Jump to content


Photo
- - - - -

Trojan:DOS Alureon.L (Cannot remove it).


  • This topic is locked This topic is locked
15 replies to this topic

#1 daveusmc

daveusmc

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 110 posts
  • Gender:Male
  • Location:Ohio, U.S.A.

Posted 13 August 2012 - 03:37 PM

Here are my DDS logs....got Hijack This as well! can't seem to remove this Trojan using Microsoft Security Essentials, also Malwarebytes Anti-Malware , ver. 1.62.0.1300, didn't seem to pick this trojan up on its scan! Wonder why? I have the log if needed for MB?
----------------------------------------------------------------------------------------------------------------------------Attached File  Attach.zip   3.36KB   3 downloads

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by DJF at 15:59:46 on 2012-08-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2677 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\windows\system32\Dwm.exe
C:\Users\DJF\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\windows\Explorer.EXE
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\REGSVR32.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://start.toshiba.com
uInternet Settings,ProxyOverride = <local>;192.168.*.*
mWinlogon: Userinit=userinit.exe,
BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DefaultTab Browser Helper: {7f6afbf1-e065-4627-a2fd-810366367d01} - C:\Users\DJF\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{847952EF-0E15-418A-BC17-D0390BC39259} : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {1036AD63-AEAC-460B-9060-C96005D4DC86} - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\DJF\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO-X64: DefaultTabBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\DJF\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2012-7-25 107520]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-20 2656280]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-2-20 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2012-7-17 562688]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-20 136176]
S2 PCCUJobMgr;Common Client Job Manager Service; [x]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-20 136176]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-13 19:08:59 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E8FEA0E5-646E-4629-A91B-2DB8D2BA22E2}\offreg.dll
2012-08-13 17:46:12 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E8FEA0E5-646E-4629-A91B-2DB8D2BA22E2}\mpengine.dll
2012-08-12 20:04:19 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-09 21:36:59 -------- d-----w- C:\Users\DJF\AppData\Local\Garmin
2012-08-09 21:36:20 -------- d-----w- C:\Users\DJF\AppData\Local\GARMIN_Corp
2012-08-02 04:50:08 -------- d-----w- C:\Users\DJF\AppData\Local\Ilivid Player
2012-08-01 20:51:51 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{02EA834A-107B-4CA0-8F01-095B01F5B5CF}\gapaengine.dll
2012-08-01 20:49:40 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-08-01 20:49:32 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-29 03:00:49 -------- d-----w- C:\Users\DJF\AppData\Local\Facebook
2012-07-25 22:49:48 -------- d-----w- C:\Users\DJF\.smplayer
2012-07-25 22:48:24 -------- d-----w- C:\Program Files (x86)\DefaultTab
2012-07-25 22:48:14 -------- d-----w- C:\Users\DJF\AppData\Roaming\DefaultTab
2012-07-25 22:47:53 -------- d-----w- C:\Users\DJF\AppData\Local\Shopping Sidekick
2012-07-25 22:47:43 -------- d-----w- C:\Users\DJF\AppData\Roaming\Bucksbee Loyalty Plugin 100815.b for Chrome
2012-07-25 22:47:35 -------- d-----w- C:\Program Files\PrivacySafeGuard
2012-07-14 21:44:14 -------- d-----w- C:\Program Files\Garmin GPS Plugin
2012-07-14 21:39:19 -------- d-----w- C:\Program Files (x86)\Garmin
2012-07-14 21:16:00 -------- d-----w- C:\ProgramData\Garmin
.
==================== Find3M ====================
.
2012-07-31 01:38:45 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-31 01:38:45 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-06-25 20:04:24 1394248 ----a-w- C:\windows\SysWow64\msxml4.dll
2012-06-12 03:08:36 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 16:07:04.41 ===============


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:26:02 PM, on 8/13/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\DJF\Documents\My Downloads\Firewalls, Spyware, AV and Malware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\DJF\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\DJF\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10157 bytes

--------------------------------------------------------------------------------------------------


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.13.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
DJF :: DJF-PC [limited]

8/13/2012 2:30:36 PM
mbam-log-2012-08-13 (14-30-36).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 323443
Time elapsed: 34 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\TypeLib\{1EA1A4B4-B3EF-481F-89D7-467FEAD5CF20} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCR\Interface\{C8DA3FA9-8DD9-4BF6-BBBA-625B0E3D07F7} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.

