Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Root Kit?


  • Please log in to reply
17 replies to this topic

#1 Lexxiaa

Lexxiaa

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 26 December 2012 - 03:28 PM

I have been noticing for the past week or more that my computer has been running even more slow than it usually does. Lagging web pages, lagging game play where before I have little to no problems, first I thought it was our internet but all the other computers are doing fine. I was helped before with my work computer and I would truly appreciate the help again on my person laptop. She's a little old but I believe she still has potential!
Windows also gave me the error of "This is not a genuine copy of windows" In all the years Ive had the computer I've never seen this error

I believe if I can get help cleaning the computer there might be other viruses in there that my antivirus cant find

I spoke to a tech friend and he said that the error I received can be a cause of root kit

Edited by Lexxiaa, 26 December 2012 - 03:31 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:47 PM

Posted 29 December 2012 - 09:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Before suggesting any fixes I need the following information.


Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Posted Image

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 Lexxiaa

Lexxiaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 14 January 2013 - 09:35 PM

Oh my goodness! I never received my email saying that someone had replied, I'm very sorry for the long delay, will you still be able to help me?

#4 Lexxiaa

Lexxiaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 14 January 2013 - 10:00 PM

DDS Report
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.4.1
Run by Lexxi at 21:45:20 on 2013-01-14
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.1812 [GMT -5:00]
.
AV: ESET Smart Security 5.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - LocalServer32 - <no file>
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - LocalServer32 - <no file>
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [AdobeBridge] <no file>
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -update plugin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{7C69C26B-E8C5-4706-A1A9-85A5DD31F994} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{7C69C26B-E8C5-4706-A1A9-85A5DD31F994}\2375942554634343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{7C69C26B-E8C5-4706-A1A9-85A5DD31F994}\4586F6D61637 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7C69C26B-E8C5-4706-A1A9-85A5DD31F994}\7594E4F593635673 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{F903BF2D-8B6B-413E-B33C-498327162E1A} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lexxi\AppData\Roaming\Mozilla\Firefox\Profiles\62v8ry8q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\System32\npDeployJava1.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
FF - plugin: C:\Windows\System32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\npOGPPlugin.dll
FF - ExtSQL: 2012-12-20 13:09; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; C:\Users\Lexxi\AppData\Roaming\Mozilla\Firefox\Profiles\62v8ry8q.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2012-12-20 13:52; {22119944-ED35-4ab1-910B-E619EA06A115}; C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-3-14 62496]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-5-27 56208]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-3-14 38288]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-24 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-21 682344]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2012-5-27 44624]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-21 24176]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]
S2 Application Updater;Application Updater;"C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" --> C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-12-30 31800]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-01-09 19:17:34 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7B863733-31C2-4EC1-A37D-3823DF777137}\offreg.dll
2012-12-31 04:47:47 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2012-12-31 04:47:44 -------- d-----w- C:\Program Files\VS Revo Group
2012-12-30 13:46:38 -------- d-----w- C:\Users\Lexxi\AppData\Local\Programs
2012-12-28 00:44:07 -------- d-----r- C:\Sandbox
2012-12-28 00:41:46 -------- d-----w- C:\Program Files\Sandboxie
2012-12-22 13:49:33 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-22 13:49:33 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-22 13:49:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-22 13:49:31 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-21 19:11:00 -------- d-----w- C:\AMD
2012-12-21 17:29:38 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7B863733-31C2-4EC1-A37D-3823DF777137}\mpengine.dll
2012-12-20 18:51:23 -------- d-----w- C:\Program Files (x86)\Siber Systems
2012-12-17 17:15:09 -------- d-----w- C:\ProgramData\Visan
2012-12-17 17:15:09 -------- d-----w- C:\ProgramData\PrintProjects
2012-12-17 17:15:09 -------- d-----w- C:\Program Files (x86)\PrintProjects
2012-12-17 17:12:19 -------- d-----w- C:\Windows\SysWow64\kodak
.
==================== Find3M ====================
.
2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-12 03:12:40 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-12-12 03:12:40 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
.
============= FINISH: 21:45:37.93 ===============



