Infected, all of my online passwords stopped working/ Trojan:JS/Medfos.A

david_einhorn · April 19, 2013

I downloaded ezvid (a video editing software) a couple of hours ago and then immediately deleted it as it was also downloading a bunch of other craps with it (conduit search engine and some other stuff), but most importantly I remember it downloading a file to my windows folder in the downloading bar, which I thought was very suspicious.

Not long after that I tried to sign in to skype but it said I entered a wrong password,I then tried to open my yahoo email but it also said I entered a wrong password. I tried all my other online website and forum groups that I has password with and I can not login on any of them.

Is there any way to retrieve all of my online accounts? I did a quick scan with malwarebytes but it didn't find anything.

Any help is greatly appreciated!

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 1.6.0_31

Run by mantik at 22:04:48 on 2013-04-18

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.2797 [GMT -5:00]

.

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\Hpservice.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Users\mantik\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\AWS\WeatherBug\Weather.exe

C:\Users\mantik\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe

c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

C:\Windows\system32\notepad.exe

C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\mantik\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\notepad.exe

C:\Users\mantik\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130209,17117,0,18,0

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE

\rpbrowserrecordplugin.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\mantik\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll

uRun: [Google Update] "C:\Users\mantik\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\mantik\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\mantik\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\mantik\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

uPolicies-Explorer: NoDrives = dword:0

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: NameServer = 10.1.10.1 192.168.1.1

TCP: Interfaces\{3EBFC901-9D3F-4B0D-85D4-82A3B413D165} : DHCPNameServer = 10.1.10.1 192.168.1.1

TCP: Interfaces\{3EBFC901-9D3F-4B0D-85D4-82A3B413D165}\2656C6B696E6E2430336 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{3EBFC901-9D3F-4B0D-85D4-82A3B413D165}\7756C6F66756A6A6 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{3EBFC901-9D3F-4B0D-85D4-82A3B413D165}\84F4354554C4F52374 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{3EBFC901-9D3F-4B0D-85D4-82A3B413D165}\84F6374756C602237484A7 : DHCPNameServer = 10.1.10.1 192.168.1.1

TCP: Interfaces\{48423D3D-A00B-4EA5-8A5A-E903324ED59E} : DHCPNameServer = 207.230.75.50 207.230.75.34 4.2.2.3

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\mantik\AppData\Roaming\Mozilla\Firefox\Profiles\aauyn24f.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\mantik\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Users\mantik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\mantik\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\mantik\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

.

---- FIREFOX POLICIES ----

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-7-16 55856]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-2-5 451192]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-2-5 1129120]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2012-2-8 1157240]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-5 167072]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-1-17 279616]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120210.002\IDSviA64.sys [2012-2-11 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-2-5 190072]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-2-5 405624]

R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-27 89600]

R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\mantik\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-2-24 107520]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-25 260424]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-4-8 26680]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-27 13592]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-9-27 2375168]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-12-24 103472]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-2-5 138272]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-27

2656280]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-4 138360]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-3-23 77936]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]

S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2012-3-29 29808]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-5 19456]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-9-27 337512]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-5 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-5 30208]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-10 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-04-18 20:53:27 -------- d-----w- C:\ProgramData\AVS4YOU

2013-04-18 20:53:15 -------- d-----w- C:\Users\mantik\AppData\Roaming\AVS4YOU

2013-04-18 20:52:01 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia

2013-04-18 20:52:00 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2013-04-18 20:52:00 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll

2013-04-18 20:52:00 -------- d-----w- C:\Program Files (x86)\AVS4YOU

2013-04-18 20:47:43 -------- d-----w- C:\Users\mantik\AppData\Local\ezvid,_inc

2013-04-18 20:17:55 -------- d-----w- C:\Users\mantik\AppData\Local\WeatherBug

2013-04-18 20:17:52 -------- d-----w- C:\Users\mantik\AppData\Roaming\WeatherBug

2013-04-18 20:17:49 -------- d-----w- C:\Program Files (x86)\AWS

2013-04-18 20:16:24 -------- d-----w- C:\Users\mantik\AppData\Local\CRE

2013-04-16 08:16:38 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A64C3793-B60D-48CE-8423-F2B720CFE2B2}\mpengine.dll

2013-04-10 04:22:10 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-04-10 04:22:08 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 04:22:05 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys

2013-04-10 04:22:00 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-04-10 04:22:00 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-04-10 04:22:00 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-04-10 04:22:00 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-04-10 04:22:00 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-04-10 04:22:00 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-22 17:50:34 -------- d-----w- C:\Users\mantik\AppData\Local\{0D40B8E7-E4D1-4F4E-830D-CAA7D29CE358}

2013-03-20 20:16:18 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

.

==================== Find3M ====================

.

2013-04-11 14:22:56 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll

2013-03-19 09:24:14 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-19 09:24:14 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-12 06:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe

2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll

2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

.

============= FINISH: 22:05:58.41 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/9/2011 11:46:52 PM

System Uptime: 4/18/2013 7:51:24 PM (3 hours ago)

.

Motherboard: Hewlett-Packard | | 1650

Processor: Intel® Core i3-2330M CPU @ 2.20GHz | CPU1 | 880/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 571 GiB total, 404.504 GiB free.

D: is FIXED (NTFS) - 21 GiB total, 2.256 GiB free.

E: is FIXED (FAT32) - 4 GiB total, 1.082 GiB free.

F: is CDROM ()

G: is CDROM ()

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP145: 4/2/2013 12:38:38 PM - Windows Update

RP146: 4/9/2013 4:50:26 AM - Windows Update

RP147: 4/10/2013 3:00:15 AM - Windows Update

RP148: 4/16/2013 3:16:01 AM - Windows Update

RP149: 4/18/2013 3:17:15 PM - Installed WeatherBug

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop CS5.1

Adobe Photoshop Elements 9

Adobe Premiere Elements 9

Adobe Reader X (10.1.2) MUI

Adobe Shockwave Player 11.5

Agatha Christie - Peril at End House

Akamai NetSession Interface

ALPS Touch Pad Driver

Amazon MP3 Downloader 1.0.15

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

AuthenTec TrueAPI

AVS Video Editor 6

Bastion

Bejeweled 3

Bing Bar

BlackBerry Desktop Software 6.1

Blackhawk Striker 2

Blasterball 3

Bonjour

Bounce Symphony

Cake Mania

Canon RAW Codec

CCleaner

Chronicles of Albian

Chuzzle Deluxe

Cradle of Rome 2

CyberLink YouCam

D3DX10

DAEMON Tools Lite

DecisionTools Suite Industrial 5.7.1 Edu Edition

DefaultTab

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

Dropbox

Elements 9 Organizer

Elements STI Installer

ESU for Microsoft Windows 7 SP1

Evernote v. 4.2.3

Farm Frenzy

FastPictureViewer Professional 1.9.261.0 (64-bit)

FATE

Free Opener

Google Chrome

Google Drive

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Governor of Poker 2 Premium Edition

Hewlett-Packard ACLM.NET v1.1.1.0

HP 3D DriveGuard

HP Client Services

HP CoolSense

HP Customer Experience Enhancements

HP Documentation

HP Games

HP Launch Box

HP On Screen Display

HP Power Manager

HP Quick Launch

HP QuickWeb

HP Setup

HP Setup Manager

HP SimplePass 2011

HP Software Framework

HP Support Assistant

IDT Audio

Intel PROSet Wireless

Intel® Control Center

Intel® Identity Protection Technology 1.1.2.0

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless WiFi Software

Intel® Rapid Storage Technology

Intel® WiDi

Intel® Wireless Display

IrfanView (remove only)

iTunes

Java Auto Updater

Java 6 Update 24

Java 6 Update 31

Jewel Quest: The Sleepless Star - Collector's Edition

Junk Mail filter update

K-Lite Codec Pack 7.0.0 (Standard)

Kaspersky Security Scan

Magic ISO Maker v5.5 (build 0281)

Mah Jong Medley

Malwarebytes Anti-Malware version 1.70.0.1100

McAfee Security Scan Plus

McAfee SiteAdvisor

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.2

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 32-bit MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 3.1

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Microsoft_VC90_MFCLOC_x86

Microsoft_VC90_MFCLOC_x86_x64

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

Mystery of Mortlake Mansion

Namco All-Stars: PAC-MAN

Norton Internet Security

PakkISO 0.4

PDF Settings CS5

Penguins!

Plants vs. Zombies - Game of the Year

Poker Superstars III

Polar Bowler

Polar Golfer

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek PCIE Card Reader

RealUpgrade 1.1

Recovery Manager

SAS 9.3

Secure Download Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition

Security Update for Microsoft Visio 2010 (KB2760762) 64-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition

SelectionLinks

Skype Click to Call

Skype™ 6.3

Slingo Supreme

SmartSound Quicktracks for Premiere Elements 9.0

Spotify

SpyHunter

Steam

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition

Update Installer for WildTangent Games App

Vacation Quest - The Hawaiian Islands

Validity WBF DDK

VIP Access SDK (1.0.1.2)

Virtual Villagers 5 - New Believers

WeatherBug

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinZip 16.0

Yahoo! Software Update

Yahoo! Toolbar

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

4/18/2013 3:18:43 PM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following

corrective action will be taken in 1200000 milliseconds: Restart the service.

4/18/2013 3:18:41 PM, Error: Service Control Manager [7034] - The Application Sendori service terminated unexpectedly. It has done this 1 time(s).

4/16/2013 4:52:48 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has

been ended.

4/16/2013 4:52:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order

to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

.

==== End Of File ===========================

Maurice Naggar · April 19, 2013

Hello David and welcome to MalwareBytes forum.

Let me suggest, if you're an MBAM PRO customer, you contact the consumer help desk here.

If you are in an organization or a corporate customer, contact Corporate Support for assistance.

If you decide to take advantage of the free help desk, do let me know.

I need for you to tell me if this is your computer, and if you are logged in with administrator-rights account. And confirm for me that you are not getting help on any outside forum or source.

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here. Do NOT run tools on your own :excl:

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

Press Windows-key +R key on your keyboard to get RUN option.
Type in
```
explorer.exe
```
and press Enter to start Windows Explorer.
From the menu options, Select Tools, then Folder Options.
Next click the View tab.
Locate and uncheck Hide file extensions for known file types.
Locate and uncheck Hide protected operating system files (Recommended).
Locate and click Show hidden files and folders and drives.
Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
>> from here <<
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on Scan button at upper right of screen.
Wait until the Status box shows "Scan Finished"
Click on Report and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program.

