777 1516 IpFilterDriver - ok 14:17:29.0822 1516 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 14:17:29.0836 1516 iphlpsvc - ok 14:17:29.0855 1516 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 14:17:29.0857 1516 IPMIDRV - ok 14:17:29.0889 1516 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 14:17:29.0891 1516 IPNAT - ok 14:17:29.0982 1516 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 14:17:29.0997 1516 iPod Service - ok 14:17:30.0022 1516 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:17:30.0025 1516 IRENUM - ok 14:17:30.0044 1516 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:17:30.0046 1516 isapnp - ok 14:17:30.0074 1516 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 14:17:30.0079 1516 iScsiPrt - ok 14:17:30.0104 1516 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys 14:17:30.0106 1516 iwdbus - ok 14:17:30.0142 1516 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe 14:17:30.0146 1516 jhi_service - ok 14:17:30.0174 1516 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 14:17:30.0176 1516 kbdclass - ok 14:17:30.0202 1516 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 14:17:30.0203 1516 kbdhid - ok 14:17:30.0233 1516 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 14:17:30.0235 1516 KeyIso - ok 14:17:30.0259 1516 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:17:30.0261 1516 KSecDD - ok 14:17:30.0299 1516 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 14:17:30.0302 1516 KSecPkg - ok 14:17:30.0321 1516 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 14:17:30.0323 1516 ksthunk - ok 14:17:30.0362 1516 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 14:17:30.0368 1516 KtmRm - ok 14:17:30.0417 1516 [ 173666119D217E3739205C169E2BF0E5 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys 14:17:30.0419 1516 L1C - ok 14:17:30.0460 1516 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 14:17:30.0465 1516 LanmanServer - ok 14:17:30.0489 1516 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:17:30.0492 1516 LanmanWorkstation - ok 14:17:30.0517 1516 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:17:30.0519 1516 lltdio - ok 14:17:30.0553 1516 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:17:30.0558 1516 lltdsvc - ok 14:17:30.0572 1516 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 14:17:30.0574 1516 lmhosts - ok 14:17:30.0624 1516 [ E7859BA062DB5E23C6DD34AD66B09F50 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 14:17:30.0632 1516 LMS - ok 14:17:30.0679 1516 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 14:17:30.0682 1516 LSI_FC - ok 14:17:30.0698 1516 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 14:17:30.0701 1516 LSI_SAS - ok 14:17:30.0713 1516 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 14:17:30.0715 1516 LSI_SAS2 - ok 14:17:30.0745 1516 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 14:17:30.0747 1516 LSI_SCSI - ok 14:17:30.0763 1516 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 14:17:30.0766 1516 luafv - ok 14:17:30.0862 1516 [ 51914228D4B9610FBA24F249C0FDD871 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys 14:17:30.0865 1516 mbamchameleon - ok 14:17:30.0991 1516 [ 1104A3A552D1D249A6AB5ACCBDEFB5EF ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe 14:17:30.0994 1516 McAfee SiteAdvisor Service - ok 14:17:31.0050 1516 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe 14:17:31.0056 1516 McComponentHostService - ok 14:17:31.0107 1516 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 14:17:31.0112 1516 Mcx2Svc - ok 14:17:31.0143 1516 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 14:17:31.0145 1516 megasas - ok 14:17:31.0186 1516 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 14:17:31.0191 1516 MegaSR - ok 14:17:31.0218 1516 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 14:17:31.0219 1516 MEIx64 - ok 14:17:31.0274 1516 Microsoft SharePoint Workspace Audit Service - ok 14:17:31.0314 1516 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 14:17:31.0318 1516 MMCSS - ok 14:17:31.0335 1516 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 14:17:31.0338 1516 Modem - ok 14:17:31.0367 1516 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:17:31.0369 1516 monitor - ok 14:17:31.0409 1516 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 14:17:31.0411 1516 mouclass - ok 14:17:31.0444 1516 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:17:31.0446 1516 mouhid - ok 14:17:31.0466 1516 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 14:17:31.0468 1516 mountmgr - ok 14:17:31.0525 1516 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 14:17:31.0528 1516 MozillaMaintenance - ok 14:17:31.0551 1516 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 14:17:31.0555 1516 mpio - ok 14:17:31.0588 1516 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:17:31.0590 1516 mpsdrv - ok 14:17:31.0633 1516 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 14:17:31.0649 1516 MpsSvc - ok 14:17:31.0670 1516 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:17:31.0672 1516 MRxDAV - ok 14:17:31.0701 1516 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:17:31.0703 1516 mrxsmb - ok 14:17:31.0717 1516 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:17:31.0720 1516 mrxsmb10 - ok 14:17:31.0736 1516 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:17:31.0738 1516 mrxsmb20 - ok 14:17:31.0758 1516 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 14:17:31.0760 1516 msahci - ok 14:17:31.0779 1516 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:17:31.0781 1516 msdsm - ok 14:17:31.0806 1516 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 14:17:31.0809 1516 MSDTC - ok 14:17:31.0828 1516 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:17:31.0829 1516 Msfs - ok 14:17:31.0849 1516 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 14:17:31.0850 1516 mshidkmdf - ok 14:17:31.0871 1516 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:17:31.0872 1516 msisadrv - ok 14:17:31.0891 1516 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:17:31.0894 1516 MSiSCSI - ok 14:17:31.0897 1516 msiserver - ok 14:17:31.0922 1516 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:17:31.0923 1516 MSKSSRV - ok 14:17:31.0950 1516 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:17:31.0951 1516 MSPCLOCK - ok 14:17:31.0957 1516 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:17:31.0958 1516 MSPQM - ok 14:17:31.0976 1516 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:17:31.0982 1516 MsRPC - ok 14:17:32.0009 1516 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 14:17:32.0010 1516 mssmbios - ok 14:17:32.0054 1516 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:17:32.0055 1516 MSTEE - ok 14:17:32.0074 1516 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 14:17:32.0075 1516 MTConfig - ok 14:17:32.0096 1516 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 14:17:32.0098 1516 Mup - ok 14:17:32.0144 