TDSS Report
21:48:16.0045 6404 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:48:16.0475 6404 ============================================================
21:48:16.0475 6404 Current date / time: 2013/01/14 21:48:16.0475
21:48:16.0475 6404 SystemInfo:
21:48:16.0476 6404
21:48:16.0476 6404 OS Version: 6.1.7601 ServicePack: 1.0
21:48:16.0476 6404 Product type: Workstation
21:48:16.0476 6404 ComputerName: PAVILLIONDV6875
21:48:16.0476 6404 UserName: Lexxi
21:48:16.0476 6404 Windows directory: C:\Windows
21:48:16.0476 6404 System windows directory: C:\Windows
21:48:16.0476 6404 Running under WOW64
21:48:16.0476 6404 Processor architecture: Intel x64
21:48:16.0476 6404 Number of processors: 2
21:48:16.0476 6404 Page size: 0x1000
21:48:16.0476 6404 Boot type: Normal boot
21:48:16.0476 6404 ============================================================
21:48:17.0917 6404 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:48:17.0926 6404 ============================================================
21:48:17.0926 6404 \Device\Harddisk0\DR0:
21:48:17.0926 6404 MBR partitions:
21:48:17.0926 6404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:48:17.0926 6404 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
21:48:17.0926 6404 ============================================================
21:48:17.0959 6404 C: <-> \Device\Harddisk0\DR0\Partition2
21:48:17.0959 6404 ============================================================
21:48:17.0959 6404 Initialize success
21:48:17.0959 6404 ============================================================
21:49:13.0172 5536 ============================================================
21:49:13.0172 5536 Scan started
21:49:13.0172 5536 Mode: Manual;
21:49:13.0172 5536 ============================================================
21:49:13.0829 5536 ================ Scan system memory ========================
21:49:13.0830 5536 System memory - ok
21:49:13.0830 5536 ================ Scan services =============================
21:49:14.0029 5536 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
21:49:14.0033 5536 1394ohci - ok
21:49:14.0085 5536 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:49:14.0091 5536 ACPI - ok
21:49:14.0097 5536 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:49:14.0099 5536 AcpiPmi - ok
21:49:14.0157 5536 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:49:14.0164 5536 adp94xx - ok
21:49:14.0201 5536 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:49:14.0207 5536 adpahci - ok
21:49:14.0229 5536 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:49:14.0232 5536 adpu320 - ok
21:49:14.0294 5536 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:49:14.0296 5536 AeLookupSvc - ok
21:49:14.0367 5536 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:49:14.0374 5536 AFD - ok
21:49:14.0402 5536 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:49:14.0404 5536 agp440 - ok
21:49:14.0426 5536 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:49:14.0429 5536 ALG - ok
21:49:14.0438 5536 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:49:14.0440 5536 aliide - ok
21:49:14.0447 5536 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:49:14.0448 5536 amdide - ok
21:49:14.0461 5536 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:49:14.0464 5536 AmdK8 - ok
21:49:14.0481 5536 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:49:14.0483 5536 AmdPPM - ok
21:49:14.0516 5536 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:49:14.0519 5536 amdsata - ok
21:49:14.0550 5536 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:49:14.0555 5536 amdsbs - ok
21:49:14.0579 5536 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:49:14.0581 5536 amdxata - ok
21:49:14.0590 5536 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:49:14.0592 5536 AppID - ok
21:49:14.0608 5536 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:49:14.0610 5536 AppIDSvc - ok
21:49:14.0619 5536 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:49:14.0621 5536 Appinfo - ok
21:49:14.0766 5536 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:49:14.0767 5536 Apple Mobile Device - ok
21:49:14.0798 5536 Application Updater - ok
21:49:14.0851 5536 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:49:14.0856 5536 AppMgmt - ok
21:49:14.0901 5536 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:49:14.0903 5536 arc - ok
21:49:14.0921 5536 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:49:14.0926 5536 arcsas - ok
21:49:15.0053 5536 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:49:15.0055 5536 aspnet_state - ok
21:49:15.0079 5536 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:49:15.0081 5536 AsyncMac - ok
21:49:15.0088 5536 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:49:15.0089 5536 atapi - ok
21:49:15.0143 5536 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:49:15.0160 5536 AudioEndpointBuilder - ok
21:49:15.0174 5536 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:49:15.0180 5536 AudioSrv - ok
21:49:15.0240 5536 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:49:15.0244 5536 AxInstSV - ok
21:49:15.0291 5536 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:49:15.0309 5536 b06bdrv - ok
21:49:15.0364 5536 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:49:15.0369 5536 b57nd60a - ok
21:49:15.0398 5536 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:49:15.0401 5536 BDESVC - ok
21:49:15.0435 5536 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:49:15.0437 5536 Beep - ok
21:49:15.0491 5536 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:49:15.0510 5536 BFE - ok
21:49:15.0556 5536 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:49:15.0590 5536 BITS - ok
21:49:15.0632 5536 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:49:15.0634 5536 blbdrive - ok
21:49:15.0716 5536 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:49:15.0733 5536 Bonjour Service - ok
21:49:15.0781 5536 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:49:15.0783 5536 bowser - ok
21:49:15.0790 5536 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:49:15.0791 5536 BrFiltLo - ok
21:49:15.0812 5536 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:49:15.0813 5536 BrFiltUp - ok
21:49:15.0857 5536 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:49:15.0861 5536 Browser - ok
21:49:15.0881 5536 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:49:15.0886 5536 Brserid - ok
21:49:15.0893 5536 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:49:15.0897 5536 BrSerWdm - ok
21:49:15.0905 5536 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:49:15.0907 5536 BrUsbMdm - ok
21:49:15.0915 5536 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:49:15.0916 5536 BrUsbSer - ok
21:49:15.0930 5536 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:49:15.0937 5536 BTHMODEM - ok
21:49:16.0013 5536 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:49:16.0015 5536 bthserv - ok
21:49:16.0059 5536 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:49:16.0061 5536 cdfs - ok
21:49:16.0093 5536 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:49:16.0097 5536 cdrom - ok
21:49:16.0132 5536 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:49:16.0134 5536 CertPropSvc - ok
21:49:16.0155 5536 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:49:16.0157 5536 circlass - ok
21:49:16.0200 5536 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:49:16.0206 5536 CLFS - ok
21:49:16.0263 5536 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:49:16.0265 5536 clr_optimization_v2.0.50727_32 - ok
21:49:16.0318 5536 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:49:16.0321 5536 clr_optimization_v2.0.50727_64 - ok
21:49:16.0407 5536 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:49:16.0410 5536 clr_optimization_v4.0.30319_32 - ok
21:49:16.0455 5536 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:49:16.0459 5536 clr_optimization_v4.0.30319_64 - ok
21:49:16.0513 5536 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:49:16.0515 5536 CmBatt - ok
21:49:16.0521 5536 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:49:16.0523 5536 cmdide - ok
21:49:16.0571 5536 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:49:16.0578 5536 CNG - ok
21:49:16.0629 5536 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:49:16.0631 5536 Compbatt - ok
21:49:16.0654 5536 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:49:16.0656 5536 CompositeBus - ok
21:49:16.0671 5536 COMSysApp - ok
21:49:16.0680 5536 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:49:16.0684 5536 crcdisk - ok
21:49:16.0737 5536 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:49:16.0741 5536 CryptSvc - ok
21:49:16.0790 5536 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
21:49:16.0807 5536 CSC - ok
21:49:16.0848 5536 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
21:49:16.0864 5536 CscService - ok
21:49:16.0913 5536 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:49:16.0922 5536 DcomLaunch - ok
21:49:16.0992 5536 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:49:16.0998 5536 defragsvc - ok
21:49:17.0048 5536 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:49:17.0050 5536 DfsC - ok
21:49:17.0092 5536 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:49:17.0098 5536 Dhcp - ok
21:49:17.0120 5536 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:49:17.0121 5536 discache - ok
21:49:17.0146 5536 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:49:17.0148 5536 Disk - ok
21:49:17.0264 5536 [ E50664F505D80FC2BED3186807609C22 ] Diskeeper C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
21:49:17.0333 5536 Diskeeper - ok
21:49:17.0375 5536 [ 20C394C80113D77406DF8F1ADC720B01 ] DKRtWrt C:\Windows\system32\DRIVERS\DKRtWrt.sys
21:49:17.0377 5536 DKRtWrt - ok
21:49:17.0413 5536 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
21:49:17.0416 5536 dmvsc - ok
21:49:17.0461 5536 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:49:17.0466 5536 Dnscache - ok
21:49:17.0528 5536 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:49:17.0534 5536 dot3svc - ok
21:49:17.0548 5536 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:49:17.0552 5536 DPS - ok
21:49:17.0604 5536 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:49:17.0606 5536 drmkaud - ok
21:49:17.0659 5536 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:49:17.0693 5536 DXGKrnl - ok
21:49:17.0756 5536 [ D00EAE9C735A7DEE8049E50D73D25434 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
21:49:17.0760 5536 eamonm - ok
21:49:17.0795 5536 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:49:17.0798 5536 EapHost - ok
21:49:17.0890 5536 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:49:17.0971 5536 ebdrv - ok
21:49:18.0015 5536 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:49:18.0018 5536 EFS - ok
21:49:18.0060 5536 [ E5EDDE3C8158DD0CBC5812F201DCDED0 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
21:49:18.0063 5536 ehdrv - ok
21:49:18.0140 5536 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:49:18.0158 5536 ehRecvr - ok
21:49:18.0182 5536 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:49:18.0185 5536 ehSched - ok
21:49:18.0263 5536 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
21:49:18.0283 5536 ekrn - ok
21:49:18.0356 5536 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
21:49:18.0357 5536 ElbyCDIO - ok
21:49:18.0404 5536 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:49:18.0420 5536 elxstor - ok
21:49:18.0459 5536 [ 587F0F4145A1536A6E37EFD769B7665F ] epfw C:\Windows\system32\DRIVERS\epfw.sys
21:49:18.0463 5536 epfw - ok
21:49:18.0476 5536 [ D2F812358EE8EE23CBB5C4DAFFB5B819 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
21:49:18.0478 5536 EpfwLWF - ok
21:49:18.0514 5536 [ 34BF55D69AB74D14C7E7A17259CB7DF8 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
21:49:18.0516 5536 epfwwfp - ok
21:49:18.0522 5536 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:49:18.0526 5536 ErrDev - ok
21:49:18.0583 5536 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:49:18.0590 5536 EventSystem - ok
21:49:18.0642 5536 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:49:18.0646 5536 exfat - ok
21:49:18.0657 5536 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:49:18.0661 5536 fastfat - ok
21:49:18.0707 5536 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:49:18.0729 5536 Fax - ok
21:49:18.0736 5536 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:49:18.0738 5536 fdc - ok
21:49:18.0759 5536 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:49:18.0761 5536 fdPHost - ok
21:49:18.0768 5536 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:49:18.0771 5536 FDResPub - ok
21:49:18.0780 5536 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:49:18.0783 5536 FileInfo - ok
21:49:18.0792 5536 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:49:18.0795 5536 Filetrace - ok
21:49:18.0801 5536 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:49:18.0804 5536 flpydisk - ok
21:49:18.0830 5536 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:49:18.0835 5536 FltMgr - ok
21:49:18.0892 5536 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:49:18.0926 5536 FontCache - ok
21:49:18.0972 5536 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:49:18.0974 5536 FontCache3.0.0.0 - ok
21:49:18.0982 5536 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:49:18.0984 5536 FsDepends - ok
21:49:19.0029 5536 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:49:19.0030 5536 Fs_Rec - ok
21:49:19.0080 5536 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:49:19.0096 5536 fvevol - ok
21:49:19.0123 5536 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:49:19.0155 5536 gagp30kx - ok
21:49:19.0279 5536 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:49:19.0280 5536 GEARAspiWDM - ok
21:49:19.0333 5536 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:49:19.0355 5536 gpsvc - ok
21:49:19.0378 5536 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:49:19.0380 5536 hcw85cir - ok
21:49:19.0441 5536 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:49:19.0448 5536 HdAudAddService - ok
21:49:19.0482 5536 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:49:19.0485 5536 HDAudBus - ok
21:49:19.0492 5536 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:49:19.0495 5536 HidBatt - ok
21:49:19.0521 5536 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:49:19.0523 5536 HidBth - ok
21:49:19.0530 5536 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:49:19.0532 5536 HidIr - ok
21:49:19.0553 5536 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:49:19.0557 5536 hidserv - ok
21:49:19.0595 5536 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:49:19.0597 5536 HidUsb - ok
21:49:19.0629 5536 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:49:19.0633 5536 hkmsvc - ok
21:49:19.0656 5536 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:49:19.0661 5536 HomeGroupListener - ok
21:49:19.0688 5536 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:49:19.0693 5536 HomeGroupProvider - ok
21:49:19.0741 5536 [ E53D53D66D61794AF8160741946D0B43 ] HpqRemHid C:\Windows\system32\DRIVERS\HpqRemHid.sys
21:49:19.0743 5536 HpqRemHid - ok
21:49:19.0762 5536 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:49:19.0765 5536 HpSAMD - ok
21:49:19.0788 5536 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:49:19.0798 5536 HTTP - ok
21:49:19.0807 5536 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:49:19.0808 5536 hwpolicy - ok
21:49:19.0831 5536 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:49:19.0833 5536 i8042prt - ok
21:49:19.0892 5536 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:49:19.0898 5536 iaStorV - ok
21:49:19.0954 5536 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:49:19.0987 5536 idsvc - ok
21:49:20.0005 5536 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:49:20.0007 5536 iirsp - ok
21:49:20.0051 5536 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:49:20.0071 5536 IKEEXT - ok
21:49:20.0188 5536 [ 04C6489A44E340574DAAE64A6062541C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:49:20.0234 5536 IntcAzAudAddService - ok