(end)



THANKS!!!
Regards,
DJ

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,136 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 August 2012 - 03:43 PM

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 daveusmc

daveusmc

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 110 posts
  • Gender:Male
  • Location:Ohio, U.S.A.

Posted 15 August 2012 - 12:55 PM

Ok, also I found the scan report in a ''folder'' that this scan created, but here's the report from selecting ''Report'' button! The same I think!
Trojan is back again, as I seemed to have been ok for a day and a half after ridding the problem, but I still have it. Microsoft Sec Essentials picked it up today, again.
Thanks!




RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: DJF [Admin rights]
Mode: Scan -- Date: 08/15/2012 13:42:17

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] DTUpdate.exe -- C:\Users\DJF\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++
--- User ---
[MBR] 4fc4d6a3ec961b0d79dbcdeb6148abba
[BSP] 6800c9c8728f417da4f9d852748b51d9 : MaxSS MBR Code!
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 593953 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1219489792 | Size: 15026 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
Regards,
DJ

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,136 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 15 August 2012 - 01:12 PM

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Posted Image


--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 daveusmc

daveusmc

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 110 posts
  • Gender:Male
  • Location:Ohio, U.S.A.

Posted 15 August 2012 - 03:44 PM

Ok, tdsskiller wanted to scan again ''after I rebooted'' (looked like a small DOS window popped up)...is this normal? I selected ''NO'' and continued with the reboot process and searching for the log here. Just want to be on the safe side here.....