Then copy/paste the following into your post (in order):

the contents of C:\AdwCleaner[R1].txt;
the contents of TDSSKILLER log;
the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

david_einhorn · April 19, 2013

Thank you for your help Maurice, here are the requested logs:

AdwCleaner R1 :

# AdwCleaner v2.200 - Logfile created 04/19/2013 at 14:03:51

# Updated 02/04/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : mantik - MANTIK-HP

# Boot Mode : Normal

# Running from : C:\Users\mantik\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

Found : DefaultTabUpdate

***** [Files / Folders] *****

File Found : C:\END

File Found : C:\Users\mantik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage

File Found : C:\Users\mantik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

Folder Found : C:\Program Files (x86)\OApps

Folder Found : C:\ProgramData\APN

Folder Found : C:\Users\mantik\AppData\LocalLow\Conduit

Folder Found : C:\Users\mantik\AppData\Roaming\DefaultTab

Folder Found : C:\Users\mantik\AppData\Roaming\Mozilla\Firefox\Profiles\aauyn24f.default\extensions\plugin@selectionlinks.com

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\DefaultTab

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\Cr_Installer

Key Found : HKCU\Software\Default Tab

Key Found : HKCU\Software\DefaultTab

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Found : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD

Key Found : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD

Key Found : HKLM\Software\Default Tab

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKU\S-1-5-21-3903844174-127359237-2735500901-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\mantik\AppData\Roaming\Mozilla\Firefox\Profiles\aauyn24f.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\mantik\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.2603] : homepage = "hxxp://search.conduit.com/?ctid=CT3290238&SearchSource=48&CUI=UN34933723791385137&UM=2",

*************************

AdwCleaner[R1].txt - [5126 octets] - [19/04/2013 14:03:51]

########## EOF - C:\AdwCleaner[R1].txt - [5186 octets] ##########

TDSSKILLER Log:

14:17:14.0859 1560 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

14:17:15.0401 1560 ============================================================

14:17:15.0401 1560 Current date / time: 2013/04/19 14:17:15.0401

14:17:15.0401 1560 SystemInfo:

14:17:15.0401 1560

14:17:15.0401 1560 OS Version: 6.1.7601 ServicePack: 1.0

14:17:15.0401 1560 Product type: Workstation

14:17:15.0401 1560 ComputerName: MANTIK-HP

14:17:15.0401 1560 UserName: mantik

14:17:15.0401 1560 Windows directory: C:\Windows

14:17:15.0401 1560 System windows directory: C:\Windows

14:17:15.0401 1560 Running under WOW64

14:17:15.0401 1560 Processor architecture: Intel x64

14:17:15.0401 1560 Number of processors: 4

14:17:15.0401 1560 Page size: 0x1000

14:17:15.0401 1560 Boot type: Normal boot

14:17:15.0401 1560 ============================================================

14:17:15.0976 1560 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:17:15.0981 1560 ============================================================

14:17:15.0981 1560 \Device\Harddisk0\DR0:

14:17:15.0981 1560 MBR partitions:

14:17:15.0981 1560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

14:17:15.0981 1560 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x4761F000

14:17:15.0981 1560 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x47683000, BlocksNum 0x29E5000

14:17:15.0981 1560 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A068000, BlocksNum 0x7EFAB0

14:17:15.0981 1560 ============================================================

14:17:16.0021 1560 C: <-> \Device\Harddisk0\DR0\Partition2

14:17:16.0065 1560 D: <-> \Device\Harddisk0\DR0\Partition3

14:17:16.0083 1560 E: <-> \Device\Harddisk0\DR0\Partition4

14:17:16.0083 1560 ============================================================

14:17:16.0083 1560 Initialize success

14:17:16.0083 1560 ============================================================

14:17:20.0456 1516 ============================================================

14:17:20.0456 1516 Scan started

14:17:20.0456 1516 Mode: Manual;

14:17:20.0456 1516 ============================================================

14:17:20.0908 1516 ================ Scan system memory ========================

14:17:20.0909 1516 System memory - ok

14:17:20.0910 1516 ================ Scan services =============================

14:17:21.0245 1516 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

14:17:21.0252 1516 1394ohci - ok

14:17:21.0338 1516 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys

14:17:21.0340 1516 Accelerometer - ok

14:17:21.0448 1516 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

14:17:21.0460 1516 ACPI - ok

14:17:21.0493 1516 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

14:17:21.0495 1516 AcpiPmi - ok

14:17:21.0589 1516 [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

14:17:21.0594 1516 AdobeActiveFileMonitor9.0 - ok

14:17:21.0731 1516 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

14:17:21.0733 1516 AdobeARMservice - ok

14:17:21.0908 1516 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

14:17:21.0912 1516 AdobeFlashPlayerUpdateSvc - ok

14:17:21.0959 1516 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

14:17:21.0971 1516 adp94xx - ok

14:17:22.0036 1516 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

14:17:22.0044 1516 adpahci - ok

14:17:22.0069 1516 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

14:17:22.0073 1516 adpu320 - ok

14:17:22.0105 1516 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

14:17:22.0107 1516 AeLookupSvc - ok

14:17:22.0174 1516 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe

14:17:22.0175 1516 AESTFilters - ok

14:17:22.0219 1516 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

14:17:22.0228 1516 AFD - ok

14:17:22.0265 1516 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

14:17:22.0268 1516 agp440 - ok

14:17:22.0311 1516 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

14:17:22.0313 1516 ALG - ok

14:17:22.0347 1516 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

14:17:22.0349 1516 aliide - ok

14:17:22.0362 1516 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

14:17:22.0364 1516 amdide - ok

14:17:22.0413 1516 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

14:17:22.0415 1516 AmdK8 - ok

14:17:22.0437 1516 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

14:17:22.0439 1516 AmdPPM - ok

14:17:22.0478 1516 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

14:17:22.0482 1516 amdsata - ok

14:17:22.0518 1516 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

14:17:22.0522 1516 amdsbs - ok

14:17:22.0535 1516 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

14:17:22.0537 1516 amdxata - ok

14:17:22.0585 1516 [ 5F87E363F83E8A6F5606991C256F703A ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys

14:17:22.0593 1516 ApfiltrService - ok

14:17:22.0634 1516 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

14:17:22.0637 1516 AppID - ok

14:17:22.0666 1516 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

14:17:22.0668 1516 AppIDSvc - ok

14:17:22.0682 1516 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

14:17:22.0684 1516 Appinfo - ok

14:17:22.0782 1516 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:17:22.0785 1516 Apple Mobile Device - ok

14:17:22.0868 1516 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

14:17:22.0871 1516 arc - ok

14:17:22.0909 1516 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

14:17:22.0912 1516 arcsas - ok

14:17:22.0935 1516 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

14:17:22.0937 1516 AsyncMac - ok

14:17:22.0965 1516 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

14:17:22.0966 1516 atapi - ok

14:17:23.0013 1516 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

14:17:23.0024 1516 AudioEndpointBuilder - ok

14:17:23.0036 1516 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

14:17:23.0043 1516 AudioSrv - ok

14:17:23.0072 1516 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

14:17:23.0074 1516 AxInstSV - ok

14:17:23.0114 1516 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

14:17:23.0121 1516 b06bdrv - ok

14:17:23.0160 1516 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

14:17:23.0165 1516 b57nd60a - ok

14:17:23.0263 1516 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe

14:17:23.0268 1516 BBSvc - ok

14:17:23.0292 1516 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe

14:17:23.0296 1516 BBUpdate - ok

14:17:23.0351 1516 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

14:17:23.0373 1516 BCM43XX - ok

14:17:23.0408 1516 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

14:17:23.0410 1516 BDESVC - ok

14:17:23.0448 1516 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

14:17:23.0450 1516 Beep - ok

14:17:23.0504 1516 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

14:17:23.0515 1516 BFE - ok

14:17:23.0690 1516 [ 1D757A7E020C577C4259A755F21B7152 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120207.003\BHDrvx64.sys

14:17:23.0712 1516 BHDrvx64 - ok

14:17:23.0744 1516 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

14:17:23.0757 1516 BITS - ok

14:17:23.0794 1516 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

14:17:23.0796 1516 blbdrive - ok

14:17:23.0849 1516 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

14:17:23.0856 1516 Bonjour Service - ok

14:17:23.0882 1516 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

14:17:23.0884 1516 bowser - ok

14:17:23.0909 1516 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

14:17:23.0911 1516 BrFiltLo - ok

14:17:23.0923 1516 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

14:17:23.0924 1516 BrFiltUp - ok

14:17:23.0978 1516 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

14:17:23.0981 1516 BridgeMP - ok

14:17:24.0033 1516 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

14:17:24.0037 1516 Browser - ok

14:17:24.0070 1516 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

14:17:24.0077 1516 Brserid - ok

14:17:24.0107 1516 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

14:17:24.0110 1516 BrSerWdm - ok

14:17:24.0129 1516 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

14:17:24.0131 1516 BrUsbMdm - ok

14:17:24.0151 1516 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

14:17:24.0153 1516 BrUsbSer - ok

14:17:24.0179 1516 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

14:17:24.0181 1516 BTHMODEM - ok

14:17:24.0217 1516 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

14:17:24.0219 1516 bthserv - ok

14:17:24.0306 1516 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys

14:17:24.0311 1516 ccSet_NIS - ok

14:17:24.0349 1516 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

14:17:24.0353 1516 cdfs - ok

14:17:24.0388 1516 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

14:17:24.0392 1516 cdrom - ok

14:17:24.0428 1516 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

14:17:24.0431 1516 CertPropSvc - ok

14:17:24.0461 1516 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

14:17:24.0463 1516 circlass - ok

14:17:24.0511 1516 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

14:17:24.0519 1516 CLFS - ok

14:17:24.0580 1516 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:17:24.0582 1516 clr_optimization_v2.0.50727_32 - ok

14:17:24.0647 1516 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

14:17:24.0650 1516 clr_optimization_v2.0.50727_64 - ok

14:17:24.0738 1516 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:17:24.0742 1516 clr_optimization_v4.0.30319_32 - ok

14:17:24.0802 1516 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:17:24.0807 1516 clr_optimization_v4.0.30319_64 - ok

14:17:24.0904 1516 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys

14:17:24.0907 1516 clwvd - ok

14:17:24.0927 1516 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

14:17:24.0929 1516 CmBatt - ok

14:17:24.0944 1516 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

14:17:24.0946 1516 cmdide - ok

14:17:24.0988 1516 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys

14:17:24.0995 1516 CNG - ok

14:17:25.0034 1516 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

14:17:25.0036 1516 Compbatt - ok

14:17:25.0068 1516 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

14:17:25.0070 1516 CompositeBus - ok

14:17:25.0088 1516 COMSysApp - ok

14:17:25.0104 1516 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

14:17:25.0105 1516 crcdisk - ok

14:17:25.0150 1516 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

14:17:25.0153 1516 CryptSvc - ok

14:17:25.0200 1516 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

14:17:25.0210 1516 DcomLaunch - ok

14:17:25.0383 1516 [ 34AE0DFA3EE3B5B9975042D87332D0B7 ] DefaultTabUpdate C:\Users\mantik\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