21:49:20.0241 5536 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:49:20.0243 5536 intelide - ok
21:49:20.0270 5536 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:49:20.0272 5536 intelppm - ok
21:49:20.0302 5536 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:49:20.0306 5536 IPBusEnum - ok
21:49:20.0312 5536 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:49:20.0315 5536 IpFilterDriver - ok
21:49:20.0373 5536 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:49:20.0390 5536 iphlpsvc - ok
21:49:20.0399 5536 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:49:20.0402 5536 IPMIDRV - ok
21:49:20.0424 5536 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:49:20.0427 5536 IPNAT - ok
21:49:20.0498 5536 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:49:20.0532 5536 iPod Service - ok
21:49:20.0548 5536 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:49:20.0551 5536 IRENUM - ok
21:49:20.0558 5536 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:49:20.0560 5536 isapnp - ok
21:49:20.0589 5536 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:49:20.0594 5536 iScsiPrt - ok
21:49:20.0641 5536 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:49:20.0643 5536 kbdclass - ok
21:49:20.0663 5536 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:49:20.0666 5536 kbdhid - ok
21:49:20.0695 5536 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:49:20.0697 5536 KeyIso - ok
21:49:20.0850 5536 [ 775C6D5D60146D7DB08A01CB596D7EC6 ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
21:49:20.0855 5536 Kodak AiO Network Discovery Service - ok
21:49:20.0941 5536 [ 17AFF68AB32F8671BC46612D35351099 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
21:49:20.0959 5536 Kodak AiO Status Monitor Service - ok
21:49:21.0005 5536 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:49:21.0008 5536 KSecDD - ok
21:49:21.0032 5536 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:49:21.0035 5536 KSecPkg - ok
21:49:21.0080 5536 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:49:21.0082 5536 ksthunk - ok
21:49:21.0113 5536 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:49:21.0123 5536 KtmRm - ok
21:49:21.0173 5536 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:49:21.0179 5536 LanmanServer - ok
21:49:21.0230 5536 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:49:21.0236 5536 LanmanWorkstation - ok
21:49:21.0337 5536 [ 71C6A95A5F0CCC87298C4DD0F2C3635A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:49:21.0339 5536 LightScribeService - ok
21:49:21.0361 5536 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:49:21.0363 5536 lltdio - ok
21:49:21.0409 5536 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:49:21.0415 5536 lltdsvc - ok
21:49:21.0422 5536 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:49:21.0425 5536 lmhosts - ok
21:49:21.0462 5536 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:49:21.0465 5536 LSI_FC - ok
21:49:21.0475 5536 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:49:21.0478 5536 LSI_SAS - ok
21:49:21.0491 5536 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:49:21.0494 5536 LSI_SAS2 - ok
21:49:21.0502 5536 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:49:21.0505 5536 LSI_SCSI - ok
21:49:21.0528 5536 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:49:21.0531 5536 luafv - ok
21:49:21.0585 5536 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:49:21.0586 5536 MBAMProtector - ok
21:49:21.0664 5536 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:49:21.0670 5536 MBAMScheduler - ok
21:49:21.0714 5536 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:49:21.0730 5536 MBAMService - ok
21:49:21.0769 5536 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:49:21.0772 5536 Mcx2Svc - ok
21:49:21.0801 5536 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:49:21.0806 5536 megasas - ok
21:49:21.0821 5536 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:49:21.0826 5536 MegaSR - ok
21:49:21.0879 5536 Microsoft SharePoint Workspace Audit Service - ok
21:49:21.0926 5536 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:49:21.0930 5536 MMCSS - ok
21:49:21.0936 5536 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:49:21.0938 5536 Modem - ok
21:49:21.0979 5536 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:49:21.0980 5536 monitor - ok
21:49:22.0002 5536 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:49:22.0005 5536 mouclass - ok
21:49:22.0014 5536 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:49:22.0016 5536 mouhid - ok
21:49:22.0051 5536 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:49:22.0053 5536 mountmgr - ok
21:49:22.0139 5536 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:49:22.0142 5536 MozillaMaintenance - ok
21:49:22.0169 5536 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:49:22.0172 5536 mpio - ok
21:49:22.0180 5536 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:49:22.0183 5536 mpsdrv - ok
21:49:22.0217 5536 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:49:22.0249 5536 MpsSvc - ok
21:49:22.0258 5536 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:49:22.0261 5536 MRxDAV - ok
21:49:22.0306 5536 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:49:22.0309 5536 mrxsmb - ok
21:49:22.0334 5536 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:49:22.0339 5536 mrxsmb10 - ok
21:49:22.0377 5536 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:49:22.0380 5536 mrxsmb20 - ok
21:49:22.0396 5536 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:49:22.0398 5536 msahci - ok
21:49:22.0407 5536 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:49:22.0410 5536 msdsm - ok
21:49:22.0430 5536 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:49:22.0435 5536 MSDTC - ok
21:49:22.0448 5536 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:49:22.0451 5536 Msfs - ok
21:49:22.0458 5536 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:49:22.0461 5536 mshidkmdf - ok
21:49:22.0470 5536 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:49:22.0473 5536 msisadrv - ok
21:49:22.0518 5536 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:49:22.0522 5536 MSiSCSI - ok
21:49:22.0529 5536 msiserver - ok
21:49:22.0567 5536 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:49:22.0568 5536 MSKSSRV - ok
21:49:22.0588 5536 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:49:22.0590 5536 MSPCLOCK - ok
21:49:22.0596 5536 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:49:22.0597 5536 MSPQM - ok
21:49:22.0625 5536 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:49:22.0632 5536 MsRPC - ok
21:49:22.0642 5536 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:49:22.0646 5536 mssmbios - ok
21:49:22.0653 5536 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:49:22.0654 5536 MSTEE - ok
21:49:22.0663 5536 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:49:22.0665 5536 MTConfig - ok
21:49:22.0672 5536 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:49:22.0674 5536 Mup - ok
21:49:22.0716 5536 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:49:22.0735 5536 napagent - ok
21:49:22.0822 5536 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:49:22.0827 5536 NativeWifiP - ok
21:49:22.0900 5536 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:49:22.0934 5536 NDIS - ok
21:49:22.0970 5536 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:49:22.0972 5536 NdisCap - ok
21:49:22.0989 5536 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:49:22.0991 5536 NdisTapi - ok
21:49:23.0000 5536 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:49:23.0003 5536 Ndisuio - ok
21:49:23.0032 5536 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:49:23.0035 5536 NdisWan - ok
21:49:23.0042 5536 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:49:23.0057 5536 NDProxy - ok
21:49:23.0064 5536 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:49:23.0067 5536 NetBIOS - ok
21:49:23.0076 5536 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:49:23.0080 5536 NetBT - ok
21:49:23.0097 5536 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:49:23.0099 5536 Netlogon - ok
21:49:23.0161 5536 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:49:23.0168 5536 Netman - ok
21:49:23.0222 5536 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:49:23.0225 5536 NetMsmqActivator - ok
21:49:23.0242 5536 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:49:23.0244 5536 NetPipeActivator - ok
21:49:23.0279 5536 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:49:23.0297 5536 netprofm - ok
21:49:23.0304 5536 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:49:23.0306 5536 NetTcpActivator - ok
21:49:23.0312 5536 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:49:23.0316 5536 NetTcpPortSharing - ok
21:49:23.0488 5536 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
21:49:23.0613 5536 netw5v64 - ok
21:49:23.0657 5536 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:49:23.0660 5536 nfrd960 - ok
21:49:23.0725 5536 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:49:23.0731 5536 NlaSvc - ok
21:49:23.0743 5536 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:49:23.0745 5536 Npfs - ok
21:49:23.0765 5536 npggsvc - ok
21:49:23.0795 5536 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:49:23.0798 5536 nsi - ok
21:49:23.0808 5536 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:49:23.0809 5536 nsiproxy - ok
21:49:23.0896 5536 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:49:23.0942 5536 Ntfs - ok
21:49:23.0958 5536 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:49:23.0959 5536 Null - ok
21:49:24.0393 5536 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:49:24.0711 5536 nvlddmkm - ok
21:49:24.0763 5536 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:49:24.0766 5536 nvraid - ok
21:49:24.0807 5536 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:49:24.0810 5536 nvstor - ok
21:49:24.0861 5536 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:49:24.0895 5536 nvsvc - ok
21:49:24.0962 5536 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:49:24.0998 5536 nvUpdatusService - ok
21:49:25.0017 5536 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:49:25.0020 5536 nv_agp - ok
21:49:25.0043 5536 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:49:25.0045 5536 ohci1394 - ok
21:49:25.0111 5536 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:49:25.0114 5536 ose - ok
21:49:25.0284 5536 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:49:25.0409 5536 osppsvc - ok
21:49:25.0456 5536 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:49:25.0462 5536 p2pimsvc - ok
21:49:25.0506 5536 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:49:25.0524 5536 p2psvc - ok
21:49:25.0554 5536 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
21:49:25.0557 5536 Parport - ok
21:49:25.0597 5536 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:49:25.0600 5536 partmgr - ok
21:49:25.0609 5536 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:49:25.0614 5536 PcaSvc - ok
21:49:25.0643 5536 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:49:25.0647 5536 pci - ok
21:49:25.0653 5536 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:49:25.0655 5536 pciide - ok
21:49:25.0672 5536 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:49:25.0677 5536 pcmcia - ok
21:49:25.0684 5536 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:49:25.0690 5536 pcw - ok
21:49:25.0719 5536 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:49:25.0729 5536 PEAUTH - ok
21:49:25.0793 5536 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:49:25.0839 5536 PeerDistSvc - ok
21:49:25.0929 5536 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:49:25.0932 5536 PerfHost - ok
21:49:26.0000 5536 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:49:26.0046 5536 pla - ok
21:49:26.0108 5536 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:49:26.0116 5536 PlugPlay - ok
21:49:26.0136 5536 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:49:26.0140 5536 PNRPAutoReg - ok
21:49:26.0151 5536 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:49:26.0156 5536 PNRPsvc - ok
21:49:26.0185 5536 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:49:26.0203 5536 PolicyAgent - ok
21:49:26.0234 5536 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:49:26.0240 5536 Power - ok
21:49:26.0285 5536 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:49:26.0287 5536 PptpMiniport - ok
21:49:26.0298 5536 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:49:26.0300 5536 Processor - ok
21:49:26.0348 5536 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:49:26.0354 5536 ProfSvc - ok
21:49:26.0421 5536 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:49:26.0423 5536 ProtectedStorage - ok
21:49:26.0464 5536 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:49:26.0466 5536 Psched - ok
21:49:26.0519 5536 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:49:26.0521 5536 PxHlpa64 - ok
21:49:26.0575 5536 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:49:26.0622 5536 ql2300 - ok
21:49:26.0630 5536 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:49:26.0633 5536 ql40xx - ok
21:49:26.0666 5536 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:49:26.0672 5536 QWAVE - ok
21:49:26.0680 5536 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:49:26.0682 5536 QWAVEdrv - ok
21:49:26.0689 5536 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:49:26.0691 5536 RasAcd - ok
21:49:26.0742 5536 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:49:26.0744 5536 RasAgileVpn - ok
21:49:26.0763 5536 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:49:26.0768 5536 RasAuto - ok
21:49:26.0775 5536 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:49:26.0778 5536 Rasl2tp - ok
21:49:26.0800 5536 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:49:26.0808 5536 RasMan - ok
21:49:26.0825 5536 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:49:26.0827 5536 RasPppoe - ok
21:49:26.0864 5536 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:49:26.0867 5536 RasSstp - ok
21:49:26.0887 5536 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:49:26.0892 5536 rdbss - ok
21:49:26.0911 5536 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:49:26.0912 5536 rdpbus - ok
21:49:26.0922 5536 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:49:26.0923 5536 RDPCDD - ok
21:49:26.0963 5536 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:49:26.0967 5536 RDPDR - ok
21:49:26.0991 5536 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:49:26.0991 5536 RDPENCDD - ok
21:49:27.0004 5536 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:49:27.0005 5536 RDPREFMP - ok
21:49:27.0067 5536 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:49:27.0069 5536 RdpVideoMiniport - ok
21:49:27.0098 5536 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:49:27.0102 5536 RDPWD - ok
21:49:27.0149 5536 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:49:27.0153 5536 rdyboost - ok
21:49:27.0251 5536 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
21:49:27.0252 5536 RealNetworks Downloader Resolver Service - ok
21:49:27.0283 5536 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:49:27.0288 5536 RemoteAccess - ok
21:49:27.0320 5536 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:49:27.0325 5536 RemoteRegistry - ok
21:49:27.0382 5536 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
21:49:27.0384 5536 Revoflt - ok
21:49:27.0433 5536 [ EA67DEBAD5EEB97A5003011145B6FD19 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
21:49:27.0435 5536 rimmptsk - ok
21:49:27.0452 5536 [ BB9EDC55B0B8CB4FCD713428820E0776 ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
21:49:27.0454 5536 rimsptsk - ok
21:49:27.0495 5536 [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
21:49:27.0497 5536 rismxdp - ok
21:49:27.0514 5536 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:49:27.0519 5536 RpcEptMapper - ok
21:49:27.0544 5536 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:49:27.0547 5536 RpcLocator - ok
21:49:27.0576 5536 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:49:27.0582 5536 RpcSs - ok
21:49:27.0612 5536 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:49:27.0615 5536 rspndr - ok