16:26:13.0846 1876 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
16:26:13.0861 1876 ============================================================
16:26:13.0861 1876 Current date / time: 2012/08/15 16:26:13.0861
16:26:13.0861 1876 SystemInfo:
16:26:13.0861 1876
16:26:13.0861 1876 OS Version: 6.1.7601 ServicePack: 1.0
16:26:13.0861 1876 Product type: Workstation
16:26:13.0861 1876 ComputerName: DJF-PC
16:26:13.0861 1876 UserName: DJF
16:26:13.0861 1876 Windows directory: C:\windows
16:26:13.0861 1876 System windows directory: C:\windows
16:26:13.0861 1876 Running under WOW64
16:26:13.0861 1876 Processor architecture: Intel x64
16:26:13.0861 1876 Number of processors: 4
16:26:13.0861 1876 Page size: 0x1000
16:26:13.0861 1876 Boot type: Normal boot
16:26:13.0861 1876 ============================================================
16:26:14.0501 1876 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:26:14.0516 1876 ============================================================
16:26:14.0516 1876 \Device\Harddisk0\DR0:
16:26:14.0516 1876 MBR partitions:
16:26:14.0516 1876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48810800
16:26:14.0516 1876 ============================================================
16:26:14.0516 1876 C: <-> \Device\Harddisk0\DR0\Partition1
16:26:14.0516 1876 ============================================================
16:26:14.0516 1876 Initialize success
16:26:14.0516 1876 ============================================================
16:26:41.0442 4964 ============================================================
16:26:41.0442 4964 Scan started
16:26:41.0442 4964 Mode: Manual; SigCheck; TDLFS;
16:26:41.0442 4964 ============================================================
16:26:41.0676 4964 ================ Scan services =============================
16:26:41.0832 4964 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
16:26:41.0879 4964 1394ohci - ok
16:26:41.0926 4964 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\windows\system32\drivers\ACPI.sys
16:26:41.0941 4964 ACPI - ok
16:26:41.0957 4964 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
16:26:42.0004 4964 AcpiPmi - ok
16:26:42.0097 4964 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:26:42.0097 4964 AdobeARMservice - ok
16:26:42.0160 4964 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
16:26:42.0175 4964 adp94xx - ok
16:26:42.0206 4964 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\windows\system32\drivers\adpahci.sys
16:26:42.0222 4964 adpahci - ok
16:26:42.0238 4964 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
16:26:42.0253 4964 adpu320 - ok
16:26:42.0284 4964 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
16:26:42.0316 4964 AeLookupSvc - ok
16:26:42.0347 4964 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\windows\system32\drivers\afd.sys
16:26:42.0378 4964 AFD - ok
16:26:42.0425 4964 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\windows\system32\drivers\agp440.sys
16:26:42.0425 4964 agp440 - ok
16:26:42.0472 4964 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\windows\System32\alg.exe
16:26:42.0487 4964 ALG - ok
16:26:42.0503 4964 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\windows\system32\drivers\aliide.sys
16:26:42.0518 4964 aliide - ok
16:26:42.0534 4964 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\windows\system32\drivers\amdide.sys
16:26:42.0534 4964 amdide - ok
16:26:42.0581 4964 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
16:26:42.0581 4964 AmdK8 - ok
16:26:42.0596 4964 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
16:26:42.0612 4964 AmdPPM - ok
16:26:42.0643 4964 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\windows\system32\drivers\amdsata.sys
16:26:42.0643 4964 amdsata - ok
16:26:42.0674 4964 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\windows\system32\drivers\amdsbs.sys
16:26:42.0674 4964 amdsbs - ok
16:26:42.0690 4964 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
16:26:42.0706 4964 amdxata - ok
16:26:42.0737 4964 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\windows\system32\drivers\appid.sys
16:26:42.0768 4964 AppID - ok
16:26:42.0784 4964 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\windows\System32\appidsvc.dll
16:26:42.0815 4964 AppIDSvc - ok
16:26:42.0830 4964 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\windows\System32\appinfo.dll
16:26:42.0862 4964 Appinfo - ok
16:26:42.0893 4964 [ c484f8ceb1717c540242531db7845c4e ] arc C:\windows\system32\drivers\arc.sys
16:26:42.0908 4964 arc - ok
16:26:42.0924 4964 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\windows\system32\drivers\arcsas.sys
16:26:42.0940 4964 arcsas - ok
16:26:43.0033 4964 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:26:43.0033 4964 aspnet_state - ok
16:26:43.0064 4964 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
16:26:43.0096 4964 AsyncMac - ok
16:26:43.0127 4964 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\windows\system32\drivers\atapi.sys
16:26:43.0127 4964 atapi - ok
16:26:43.0158 4964 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:26:43.0205 4964 AudioEndpointBuilder - ok
16:26:43.0220 4964 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\windows\System32\Audiosrv.dll
16:26:43.0252 4964 AudioSrv - ok
16:26:43.0283 4964 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\windows\System32\AxInstSV.dll
16:26:43.0298 4964 AxInstSV - ok
16:26:43.0330 4964 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
16:26:43.0361 4964 b06bdrv - ok
16:26:43.0392 4964 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
16:26:43.0408 4964 b57nd60a - ok
16:26:43.0454 4964 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\windows\System32\bdesvc.dll
16:26:43.0470 4964 BDESVC - ok
16:26:43.0501 4964 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\windows\system32\drivers\Beep.sys
16:26:43.0532 4964 Beep - ok
16:26:43.0564 4964 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\windows\System32\bfe.dll
16:26:43.0610 4964 BFE - ok