14:17:25.0386 1516 DefaultTabUpdate - ok

14:17:25.0406 1516 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

14:17:25.0410 1516 defragsvc - ok

14:17:25.0444 1516 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

14:17:25.0446 1516 DfsC - ok

14:17:25.0486 1516 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

14:17:25.0491 1516 Dhcp - ok

14:17:25.0554 1516 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

14:17:25.0555 1516 discache - ok

14:17:25.0688 1516 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

14:17:25.0691 1516 Disk - ok

14:17:25.0718 1516 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

14:17:25.0724 1516 Dnscache - ok

14:17:25.0756 1516 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

14:17:25.0760 1516 dot3svc - ok

14:17:25.0774 1516 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

14:17:25.0777 1516 DPS - ok

14:17:25.0803 1516 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

14:17:25.0804 1516 drmkaud - ok

14:17:25.0855 1516 [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys

14:17:25.0859 1516 dtsoftbus01 - ok

14:17:25.0890 1516 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

14:17:25.0903 1516 DXGKrnl - ok

14:17:25.0938 1516 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

14:17:25.0941 1516 EapHost - ok

14:17:26.0056 1516 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

14:17:26.0152 1516 ebdrv - ok

14:17:26.0194 1516 [ 0C3F9EFF8DDD9F9EB56D754B4620155F ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

14:17:26.0203 1516 eeCtrl - ok

14:17:26.0247 1516 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

14:17:26.0249 1516 EFS - ok

14:17:26.0312 1516 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

14:17:26.0323 1516 ehRecvr - ok

14:17:26.0363 1516 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

14:17:26.0365 1516 ehSched - ok

14:17:26.0416 1516 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

14:17:26.0423 1516 elxstor - ok

14:17:26.0459 1516 [ 8C0F9B877BC0B7FFD327EF55F9EFB642 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

14:17:26.0461 1516 EraserUtilRebootDrv - ok

14:17:26.0481 1516 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

14:17:26.0482 1516 ErrDev - ok

14:17:26.0512 1516 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

14:17:26.0518 1516 EventSystem - ok

14:17:26.0604 1516 [ 54FC81B0162478A72A93DBBEAFB35671 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe

14:17:26.0620 1516 EvtEng - ok

14:17:26.0647 1516 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

14:17:26.0650 1516 exfat - ok

14:17:26.0665 1516 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

14:17:26.0667 1516 fastfat - ok

14:17:26.0710 1516 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

14:17:26.0718 1516 Fax - ok

14:17:26.0746 1516 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

14:17:26.0747 1516 fdc - ok

14:17:26.0769 1516 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

14:17:26.0770 1516 fdPHost - ok

14:17:26.0794 1516 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

14:17:26.0795 1516 FDResPub - ok

14:17:26.0825 1516 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

14:17:26.0828 1516 FileInfo - ok

14:17:26.0843 1516 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

14:17:26.0845 1516 Filetrace - ok

14:17:26.0918 1516 [ D778107D7C2A19D7E7A884A9F0D79581 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

14:17:26.0932 1516 FLEXnet Licensing Service - ok

14:17:26.0965 1516 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

14:17:26.0966 1516 flpydisk - ok

14:17:26.0985 1516 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

14:17:26.0989 1516 FltMgr - ok

14:17:27.0051 1516 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

14:17:27.0068 1516 FontCache - ok

14:17:27.0111 1516 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

14:17:27.0113 1516 FontCache3.0.0.0 - ok

14:17:27.0183 1516 [ 6AA4E6B4EA50620AB622A048394C4AA2 ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

14:17:27.0189 1516 FPLService - ok

14:17:27.0220 1516 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

14:17:27.0221 1516 FsDepends - ok

14:17:27.0256 1516 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

14:17:27.0257 1516 Fs_Rec - ok

14:17:27.0293 1516 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

14:17:27.0295 1516 fvevol - ok

14:17:27.0315 1516 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

14:17:27.0317 1516 gagp30kx - ok

14:17:27.0370 1516 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

14:17:27.0373 1516 GamesAppService - ok

14:17:27.0425 1516 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

14:17:27.0426 1516 GEARAspiWDM - ok

14:17:27.0471 1516 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

14:17:27.0482 1516 gpsvc - ok

14:17:27.0594 1516 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

14:17:27.0597 1516 gupdate - ok

14:17:27.0616 1516 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

14:17:27.0619 1516 gupdatem - ok

14:17:27.0681 1516 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

14:17:27.0685 1516 gusvc - ok

14:17:27.0720 1516 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

14:17:27.0722 1516 hcw85cir - ok

14:17:27.0762 1516 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

14:17:27.0771 1516 HdAudAddService - ok

14:17:27.0813 1516 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

14:17:27.0815 1516 HDAudBus - ok

14:17:27.0835 1516 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

14:17:27.0836 1516 HidBatt - ok

14:17:27.0855 1516 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

14:17:27.0856 1516 HidBth - ok

14:17:27.0886 1516 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

14:17:27.0888 1516 HidIr - ok

14:17:27.0911 1516 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

14:17:27.0913 1516 hidserv - ok

14:17:27.0945 1516 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

14:17:27.0947 1516 HidUsb - ok

14:17:27.0988 1516 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

14:17:27.0992 1516 hkmsvc - ok

14:17:28.0018 1516 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

14:17:28.0024 1516 HomeGroupListener - ok

14:17:28.0057 1516 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

14:17:28.0063 1516 HomeGroupProvider - ok

14:17:28.0134 1516 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

14:17:28.0137 1516 HP Support Assistant Service - ok

14:17:28.0185 1516 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

14:17:28.0193 1516 HPClientSvc - ok

14:17:28.0236 1516 [ C958976C7DAAF47084A33EBBC6E28B84 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

14:17:28.0239 1516 HPDrvMntSvc.exe - ok

14:17:28.0283 1516 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys

14:17:28.0285 1516 hpdskflt - ok

14:17:28.0342 1516 [ 09FBD4C4DB2FD84B9AB1C5BFDCC95559 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

14:17:28.0359 1516 hpqwmiex - ok

14:17:28.0392 1516 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

14:17:28.0394 1516 HpSAMD - ok

14:17:28.0417 1516 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe

14:17:28.0419 1516 hpsrv - ok

14:17:28.0468 1516 [ 28E15C3D39DCD27A79251BA0BF216A11 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

14:17:28.0470 1516 HPWMISVC - ok

14:17:28.0510 1516 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

14:17:28.0522 1516 HTTP - ok

14:17:28.0543 1516 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

14:17:28.0545 1516 hwpolicy - ok

14:17:28.0577 1516 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

14:17:28.0580 1516 i8042prt - ok

14:17:28.0621 1516 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

14:17:28.0628 1516 iaStor - ok

14:17:28.0694 1516 [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

14:17:28.0695 1516 IAStorDataMgrSvc - ok

14:17:28.0725 1516 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

14:17:28.0738 1516 iaStorV - ok

14:17:28.0869 1516 [ 3A0FF117B4ADC5ABE4D968E26A337158 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

14:17:28.0913 1516 IconMan_R - ok

14:17:28.0964 1516 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

14:17:28.0976 1516 idsvc - ok

14:17:29.0025 1516 [ 18C40C3F368323B203ACE403CB430DB1 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120210.002\IDSvia64.sys

14:17:29.0031 1516 IDSVia64 - ok

14:17:29.0300 1516 [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

14:17:29.0525 1516 igfx - ok

14:17:29.0568 1516 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

14:17:29.0569 1516 iirsp - ok

14:17:29.0599 1516 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

14:17:29.0611 1516 IKEEXT - ok

14:17:29.0656 1516 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys

14:17:29.0657 1516 intaud_WaveExtensible - ok

14:17:29.0690 1516 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

14:17:29.0695 1516 IntcDAud - ok

14:17:29.0712 1516 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

14:17:29.0714 1516 intelide - ok

14:17:29.0723 1516 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

14:17:29.0724 1516 intelppm - ok

14:17:29.0743 1516 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

14:17:29.0745 1516 IPBusEnum - ok

14:17:29.0775 1516 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:17:29.0777 1516 IpFilterDriver - ok

14:17:29.0822 1516 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

14:17:29.0836 1516 iphlpsvc - ok

14:17:29.0855 1516 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

14:17:29.0857 1516 IPMIDRV - ok

14:17:29.0889 1516 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

14:17:29.0891 1516 IPNAT - ok

14:17:29.0982 1516 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

14:17:29.0997 1516 iPod Service - ok

14:17:30.0022 1516 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

14:17:30.0025 1516 IRENUM - ok

14:17:30.0044 1516 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

14:17:30.0046 1516 isapnp - ok

14:17:30.0074 1516 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

14:17:30.0079 1516 iScsiPrt - ok

14:17:30.0104 1516 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys

14:17:30.0106 1516 iwdbus - ok

14:17:30.0142 1516 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

14:17:30.0146 1516 jhi_service - ok

14:17:30.0174 1516 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

14:17:30.0176 1516 kbdclass - ok

14:17:30.0202 1516 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

14:17:30.0203 1516 kbdhid - ok

14:17:30.0233 1516 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

14:17:30.0235 1516 KeyIso - ok

14:17:30.0259 1516 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

14:17:30.0261 1516 KSecDD - ok

14:17:30.0299 1516 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

14:17:30.0302 1516 KSecPkg - ok

14:17:30.0321 1516 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

14:17:30.0323 1516 ksthunk - ok

14:17:30.0362 1516 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

14:17:30.0368 1516 KtmRm - ok

14:17:30.0417 1516 [ 173666119D217E3739205C169E2BF0E5 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

14:17:30.0419 1516 L1C - ok

14:17:30.0460 1516 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

14:17:30.0465 1516 LanmanServer - ok

14:17:30.0489 1516 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

14:17:30.0492 1516 LanmanWorkstation - ok

14:17:30.0517 1516 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

14:17:30.0519 1516 lltdio - ok

14:17:30.0553 1516 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

14:17:30.0558 1516 lltdsvc - ok

14:17:30.0572 1516 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

14:17:30.0574 1516 lmhosts - ok

14:17:30.0624 1516 [ E7859BA062DB5E23C6DD34AD66B09F50 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

14:17:30.0632 1516 LMS - ok

14:17:30.0679 1516 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

14:17:30.0682 1516 LSI_FC - ok

14:17:30.0698 1516 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

14:17:30.0701 1516 LSI_SAS - ok

14:17:30.0713 1516 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

14:17:30.0715 1516 LSI_SAS2 - ok

14:17:30.0745 1516 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

14:17:30.0747 1516 LSI_SCSI - ok

14:17:30.0763 1516 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

14:17:30.0766 1516 luafv - ok

14:17:30.0862 1516 [ 51914228D4B9610FBA24F249C0FDD871 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys

14:17:30.0865 1516 mbamchameleon - ok

14:17:30.0991 1516 [ 1104A3A552D1D249A6AB5ACCBDEFB5EF ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