21:49:27.0658 5536 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:49:27.0662 5536 RTL8167 - ok
21:49:27.0694 5536 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:49:27.0695 5536 s3cap - ok
21:49:27.0711 5536 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:49:27.0713 5536 SamSs - ok
21:49:27.0795 5536 [ CCBF62280DAF6D94A4C73E391CDAC68C ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
21:49:27.0799 5536 SbieDrv - ok
21:49:27.0814 5536 [ 8A1F63C6EC01C56C9EC4C681E593FE34 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
21:49:27.0817 5536 SbieSvc - ok
21:49:27.0825 5536 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:49:27.0828 5536 sbp2port - ok
21:49:27.0870 5536 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:49:27.0876 5536 SCardSvr - ok
21:49:27.0890 5536 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:49:27.0892 5536 scfilter - ok
21:49:27.0929 5536 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:49:27.0964 5536 Schedule - ok
21:49:27.0985 5536 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:49:27.0986 5536 SCPolicySvc - ok
21:49:28.0044 5536 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:49:28.0047 5536 sdbus - ok
21:49:28.0069 5536 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:49:28.0075 5536 SDRSVC - ok
21:49:28.0122 5536 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:49:28.0124 5536 secdrv - ok
21:49:28.0138 5536 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:49:28.0141 5536 seclogon - ok
21:49:28.0154 5536 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:49:28.0158 5536 SENS - ok
21:49:28.0173 5536 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:49:28.0177 5536 SensrSvc - ok
21:49:28.0183 5536 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
21:49:28.0185 5536 Serenum - ok
21:49:28.0213 5536 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
21:49:28.0215 5536 Serial - ok
21:49:28.0227 5536 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:49:28.0229 5536 sermouse - ok
21:49:28.0271 5536 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:49:28.0275 5536 SessionEnv - ok
21:49:28.0281 5536 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
21:49:28.0284 5536 sffdisk - ok
21:49:28.0291 5536 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:49:28.0293 5536 sffp_mmc - ok
21:49:28.0300 5536 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
21:49:28.0302 5536 sffp_sd - ok
21:49:28.0309 5536 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:49:28.0311 5536 sfloppy - ok
21:49:28.0337 5536 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:49:28.0344 5536 SharedAccess - ok
21:49:28.0363 5536 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:49:28.0371 5536 ShellHWDetection - ok
21:49:28.0386 5536 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:49:28.0388 5536 SiSRaid2 - ok
21:49:28.0396 5536 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:49:28.0399 5536 SiSRaid4 - ok
21:49:28.0427 5536 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:49:28.0430 5536 Smb - ok
21:49:28.0489 5536 [ 7AE8BCA90539ECBDE87AC45BA1436BE3 ] smserial C:\Windows\system32\DRIVERS\SmSerl64.sys
21:49:28.0524 5536 smserial - ok
21:49:28.0569 5536 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:49:28.0573 5536 SNMPTRAP - ok
21:49:28.0579 5536 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:49:28.0581 5536 spldr - ok
21:49:28.0636 5536 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:49:28.0653 5536 Spooler - ok
21:49:28.0756 5536 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:49:28.0848 5536 sppsvc - ok
21:49:28.0858 5536 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:49:28.0862 5536 sppuinotify - ok
21:49:28.0906 5536 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:49:28.0913 5536 srv - ok
21:49:28.0937 5536 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:49:28.0944 5536 srv2 - ok
21:49:28.0991 5536 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:49:28.0995 5536 srvnet - ok
21:49:29.0038 5536 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:49:29.0044 5536 SSDPSRV - ok
21:49:29.0062 5536 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:49:29.0066 5536 SstpSvc - ok
21:49:29.0092 5536 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:49:29.0094 5536 stexstor - ok
21:49:29.0147 5536 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
21:49:29.0149 5536 StillCam - ok
21:49:29.0221 5536 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:49:29.0240 5536 stisvc - ok
21:49:29.0270 5536 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:49:29.0272 5536 storflt - ok
21:49:29.0309 5536 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:49:29.0311 5536 storvsc - ok
21:49:29.0353 5536 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:49:29.0355 5536 swenum - ok
21:49:29.0487 5536 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:49:29.0504 5536 SwitchBoard - ok
21:49:29.0547 5536 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:49:29.0565 5536 swprv - ok
21:49:29.0598 5536 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
21:49:29.0600 5536 Synth3dVsc - ok
21:49:29.0661 5536 [ C851305E2BCFCE8AAA53342F912DDD7F ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:49:29.0666 5536 SynTP - ok
21:49:29.0726 5536 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:49:29.0772 5536 SysMain - ok
21:49:29.0790 5536 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:49:29.0795 5536 TabletInputService - ok
21:49:29.0818 5536 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:49:29.0825 5536 TapiSrv - ok
21:49:29.0840 5536 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:49:29.0844 5536 TBS - ok
21:49:29.0925 5536 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:49:29.0983 5536 Tcpip - ok
21:49:30.0048 5536 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:49:30.0062 5536 TCPIP6 - ok
21:49:30.0098 5536 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:49:30.0100 5536 tcpipreg - ok
21:49:30.0135 5536 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:49:30.0136 5536 TDPIPE - ok
21:49:30.0184 5536 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:49:30.0186 5536 TDTCP - ok
21:49:30.0209 5536 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:49:30.0212 5536 tdx - ok
21:49:30.0225 5536 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:49:30.0227 5536 TermDD - ok
21:49:30.0278 5536 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
21:49:30.0280 5536 terminpt - ok
21:49:30.0323 5536 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:49:30.0345 5536 TermService - ok
21:49:30.0358 5536 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:49:30.0362 5536 Themes - ok
21:49:30.0386 5536 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:49:30.0389 5536 THREADORDER - ok
21:49:30.0402 5536 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:49:30.0407 5536 TrkWks - ok
21:49:30.0463 5536 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:49:30.0467 5536 TrustedInstaller - ok
21:49:30.0487 5536 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:49:30.0489 5536 tssecsrv - ok
21:49:30.0514 5536 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:49:30.0517 5536 TsUsbFlt - ok
21:49:30.0523 5536 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:49:30.0525 5536 TsUsbGD - ok
21:49:30.0575 5536 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
21:49:30.0578 5536 tsusbhub - ok
21:49:30.0613 5536 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:49:30.0617 5536 tunnel - ok
21:49:30.0638 5536 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:49:30.0640 5536 uagp35 - ok
21:49:30.0661 5536 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:49:30.0667 5536 udfs - ok
21:49:30.0691 5536 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:49:30.0695 5536 UI0Detect - ok
21:49:30.0703 5536 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:49:30.0706 5536 uliagpkx - ok
21:49:30.0728 5536 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:49:30.0731 5536 umbus - ok
21:49:30.0753 5536 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:49:30.0755 5536 UmPass - ok
21:49:30.0798 5536 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
21:49:30.0804 5536 UmRdpService - ok
21:49:30.0828 5536 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:49:30.0836 5536 upnphost - ok
21:49:30.0886 5536 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:49:30.0888 5536 USBAAPL64 - ok
21:49:30.0918 5536 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:49:30.0920 5536 usbccgp - ok
21:49:30.0942 5536 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:49:30.0945 5536 usbcir - ok
21:49:30.0971 5536 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:49:30.0973 5536 usbehci - ok
21:49:31.0013 5536 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:49:31.0020 5536 usbhub - ok
21:49:31.0048 5536 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:49:31.0050 5536 usbohci - ok
21:49:31.0065 5536 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:49:31.0067 5536 usbprint - ok
21:49:31.0096 5536 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:49:31.0099 5536 USBSTOR - ok
21:49:31.0127 5536 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:49:31.0128 5536 usbuhci - ok
21:49:31.0195 5536 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:49:31.0199 5536 usbvideo - ok
21:49:31.0234 5536 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:49:31.0238 5536 UxSms - ok
21:49:31.0257 5536 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:49:31.0259 5536 VaultSvc - ok
21:49:31.0328 5536 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
21:49:31.0329 5536 VClone - ok
21:49:31.0353 5536 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:49:31.0355 5536 vdrvroot - ok
21:49:31.0390 5536 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:49:31.0409 5536 vds - ok
21:49:31.0416 5536 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:49:31.0418 5536 vga - ok
21:49:31.0425 5536 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:49:31.0427 5536 VgaSave - ok
21:49:31.0433 5536 VGPU - ok
21:49:31.0458 5536 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:49:31.0463 5536 vhdmp - ok
21:49:31.0470 5536 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:49:31.0474 5536 viaide - ok
21:49:31.0513 5536 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:49:31.0517 5536 vmbus - ok
21:49:31.0537 5536 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:49:31.0539 5536 VMBusHID - ok
21:49:31.0546 5536 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:49:31.0549 5536 volmgr - ok
21:49:31.0577 5536 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:49:31.0583 5536 volmgrx - ok
21:49:31.0608 5536 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:49:31.0614 5536 volsnap - ok
21:49:31.0623 5536 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:49:31.0627 5536 vsmraid - ok
21:49:31.0673 5536 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:49:31.0719 5536 VSS - ok
21:49:31.0734 5536 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:49:31.0736 5536 vwifibus - ok
21:49:31.0790 5536 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:49:31.0798 5536 W32Time - ok
21:49:31.0811 5536 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:49:31.0814 5536 WacomPen - ok
21:49:31.0849 5536 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:49:31.0851 5536 WANARP - ok
21:49:31.0862 5536 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:49:31.0864 5536 Wanarpv6 - ok
21:49:31.0924 5536 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:49:31.0970 5536 wbengine - ok
21:49:31.0980 5536 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:49:31.0986 5536 WbioSrvc - ok
21:49:32.0009 5536 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:49:32.0017 5536 wcncsvc - ok
21:49:32.0025 5536 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:49:32.0033 5536 WcsPlugInService - ok
21:49:32.0051 5536 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:49:32.0053 5536 Wd - ok
21:49:32.0110 5536 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:49:32.0128 5536 Wdf01000 - ok
21:49:32.0148 5536 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:49:32.0152 5536 WdiServiceHost - ok
21:49:32.0159 5536 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:49:32.0162 5536 WdiSystemHost - ok
21:49:32.0184 5536 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:49:32.0191 5536 WebClient - ok
21:49:32.0208 5536 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:49:32.0218 5536 Wecsvc - ok
21:49:32.0279 5536 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:49:32.0283 5536 wercplsupport - ok
21:49:32.0322 5536 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:49:32.0326 5536 WerSvc - ok
21:49:32.0374 5536 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:49:32.0376 5536 WfpLwf - ok
21:49:32.0382 5536 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:49:32.0385 5536 WIMMount - ok
21:49:32.0396 5536 WinDefend - ok
21:49:32.0411 5536 WinHttpAutoProxySvc - ok
21:49:32.0473 5536 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:49:32.0478 5536 Winmgmt - ok
21:49:32.0548 5536 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:49:32.0605 5536 WinRM - ok
21:49:32.0659 5536 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:49:32.0661 5536 WinUsb - ok
21:49:32.0705 5536 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:49:32.0740 5536 Wlansvc - ok
21:49:32.0785 5536 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:49:32.0787 5536 WmiAcpi - ok
21:49:32.0822 5536 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:49:32.0826 5536 wmiApSrv - ok
21:49:32.0876 5536 WMPNetworkSvc - ok
21:49:32.0895 5536 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:49:32.0899 5536 WPCSvc - ok
21:49:32.0906 5536 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:49:32.0912 5536 WPDBusEnum - ok
21:49:32.0918 5536 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:49:32.0922 5536 ws2ifsl - ok
21:49:32.0942 5536 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:49:32.0951 5536 wscsvc - ok
21:49:32.0994 5536 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
21:49:32.0996 5536 WSDPrintDevice - ok
21:49:33.0001 5536 WSearch - ok
21:49:33.0108 5536 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:49:33.0177 5536 wuauserv - ok
21:49:33.0212 5536 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:49:33.0217 5536 WudfPf - ok
21:49:33.0272 5536 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:49:33.0276 5536 WUDFRd - ok
21:49:33.0317 5536 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:49:33.0321 5536 wudfsvc - ok
21:49:33.0368 5536 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:49:33.0375 5536 WwanSvc - ok
21:49:33.0435 5536 X6va008 - ok
21:49:33.0469 5536 X6va009 - ok
21:49:33.0494 5536 X6va010 - ok
21:49:33.0534 5536 X6va011 - ok
21:49:33.0549 5536 ================ Scan global ===============================
21:49:33.0581 5536 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:49:33.0626 5536 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
21:49:33.0649 5536 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
21:49:33.0682 5536 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:49:33.0721 5536 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:49:33.0728 5536 [Global] - ok
21:49:33.0729 5536 ================ Scan MBR ==================================
21:49:33.0747 5536 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:49:34.0220 5536 \Device\Harddisk0\DR0 - ok
21:49:34.0221 5536 ================ Scan VBR ==================================
21:49:34.0226 5536 [ EAD3B0261E23019A832CD59F89A32CEA ] \Device\Harddisk0\DR0\Partition1
21:49:34.0228 5536 \Device\Harddisk0\DR0\Partition1 - ok
21:49:34.0258 5536 [ 39C2C268C314B121CE2BCD89379C6300 ] \Device\Harddisk0\DR0\Partition2
21:49:34.0260 5536 \Device\Harddisk0\DR0\Partition2 - ok
21:49:34.0260 5536 ============================================================
21:49:34.0260 5536 Scan finished
21:49:34.0260 5536 ============================================================
21:49:34.0296 7312 Detected object count: 0
21:49:34.0296 7312 Actual detected object count: 0