1516 [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 14:17:32.0148 1516 MyWiFiDHCPDNS - ok 14:17:32.0177 1516 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 14:17:32.0185 1516 napagent - ok 14:17:32.0220 1516 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:17:32.0225 1516 NativeWifiP - ok 14:17:32.0270 1516 [ 2DBE90210DE76BE6E1653BB20EC70EC2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120211.006\ENG64.SYS 14:17:32.0273 1516 NAVENG - ok 14:17:32.0350 1516 [ 346DA70E203B8E2C850277713DE8F71B ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120211.006\EX64.SYS 14:17:32.0377 1516 NAVEX15 - ok 14:17:32.0437 1516 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 14:17:32.0456 1516 NDIS - ok 14:17:32.0475 1516 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 14:17:32.0477 1516 NdisCap - ok 14:17:32.0503 1516 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:17:32.0504 1516 NdisTapi - ok 14:17:32.0512 1516 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:17:32.0514 1516 Ndisuio - ok 14:17:32.0532 1516 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:17:32.0535 1516 NdisWan - ok 14:17:32.0544 1516 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:17:32.0546 1516 NDProxy - ok 14:17:32.0569 1516 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:17:32.0571 1516 NetBIOS - ok 14:17:32.0591 1516 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 14:17:32.0595 1516 NetBT - ok 14:17:32.0622 1516 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 14:17:32.0624 1516 Netlogon - ok 14:17:32.0671 1516 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 14:17:32.0677 1516 Netman - ok 14:17:32.0692 1516 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 14:17:32.0700 1516 netprofm - ok 14:17:32.0726 1516 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:17:32.0728 1516 NetTcpPortSharing - ok 14:17:32.0972 1516 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys 14:17:33.0157 1516 NETwNs64 - ok 14:17:33.0191 1516 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 14:17:33.0193 1516 nfrd960 - ok 14:17:33.0278 1516 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe 14:17:33.0281 1516 NIS - ok 14:17:33.0338 1516 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 14:17:33.0347 1516 NlaSvc - ok 14:17:33.0369 1516 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:17:33.0371 1516 Npfs - ok 14:17:33.0391 1516 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 14:17:33.0394 1516 nsi - ok 14:17:33.0413 1516 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:17:33.0414 1516 nsiproxy - ok 14:17:33.0480 1516 [ B8965FB53551B5455630A4B804D0791F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:17:33.0507 1516 Ntfs - ok 14:17:33.0535 1516 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 14:17:33.0537 1516 Null - ok 14:17:33.0579 1516 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys 14:17:33.0586 1516 NVENETFD - ok 14:17:33.0634 1516 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:17:33.0638 1516 nvraid - ok 14:17:33.0657 1516 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:17:33.0661 1516 nvstor - ok 14:17:33.0686 1516 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:17:33.0690 1516 nv_agp - ok 14:17:33.0711 1516 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 14:17:33.0713 1516 ohci1394 - ok 14:17:33.0804 1516 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:17:33.0809 1516 ose64 - ok 14:17:33.0991 1516 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 14:17:34.0121 1516 osppsvc - ok 14:17:34.0169 1516 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 14:17:34.0174 1516 p2pimsvc - ok 14:17:34.0203 1516 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 14:17:34.0210 1516 p2psvc - ok 14:17:34.0241 1516 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 14:17:34.0243 1516 Parport - ok 14:17:34.0280 1516 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:17:34.0283 1516 partmgr - ok 14:17:34.0312 1516 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 14:17:34.0320 1516 PcaSvc - ok 14:17:34.0353 1516 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 14:17:34.0357 1516 pci - ok 14:17:34.0382 1516 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 14:17:34.0385 1516 pciide - ok 14:17:34.0410 1516 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 14:17:34.0416 1516 pcmcia - ok 14:17:34.0441 1516 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 14:17:34.0443 1516 pcw - ok 14:17:34.0469 1516 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:17:34.0479 1516 PEAUTH - ok 14:17:34.0563 1516 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 14:17:34.0565 1516 PerfHost - ok 14:17:34.0629 1516 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 14:17:34.0652 1516 pla - ok 14:17:34.0720 1516 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 14:17:34.0728 1516 PlugPlay - ok 14:17:34.0758 1516 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 14:17:34.0761 1516 PNRPAutoReg - ok 14:17:34.0803 1516 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 14:17:34.0808 1516 PNRPsvc - ok 14:17:34.0869 1516 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys 14:17:34.0871 1516 Point64 - ok 14:17:34.0909 1516 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:17:34.0917 1516 PolicyAgent - ok 14:17:34.0954 1516 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 14:17:34.0959 1516 Power - ok 14:17:34.0987 1516 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 14:17:34.0990 1516 PptpMiniport - ok 14:17:35.0002 1516 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 14:17:35.0004 1516 Processor - ok 14:17:35.0048 1516 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 14:17:35.0053 1516 ProfSvc - ok 14:17:35.0067 1516 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 14:17:35.0069 1516 ProtectedStorage - ok 14:17:35.0090 1516 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 14:17:35.0093 1516 Psched - ok 14:17:35.0130 1516 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 14:17:35.0132 1516 PxHlpa64 - ok 14:17:35.0179 1516 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 14:17:35.0203 1516 ql2300 - ok 14:17:35.0228 1516 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 14:17:35.0230 1516 ql40xx - ok 14:17:35.0258 1516 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 14:17:35.0262 1516 QWAVE - ok 14:17:35.0284 1516 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 14:17:35.0286 1516 QWAVEdrv - ok 14:17:35.0298 1516 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 14:17:35.0299 1516 RasAcd - ok 14:17:35.0313 1516 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 14:17:35.0314 1516 RasAgileVpn - ok 14:17:35.0336 1516 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 14:17:35.0339 1516 RasAuto - ok 14:17:35.0358 1516 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 14:17:35.0360 1516 Rasl2tp - ok 14:17:35.0384 1516 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 