14:17:30.0994 1516 McAfee SiteAdvisor Service - ok

14:17:31.0050 1516 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

14:17:31.0056 1516 McComponentHostService - ok

14:17:31.0107 1516 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

14:17:31.0112 1516 Mcx2Svc - ok

14:17:31.0143 1516 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

14:17:31.0145 1516 megasas - ok

14:17:31.0186 1516 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

14:17:31.0191 1516 MegaSR - ok

14:17:31.0218 1516 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

14:17:31.0219 1516 MEIx64 - ok

14:17:31.0274 1516 Microsoft SharePoint Workspace Audit Service - ok

14:17:31.0314 1516 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

14:17:31.0318 1516 MMCSS - ok

14:17:31.0335 1516 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

14:17:31.0338 1516 Modem - ok

14:17:31.0367 1516 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

14:17:31.0369 1516 monitor - ok

14:17:31.0409 1516 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

14:17:31.0411 1516 mouclass - ok

14:17:31.0444 1516 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

14:17:31.0446 1516 mouhid - ok

14:17:31.0466 1516 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

14:17:31.0468 1516 mountmgr - ok

14:17:31.0525 1516 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

14:17:31.0528 1516 MozillaMaintenance - ok

14:17:31.0551 1516 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

14:17:31.0555 1516 mpio - ok

14:17:31.0588 1516 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

14:17:31.0590 1516 mpsdrv - ok

14:17:31.0633 1516 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

14:17:31.0649 1516 MpsSvc - ok

14:17:31.0670 1516 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

14:17:31.0672 1516 MRxDAV - ok

14:17:31.0701 1516 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

14:17:31.0703 1516 mrxsmb - ok

14:17:31.0717 1516 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:17:31.0720 1516 mrxsmb10 - ok

14:17:31.0736 1516 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:17:31.0738 1516 mrxsmb20 - ok

14:17:31.0758 1516 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

14:17:31.0760 1516 msahci - ok

14:17:31.0779 1516 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

14:17:31.0781 1516 msdsm - ok

14:17:31.0806 1516 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

14:17:31.0809 1516 MSDTC - ok

14:17:31.0828 1516 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

14:17:31.0829 1516 Msfs - ok

14:17:31.0849 1516 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

14:17:31.0850 1516 mshidkmdf - ok

14:17:31.0871 1516 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

14:17:31.0872 1516 msisadrv - ok

14:17:31.0891 1516 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

14:17:31.0894 1516 MSiSCSI - ok

14:17:31.0897 1516 msiserver - ok

14:17:31.0922 1516 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

14:17:31.0923 1516 MSKSSRV - ok

14:17:31.0950 1516 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

14:17:31.0951 1516 MSPCLOCK - ok

14:17:31.0957 1516 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

14:17:31.0958 1516 MSPQM - ok

14:17:31.0976 1516 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

14:17:31.0982 1516 MsRPC - ok

14:17:32.0009 1516 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

14:17:32.0010 1516 mssmbios - ok

14:17:32.0054 1516 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

14:17:32.0055 1516 MSTEE - ok

14:17:32.0074 1516 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

14:17:32.0075 1516 MTConfig - ok

14:17:32.0096 1516 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

14:17:32.0098 1516 Mup - ok

14:17:32.0144 1516 [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

14:17:32.0148 1516 MyWiFiDHCPDNS - ok

14:17:32.0177 1516 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

14:17:32.0185 1516 napagent - ok

14:17:32.0220 1516 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

14:17:32.0225 1516 NativeWifiP - ok

14:17:32.0270 1516 [ 2DBE90210DE76BE6E1653BB20EC70EC2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120211.006\ENG64.SYS

14:17:32.0273 1516 NAVENG - ok

14:17:32.0350 1516 [ 346DA70E203B8E2C850277713DE8F71B ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120211.006\EX64.SYS

14:17:32.0377 1516 NAVEX15 - ok

14:17:32.0437 1516 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

14:17:32.0456 1516 NDIS - ok

14:17:32.0475 1516 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

14:17:32.0477 1516 NdisCap - ok

14:17:32.0503 1516 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

14:17:32.0504 1516 NdisTapi - ok

14:17:32.0512 1516 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

14:17:32.0514 1516 Ndisuio - ok

14:17:32.0532 1516 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

14:17:32.0535 1516 NdisWan - ok

14:17:32.0544 1516 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

14:17:32.0546 1516 NDProxy - ok

14:17:32.0569 1516 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

14:17:32.0571 1516 NetBIOS - ok

14:17:32.0591 1516 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

14:17:32.0595 1516 NetBT - ok

14:17:32.0622 1516 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

14:17:32.0624 1516 Netlogon - ok

14:17:32.0671 1516 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

14:17:32.0677 1516 Netman - ok

14:17:32.0692 1516 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

14:17:32.0700 1516 netprofm - ok

14:17:32.0726 1516 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:17:32.0728 1516 NetTcpPortSharing - ok

14:17:32.0972 1516 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys

14:17:33.0157 1516 NETwNs64 - ok

14:17:33.0191 1516 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

14:17:33.0193 1516 nfrd960 - ok

14:17:33.0278 1516 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe

14:17:33.0281 1516 NIS - ok

14:17:33.0338 1516 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

14:17:33.0347 1516 NlaSvc - ok

14:17:33.0369 1516 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

14:17:33.0371 1516 Npfs - ok

14:17:33.0391 1516 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

14:17:33.0394 1516 nsi - ok

14:17:33.0413 1516 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

14:17:33.0414 1516 nsiproxy - ok

14:17:33.0480 1516 [ B8965FB53551B5455630A4B804D0791F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

14:17:33.0507 1516 Ntfs - ok

14:17:33.0535 1516 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

14:17:33.0537 1516 Null - ok

14:17:33.0579 1516 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys

14:17:33.0586 1516 NVENETFD - ok

14:17:33.0634 1516 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

14:17:33.0638 1516 nvraid - ok

14:17:33.0657 1516 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

14:17:33.0661 1516 nvstor - ok

14:17:33.0686 1516 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

14:17:33.0690 1516 nv_agp - ok

14:17:33.0711 1516 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

14:17:33.0713 1516 ohci1394 - ok

14:17:33.0804 1516 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:17:33.0809 1516 ose64 - ok

14:17:33.0991 1516 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

14:17:34.0121 1516 osppsvc - ok

14:17:34.0169 1516 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

14:17:34.0174 1516 p2pimsvc - ok

14:17:34.0203 1516 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

14:17:34.0210 1516 p2psvc - ok

14:17:34.0241 1516 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

14:17:34.0243 1516 Parport - ok

14:17:34.0280 1516 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

14:17:34.0283 1516 partmgr - ok

14:17:34.0312 1516 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

14:17:34.0320 1516 PcaSvc - ok

14:17:34.0353 1516 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

14:17:34.0357 1516 pci - ok

14:17:34.0382 1516 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

14:17:34.0385 1516 pciide - ok

14:17:34.0410 1516 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

14:17:34.0416 1516 pcmcia - ok

14:17:34.0441 1516 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

14:17:34.0443 1516 pcw - ok

14:17:34.0469 1516 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

14:17:34.0479 1516 PEAUTH - ok

14:17:34.0563 1516 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

14:17:34.0565 1516 PerfHost - ok

14:17:34.0629 1516 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

14:17:34.0652 1516 pla - ok

14:17:34.0720 1516 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

14:17:34.0728 1516 PlugPlay - ok

14:17:34.0758 1516 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

14:17:34.0761 1516 PNRPAutoReg - ok

14:17:34.0803 1516 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

14:17:34.0808 1516 PNRPsvc - ok

14:17:34.0869 1516 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys

14:17:34.0871 1516 Point64 - ok

14:17:34.0909 1516 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

14:17:34.0917 1516 PolicyAgent - ok

14:17:34.0954 1516 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

14:17:34.0959 1516 Power - ok

14:17:34.0987 1516 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

14:17:34.0990 1516 PptpMiniport - ok

14:17:35.0002 1516 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

14:17:35.0004 1516 Processor - ok

14:17:35.0048 1516 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

14:17:35.0053 1516 ProfSvc - ok

14:17:35.0067 1516 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

14:17:35.0069 1516 ProtectedStorage - ok

14:17:35.0090 1516 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

14:17:35.0093 1516 Psched - ok

14:17:35.0130 1516 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

14:17:35.0132 1516 PxHlpa64 - ok

14:17:35.0179 1516 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

14:17:35.0203 1516 ql2300 - ok

14:17:35.0228 1516 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

14:17:35.0230 1516 ql40xx - ok

14:17:35.0258 1516 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

14:17:35.0262 1516 QWAVE - ok

14:17:35.0284 1516 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

14:17:35.0286 1516 QWAVEdrv - ok

14:17:35.0298 1516 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

14:17:35.0299 1516 RasAcd - ok

14:17:35.0313 1516 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

14:17:35.0314 1516 RasAgileVpn - ok

14:17:35.0336 1516 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

14:17:35.0339 1516 RasAuto - ok

14:17:35.0358 1516 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

14:17:35.0360 1516 Rasl2tp - ok

14:17:35.0384 1516 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

14:17:35.0390 1516 RasMan - ok

14:17:35.0409 1516 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

14:17:35.0411 1516 RasPppoe - ok

14:17:35.0435 1516 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

14:17:35.0437 1516 RasSstp - ok

14:17:35.0452 1516 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

14:17:35.0456 1516 rdbss - ok

14:17:35.0475 1516 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

14:17:35.0476 1516 rdpbus - ok

14:17:35.0499 1516 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

14:17:35.0501 1516 RDPCDD - ok

14:17:35.0520 1516 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

14:17:35.0522 1516 RDPENCDD - ok

14:17:35.0548 1516 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

14:17:35.0549 1516 RDPREFMP - ok

14:17:35.0601 1516 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

14:17:35.0602 1516 RdpVideoMiniport - ok

14:17:35.0647 1516 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

14:17:35.0650 1516 RDPWD - ok

14:17:35.0681 1516 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

14:17:35.0685 1516 rdyboost - ok

14:17:35.0764 1516 [ A436F5E7D80BBDBB0826D0F176D5BEA8 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

14:17:35.0781 1516 RegSrvc - ok

14:17:35.0802 1516 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

14:17:35.0804 1516 RemoteAccess - ok

14:17:35.0820 1516 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

14:17:35.0824 1516 RemoteRegistry - ok

14:17:35.0862 1516 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys

14:17:35.0864 1516 RimUsb - ok

14:17:35.0903 1516 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

14:17:35.0905 1516 RimVSerPort - ok

14:17:35.0941 1516 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys

14:17:35.0943 1516 ROOTMODEM - ok

14:17:35.0972 1516 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

14:17:35.0975 1516 RpcEptMapper - ok

14:17:36.0001 1516 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

14:17:36.0003 1516 RpcLocator - ok

14:17:36.0022 1516 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

14:17:36.0033 1516 RpcSs - ok

14:17:36.0068 1516 [ 9D21618E7A3B2C75CF1A2ECBBE723730 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys

14:17:36.0070 1516 RSPCIESTOR - ok

14:17:36.0087 1516 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

14:17:36.0088 1516 rspndr - ok

14:17:36.0100 1516 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

14:17:36.0101 1516 SamSs - ok

14:17:36.0133 1516 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

14:17:36.0135 1516 sbp2port - ok

14:17:36.0164 1516 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

14:17:36.0168 1516 SCardSvr - ok

14:17:36.0197 1516 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

14:17:36.0199 1516 scfilter - ok

14:17:36.0237 1516 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

14:17:36.0254 1516 Schedule - ok

14:17:36.0283 1516 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

14:17:36.0284 1516 SCPolicySvc - ok

14:17:36.0319 1516 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

14:17:36.0321 1516 sdbus - ok

14:17:36.0366 1516 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

14:17:36.0372 1516 SDRSVC - ok

14:17:36.0405 1516 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

14:17:36.0407 1516 secdrv - ok

14:17:36.0432 1516 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

14:17:36.0436 1516 seclogon - ok

14:17:36.0452 1516 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

14:17:36.0457 1516 SENS - ok

14:17:36.0506 1516 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

14:17:36.0511 1516 SensrSvc - ok

14:17:36.0525 1516 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

14:17:36.0527 1516 Serenum - ok

14:17:36.0547 1516 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

14:17:36.0550 1516 Serial - ok

14:17:36.0563 1516 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

14:17:36.0565 1516 sermouse - ok

14:17:36.0606 1516 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

14:17:36.0610 1516 SessionEnv - ok

14:17:36.0630 1516 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

14:17:36.0632 1516 sffdisk - ok

14:17:36.0653 1516 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

14:17:36.0654 1516 sffp_mmc - ok

14:17:36.0677 1516 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

14:17:36.0679 1516 sffp_sd - ok

14:17:36.0706 1516 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

14:17:36.0707 1516 sfloppy - ok

14:17:36.0745 1516 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

14:17:36.0756 1516 SharedAccess - ok

14:17:36.0796 1516 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

14:17:36.0803 1516 ShellHWDetection - ok

14:17:36.0832 1516 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

14:17:36.0834 1516 SiSRaid2 - ok

14:17:36.0858 1516 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

14:17:36.0860 1516 SiSRaid4 - ok

14:17:36.0939 1516 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

14:17:36.0944 1516 SkypeUpdate - ok

14:17:36.0983 1516 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

14:17:36.0986 1516 Smb - ok

14:17:37.0023 1516 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

14:17:37.0026 1516 SNMPTRAP - ok

14:17:37.0049 1516 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

14:17:37.0050 1516 spldr - ok

14:17:37.0096 1516 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

14:17:37.0105 1516 Spooler - ok

14:17:37.0204 1516 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

14:17:37.0274 1516 sppsvc - ok

14:17:37.0306 1516 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

14:17:37.0308 1516 sppuinotify - ok

14:17:37.0392 1516 [ D519AD2DE7968CD2B47FEA807C5B29B2 ] sptd C:\Windows\System32\Drivers\sptd.sys

14:17:37.0392 1516 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: D519AD2DE7968CD2B47FEA807C5B29B2

14:17:37.0393 1516 sptd ( LockedFile.Multi.Generic ) - warning

14:17:37.0393 1516 sptd - detected LockedFile.Multi.Generic (1)

14:17:37.0495 1516 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS

14:17:37.0504 1516 SRTSP - ok

14:17:37.0521 1516 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS

14:17:37.0523 1516 SRTSPX - ok

14:17:37.0549 1516 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

14:17:37.0554 1516 srv - ok

14:17:37.0573 1516 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

14:17:37.0578 1516 srv2 - ok

14:17:37.0624 1516 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

14:17:37.0632 1516 SrvHsfHDA - ok

14:17:37.0672 1516 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

14:17:37.0691 1516 SrvHsfV92 - ok

14:17:37.0704 1516 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

14:17:37.0712 1516 SrvHsfWinac - ok

14:17:37.0730 1516 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

14:17:37.0733 1516 srvnet - ok

14:17:37.0765 1516 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

14:17:37.0768 1516 SSDPSRV - ok

14:17:37.0790 1516 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

14:17:37.0793 1516 SstpSvc - ok

14:17:37.0853 1516 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe

14:17:37.0858 1516 STacSV - ok

14:17:37.0897 1516 Steam Client Service - ok

14:17:37.0926 1516 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

14:17:37.0927 1516 stexstor - ok

14:17:37.0970 1516 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

14:17:37.0979 1516 STHDA - ok

14:17:38.0019 1516 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

14:17:38.0030 1516 stisvc - ok

14:17:38.0056 1516 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

14:17:38.0058 1516 swenum - ok

14:17:38.0140 1516 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

14:17:38.0152 1516 SwitchBoard - ok

14:17:38.0197 1516 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

14:17:38.0210 1516 swprv - ok

14:17:38.0266 1516 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS

14:17:38.0275 1516 SymDS - ok

14:17:38.0316 1516 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS

14:17:38.0330 1516 SymEFA - ok

14:17:38.0359 1516 [ 894579207E39C465737E850A252CE4F2 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

14:17:38.0362 1516 SymEvent - ok

14:17:38.0397 1516 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS

14:17:38.0400 1516 SymIRON - ok

14:17:38.0422 1516 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS

14:17:38.0428 1516 SymNetS - ok

14:17:38.0475 1516 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

14:17:38.0499 1516 SysMain - ok

14:17:38.0510 1516 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

14:17:38.0514 1516 TabletInputService - ok

14:17:38.0545 1516 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

14:17:38.0551 1516 TapiSrv - ok

14:17:38.0573 1516 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

14:17:38.0575 1516 TBS - ok

14:17:38.0645 1516 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

14:17:38.0668 1516 Tcpip - ok

14:17:38.0745 1516 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

14:17:38.0764 1516 TCPIP6 - ok

14:17:38.0798 1516 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

14:17:38.0800 1516 tcpipreg - ok

14:17:38.0832 1516 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

14:17:38.0833 1516 TDPIPE - ok

14:17:38.0861 1516 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

14:17:38.0862 1516 TDTCP - ok

14:17:38.0898 1516 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

14:17:38.0900 1516 tdx - ok

14:17:38.0930 1516 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

14:17:38.0932 1516 TermDD - ok

14:17:38.0982 1516 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

14:17:38.0992 1516 TermService - ok

14:17:39.0007 1516 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

14:17:39.0010 1516 Themes - ok

14:17:39.0035 1516 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

14:17:39.0037 1516 THREADORDER - ok

14:17:39.0073 1516 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

14:17:39.0076 1516 TrkWks - ok

14:17:39.0111 1516 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

14:17:39.0116 1516 TrustedInstaller - ok

14:17:39.0153 1516 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

14:17:39.0155 1516 tssecsrv - ok

14:17:39.0194 1516 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

14:17:39.0196 1516 TsUsbFlt - ok

14:17:39.0233 1516 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

14:17:39.0234 1516 TsUsbGD - ok

14:17:39.0267 1516 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

14:17:39.0270 1516 tunnel - ok

14:17:39.0281 1516 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

14:17:39.0283 1516 uagp35 - ok

14:17:39.0304 1516 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

14:17:39.0308 1516 udfs - ok

14:17:39.0335 1516 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

14:17:39.0338 1516 UI0Detect - ok

14:17:39.0380 1516 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

14:17:39.0383 1516 uliagpkx - ok

14:17:39.0423 1516 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

14:17:39.0426 1516 umbus - ok

14:17:39.0449 1516 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

14:17:39.0451 1516 UmPass - ok

14:17:39.0570 1516 [ E91F8AFBD7FB96C94B266579D6BFA77A ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

14:17:39.0614 1516 UNS - ok

14:17:39.0637 1516 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

14:17:39.0643 1516 upnphost - ok

14:17:39.0688 1516 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

14:17:39.0691 1516 USBAAPL64 - ok

14:17:39.0728 1516 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

14:17:39.0732 1516 usbccgp - ok

14:17:39.0752 1516 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

14:17:39.0756 1516 usbcir - ok

14:17:39.0771 1516 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

14:17:39.0773 1516 usbehci - ok

14:17:39.0810 1516 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

14:17:39.0816 1516 usbhub - ok

14:17:39.0843 1516 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

14:17:39.0845 1516 usbohci - ok

14:17:39.0872 1516 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys

14:17:39.0874 1516 usbprint - ok

14:17:39.0903 1516 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:17:39.0905 1516 USBSTOR - ok