MBR Report
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-14 21:53:14
-----------------------------
21:53:14.893 OS Version: Windows x64 6.1.7601 Service Pack 1
21:53:14.893 Number of processors: 2 586 0xF0D
21:53:14.897 ComputerName: PAVILLIONDV6875 UserName: Lexxi
21:53:15.949 Initialize success
21:53:45.702 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
21:53:45.705 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT0 11.01A11 Size: 305245MB BusType: 11
21:53:45.764 Disk 0 MBR read successfully
21:53:45.766 Disk 0 MBR scan
21:53:45.769 Disk 0 Windows 7 default MBR code
21:53:45.778 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:53:45.785 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
21:53:45.798 Disk 0 scanning C:\Windows\system32\drivers
21:53:51.048 Service scanning
21:54:05.093 Modules scanning
21:54:05.103 Disk 0 trace - called modules:
21:54:05.154 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:54:05.159 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b76060]
21:54:05.164 3 CLASSPNP.SYS[fffff8800197943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa800470d1f0]
21:54:05.171 Scan finished successfully
21:55:03.987 Disk 0 MBR has been saved successfully to "C:\Users\Lexxi\Desktop\MBR.dat"
21:55:03.998 The log file has been saved successfully to "C:\Users\Lexxi\Desktop\aswMBR.txt"