14:17:35.0390 1516 RasMan - ok 14:17:35.0409 1516 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 14:17:35.0411 1516 RasPppoe - ok 14:17:35.0435 1516 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 14:17:35.0437 1516 RasSstp - ok 14:17:35.0452 1516 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 14:17:35.0456 1516 rdbss - ok 14:17:35.0475 1516 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 14:17:35.0476 1516 rdpbus - ok 14:17:35.0499 1516 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 14:17:35.0501 1516 RDPCDD - ok 14:17:35.0520 1516 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 14:17:35.0522 1516 RDPENCDD - ok 14:17:35.0548 1516 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 14:17:35.0549 1516 RDPREFMP - ok 14:17:35.0601 1516 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 14:17:35.0602 1516 RdpVideoMiniport - ok 14:17:35.0647 1516 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 14:17:35.0650 1516 RDPWD - ok 14:17:35.0681 1516 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 14:17:35.0685 1516 rdyboost - ok 14:17:35.0764 1516 [ A436F5E7D80BBDBB0826D0F176D5BEA8 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 14:17:35.0781 1516 RegSrvc - ok 14:17:35.0802 1516 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 14:17:35.0804 1516 RemoteAccess - ok 14:17:35.0820 1516 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 14:17:35.0824 1516 RemoteRegistry - ok 14:17:35.0862 1516 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys 14:17:35.0864 1516 RimUsb - ok 14:17:35.0903 1516 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys 14:17:35.0905 1516 RimVSerPort - ok 14:17:35.0941 1516 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys 14:17:35.0943 1516 ROOTMODEM - ok 14:17:35.0972 1516 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 14:17:35.0975 1516 RpcEptMapper - ok 14:17:36.0001 1516 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 14:17:36.0003 1516 RpcLocator - ok 14:17:36.0022 1516 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 14:17:36.0033 1516 RpcSs - ok 14:17:36.0068 1516 [ 9D21618E7A3B2C75CF1A2ECBBE723730 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys 14:17:36.0070 1516 RSPCIESTOR - ok 14:17:36.0087 1516 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 14:17:36.0088 1516 rspndr - ok 14:17:36.0100 1516 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 14:17:36.0101 1516 SamSs - ok 14:17:36.0133 1516 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 14:17:36.0135 1516 sbp2port - ok 14:17:36.0164 1516 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 14:17:36.0168 1516 SCardSvr - ok 14:17:36.0197 1516 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 14:17:36.0199 1516 scfilter - ok 14:17:36.0237 1516 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 14:17:36.0254 1516 Schedule - ok 14:17:36.0283 1516 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 14:17:36.0284 1516 SCPolicySvc - ok 14:17:36.0319 1516 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 14:17:36.0321 1516 sdbus - ok 14:17:36.0366 1516 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 14:17:36.0372 1516 SDRSVC - ok 14:17:36.0405 1516 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 14:17:36.0407 1516 secdrv - ok 14:17:36.0432 1516 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 14:17:36.0436 1516 seclogon - ok 14:17:36.0452 1516 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 14:17:36.0457 1516 SENS - ok 14:17:36.0506 1516 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 14:17:36.0511 1516 SensrSvc - ok 14:17:36.0525 1516 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 14:17:36.0527 1516 Serenum - ok 14:17:36.0547 1516 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 14:17:36.0550 1516 Serial - ok 14:17:36.0563 1516 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 14:17:36.0565 1516 sermouse - ok 14:17:36.0606 1516 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 14:17:36.0610 1516 SessionEnv - ok 14:17:36.0630 1516 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 14:17:36.0632 1516 sffdisk - ok 14:17:36.0653 1516 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 14:17:36.0654 1516 sffp_mmc - ok 14:17:36.0677 1516 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 14:17:36.0679 1516 sffp_sd - ok 14:17:36.0706 1516 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 14:17:36.0707 1516 sfloppy - ok 14:17:36.0745 1516 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 14:17:36.0756 1516 SharedAccess - ok 14:17:36.0796 1516 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 14:17:36.0803 1516 ShellHWDetection - ok 14:17:36.0832 1516 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 14:17:36.0834 1516 SiSRaid2 - ok 14:17:36.0858 1516 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 14:17:36.0860 1516 SiSRaid4 - ok 14:17:36.0939 1516 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 14:17:36.0944 1516 SkypeUpdate - ok 14:17:36.0983 1516 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 14:17:36.0986 1516 Smb - ok 14:17:37.0023 1516 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 14:17:37.0026 1516 SNMPTRAP - ok 14:17:37.0049 1516 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 14:17:37.0050 1516 spldr - ok 14:17:37.0096 1516 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 14:17:37.0105 1516 Spooler - ok 14:17:37.0204 1516 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 14:17:37.0274 1516 sppsvc - ok 14:17:37.0306 1516 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 14:17:37.0308 1516 sppuinotify - ok 14:17:37.0392 1516 [ D519AD2DE7968CD2B47FEA807C5B29B2 ] sptd C:\Windows\System32\Drivers\sptd.sys 14:17:37.0392 1516 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: D519AD2DE7968CD2B47FEA807C5B29B2 14:17:37.0393 1516 sptd ( LockedFile.Multi.Generic ) - warning 14:17:37.0393 1516 sptd - detected LockedFile.Multi.Generic (1) 14:17:37.0495 1516 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS 14:17:37.0504 1516 SRTSP - ok 14:17:37.0521 1516 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS 14:17:37.0523 1516 SRTSPX - ok 14:17:37.0549 1516 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 14:17:37.0554 1516 srv - ok 14:17:37.0573 1516 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 14:17:37.0578 1516 srv2 - ok 14:17:37.0624 1516 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS 14:17:37.0632 1516 SrvHsfHDA - ok 14:17:37.0672 1516 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS 14:17:37.0691 1516 SrvHsfV92 - ok 14:17:37.0704 1516 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 14:17:37.0712 1516 SrvHsfWinac - ok 14:17:37.0730 1516 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 14:17:37.0733 1516 srvnet - ok 14:17:37.0765 1516 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 14:17:37.0768 1516 SSDPSRV - ok 14:17:37.0790 1516 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 14:17:37.0793 