14:17:39.0919 1516 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

14:17:39.0921 1516 usbuhci - ok

14:17:39.0951 1516 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

14:17:39.0955 1516 usbvideo - ok

14:17:39.0985 1516 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

14:17:39.0988 1516 UxSms - ok

14:17:40.0011 1516 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

14:17:40.0013 1516 VaultSvc - ok

14:17:40.0035 1516 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

14:17:40.0037 1516 vdrvroot - ok

14:17:40.0069 1516 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

14:17:40.0080 1516 vds - ok

14:17:40.0103 1516 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

14:17:40.0105 1516 vga - ok

14:17:40.0119 1516 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

14:17:40.0121 1516 VgaSave - ok

14:17:40.0135 1516 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

14:17:40.0139 1516 vhdmp - ok

14:17:40.0158 1516 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

14:17:40.0159 1516 viaide - ok

14:17:40.0177 1516 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

14:17:40.0179 1516 volmgr - ok

14:17:40.0203 1516 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

14:17:40.0208 1516 volmgrx - ok

14:17:40.0237 1516 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

14:17:40.0242 1516 volsnap - ok

14:17:40.0266 1516 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

14:17:40.0270 1516 vsmraid - ok

14:17:40.0326 1516 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

14:17:40.0351 1516 VSS - ok

14:17:40.0370 1516 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

14:17:40.0371 1516 vwifibus - ok

14:17:40.0391 1516 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

14:17:40.0393 1516 vwififlt - ok

14:17:40.0417 1516 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

14:17:40.0419 1516 vwifimp - ok

14:17:40.0453 1516 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

14:17:40.0461 1516 W32Time - ok

14:17:40.0485 1516 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

14:17:40.0486 1516 WacomPen - ok

14:17:40.0517 1516 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

14:17:40.0520 1516 WANARP - ok

14:17:40.0524 1516 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

14:17:40.0525 1516 Wanarpv6 - ok

14:17:40.0634 1516 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

14:17:40.0662 1516 WatAdminSvc - ok

14:17:40.0715 1516 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

14:17:40.0734 1516 wbengine - ok

14:17:40.0796 1516 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

14:17:40.0804 1516 WbioSrvc - ok

14:17:40.0832 1516 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

14:17:40.0839 1516 wcncsvc - ok

14:17:40.0851 1516 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

14:17:40.0855 1516 WcsPlugInService - ok

14:17:40.0878 1516 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

14:17:40.0880 1516 Wd - ok

14:17:40.0930 1516 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

14:17:40.0942 1516 Wdf01000 - ok

14:17:40.0961 1516 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

14:17:40.0964 1516 WdiServiceHost - ok

14:17:40.0970 1516 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

14:17:40.0973 1516 WdiSystemHost - ok

14:17:40.0988 1516 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

14:17:40.0994 1516 WebClient - ok

14:17:41.0008 1516 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

14:17:41.0013 1516 Wecsvc - ok

14:17:41.0033 1516 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

14:17:41.0036 1516 wercplsupport - ok

14:17:41.0049 1516 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

14:17:41.0052 1516 WerSvc - ok

14:17:41.0079 1516 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

14:17:41.0081 1516 WfpLwf - ok

14:17:41.0101 1516 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

14:17:41.0102 1516 WIMMount - ok

14:17:41.0119 1516 WinDefend - ok

14:17:41.0125 1516 WinHttpAutoProxySvc - ok

14:17:41.0184 1516 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

14:17:41.0190 1516 Winmgmt - ok

14:17:41.0260 1516 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

14:17:41.0293 1516 WinRM - ok

14:17:41.0327 1516 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys

14:17:41.0329 1516 WinUsb - ok

14:17:41.0373 1516 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

14:17:41.0393 1516 Wlansvc - ok

14:17:41.0434 1516 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

14:17:41.0435 1516 wlcrasvc - ok

14:17:41.0528 1516 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

14:17:41.0570 1516 wlidsvc - ok

14:17:41.0589 1516 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

14:17:41.0590 1516 WmiAcpi - ok

14:17:41.0623 1516 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

14:17:41.0626 1516 wmiApSrv - ok

14:17:41.0646 1516 WMPNetworkSvc - ok

14:17:41.0671 1516 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

14:17:41.0673 1516 WPCSvc - ok

14:17:41.0688 1516 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

14:17:41.0691 1516 WPDBusEnum - ok

14:17:41.0712 1516 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

14:17:41.0713 1516 ws2ifsl - ok

14:17:41.0747 1516 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

14:17:41.0750 1516 wscsvc - ok

14:17:41.0753 1516 WSearch - ok

14:17:41.0850 1516 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

14:17:41.0894 1516 wuauserv - ok

14:17:41.0936 1516 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

14:17:41.0940 1516 WudfPf - ok

14:17:41.0955 1516 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

14:17:41.0961 1516 WUDFRd - ok

14:17:41.0974 1516 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

14:17:41.0981 1516 wudfsvc - ok

14:17:42.0015 1516 [ CE8CF9DE9CBFDAA318BD04D8BE3FCADA ] WwanSvc C:\Windows\System32\wwansvc.dll

14:17:42.0020 1516 WwanSvc - ok

14:17:42.0095 1516 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

14:17:42.0103 1516 YahooAUService - ok

14:17:42.0129 1516 ================ Scan global ===============================

14:17:42.0150 1516 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

14:17:42.0195 1516 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

14:17:42.0213 1516 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

14:17:42.0249 1516 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

14:17:42.0270 1516 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

14:17:42.0276 1516 [Global] - ok

14:17:42.0276 1516 ================ Scan MBR ==================================

14:17:42.0288 1516 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

14:17:42.0560 1516 \Device\Harddisk0\DR0 - ok

14:17:42.0561 1516 ================ Scan VBR ==================================

14:17:42.0575 1516 [ 5CC60FD8590E5EE0A0E3D6933AB15E29 ] \Device\Harddisk0\DR0\Partition1

14:17:42.0579 1516 \Device\Harddisk0\DR0\Partition1 - ok

14:17:42.0586 1516 [ EE56555C661026287BA82F8099CF309D ] \Device\Harddisk0\DR0\Partition2

14:17:42.0590 1516 \Device\Harddisk0\DR0\Partition2 - ok

14:17:42.0617 1516 [ B8117DCD6BD5DFAAFA1AE1167434A9F5 ] \Device\Harddisk0\DR0\Partition3

14:17:42.0621 1516 \Device\Harddisk0\DR0\Partition3 - ok

14:17:42.0640 1516 [ E4E28C50A92925253C73EDA66BFE4428 ] \Device\Harddisk0\DR0\Partition4

14:17:42.0642 1516 \Device\Harddisk0\DR0\Partition4 - ok

14:17:42.0643 1516 ============================================================

14:17:42.0643 1516 Scan finished

14:17:42.0643 1516 ============================================================

14:17:42.0665 2184 Detected object count: 1

14:17:42.0665 2184 Actual detected object count: 1

14:17:56.0790 2184 sptd ( LockedFile.Multi.Generic ) - skipped by user

14:17:56.0790 2184 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

RKReport log

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...13-roguekiller/

Website : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : mantik [Admin rights]

Mode : Scan -- Date : 04/19/2013 14:24:59

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547564A9E384 +++++

--- User ---

[MBR] 9dc9b0ca9e93bcac8bae42a07bd88afe

[bSP] 82112811282040d6543f26e603ab8fd6 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 584766 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1198010368 | Size: 21450 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1241939968 | Size: 4063 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] b19f9ae0b6b3bbf81970b536b60a4b53

[bSP] 82112811282040d6543f26e603ab8fd6 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo

1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo

2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo

3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 1000 Mo

Finished : << RKreport[1]_S_04192013_02d1424.txt >>

RKreport[1]_S_04192013_02d1424.txt</dot></at>

Maurice Naggar · April 19, 2013

Task 1

Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Please disconnect any USB or external drives from the computer before you run this scan!
Right-Click RogueKiller and select Run as Administrator.
Wait until Prescan finishes.
On the RogueKiller console, click the Registry tab.
Put a check next to all of these and uncheck the rest: (if found)
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
Then click on Delete on the right hand column under Options.
When done, logoff & Restart the system.
The log will be found as RKreport
Copy & Paste the contents into next reply.

Task 2

Close any open documents/programs & all internet browsers you have running.
Please start AdwCleaner
Click on Delete button.
Confirm each time with OK.
Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[s1]

david_einhorn · April 19, 2013

Maurice,

The Rogue Killer worked but it seemed like it only deleted 2 out of the 3 disableregistrytools.

Rogue Killer Report:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : mantik [Admin rights]

Mode : Remove -- Date : 04/19/2013 16:42:48

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547564A9E384 +++++

--- User ---

[MBR] 9dc9b0ca9e93bcac8bae42a07bd88afe

[bSP] 82112811282040d6543f26e603ab8fd6 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 584766 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1198010368 | Size: 21450 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1241939968 | Size: 4063 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] b19f9ae0b6b3bbf81970b536b60a4b53

[bSP] 82112811282040d6543f26e603ab8fd6 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo

1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo

2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo

3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 1000 Mo

Finished : << RKreport[3]_D_04192013_02d1642.txt >>

RKreport[1]_S_04192013_02d1424.txt ; RKreport[2]_S_04192013_02d1641.txt ; RKreport[3]_D_04192013_02d1642.txt

For the Adwcleaner, after reboot I got a pop up that said this:

Error saving file

C:\Windows\ERDNT\AutoBackup\4-19-2013\SAM!

Continue with next file

[RegCreateKeyEx:5 - Access is denied]

Yes/No

I tried clicking on Yes but it kept poping up so I clicked no in the end.

Below is the log:

# AdwCleaner v2.200 - Logfile created 04/19/2013 at 16:47:36

# Updated 02/04/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : mantik - MANTIK-HP

# Boot Mode : Normal

# Running from : C:\Users\mantik\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : DefaultTabUpdate

***** [Files / Folders] *****

File Deleted : C:\END

File Deleted : C:\Users\mantik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage

File Deleted : C:\Users\mantik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

Folder Deleted : C:\Program Files (x86)\OApps

Folder Deleted : C:\ProgramData\APN

Folder Deleted : C:\Users\mantik\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\mantik\AppData\Roaming\DefaultTab

Folder Deleted : C:\Users\mantik\AppData\Roaming\Mozilla\Firefox\Profiles\aauyn24f.default\extensions\plugin@selectionlinks.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\Default Tab

Key Deleted : HKCU\Software\DefaultTab

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD

Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD

Key Deleted : HKLM\Software\Default Tab

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\mantik\AppData\Roaming\Mozilla\Firefox\Profiles\aauyn24f.default\prefs.js

C:\Users\mantik\AppData\Roaming\Mozilla\Firefox\Profiles\aauyn24f.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\mantik\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2603] : homepage = "hxxp://search.conduit.com/?ctid=CT3290238&SearchSource=48&CUI=UN34933723791385137&UM[...]

*************************

AdwCleaner[R1].txt - [5247 octets] - [19/04/2013 14:03:51]

AdwCleaner[s1].txt - [5102 octets] - [19/04/2013 16:47:36]

########## EOF - C:\AdwCleaner[s1].txt - [5162 octets] ##########

Maurice Naggar · April 19, 2013

Continue with the following.

Task 1

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Task 2

Close any open work documents, if any, saving your work.

Make sure to close any other programs that you started before.

Please download Junkware Removal Tool by Thisisu to your Desktop.

Please close your security software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or 7 or 8, right-mouse click JRT.exe and select Run as administrator.
The tool will open and display information and disclaimer in a Command prompt window.
I'd suggest you close all internet browsers at this point.
Press a key on keyboard to start scanning your system.
Please be very patient as this will take several minutes to complete, depending on your system's specifications.
There are approximatly 12 phases or so in this tool. You will see each phase listed in the Command prompt window.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open. And the command prompt will have been closed.
Please post the contents of JRT.txt into a new reply.

Task 3

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member david_einhorn only. If you are a casual viewer, do NOT try this on your system!

If you are not david_einhorn and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

david_einhorn · April 20, 2013

Maurice,

I did all the tasks per your instruction. I'm not sure about the system but I tried logging in to my skype, yahoo mail and and some of my online forum accounts and all my passwords are working now, which is such a relief.