Attached File  MBR.zip   559bytes   0 downloads

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:47 PM

Posted 20 January 2013 - 11:43 AM

I'm sorry also I come here everyday and cannot find out how I missed you reply.
If I do not reply within 36 hours of your last post please PM me.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review.
Please let me kknow what problem persists.

#6 Lexxiaa

Lexxiaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 20 January 2013 - 05:01 PM

ComboFix Report
ComboFix 13-01-17.04 - Lexxi 01/20/2013 16:34:36.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2573 [GMT -5:00]
Running from: c:\users\Lexxi\Desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Default\AppData\Roaming\DPInst.exe
c:\users\Default\AppData\Roaming\gacutil.exe
c:\users\Default\AppData\Roaming\PnPutil.exe
c:\users\Lexxi\burutter.dll
c:\users\Lexxi\ePSXe.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-20 to 2013-01-20 )))))))))))))))))))))))))))))))
.
.
2013-01-20 21:41 . 2013-01-20 21:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-20 21:41 . 2013-01-20 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-09 19:17 . 2013-01-09 19:17 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B863733-31C2-4EC1-A37D-3823DF777137}\offreg.dll
2012-12-31 04:47 . 2009-12-30 16:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-12-31 04:47 . 2012-12-31 04:47 -------- d-----w- c:\program files\VS Revo Group
2012-12-30 13:46 . 2012-12-30 13:46 -------- d-----w- c:\users\Lexxi\AppData\Local\Programs
2012-12-28 00:44 . 2012-12-28 00:44 -------- d-----r- C:\Sandbox
2012-12-28 00:41 . 2012-12-28 00:41 -------- d-----w- c:\program files\Sandboxie
2012-12-22 13:49 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 13:49 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 13:49 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 13:49 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 21:49 . 2012-10-21 23:25 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-14 18:08 . 2012-06-04 03:13 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 03:12 . 2012-06-04 03:15 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-12-12 03:12 . 2012-06-04 03:15 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-11-22 03:26 . 2012-12-13 16:02 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 07:06 . 2012-12-14 18:05 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-14 18:05 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-14 18:05 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-14 18:05 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-14 18:05 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-14 18:05 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-14 18:05 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-14 18:05 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-14 18:05 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-14 18:05 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-14 18:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-14 18:05 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-14 18:05 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-14 18:05 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-14 18:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-14 18:05 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-14 18:05 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-14 18:05 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 18:05 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-14 18:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 18:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-14 18:05 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 16:02 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 16:02 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-08 17:24 . 2012-12-21 17:29 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B863733-31C2-4EC1-A37D-3823DF777137}\mpengine.dll
2012-11-02 05:59 . 2012-12-13 16:01 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 16:01 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-12-20 109336]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 765200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-09-05 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-12-12 295072]
"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - dump_wmimmc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 19:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-19 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-05-27 19:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"RtHDVCpl"="RAVCpl64.exe" [2008-01-14 5641728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1533736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Lexxi\AppData\Roaming\Mozilla\Firefox\Profiles\62v8ry8q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2012-12-20 13:09; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Lexxi\AppData\Roaming\Mozilla\Firefox\Profiles\62v8ry8q.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2012-12-20 13:52; {22119944-ED35-4ab1-910B-E619EA06A115}; c:\program files (x86)\Siber Systems\AI RoboForm\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
Toolbar-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-20 16:45:30
ComboFix-quarantined-files.txt 2013-01-20 21:45
.
Pre-Run: 171,927,855,104 bytes free
Post-Run: 172,246,016,000 bytes free
.
- - End Of File - - 2E6BEB75FF4C35D0BD06F34FE22F6AB6


Security Check Report
Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
ESET Smart Security 5.2
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
JavaFX 2.1.0
Java™ 7 Update 4
Java version out of Date!
Mozilla Firefox (18.0.1)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



AdwCleaner Report
# AdwCleaner v2.106 - Logfile created 01/20/2013 at 16:55:31
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Lexxi - PAVILLIONDV6875
# Boot Mode : Normal
# Running from : C:\Users\Lexxi\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Application Updater

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Common Files\spigot
Folder Found : C:\Users\Lexxi\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Lexxi\AppData\Roaming\Mozilla\Firefox\Profiles\62v8ry8q.default\ConduitCommon

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Search Settings
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Lexxi\AppData\Roaming\Mozilla\Firefox\Profiles\62v8ry8q.default\prefs.js

Found : user_pref("CT2260173..clientLogIsEnabled", false);
Found : user_pref("CT2260173..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2260173..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2260173.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2260173.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2260173.AppTrackingLastCheckTime", "Fri Mar 30 2012 20:02:43 GMT-0700 (Pacific Daylight[...]
Found : user_pref("CT2260173.CT2260173", "CT2260173");
Found : user_pref("CT2260173.CommunitiesChangesLastCheckTime", "0");
Found : user_pref("CT2260173.CurrentServerDate", "1-4-2012");
Found : user_pref("CT2260173.DSInstall", true);
Found : user_pref("CT2260173.DialogsAlignMode", "LTR");
Found : user_pref("CT2260173.DialogsGetterLastCheckTime", "Fri Mar 30 2012 20:02:34 GMT-0700 (Pacific Daylig[...]
Found : user_pref("CT2260173.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Found : user_pref("CT2260173.EMailNotifierPollDate", "Sun Apr 01 2012 00:44:08 GMT-0400 (Eastern Daylight Ti[...]
Found : user_pref("CT2260173.FeedLastCount128940659599556287", 0);
Found : user_pref("CT2260173.FeedPollDate128940659196275477", "Sun Apr 01 2012 00:44:09 GMT-0400 (Eastern Da[...]
Found : user_pref("CT2260173.FeedPollDate128940659574712536", "Sun Apr 01 2012 00:44:09 GMT-0400 (Eastern Da[...]
Found : user_pref("CT2260173.FeedTTL128940659574712536", 40);
Found : user_pref("CT2260173.FirstServerDate", "17-3-2012");
Found : user_pref("CT2260173.FirstTime", true);
Found : user_pref("CT2260173.FirstTimeFF3", true);
Found : user_pref("CT2260173.FixPageNotFoundErrors", false);
Found : user_pref("CT2260173.GroupingInvalidateCache", false);
Found : user_pref("CT2260173.GroupingLastCheckTime", "0");
Found : user_pref("CT2260173.GroupingLastServerUpdateTime", "0");
Found : user_pref("CT2260173.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2260173.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2260173.HPInstall", false);
Found : user_pref("CT2260173.HasUserGlobalKeys", true);
Found : user_pref("CT2260173.HomePageProtectorEnabled", false);
Found : user_pref("CT2260173.HomepageBeforeUnload", "www.google.com");
Found : user_pref("CT2260173.Initialize", true);
Found : user_pref("CT2260173.InitializeCommonPrefs", true);
Found : user_pref("CT2260173.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2260173.InstallationType", "DirectDownload");
Found : user_pref("CT2260173.InstalledDate", "Sat Mar 17 2012 13:06:34 GMT-0700 (Pacific Daylight Time)");
Found : user_pref("CT2260173.InvalidateCache", false);
Found : user_pref("CT2260173.IsAlertDBUpdated", true);
Found : user_pref("CT2260173.IsGrouping", false);
Found : user_pref("CT2260173.IsInitSetupIni", true);
Found : user_pref("CT2260173.IsMulticommunity", false);
Found : user_pref("CT2260173.IsOpenThankYouPage", true);
Found : user_pref("CT2260173.IsOpenUninstallPage", true);
Found : user_pref("CT2260173.IsProtectorsInit", true);
Found : user_pref("CT2260173.LanguagePackLastCheckTime", "Sun Apr 01 2012 00:44:12 GMT-0400 (Eastern Dayligh[...]
Found : user_pref("CT2260173.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2260173.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2260173.LastLogin_3.10.0.1", "Sun Apr 01 2012 00:44:12 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT2260173.LatestVersion", "3.10.0.1");
Found : user_pref("CT2260173.Locale", "en");
Found : user_pref("CT2260173.MCDetectTooltipHeight", "83");
Found : user_pref("CT2260173.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2260173.MCDetectTooltipWidth", "295");
Found : user_pref("CT2260173.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2260173.OriginalFirstVersion", "3.10.0.1");
Found : user_pref("CT2260173.RadioIsPodcast", false);
Found : user_pref("CT2260173.RadioLastCheckTime", "Sun Apr 01 2012 00:44:09 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT2260173.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2260173.RadioLastUpdateServer", "0");
Found : user_pref("CT2260173.RadioMediaID", "9942");
Found : user_pref("CT2260173.RadioMediaType", "Media Player");
Found : user_pref("CT2260173.RadioMenuSelectedID", "EBRadioMenu_CT22601739942");
Found : user_pref("CT2260173.RadioShrinkedFromSetup", false);
Found : user_pref("CT2260173.RadioStationName", "1.FM%20(Country)");
Found : user_pref("CT2260173.RadioStationURL", "hxxp://1.fm/wm/energycountry32k.asx");
Found : user_pref("CT2260173.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2260173.SearchCaption", "Swag Bucks Customized Web Search");
Found : user_pref("CT2260173.SearchEngineBeforeUnload", "Swag Bucks Customized Web Search");
Found : user_pref("CT2260173.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2260173.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Found : user_pref("CT2260173.SearchInNewTabEnabled", true);
Found : user_pref("CT2260173.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2260173.SearchInNewTabLastCheckTime", "Sun Apr 01 2012 00:44:08 GMT-0400 (Eastern Dayli[...]
Found : user_pref("CT2260173.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2260173.SearchProtectorEnabled", false);
Found : user_pref("CT2260173.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2260173.SendProtectorDataViaLogin", true);
Found : user_pref("CT2260173.ServiceMapLastCheckTime", "Sun Apr 01 2012 00:44:11 GMT-0400 (Eastern Daylight [...]
Found : user_pref("CT2260173.SettingsLastCheckTime", "Sun Apr 01 2012 00:44:08 GMT-0400 (Eastern Daylight Ti[...]
Found : user_pref("CT2260173.SettingsLastUpdate", "1331756338");
Found : user_pref("CT2260173.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=13");
Found : user_pref("CT2260173.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2260173.ThirdPartyComponentsLastCheck", "Sat Mar 17 2012 13:06:32 GMT-0700 (Pacific Day[...]
Found : user_pref("CT2260173.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT2260173.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2260173.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2260173");
Found : user_pref("CT2260173.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2260173.Uninstall", true);
Found : user_pref("CT2260173.UserID", "UN81123074752020899");
Found : user_pref("CT2260173.ValidationData_Search", 2);
Found : user_pref("CT2260173.ValidationData_Toolbar", 2);
Found : user_pref("CT2260173.WeatherNetwork", "");
Found : user_pref("CT2260173.WeatherPollDate", "Sun Apr 01 2012 00:44:10 GMT-0400 (Eastern Daylight Time)");
Found : user_pref("CT2260173.WeatherUnit", "F");
Found : user_pref("CT2260173.alertChannelId", "657446");
Found : user_pref("CT2260173.components.1000034", true);
Found : user_pref("CT2260173.components.1000082", true);
Found : user_pref("CT2260173.components.1000234", true);
Found : user_pref("CT2260173.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2260173.globalFirstTimeInfoLastCheckTime", "Fri Mar 30 2012 20:02:33 GMT-0700 (Pacific [...]
Found : user_pref("CT2260173.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2260173.initDone", true);
Found : user_pref("CT2260173.isAppTrackingManagerOn", true);
Found : user_pref("CT2260173.isFirstRadioInstallation", false);
Found : user_pref("CT2260173.myStuffEnabled", true);
Found : user_pref("CT2260173.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2260173.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2260173.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2260173.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2260173.navigateToUrlOnSearch", false);
Found : user_pref("CT2260173.oldAppsList", "128848965243869714,128848965243869715,111,128958821111237507,128[...]
Found : user_pref("CT2260173.revertSettingsEnabled", false);
Found : user_pref("CT2260173.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2260173.searchProtectorEnableByLogin", true);
Found : user_pref("CT2260173.testingCtid", "");
Found : user_pref("CT2260173.toolbarAppMetaDataLastCheckTime", "Sun Apr 01 2012 00:44:12 GMT-0400 (Eastern D[...]
Found : user_pref("CT2260173.toolbarContextMenuLastCheckTime", "Sun Apr 01 2012 00:44:12 GMT-0400 (Eastern D[...]
Found : user_pref("CT2260173.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitSearchList", "Swag Bucks Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2260173/CT2260173[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3115642/CT3115642[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1510401/1505813/US", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/657446/653307/US", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2260173", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3115642", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2260173",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3115642",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"ced[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Lexxi\\AppData\\Roaming\\Mozilla\\F[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2260173");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2260173");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2260173");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Apr 01 2012 00:44:09 GMT-0400 (Eas[...]
Found : user_pref("CommunityToolbar.globalUserId", "972ac82d-3379-4d2e-a62d-324af8b79adb");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3115642");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Apr 01 2012 00:43:4[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Apr 01 2012 00:43:46 GMT-040[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Apr 01 2012 00:43:38 GMT-0400 (E[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "36c0e871-66c6-4806-a4af-ebf356b47d4c");
Found : user_pref("CommunityToolbar.originalHomepage", "www.google.com");
Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Found : user_pref("browser.search.defaultthis.engineName", "Swag Bucks Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&Sea[...]