1516 SstpSvc - ok 14:17:37.0853 1516 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe 14:17:37.0858 1516 STacSV - ok 14:17:37.0897 1516 Steam Client Service - ok 14:17:37.0926 1516 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 14:17:37.0927 1516 stexstor - ok 14:17:37.0970 1516 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 14:17:37.0979 1516 STHDA - ok 14:17:38.0019 1516 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 14:17:38.0030 1516 stisvc - ok 14:17:38.0056 1516 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 14:17:38.0058 1516 swenum - ok 14:17:38.0140 1516 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 14:17:38.0152 1516 SwitchBoard - ok 14:17:38.0197 1516 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 14:17:38.0210 1516 swprv - ok 14:17:38.0266 1516 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS 14:17:38.0275 1516 SymDS - ok 14:17:38.0316 1516 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS 14:17:38.0330 1516 SymEFA - ok 14:17:38.0359 1516 [ 894579207E39C465737E850A252CE4F2 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 14:17:38.0362 1516 SymEvent - ok 14:17:38.0397 1516 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS 14:17:38.0400 1516 SymIRON - ok 14:17:38.0422 1516 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS 14:17:38.0428 1516 SymNetS - ok 14:17:38.0475 1516 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 14:17:38.0499 1516 SysMain - ok 14:17:38.0510 1516 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 14:17:38.0514 1516 TabletInputService - ok 14:17:38.0545 1516 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 14:17:38.0551 1516 TapiSrv - ok 14:17:38.0573 1516 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 14:17:38.0575 1516 TBS - ok 14:17:38.0645 1516 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 14:17:38.0668 1516 Tcpip - ok 14:17:38.0745 1516 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 14:17:38.0764 1516 TCPIP6 - ok 14:17:38.0798 1516 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 14:17:38.0800 1516 tcpipreg - ok 14:17:38.0832 1516 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 14:17:38.0833 1516 TDPIPE - ok 14:17:38.0861 1516 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 14:17:38.0862 1516 TDTCP - ok 14:17:38.0898 1516 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 14:17:38.0900 1516 tdx - ok 14:17:38.0930 1516 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 14:17:38.0932 1516 TermDD - ok 14:17:38.0982 1516 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 14:17:38.0992 1516 TermService - ok 14:17:39.0007 1516 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 14:17:39.0010 1516 Themes - ok 14:17:39.0035 1516 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 14:17:39.0037 1516 THREADORDER - ok 14:17:39.0073 1516 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 14:17:39.0076 1516 TrkWks - ok 14:17:39.0111 1516 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 14:17:39.0116 1516 TrustedInstaller - ok 14:17:39.0153 1516 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 14:17:39.0155 1516 tssecsrv - ok 14:17:39.0194 1516 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 14:17:39.0196 1516 TsUsbFlt - ok 14:17:39.0233 1516 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 14:17:39.0234 1516 TsUsbGD - ok 14:17:39.0267 1516 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 14:17:39.0270 1516 tunnel - ok 14:17:39.0281 1516 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 14:17:39.0283 1516 uagp35 - ok 14:17:39.0304 1516 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 14:17:39.0308 1516 udfs - ok 14:17:39.0335 1516 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 14:17:39.0338 1516 UI0Detect - ok 14:17:39.0380 1516 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 14:17:39.0383 1516 uliagpkx - ok 14:17:39.0423 1516 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 14:17:39.0426 1516 umbus - ok 14:17:39.0449 1516 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 14:17:39.0451 1516 UmPass - ok 14:17:39.0570 1516 [ E91F8AFBD7FB96C94B266579D6BFA77A ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 14:17:39.0614 1516 UNS - ok 14:17:39.0637 1516 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 14:17:39.0643 1516 upnphost - ok 14:17:39.0688 1516 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 14:17:39.0691 1516 USBAAPL64 - ok 14:17:39.0728 1516 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 14:17:39.0732 1516 usbccgp - ok 14:17:39.0752 1516 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 14:17:39.0756 1516 usbcir - ok 14:17:39.0771 1516 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 14:17:39.0773 1516 usbehci - ok 14:17:39.0810 1516 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 14:17:39.0816 1516 usbhub - ok 14:17:39.0843 1516 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 14:17:39.0845 1516 usbohci - ok 14:17:39.0872 1516 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 14:17:39.0874 1516 usbprint - ok 14:17:39.0903 1516 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:17:39.0905 1516 USBSTOR - ok 14:17:39.0919 1516 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 14:17:39.0921 1516 usbuhci - ok 14:17:39.0951 1516 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 14:17:39.0955 1516 usbvideo - ok 14:17:39.0985 1516 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 14:17:39.0988 1516 UxSms - ok 14:17:40.0011 1516 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 14:17:40.0013 1516 VaultSvc - ok 14:17:40.0035 1516 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 14:17:40.0037 1516 vdrvroot - ok 14:17:40.0069 1516 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 14:17:40.0080 1516 vds - ok 14:17:40.0103 1516 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 14:17:40.0105 1516 vga - ok 14:17:40.0119 1516 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 14:17:40.0121 1516 VgaSave - ok 14:17:40.0135 1516 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 14:17:40.0139 1516 vhdmp - ok 14:17:40.0158 1516 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 14:17:40.0159 1516 viaide - ok 14:17:40.0177 1516 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 14:17:40.0179 1516 volmgr - ok 14:17:40.0203 1516 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 14:17:40.0208 1516 volmgrx - ok 14:17:40.0237 1516 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 14:17:40.0242 1516 volsnap - ok 14:17:40.0266 1516 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 14:17:40.0270 1516 vsmraid - ok 14:17:40.0326 1516 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 14:17:40.0351 1516 VSS - ok 14:17:40.0370 1516 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 14:17:40.0371 1516 vwifibus - ok 14:17:40.0391 1516 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 14:17:40.0393 1516 vwififlt - ok 14:17:40.0417 1516 