Below are the logs, hopefully my computer is 100% safe now

Rkill:

Rkill 2.4.7 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/20/2013 03:53:45 AM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 04/20/2013 03:54:04 AM

Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)

JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.8.6 (04.19.2013:1)

OS: Windows 7 Home Premium x64

Ran by mantik on Sat 04/20/2013 at 3:56:50.55

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin

Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin.1

Successfully deleted: [Registry Key] hkey_current_user\software\pc optimizer pro

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

Successfully deleted: [File] C:\Users\mantik\appdata\local\{701F1BB2-CC14-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul [Trojan:JS/Medfos.A]

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\mantik\appdata\local\{0D40B8E7-E4D1-4F4E-830D-CAA7D29CE358}

Successfully deleted: [Empty Folder] C:\Users\mantik\appdata\local\{8DB60CA1-94FE-4281-930A-9E7B7ACC9B68}

Successfully deleted: [Empty Folder] C:\Users\mantik\appdata\local\{F8E2C776-FDEA-4DEC-9EF0-C10163029E9F}

Successfully deleted: [Folder] C:\Users\mantik\appdata\local\{701F1BB2-CC14-11E1-8270-B8AC6F996F26} [Trojan:JS/Medfos.A]

~~~ FireFox

Emptied folder: C:\Users\mantik\AppData\Roaming\mozilla\firefox\profiles\aauyn24f.default\minidumps [8 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 04/20/2013 at 4:07:43.68

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Combofix log:

ComboFix 13-04-20.01 - mantik 04/20/2013 4:22.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4054 [GMT -5:00]

Running from: c:\users\mantik\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\go_0molg.pad

c:\programdata\l_u0_0.pad

c:\programdata\Microsoft\Windows\DRM\7DED.tmp

c:\programdata\Microsoft\Windows\DRM\7DEE.tmp

c:\users\mantik\AppData\Local\Temp\_MEI41402\_ctypes.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\_elementtree.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\_hashlib.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\_socket.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\_ssl.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\pyexpat.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\pysqlite2._sqlite.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\python27.dll

c:\users\mantik\AppData\Local\Temp\_MEI41402\pythoncom27.dll

c:\users\mantik\AppData\Local\Temp\_MEI41402\PyWinTypes27.dll

c:\users\mantik\AppData\Local\Temp\_MEI41402\select.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\unicodedata.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\win32api.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\win32com.shell.shell.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\win32crypt.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\win32event.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\win32file.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\win32inet.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\win32pdh.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\win32process.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\win32profile.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\win32security.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\win32ts.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\windows._cacheinvalidation.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\wx._controls_.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\wx._core_.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\wx._gdi_.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\wx._html2.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\wx._misc_.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\wx._windows_.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\wx._wizard.pyd

c:\users\mantik\AppData\Local\Temp\_MEI41402\wxbase294u_net_vc90.dll

c:\users\mantik\AppData\Local\Temp\_MEI41402\wxbase294u_vc90.dll

c:\users\mantik\AppData\Local\Temp\_MEI41402\wxmsw294u_adv_vc90.dll

c:\users\mantik\AppData\Local\Temp\_MEI41402\wxmsw294u_core_vc90.dll

c:\users\mantik\AppData\Local\Temp\_MEI41402\wxmsw294u_html_vc90.dll

c:\users\mantik\AppData\Local\Temp\_MEI41402\wxmsw294u_webview_vc90.dll

.

((((((((((((((((((((((((( Files Created from 2013-03-20 to 2013-04-20 )))))))))))))))))))))))))))))))

.

2013-04-20 08:56 . 2013-04-20 08:56 -------- d-----w- c:\windows\ERUNT

2013-04-20 08:55 . 2013-04-20 08:55 -------- d-----w- C:\JRT

2013-04-19 20:25 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31AB9ABE-1C4A-4B69-86CF-2B97B19207B7}\mpengine.dll

2013-04-19 18:58 . 2013-04-19 18:58 -------- d-----w- c:\program files (x86)\ERUNT

2013-04-18 20:53 . 2013-04-18 20:53 -------- d-----w- c:\programdata\AVS4YOU

2013-04-18 20:53 . 2013-04-18 20:53 -------- d-----w- c:\users\mantik\AppData\Roaming\AVS4YOU

2013-04-18 20:52 . 2013-04-18 20:52 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia

2013-04-18 20:52 . 2013-04-18 20:52 -------- d-----w- c:\program files (x86)\AVS4YOU

2013-04-18 20:52 . 2011-06-23 18:26 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll

2013-04-18 20:52 . 2011-06-23 18:25 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll

2013-04-18 20:47 . 2013-04-18 20:47 -------- d-----w- c:\users\mantik\AppData\Local\ezvid,_inc

2013-04-18 20:17 . 2013-04-18 20:28 -------- d-----w- c:\users\mantik\AppData\Local\WeatherBug

2013-04-18 20:17 . 2013-04-18 20:17 -------- d-----w- c:\users\mantik\AppData\Roaming\WeatherBug

2013-04-18 20:17 . 2013-04-18 20:17 -------- d-----w- c:\program files (x86)\AWS

2013-04-18 20:16 . 2013-04-18 20:16 -------- d-----w- c:\users\mantik\AppData\Local\CRE

2013-04-10 04:22 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-04-10 04:22 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 04:22 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-04-10 04:22 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-10 04:22 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-10 04:22 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-04-10 04:22 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-04-10 04:22 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-04-10 04:22 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe

2013-04-07 05:49 . 2013-04-07 05:49 -------- d-----w- c:\program files (x86)\Common Files\Skype

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-11 14:22 . 2011-05-31 16:18 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll

2013-04-10 08:02 . 2012-12-05 18:52 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-03-19 09:24 . 2013-03-19 07:51 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-19 09:24 . 2011-07-17 01:27 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-19 08:02 . 2013-03-19 08:02 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-03-19 08:02 . 2013-03-19 08:02 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-03-19 08:02 . 2013-03-19 08:02 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-03-19 08:02 . 2013-03-19 08:02 81408 ----a-w- c:\windows\system32\icardie.dll

2013-03-19 08:02 . 2013-03-19 08:02 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-03-19 08:02 . 2013-03-19 08:02 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-03-19 08:02 . 2013-03-19 08:02 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-03-19 08:02 . 2013-03-19 08:02 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-03-19 08:02 . 2013-03-19 08:02 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-03-19 08:02 . 2013-03-19 08:02 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-03-19 08:02 . 2013-03-19 08:02 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-03-19 08:02 . 2013-03-19 08:02 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-03-19 08:02 . 2013-03-19 08:02 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-03-19 08:02 . 2013-03-19 08:02 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-03-19 08:02 . 2013-03-19 08:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-03-19 08:02 . 2013-03-19 08:02 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-03-19 08:02 . 2013-03-19 08:02 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-03-19 08:02 . 2013-03-19 08:02 441856 ----a-w- c:\windows\system32\html.iec

2013-03-19 08:02 . 2013-03-19 08:02 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-03-19 08:02 . 2013-03-19 08:02 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-03-19 08:02 . 2013-03-19 08:02 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-03-19 08:02 . 2013-03-19 08:02 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-03-19 08:02 . 2013-03-19 08:02 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-03-19 08:02 . 2013-03-19 08:02 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-03-19 08:02 . 2013-03-19 08:02 235008 ----a-w- c:\windows\system32\url.dll

2013-03-19 08:02 . 2013-03-19 08:02 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-03-19 08:02 . 2013-03-19 08:02 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-03-19 08:02 . 2013-03-19 08:02 216064 ----a-w- c:\windows\system32\msls31.dll

2013-03-19 08:02 . 2013-03-19 08:02 197120 ----a-w- c:\windows\system32\msrating.dll

2013-03-19 08:02 . 2013-03-19 08:02 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-03-19 08:02 . 2013-03-19 08:02 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-03-19 08:02 . 2013-03-19 08:02 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-03-19 08:02 . 2013-03-19 08:02 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-03-19 08:02 . 2013-03-19 08:02 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-03-19 08:02 . 2013-03-19 08:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-03-19 08:02 . 2013-03-19 08:02 149504 ----a-w- c:\windows\system32\occache.dll

2013-03-19 08:02 . 2013-03-19 08:02 144896 ----a-w- c:\windows\system32\wextract.exe

2013-03-19 08:02 . 2013-03-19 08:02 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-03-19 08:02 . 2013-03-19 08:02 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-03-19 08:02 . 2013-03-19 08:02 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-03-19 08:02 . 2013-03-19 08:02 13824 ----a-w- c:\windows\system32\mshta.exe

2013-03-19 08:02 . 2013-03-19 08:02 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-03-19 08:02 . 2013-03-19 08:02 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-03-19 08:02 . 2013-03-19 08:02 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-03-19 08:02 . 2013-03-19 08:02 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-03-19 08:02 . 2013-03-19 08:02 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-03-19 08:02 . 2013-03-19 08:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-03-19 08:02 . 2013-03-19 08:02 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-03-19 08:02 . 2013-03-19 08:02 102912 ----a-w- c:\windows\system32\inseng.dll

2013-03-12 06:10 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe

2013-02-25 00:49 . 2013-02-25 00:49 110080 ----a-r- c:\users\mantik\AppData\Roaming\Microsoft\Installer\{28DE691E-A3FE-4361-B240-9C7EFA3805DA}\IconF7A21AF7.exe

2013-02-25 00:49 . 2013-02-25 00:49 110080 ----a-r- c:\users\mantik\AppData\Roaming\Microsoft\Installer\{28DE691E-A3FE-4361-B240-9C7EFA3805DA}\IconD7F16134.exe

2013-02-25 00:49 . 2013-02-25 00:49 110080 ----a-r- c:\users\mantik\AppData\Roaming\Microsoft\Installer\{28DE691E-A3FE-4361-B240-9C7EFA3805DA}\Icon1226A4C5.exe

2013-02-12 05:45 . 2013-03-13 21:44 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 21:44 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 21:44 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 21:44 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 21:44 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 21:44 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-12 04:12 . 2013-03-20 20:16 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\mantik\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\mantik\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\mantik\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\mantik\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-03-07 19357112]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]

"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2012-11-20 1653760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-04-08 586808]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-06-13 336440]

"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-05-31 1342008]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-09-18 296096]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

.

c:\users\mantik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\mantik\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]

ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 246368]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-03-29 29808]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-25 337512]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-10 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [2011-05-16 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [2012-05-22 1129120]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2011-12-01 1157240]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [2012-06-07 167072]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-17 279616]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120210.002\IDSvia64.sys [2011-12-15 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [2012-04-18 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [2012-04-18 405624]

S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-25 260424]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-04-08 26680]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-12-04 103472]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [2012-06-16 138272]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936]

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 09:24]

.

2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-05 07:56]

.

2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-05 07:56]

.

2013-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903844174-127359237-2735500901-1000Core.job

- c:\users\mantik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-10 06:01]

.

2013-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903844174-127359237-2735500901-1000UA.job

- c:\users\mantik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-10 06:01]

.

2013-04-15 c:\windows\Tasks\HPCeeScheduleFormantik.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\mantik\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\mantik\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\mantik\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\mantik\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-03-07 21:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-03-07 21:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-03-07 21:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-03-07 21:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]