*************************

AdwCleaner[R1].txt - [14938 octets] - [20/01/2013 16:55:31]

########## EOF - C:\AdwCleaner[R1].txt - [14999 octets] ##########




After I ran combo fix I got another pop up of "This is not a genuine copy of windows"

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:47 PM

Posted 21 January 2013 - 09:42 AM

Open notepad and copy/paste the text in the quote box below into it:

Driver::
Application Updater
npggsvc


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 7 Update 4


Java 7 update 10 introduced important new security controls
You can read about it here.
http://nakedsecurity.sophos.com/2012/12/19/java-7-update-10-introduces-important-new-security-controls/
===

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

After I ran combo fix I got another pop up of "This is not a genuine copy of windows"


This could have been caused by the infection.
You should take the matter with Microsoft. They will analyze your installation.

Start here.
http://social.microsoft.com/Forums/en-US/genuinewindows7/threads
Important : PLEASE READ BEFORE POSTING

Create a topic and see what they have to say.

p.s.
Before you do please execute the fixes I posted and see if the problem persists.

#8 Lexxiaa

Lexxiaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 21 January 2013 - 10:37 AM

ComboFix Report
ComboFix 13-01-17.04 - Lexxi 01/21/2013 10:08:18.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2140 [GMT -5:00]
Running from: c:\users\Lexxi\Desktop\ComboFix.exe
Command switches used :: c:\users\Lexxi\Desktop\CFScript.txt
AV: ESET Smart Security 5.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Application Updater
-------\Service_npggsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-12-21 to 2013-01-21 )))))))))))))))))))))))))))))))
.
.
2013-01-21 15:15 . 2013-01-21 15:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-21 15:15 . 2013-01-21 15:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-21 02:05 . 2013-01-21 03:46 -------- d-----w- c:\users\Lexxi\AppData\Roaming\TeamViewer
2013-01-21 01:37 . 2013-01-21 01:37 -------- d-----w- c:\program files (x86)\TeamViewer
2012-12-31 04:47 . 2009-12-30 16:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-12-31 04:47 . 2012-12-31 04:47 -------- d-----w- c:\program files\VS Revo Group
2012-12-30 13:46 . 2012-12-30 13:46 -------- d-----w- c:\users\Lexxi\AppData\Local\Programs
2012-12-28 00:44 . 2012-12-28 00:44 -------- d-----r- C:\Sandbox
2012-12-28 00:41 . 2012-12-28 00:41 -------- d-----w- c:\program files\Sandboxie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 17:11 . 2012-12-22 13:49 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 13:49 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 13:49 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 13:49 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-14 21:49 . 2012-10-21 23:25 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-14 18:08 . 2012-06-04 03:13 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 03:12 . 2012-06-04 03:15 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-12-12 03:12 . 2012-06-04 03:15 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-11-22 03:26 . 2012-12-13 16:02 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 07:06 . 2012-12-14 18:05 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-14 18:05 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-14 18:05 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-14 18:05 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-14 18:05 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-14 18:05 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-14 18:05 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-14 18:05 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-14 18:05 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-14 18:05 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-14 18:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-14 18:05 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-14 18:05 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-14 18:05 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-14 18:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-14 18:05 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-14 18:05 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-14 18:05 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 18:05 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-14 18:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 18:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-14 18:05 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 16:02 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 16:02 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-08 17:24 . 2012-12-21 17:29 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B863733-31C2-4EC1-A37D-3823DF777137}\mpengine.dll
2012-11-02 05:59 . 2012-12-13 16:01 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 16:01 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-12-20 109336]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 765200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-09-05 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-12-12 295072]
"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 19:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-21 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-05-27 19:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"RtHDVCpl"="RAVCpl64.exe" [2008-01-14 5641728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1533736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Lexxi\AppData\Roaming\Mozilla\Firefox\Profiles\62v8ry8q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2012-12-20 13:09; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Lexxi\AppData\Roaming\Mozilla\Firefox\Profiles\62v8ry8q.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2012-12-20 13:52; {22119944-ED35-4ab1-910B-E619EA06A115}; c:\program files (x86)\Siber Systems\AI RoboForm\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
Toolbar-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-01-21 10:24:08 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-21 15:24
ComboFix2.txt 2013-01-20 21:45
.
Pre-Run: 171,867,041,792 bytes free
Post-Run: 171,628,048,384 bytes free
.
- - End Of File - - C1458572D1D1E57DB251C242C5F1AD18



ADWare Report
# AdwCleaner v2.106 - Logfile created 01/21/2013 at 10:29:17
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Lexxi - PAVILLIONDV6875
# Boot Mode : Normal
# Running from : C:\Users\Lexxi\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Users\Lexxi\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Lexxi\AppData\Roaming\Mozilla\Firefox\Profiles\62v8ry8q.default\ConduitCommon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Lexxi\AppData\Roaming\Mozilla\Firefox\Profiles\62v8ry8q.default\prefs.js