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 14:17:40.0419 1516 vwifimp - ok 14:17:40.0453 1516 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 14:17:40.0461 1516 W32Time - ok 14:17:40.0485 1516 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 14:17:40.0486 1516 WacomPen - ok 14:17:40.0517 1516 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 14:17:40.0520 1516 WANARP - ok 14:17:40.0524 1516 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 14:17:40.0525 1516 Wanarpv6 - ok 14:17:40.0634 1516 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 14:17:40.0662 1516 WatAdminSvc - ok 14:17:40.0715 1516 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 14:17:40.0734 1516 wbengine - ok 14:17:40.0796 1516 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 14:17:40.0804 1516 WbioSrvc - ok 14:17:40.0832 1516 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 14:17:40.0839 1516 wcncsvc - ok 14:17:40.0851 1516 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 14:17:40.0855 1516 WcsPlugInService - ok 14:17:40.0878 1516 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 14:17:40.0880 1516 Wd - ok 14:17:40.0930 1516 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 14:17:40.0942 1516 Wdf01000 - ok 14:17:40.0961 1516 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 14:17:40.0964 1516 WdiServiceHost - ok 14:17:40.0970 1516 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 14:17:40.0973 1516 WdiSystemHost - ok 14:17:40.0988 1516 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 14:17:40.0994 1516 WebClient - ok 14:17:41.0008 1516 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 14:17:41.0013 1516 Wecsvc - ok 14:17:41.0033 1516 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 14:17:41.0036 1516 wercplsupport - ok 14:17:41.0049 1516 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 14:17:41.0052 1516 WerSvc - ok 14:17:41.0079 1516 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 14:17:41.0081 1516 WfpLwf - ok 14:17:41.0101 1516 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 14:17:41.0102 1516 WIMMount - ok 14:17:41.0119 1516 WinDefend - ok 14:17:41.0125 1516 WinHttpAutoProxySvc - ok 14:17:41.0184 1516 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 14:17:41.0190 1516 Winmgmt - ok 14:17:41.0260 1516 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 14:17:41.0293 1516 WinRM - ok 14:17:41.0327 1516 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys 14:17:41.0329 1516 WinUsb - ok 14:17:41.0373 1516 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 14:17:41.0393 1516 Wlansvc - ok 14:17:41.0434 1516 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 14:17:41.0435 1516 wlcrasvc - ok 14:17:41.0528 1516 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:17:41.0570 1516 wlidsvc - ok 14:17:41.0589 1516 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 14:17:41.0590 1516 WmiAcpi - ok 14:17:41.0623 1516 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:17:41.0626 1516 wmiApSrv - ok 14:17:41.0646 1516 WMPNetworkSvc - ok 14:17:41.0671 1516 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:17:41.0673 1516 WPCSvc - ok 14:17:41.0688 1516 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 14:17:41.0691 1516 WPDBusEnum - ok 14:17:41.0712 1516 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:17:41.0713 1516 ws2ifsl - ok 14:17:41.0747 1516 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 14:17:41.0750 1516 wscsvc - ok 14:17:41.0753 1516 WSearch - ok 14:17:41.0850 1516 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 14:17:41.0894 1516 wuauserv - ok 14:17:41.0936 1516 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 14:17:41.0940 1516 WudfPf - ok 14:17:41.0955 1516 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:17:41.0961 1516 WUDFRd - ok 14:17:41.0974 1516 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:17:41.0981 1516 wudfsvc - ok 14:17:42.0015 1516 [ CE8CF9DE9CBFDAA318BD04D8BE3FCADA ] WwanSvc C:\Windows\System32\wwansvc.dll 14:17:42.0020 1516 WwanSvc - ok 14:17:42.0095 1516 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe 14:17:42.0103 1516 YahooAUService - ok 14:17:42.0129 1516 ================ Scan global =============================== 14:17:42.0150 1516 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 14:17:42.0195 1516 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 14:17:42.0213 1516 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 14:17:42.0249 1516 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 14:17:42.0270 1516 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 14:17:42.0276 1516 [Global] - ok 14:17:42.0276 1516 ================ Scan MBR ================================== 14:17:42.0288 1516 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 14:17:42.0560 1516 \Device\Harddisk0\DR0 - ok 14:17:42.0561 1516 ================ Scan VBR ================================== 14:17:42.0575 1516 [ 5CC60FD8590E5EE0A0E3D6933AB15E29 ] \Device\Harddisk0\DR0\Partition1 14:17:42.0579 1516 \Device\Harddisk0\DR0\Partition1 - ok 14:17:42.0586 1516 [ EE56555C661026287BA82F8099CF309D ] \Device\Harddisk0\DR0\Partition2 14:17:42.0590 1516 \Device\Harddisk0\DR0\Partition2 - ok 14:17:42.0617 1516 [ B8117DCD6BD5DFAAFA1AE1167434A9F5 ] \Device\Harddisk0\DR0\Partition3 14:17:42.0621 1516 \Device\Harddisk0\DR0\Partition3 - ok 14:17:42.0640 1516 [ E4E28C50A92925253C73EDA66BFE4428 ] \Device\Harddisk0\DR0\Partition4 14:17:42.0642 1516 \Device\Harddisk0\DR0\Partition4 - ok 14:17:42.0643 1516 ============================================================ 14:17:42.0643 1516 Scan finished 14:17:42.0643 1516 ============================================================ 14:17:42.0665 2184 Detected object count: 1 14:17:42.0665 2184 Actual detected object count: 1 14:17:56.0790 2184 sptd ( LockedFile.Multi.Generic ) - skipped by user 14:17:56.0790 2184 sptd ( LockedFile.Multi.Generic ) - User select action: Skip RKReport log RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : mantik [Admin rights] Mode : Scan -- Date : 04/19/2013 14:24:59 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547564A9E384 +++++ --- User --- [MBR] 9dc9b0ca9e93bcac8bae42a07bd88afe [bSP] 82112811282040d6543f26e603ab8fd6 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 584766 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1198010368 | Size: 21450 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1241939968 | Size: 4063 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] b19f9ae0b6b3bbf81970b536b60a4b53 [bSP] 82112811282040d6543f26e603ab8fd6 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo 1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo 2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo 3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 1000 Mo Finished : << RKreport[1]_S_04192013_02d1424.txt >> RKreport[1]_S_04192013_02d1424.txt</dot></at>
- April 19, 2013
- 17 replies
- - password
  - malware
  - (and 3 more)
    Tagged with:
    