"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130209,17117,0,18,0

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;<local>

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 10.1.10.1 192.168.1.1

FF - ProfilePath - c:\users\mantik\AppData\Roaming\Mozilla\Firefox\Profiles\aauyn24f.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

.

- - - - ORPHANS REMOVED - - - -

.

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-sl-dlc - c:\program files (x86)\OApps\sl-dlc_uninstall.exe

AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]

@=hex:bb,d9,b6,73,94,60,cd,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]

@=hex:62,87,e7,73,94,60,cd,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]

@=hex:3a,d4,4f,70,94,60,cd,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

.

**************************************************************************

.

Completion time: 2013-04-20 04:58:52 - machine was rebooted

ComboFix-quarantined-files.txt 2013-04-20 09:58

.

Pre-Run: 433,123,741,696 bytes free

Post-Run: 434,421,231,616 bytes free

.

- - End Of File - - FC9E719295792EAC808DFED9F2996609

Maurice Naggar · April 20, 2013

I am glad to hear that you are able to login at sites normally.

But please know that there is no guarantee of "100% safety". That can only be had if and only if you do a wipe/erase/ and new install of Windows + your program applications.

I would suggest you follow-on and do the following:

Task 1

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 / 8 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

IF prompted to update Avast definitions, answer NO.

On the following screen:

uncheck trace disk IO calls at the bottom left :excl:

Now, Click the "Scan" button to start scan.

Have patience as it scans.

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me)

Now click save log, save it to your desktop and Copy & Paste in your next reply.

Do NOT click any Fix button.

EXIT the tool.

Task 2

Download Security Check by screen317 from >>here<<.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Task 3

Start your Norton Internet Security. Do an Update run.

Then do a Full scan with your antivirus.

Please report on what the result is.

Task 4

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

We are not done. There will be more to follow.

david_einhorn · April 22, 2013

Maurice,

You are right, MBAM's full scan did find rootkits. Below are the logs:

aswMBR log

Run date: 2013-04-21 21:33:02

-----------------------------

21:33:02.163 OS Version: Windows x64 6.1.7601 Service Pack 1

21:33:02.163 Number of processors: 4 586 0x2A07

21:33:02.164 ComputerName: MANTIK-HP UserName: mantik

21:33:03.983 Initialize success

21:33:35.381 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

21:33:35.385 Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 3

21:33:35.485 Disk 0 MBR read successfully

21:33:35.489 Disk 0 MBR scan

21:33:35.495 Disk 0 Windows 7 default MBR code

21:33:35.501 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048

21:33:35.514 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 584766 MB offset 409600

21:33:35.546 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21450 MB offset 1198010368

21:33:35.568 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4063 MB offset 1241939968

21:33:35.695 Disk 0 scanning C:\Windows\system32\drivers

21:33:43.485 Service scanning

21:34:01.853 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

21:34:09.506 Modules scanning

21:34:09.525 Scan finished successfully

21:34:39.864 Disk 0 MBR has been saved successfully to "C:\Users\mantik\Desktop\MBR.dat"

21:34:39.869 The log file has been saved successfully to "C:\Users\mantik\Desktop\aswMBR.txt"

Screen 317 log

Results of screen317's Security Check version 0.99.62

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

McAfee SiteAdvisor

Malwarebytes Anti-Malware version 1.70.0.1100

Java 6 Update 24

Java 6 Update 31

Java version out of Date!

Adobe Flash Player 11.6.602.180

Adobe Reader 10.1.2 Adobe Reader out of Date!

Mozilla Firefox (20.0.1)

Google Chrome 26.0.1410.43

Google Chrome 26.0.1410.64

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

MBAM log

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.04.22.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16540

mantik :: MANTIK-HP [administrator]

4/21/2013 10:16:27 PM

mbam-log-2013-04-21 (22-16-27).txt

Scan type: Full scan (C:\|D:\|E:\|)

Scan options disabled: P2P

Objects scanned: 466623

Time elapsed: 1 hour(s), 7 minute(s), 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\7DED.tmp.vir (Rootkit.ZeroAccess) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\7DEE.tmp.vir (Rootkit.ZeroAccess) -> Quarantined and deleted successfully.

(end)

Maurice Naggar · April 22, 2013

1

Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
IF prompted to Reboot, reply "Yes".

2

Download, & save & then run the MS Safety scanner

http://www.microsoft.com/security/scanner/en-us/default.aspx

Let me know the result.

Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.

david_einhorn · April 24, 2013

Maurice,

I ran the TFC as instructed, however, I was not able to run the MS Safety Scanner. It said it was not a valid win32 application.

I downloaded the 64 bit version (my computer is a 64 bit system) and I also tried to it cut & paste it to desktop but it still won't load.

Is there any other website to download it?

Maurice Naggar · April 24, 2013

No, the MS safety scanner can only be obtained from Microsoft.

Please proceed with the following:

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

go to http://support.microsoft.com/kb/923737

[ignore any DOES NOT APPLY warnings as well as the APPLIES TO section] & run the Fix It.

Note=> For optimal results, check the Delete personal settings option.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

Accept the Terms of Use and press Start button;
Approve the install of the required ActiveX Control, then follow on-screen instructions;
Enable (check) the Remove found threats option, and run the scan.
After the scan completes, the Details tab in the Results window will display what was found and removed.
- A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad.
The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://go.eset.com/us/online-scanner/faq
- It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
  (And the prompt re-enabling when finished.)
- If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
- Do not use the system while the scan is running. Once the full scan is underway, go take a long break

Re-enable the antivirus program.

Reply with copy of the Eset scan log

Maurice Naggar · April 28, 2013

How's it going? Have you resolved your issue? I'd like a status update from you.

david_einhorn · April 30, 2013

Hi Maurice,

really sorry for the late response,

here's the log of eset online scan:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

That's the only thing I found on the log, so I decided to copy the scan results here as well:

C:\TDSSKiller_Quarantine\24.07.2012_16.22.56\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\24.07.2012_16.22.56\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\24.07.2012_16.22.56\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\24.07.2012_16.22.56\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\24.07.2012_16.22.56\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\24.07.2012_16.22.56\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\24.07.2012_16.22.56\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\24.07.2012_16.22.56\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\24.07.2012_17.06.43\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\24.07.2012_17.06.43\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\24.07.2012_17.06.43\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\24.07.2012_17.06.43\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\24.07.2012_17.06.43\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\24.07.2012_17.06.43\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\24.07.2012_17.06.43\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\24.07.2012_17.06.43\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

C:\Users\mantik\Downloads\EZVID_Setup (1).exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined

C:\Users\mantik\Downloads\EZVID_Setup.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined

C:\Users\mantik\Downloads\firstrowsportapp_setup(14).exe Win32/Adware.1ClickDownload.G application cleaned by deleting - quarantined

C:\Users\mantik\Downloads\firstrowsportapp_setup(34).exe Win32/Adware.1ClickDownload.G application cleaned by deleting - quarantined

Maurice Naggar · April 30, 2013

What were found in the quarantine sub-folder were not new items, and in any event were not active.

You can see you had 4 files that were in the Downloads folder which were tagged as being adwares.

I would urge you to be very cautious when downloading from the internet. Make it a habit to always scan the file(s) with your Antivirus & with MBAM -before- installing or running such downloads.

Java vulnerabilities are a never ending occurence. Bottom line is, if your system does not have an installed 3rd-party application that needs it, then unistall it.

If you do have that dependency, then turn off Java in your browsers.

If somehow, you have a often-used website that needs Java to display all information, then just use a specific browser and only allow Java in that one.

If you decide to keep Java:

The Java runtime components are typically located at

C:\Program Files (x86)\Java\jre7\bin {or C:\Program Files\Java\jre7\bin on Windows XP}

Locate javacpl.exe the Java control panel.

Right click and select Open

Click on the Update tab

Put a checkmark at "Check for updates automatically"

On the General tab, under Temporary Internet Files, click the Settings button.

Next, click on the Delete Files button

Checkmark (select) all boxes you can & Click OK on Delete Temporary Files Window.

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

Click OK to leave the Temporary Files Window

Click on the Advanced tab

Expand Miscellaneous:

Un-check "place Java icon in system tray"

Un-check "Java quick starter"

Exit/close

If you want to disable Java in your browser:

How to disable Java in various browsers : http://blog.eset.com...r-way-to-browse

Also see No, Seriously, Just Disable Java in Your Browser Right Now

As noted by Brian Krebs,

Most consumers can get by without Java installed, or least not plugged into the browser. Because of the prevalence of threats targeting Java installations, I’d urge these users to remove Java or unplug it from the browser. If this is too much trouble, consider adopting a dual-browser approach, keeping Java unplugged from your main browser, and plugged in to a secondary browser that you only use to visit sites that require the plugin.

Also see How to protect your computer against dangerous Java Applets

Your system has an old version (also insecure) of Adobe Reader. You need to uninstall Adobe Reader.

Consider getting an alternate tool like Sumatra PDF as mentioned by Corrine on her Security Garden blog.

http://securitygarde...umatra-pdf.html

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

david_einhorn · May 3, 2013

You are right Maurice, the Ez Vid files that were tagged were the sole reason I actually made this topic. I downloaded it after checking with various websites, forum boards and I even checked with McAfee site advisor about their website. But turned out it it's indeed malicious..

And yeah, I've heard about how vulerable Java is and I guess I'll be using two browsers for now on. Firefox for basic browse and chrome for the one with Java.

As for the scan, below is the log:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.04.22.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16540

mantik :: MANTIK-HP [administrator]

5/3/2013 12:43:00 AM

mbam-log-2013-05-03 (00-43-00).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 223042

Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Thank you for you help so far Maurice, I really appreciate it!

Maurice Naggar · May 3, 2013

Very good. You are welcome.

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix ),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

Highlight the line in this CODEBOX.
Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
```
c:\users\mantik\Desktop\ComboFix.exe /uninstall
```
Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

adwcleaner

tdsskiller.exe

roguekiller.exe

RKILL

jrt.exe

aswmbr.exe

securitycheck.exe

msert.exe

You may use Control Panel >> Programs and Features and uninstall ESET Online scan.

I would recommend that you get the MBAM PRO license to help prevent any future infection.

Safer practices & malware prevention

Have a hardware router between the incoming internet-modem and your computer.
Use a Standard user account rather than an administrator-rights account when "surfing" the web.
Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
Check in at Windows Update and install any Important Updates offered.
Make certain that Automatic Updates is enabled.
How to configure and use Automatic Updates in Windows
http://support.microsoft.com/kb/306525
Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (OSI) on a monthly basis.
See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
That would help to keep your browser away from known spyware/malware sites.
Get notified when the MVPS HOSTS file is updated
http://winhelp2002.mvps.org/updates.htm
Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
Having a total image backup of your system stored on DVD/CD is highly important.
Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if a disaster hits.
Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.asp
or Paragon Backup & Recovery http://www.paragon-software.com/home/br-free/download.html
Consider using Web of Trust WOT add-on for your browser(s)
http://www.mywot.com/en/download
http://www.mywot.com/en/faq/add-on
Take extreme care if you share USB-flash/thumb drives from other people {even from friends, roommates, relatives}
Don't plug in an unknown flash/thumb drive into your PC.
IF you must do so, hold down the SHIFT-key when you insert the drive.
Scan any file with your Antivirus prior to opening or using.
On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:

ESET Online Scanner
BitDefender Quickscan
Trend Micro Housecall
F-Secure Online Scanner
Microsoft Safety Scanner
Panda ActiveScan
See Six tips to help you stay safer online
Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !

We are finished here. Best regards.

Maurice Naggar · May 3, 2013

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Infected, all of my online passwords stopped working/ Trojan:JS/Medfos.A

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information