Deleted : user_pref("CT2260173..clientLogIsEnabled", false);
Deleted : user_pref("CT2260173..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2260173..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2260173.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2260173.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2260173.AppTrackingLastCheckTime", "Fri Mar 30 2012 20:02:43 GMT-0700 (Pacific Daylight[...]
Deleted : user_pref("CT2260173.CT2260173", "CT2260173");
Deleted : user_pref("CT2260173.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2260173.CurrentServerDate", "1-4-2012");
Deleted : user_pref("CT2260173.DSInstall", true);
Deleted : user_pref("CT2260173.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2260173.DialogsGetterLastCheckTime", "Fri Mar 30 2012 20:02:34 GMT-0700 (Pacific Daylig[...]
Deleted : user_pref("CT2260173.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT2260173.EMailNotifierPollDate", "Sun Apr 01 2012 00:44:08 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2260173.FeedLastCount128940659599556287", 0);
Deleted : user_pref("CT2260173.FeedPollDate128940659196275477", "Sun Apr 01 2012 00:44:09 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2260173.FeedPollDate128940659574712536", "Sun Apr 01 2012 00:44:09 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2260173.FeedTTL128940659574712536", 40);
Deleted : user_pref("CT2260173.FirstServerDate", "17-3-2012");
Deleted : user_pref("CT2260173.FirstTime", true);
Deleted : user_pref("CT2260173.FirstTimeFF3", true);
Deleted : user_pref("CT2260173.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2260173.GroupingInvalidateCache", false);
Deleted : user_pref("CT2260173.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2260173.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2260173.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2260173.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2260173.HPInstall", false);
Deleted : user_pref("CT2260173.HasUserGlobalKeys", true);
Deleted : user_pref("CT2260173.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2260173.HomepageBeforeUnload", "www.google.com");
Deleted : user_pref("CT2260173.Initialize", true);
Deleted : user_pref("CT2260173.InitializeCommonPrefs", true);
Deleted : user_pref("CT2260173.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2260173.InstallationType", "DirectDownload");
Deleted : user_pref("CT2260173.InstalledDate", "Sat Mar 17 2012 13:06:34 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT2260173.InvalidateCache", false);
Deleted : user_pref("CT2260173.IsAlertDBUpdated", true);
Deleted : user_pref("CT2260173.IsGrouping", false);
Deleted : user_pref("CT2260173.IsInitSetupIni", true);
Deleted : user_pref("CT2260173.IsMulticommunity", false);
Deleted : user_pref("CT2260173.IsOpenThankYouPage", true);
Deleted : user_pref("CT2260173.IsOpenUninstallPage", true);
Deleted : user_pref("CT2260173.IsProtectorsInit", true);
Deleted : user_pref("CT2260173.LanguagePackLastCheckTime", "Sun Apr 01 2012 00:44:12 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2260173.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2260173.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2260173.LastLogin_3.10.0.1", "Sun Apr 01 2012 00:44:12 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2260173.LatestVersion", "3.10.0.1");
Deleted : user_pref("CT2260173.Locale", "en");
Deleted : user_pref("CT2260173.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2260173.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2260173.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2260173.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2260173.OriginalFirstVersion", "3.10.0.1");
Deleted : user_pref("CT2260173.RadioIsPodcast", false);
Deleted : user_pref("CT2260173.RadioLastCheckTime", "Sun Apr 01 2012 00:44:09 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2260173.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2260173.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2260173.RadioMediaID", "9942");
Deleted : user_pref("CT2260173.RadioMediaType", "Media Player");
Deleted : user_pref("CT2260173.RadioMenuSelectedID", "EBRadioMenu_CT22601739942");
Deleted : user_pref("CT2260173.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2260173.RadioStationName", "1.FM%20(Country)");
Deleted : user_pref("CT2260173.RadioStationURL", "hxxp://1.fm/wm/energycountry32k.asx");
Deleted : user_pref("CT2260173.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2260173.SearchCaption", "Swag Bucks Customized Web Search");
Deleted : user_pref("CT2260173.SearchEngineBeforeUnload", "Swag Bucks Customized Web Search");
Deleted : user_pref("CT2260173.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2260173.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2260173.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2260173.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2260173.SearchInNewTabLastCheckTime", "Sun Apr 01 2012 00:44:08 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT2260173.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2260173.SearchProtectorEnabled", false);
Deleted : user_pref("CT2260173.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2260173.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2260173.ServiceMapLastCheckTime", "Sun Apr 01 2012 00:44:11 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT2260173.SettingsLastCheckTime", "Sun Apr 01 2012 00:44:08 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2260173.SettingsLastUpdate", "1331756338");
Deleted : user_pref("CT2260173.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=13");
Deleted : user_pref("CT2260173.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2260173.ThirdPartyComponentsLastCheck", "Sat Mar 17 2012 13:06:32 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT2260173.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2260173.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2260173.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2260173");
Deleted : user_pref("CT2260173.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2260173.Uninstall", true);
Deleted : user_pref("CT2260173.UserID", "UN81123074752020899");
Deleted : user_pref("CT2260173.ValidationData_Search", 2);
Deleted : user_pref("CT2260173.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2260173.WeatherNetwork", "");
Deleted : user_pref("CT2260173.WeatherPollDate", "Sun Apr 01 2012 00:44:10 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2260173.WeatherUnit", "F");
Deleted : user_pref("CT2260173.alertChannelId", "657446");
Deleted : user_pref("CT2260173.components.1000034", true);
Deleted : user_pref("CT2260173.components.1000082", true);
Deleted : user_pref("CT2260173.components.1000234", true);
Deleted : user_pref("CT2260173.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2260173.globalFirstTimeInfoLastCheckTime", "Fri Mar 30 2012 20:02:33 GMT-0700 (Pacific [...]
Deleted : user_pref("CT2260173.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2260173.initDone", true);
Deleted : user_pref("CT2260173.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2260173.isFirstRadioInstallation", false);
Deleted : user_pref("CT2260173.myStuffEnabled", true);
Deleted : user_pref("CT2260173.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2260173.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2260173.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2260173.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2260173.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2260173.oldAppsList", "128848965243869714,128848965243869715,111,128958821111237507,128[...]
Deleted : user_pref("CT2260173.revertSettingsEnabled", false);
Deleted : user_pref("CT2260173.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2260173.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2260173.testingCtid", "");
Deleted : user_pref("CT2260173.toolbarAppMetaDataLastCheckTime", "Sun Apr 01 2012 00:44:12 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2260173.toolbarContextMenuLastCheckTime", "Sun Apr 01 2012 00:44:12 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2260173.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Swag Bucks Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2260173/CT2260173[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3115642/CT3115642[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1510401/1505813/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/657446/653307/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2260173", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3115642", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2260173",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3115642",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"ced[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Lexxi\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2260173");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2260173");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2260173");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Apr 01 2012 00:44:09 GMT-0400 (Eas[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "972ac82d-3379-4d2e-a62d-324af8b79adb");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3115642");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Apr 01 2012 00:43:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Apr 01 2012 00:43:46 GMT-040[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Apr 01 2012 00:43:38 GMT-0400 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "36c0e871-66c6-4806-a4af-ebf356b47d4c");
Deleted : user_pref("CommunityToolbar.originalHomepage", "www.google.com");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("browser.search.defaultthis.engineName", "Swag Bucks Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&Sea[...]

*************************

AdwCleaner[R1].txt - [15069 octets] - [20/01/2013 16:55:31]
AdwCleaner[S1].txt - [15318 octets] - [21/01/2013 10:29:17]

########## EOF - C:\AdwCleaner[S1].txt - [15379 octets] ##########

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:47 PM

Posted 21 January 2013 - 10:55 AM

Before contacting Microsoft try this fix.

http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

#10 Lexxiaa

Lexxiaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 22 January 2013 - 10:43 AM

Ran that a couple of times, there is still corrupted files it cant fix so I'm not sure what to do about those

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:47 PM

Posted 22 January 2013 - 11:11 AM

there is still corrupted files it cant fix so I'm not sure what to do about those



If not too many can you post the filenames so I can check them.

#12 Lexxiaa

Lexxiaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 22 January 2013 - 02:46 PM

It looks like the same file, but these were the 4 things i found it said couldnt be fixed

2013-01-21 18:17:13, Info CSI 00000304 [SR] Cannot repair member file [l:24{12}]"W32UIImg.dll" of Microsoft-Windows-Setup-Component, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-01-21 18:17:13, Info CSI 00000306 [SR] Cannot repair member file [l:24{12}]"W32UIImg.dll" of Microsoft-Windows-Setup-Component, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-01-21 18:17:13, Info CSI 00000307 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2013-01-21 18:17:13, Info CSI 0000030a [SR] Could not reproject corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\System32\oobe"\[l:24{12}]"W32UIImg.dll"; source file in store is also corrupted



2013-01-21 18:10:43, Info CSI 00000159 [SR] Cannot repair member file [l:24{12}]"W32UIImg.dll" of Microsoft-Windows-Setup-Component, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-01-21 18:10:45, Info CSI 0000015b [SR] Cannot repair member file [l:24{12}]"W32UIImg.dll" of Microsoft-Windows-Setup-Component, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-01-21 18:10:45, Info CSI 0000015c [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2013-01-21 18:10:45, Info CSI 0000015f [SR] Could not reproject corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\System32\oobe"\[l:24{12}]"W32UIImg.dll"; source file in store is also corrupted


2013-01-21 16:11:05, Info CSI 00000304 [SR] Cannot repair member file [l:24{12}]"W32UIImg.dll" of Microsoft-Windows-Setup-Component, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-01-21 16:11:05, Info CSI 00000306 [SR] Cannot repair member file [l:24{12}]"W32UIImg.dll" of Microsoft-Windows-Setup-Component, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-01-21 16:11:05, Info CSI 00000307 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2013-01-21 16:11:05, Info CSI 0000030a [SR] Could not reproject corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\System32\oobe"\[l:24{12}]"W32UIImg.dll"; source file in store is also corrupted




2013-01-21 16:04:37, Info CSI 00000159 [SR] Cannot repair member file [l:24{12}]"W32UIImg.dll" of Microsoft-Windows-Setup-Component, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-01-21 16:04:38, Info CSI 0000015b [SR] Cannot repair member file [l:24{12}]"W32UIImg.dll" of Microsoft-Windows-Setup-Component, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-01-21 16:04:38, Info CSI 0000015c [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2013-01-21 16:04:38, Info CSI 0000015f [SR] Could not reproject corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\System32\oobe"\[l:24{12}]"W32UIImg.dll"; source file in store is also corrupted

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:47 PM

Posted 23 January 2013 - 08:54 AM

Lets have a look at that file and see if you have a spare copy on your Hard Disk.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    W32UIImg.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#14 Lexxiaa

Lexxiaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 23 January 2013 - 02:36 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 14:32 on 23/01/2013 by Lexxi
Administrator - Elevation successful

========== filefind ==========

Searching for "W32UIImg.dll"
C:\Windows\System32\oobe\W32UIImg.dll --a---- 3051008 bytes [23:29 13/07/2009] [01:33 14/07/2009] 09BD5137E9279E11FED24EAFC8FC3D2B
C:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8\W32UIImg.dll --a---- 3051008 bytes [23:29 13/07/2009] [01:33 14/07/2009] 09BD5137E9279E11FED24EAFC8FC3D2B

-= EOF =-

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:47 PM

Posted 23 January 2013 - 04:51 PM

Need more information on the file


>>> Run Jotti's malware scan: Please copy this line (in bold):
C:\Windows\System32\oobe\W32UIImg.dll
  • Go to Jotti's malware scan and click the Browse button,
  • A window will open, right-click in the File name field and choose Paste.
  • Click the Submit button and let the scan run uninterrupted.
  • At the end right-click the Permalink button and choose "Copy the link". Posted Image
  • Open Notepad (Start => All Programs => Accessories) and click "Edition" => "Paste".
Please copy and paste these Permalink in your next reply.
If Jotti is busy, please go to http://www.virustotal.com




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users