    password
    
    malware
    
    hack
    
    conduit search engine
    
    ezvid
Infected, all of my online passwords stopped working/ Trojan:JS/Medfos.A

david_einhorn posted a topic in Resolved Malware Removal Logs

I downloaded ezvid (a video editing software) a couple of hours ago and then immediately deleted it as it was also downloading a bunch of other craps with it (conduit search engine and some other stuff), but most importantly I remember it downloading a file to my windows folder in the downloading bar, which I thought was very suspicious. Not long after that I tried to sign in to skype but it said I entered a wrong password,I then tried to open my yahoo email but it also said I entered a wrong password. I tried all my other online website and forum groups that I has password with and I can not login on any of them. Is there any way to retrieve all of my online accounts? I did a quick scan with malwarebytes but it didn't find anything. Any help is greatly appreciated! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 1.6.0_31 Run by mantik at 22:04:48 on 2013-04-18 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.2797 [GMT -5:00] . AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\Hpservice.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Users\mantik\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\AWS\WeatherBug\Weather.exe C:\Users\mantik\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe c:\PROGRA~2\mcafee\SITEAD~1\saui.exe C:\Windows\system32\notepad.exe C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\mantik\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\notepad.exe C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130209,17117,0,18,0 uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE \rpbrowserrecordplugin.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\mantik\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll uRun: [Google Update] "C:\Users\mantik\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\mantik\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\mantik\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\mantik\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE uPolicies-Explorer: NoDrives = dword:0 uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: NameServer = 10.1.10.1 192.168.1.1 TCP: Interfaces\{3EBFC901-9D3F-4B0D-85D4-82A3B413D165} : DHCPNameServer = 10.1.10.1 192.168.1.1 TCP: Interfaces\{3EBFC901-9D3F-4B0D-85D4-82A3B413D165}\2656C6B696E6E2430336 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{3EBFC901-9D3F-4B0D-85D4-82A3B413D165}\7756C6F66756A6A6 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{3EBFC901-9D3F-4B0D-85D4-82A3B413D165}\84F4354554C4F52374 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{3EBFC901-9D3F-4B0D-85D4-82A3B413D165}\84F6374756C602237484A7 : DHCPNameServer = 10.1.10.1 192.168.1.1 TCP: Interfaces\{48423D3D-A00B-4EA5-8A5A-E903324ED59E} : DHCPNameServer = 207.230.75.50 207.230.75.34 4.2.2.3 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\mantik\AppData\Roaming\Mozilla\Firefox\Profiles\aauyn24f.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\mantik\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Users\mantik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\mantik\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\mantik\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll . ---- FIREFOX POLICIES ---- user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-7-16 55856] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-2-5 451192] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-2-5 1129120] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2012-2-8 1157240] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-5 167072] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-1-17 279616] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120210.002\IDSviA64.sys [2012-2-11 488568] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-2-5 190072] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-2-5 405624] R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-27 89600] R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\mantik\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-2-24 107520] R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-25 260424] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-4-8 26680] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-27 13592] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-9-27 2375168] R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-12-24 103472] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-2-5 138272] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-27 2656280] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-4 138360] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440] R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-3-23 77936] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200] S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2012-3-29 29808] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-5 19456] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-9-27 337512] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-5 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-5 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-10 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-04-18 20:53:27 -------- d-----w- C:\ProgramData\AVS4YOU 2013-04-18 20:53:15 -------- d-----w- C:\Users\mantik\AppData\Roaming\AVS4YOU 2013-04-18 20:52:01 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia 2013-04-18 20:52:00 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll 2013-04-18 20:52:00 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll 2013-04-18 20:52:00 -------- d-----w- C:\Program Files (x86)\AVS4YOU 2013-04-18 20:47:43 -------- d-----w- C:\Users\mantik\AppData\Local\ezvid,_inc 2013-04-18 20:17:55 -------- d-----w- C:\Users\mantik\AppData\Local\WeatherBug 2013-04-18 20:17:52 -------- d-----w- C:\Users\mantik\AppData\Roaming\WeatherBug 2013-04-18 20:17:49 -------- d-----w- C:\Program Files (x86)\AWS 2013-04-18 20:16:24 -------- d-----w- C:\Users\mantik\AppData\Local\CRE 2013-04-16 08:16:38 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A64C3793-B60D-48CE-8423-F2B720CFE2B2}\mpengine.dll 2013-04-10 04:22:10 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-04-10 04:22:08 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 04:22:05 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys 2013-04-10 04:22:00 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-04-10 04:22:00 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-04-10 04:22:00 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-04-10 04:22:00 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-04-10 04:22:00 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-04-10 04:22:00 112640 ----a-w- C:\Windows\System32\smss.exe 2013-03-22 17:50:34 -------- d-----w- C:\Users\mantik\AppData\Local\{0D40B8E7-E4D1-4F4E-830D-CAA7D29CE358} 2013-03-20 20:16:18 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys . ==================== Find3M ==================== . 2013-04-11 14:22:56 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll 2013-03-19 09:24:14 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-19 09:24:14 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-12 06:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe 2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll 2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll . ============= FINISH: 22:05:58.41 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/9/2011 11:46:52 PM System Uptime: 4/18/2013 7:51:24 PM (3 hours ago) . Motherboard: Hewlett-Packard | | 1650 Processor: Intel® Core i3-2330M CPU @ 2.20GHz | CPU1 | 880/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 571 GiB total, 404.504 GiB free. D: is FIXED (NTFS) - 21 GiB total, 2.256 GiB free. E: is FIXED (FAT32) - 4 GiB total, 1.082 GiB free. F: is CDROM () G: is CDROM () H: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP145: 4/2/2013 12:38:38 PM - Windows Update RP146: 4/9/2013 4:50:26 AM - Windows Update RP147: 4/10/2013 3:00:15 AM - Windows Update RP148: 4/16/2013 3:16:01 AM - Windows Update RP149: 4/18/2013 3:17:15 PM - Installed WeatherBug . ==== Installed Programs ====================== . 7-Zip 9.20 (x64 edition) Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop CS5.1 Adobe Photoshop Elements 9 Adobe Premiere Elements 9 Adobe Reader X (10.1.2) MUI Adobe Shockwave Player 11.5 Agatha Christie - Peril at End House Akamai NetSession Interface ALPS Touch Pad Driver Amazon MP3 Downloader 1.0.15 Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver AuthenTec TrueAPI AVS Video Editor 6 Bastion Bejeweled 3 Bing Bar BlackBerry Desktop Software 6.1 Blackhawk Striker 2 Blasterball 3 Bonjour Bounce Symphony Cake Mania Canon RAW Codec CCleaner Chronicles of Albian Chuzzle Deluxe Cradle of Rome 2 CyberLink YouCam D3DX10 DAEMON Tools Lite DecisionTools Suite Industrial 5.7.1 Edu Edition DefaultTab Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Dropbox Elements 9 Organizer Elements STI Installer ESU for Microsoft Windows 7 SP1 Evernote v. 4.2.3 Farm Frenzy FastPictureViewer Professional 1.9.261.0 (64-bit) FATE Free Opener Google Chrome Google Drive Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper Governor of Poker 2 Premium Edition Hewlett-Packard ACLM.NET v1.1.1.0 HP 3D DriveGuard HP Client Services HP CoolSense HP Customer Experience Enhancements HP Documentation HP Games HP Launch Box HP On Screen Display HP Power Manager HP Quick Launch HP QuickWeb HP Setup HP Setup Manager HP SimplePass 2011 HP Software Framework HP Support Assistant IDT Audio Intel PROSet Wireless Intel® Control Center Intel® Identity Protection Technology 1.1.2.0 Intel® Management Engine Components Intel® Processor Graphics Intel® PROSet/Wireless WiFi Software Intel® Rapid Storage Technology Intel® WiDi Intel® Wireless Display IrfanView (remove only) iTunes Java Auto Updater Java 6 Update 24 Java 6 Update 31 Jewel Quest: The Sleepless Star - Collector's Edition Junk Mail filter update K-Lite Codec Pack 7.0.0 (Standard) Kaspersky Security Scan Magic ISO Maker v5.5 (build 0281) Mah Jong Medley Malwarebytes Anti-Malware version 1.70.0.1100 McAfee Security Scan Plus McAfee SiteAdvisor Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft IntelliPoint 8.2 Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 32-bit MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft WSE 3.0 Runtime Microsoft XNA Framework Redistributable 3.1 Microsoft_VC80_ATL_x86 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Microsoft_VC90_MFCLOC_x86 Microsoft_VC90_MFCLOC_x86_x64 Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 Mystery of Mortlake Mansion Namco All-Stars: PAC-MAN Norton Internet Security PakkISO 0.4 PDF Settings CS5 Penguins! Plants vs. Zombies - Game of the Year Poker Superstars III Polar Bowler Polar Golfer RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek PCIE Card Reader RealUpgrade 1.1 Recovery Manager SAS 9.3 Secure Download Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition Security Update for Microsoft Visio 2010 (KB2760762) 64-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition SelectionLinks Skype Click to Call Skype™ 6.3 Slingo Supreme SmartSound Quicktracks for Premiere Elements 9.0 Spotify SpyHunter Steam Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition Update Installer for WildTangent Games App Vacation Quest - The Hawaiian Islands Validity WBF DDK VIP Access SDK (1.0.1.2) Virtual Villagers 5 - New Believers WeatherBug WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinZip 16.0 Yahoo! Software Update Yahoo! Toolbar Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 4/18/2013 3:18:43 PM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1200000 milliseconds: Restart the service. 4/18/2013 3:18:41 PM, Error: Service Control Manager [7034] - The Application Sendori service terminated unexpectedly. It has done this 1 time(s). 4/16/2013 4:52:48 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended. 4/16/2013 4:52:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} . ==== End Of File ===========================
- April 19, 2013
- 17 replies
- - password
  - malware
  - (and 3 more)
    Tagged with:
    
    password
    
    malware
    
    hack
    
    conduit search engine
    
    ezvid
all my online passwords stopped working

david_einhorn posted a topic in Malwarebytes for Windows Support Forum

I downloaded ezvid (a video editing software) a couple of hours ago and then immediately deleted it as it was also downloading a bunch of other craps with it (conduit search engine and some other stuff), but most importantly I remember it downloading a file to my windows folder in the downloading bar, which I thought was very suspicious. Not long after that I tried to sign in to skype but it said I entered a wrong password,I then tried to open my yahoo email but it also said I entered a wrong password. I tried all my other online website and forum groups that I has password with and I can not login on any of them. Is there any way to retrieve all of my online accounts? I did a quick scan with malwarebytes but it didn't find anything. Any help is greatly appreciated!
- April 19, 2013
- 2 replies
- - ezvid
  - hack
  - (and 4 more)
    Tagged with:
    
    ezvid
    
    hack
    
    malware
    
    conduit search engine
    
    conduit
    
    password

Sign In

david_einhorn

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by david_einhorn

Infected, all of my online passwords stopped working/ Trojan:JS/Medfos.A

Infected, all of my online passwords stopped working/ Trojan:JS/Medfos.A

Infected, all of my online passwords stopped working/ Trojan:JS/Medfos.A

Infected, all of my online passwords stopped working/ Trojan:JS/Medfos.A

Infected, all of my online passwords stopped working/ Trojan:JS/Medfos.A

Infected, all of my online passwords stopped working/ Trojan:JS/Medfos.A

Infected, all of my online passwords stopped working/ Trojan:JS/Medfos.A

Infected, all of my online passwords stopped working/ Trojan:JS/Medfos.A

all my online passwords stopped working

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information