16:26:43.0657 4964 [ 1b63f2b7ca6b5290cc124cdd07520bc9 ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
16:26:43.0673 4964 BingDesktopUpdate - ok
16:26:43.0720 4964 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\windows\System32\qmgr.dll
16:26:43.0766 4964 BITS - ok
16:26:43.0798 4964 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
16:26:43.0813 4964 blbdrive - ok
16:26:43.0829 4964 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
16:26:43.0860 4964 bowser - ok
16:26:43.0891 4964 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
16:26:43.0907 4964 BrFiltLo - ok
16:26:43.0922 4964 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
16:26:43.0938 4964 BrFiltUp - ok
16:26:43.0969 4964 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\windows\System32\browser.dll
16:26:43.0985 4964 Browser - ok
16:26:44.0016 4964 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\windows\System32\Drivers\Brserid.sys
16:26:44.0047 4964 Brserid - ok
16:26:44.0063 4964 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
16:26:44.0078 4964 BrSerWdm - ok
16:26:44.0110 4964 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
16:26:44.0125 4964 BrUsbMdm - ok
16:26:44.0141 4964 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
16:26:44.0141 4964 BrUsbSer - ok
16:26:44.0156 4964 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
16:26:44.0172 4964 BTHMODEM - ok
16:26:44.0203 4964 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\windows\system32\bthserv.dll
16:26:44.0234 4964 bthserv - ok
16:26:44.0266 4964 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
16:26:44.0297 4964 cdfs - ok
16:26:44.0344 4964 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
16:26:44.0344 4964 cdrom - ok
16:26:44.0390 4964 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\windows\System32\certprop.dll
16:26:44.0422 4964 CertPropSvc - ok
16:26:44.0437 4964 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\windows\system32\drivers\circlass.sys
16:26:44.0453 4964 circlass - ok
16:26:44.0468 4964 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\windows\system32\CLFS.sys
16:26:44.0484 4964 CLFS - ok
16:26:44.0546 4964 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:26:44.0546 4964 clr_optimization_v2.0.50727_32 - ok
16:26:44.0593 4964 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:26:44.0609 4964 clr_optimization_v2.0.50727_64 - ok
16:26:44.0671 4964 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:26:44.0671 4964 clr_optimization_v4.0.30319_32 - ok
16:26:44.0687 4964 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:26:44.0702 4964 clr_optimization_v4.0.30319_64 - ok
16:26:44.0734 4964 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
16:26:44.0749 4964 CmBatt - ok
16:26:44.0749 4964 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\windows\system32\drivers\cmdide.sys
16:26:44.0765 4964 cmdide - ok
16:26:44.0812 4964 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\windows\system32\Drivers\cng.sys
16:26:44.0890 4964 CNG - ok
16:26:44.0968 4964 [ 20506f12afad3db588d007ea9325fbbc ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
16:26:44.0999 4964 CnxtHdAudService - ok
16:26:45.0030 4964 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
16:26:45.0030 4964 Compbatt - ok
16:26:45.0061 4964 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
16:26:45.0077 4964 CompositeBus - ok
16:26:45.0092 4964 COMSysApp - ok
16:26:45.0108 4964 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
16:26:45.0108 4964 crcdisk - ok
16:26:45.0155 4964 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\windows\system32\cryptsvc.dll
16:26:45.0170 4964 CryptSvc - ok
16:26:45.0217 4964 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\windows\system32\rpcss.dll
16:26:45.0248 4964 DcomLaunch - ok
16:26:45.0311 4964 [ 2ab40d0f2c34549604c75dc0b54451e7 ] DefaultTabSearch C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
16:26:45.0436 4964 DefaultTabSearch ( UnsignedFile.Multi.Generic ) - warning
16:26:45.0436 4964 DefaultTabSearch - detected UnsignedFile.Multi.Generic (1)
16:26:45.0529 4964 [ 34ae0dfa3ee3b5b9975042d87332d0b7 ] DefaultTabUpdate C:\Users\DJF\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
16:26:45.0529 4964 DefaultTabUpdate ( UnsignedFile.Multi.Generic ) - warning
16:26:45.0529 4964 DefaultTabUpdate - detected UnsignedFile.Multi.Generic (1)
16:26:45.0576 4964 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\windows\System32\defragsvc.dll
16:26:45.0607 4964 defragsvc - ok
16:26:45.0638 4964 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
16:26:45.0670 4964 DfsC - ok
16:26:45.0685 4964 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\windows\system32\dhcpcore.dll
16:26:45.0716 4964 Dhcp - ok
16:26:45.0748 4964 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\windows\system32\drivers\discache.sys
16:26:45.0794 4964 discache - ok
16:26:45.0826 4964 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\windows\system32\drivers\disk.sys
16:26:45.0841 4964 Disk - ok
16:26:45.0872 4964 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\windows\System32\dnsrslvr.dll
16:26:45.0888 4964 Dnscache - ok
16:26:45.0904 4964 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\windows\System32\dot3svc.dll
16:26:45.0950 4964 dot3svc - ok
16:26:45.0950 4964 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\windows\system32\dps.dll
16:26:45.0982 4964 DPS - ok
16:26:46.0028 4964 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
16:26:46.0044 4964 drmkaud - ok
16:26:46.0075 4964 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
16:26:46.0106 4964 DXGKrnl - ok
16:26:46.0138 4964 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\windows\System32\eapsvc.dll
16:26:46.0169 4964 EapHost - ok
16:26:46.0247 4964 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\windows\system32\drivers\evbda.sys
16:26:46.0309 4964 ebdrv - ok
16:26:46.0340 4964 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\windows\System32\lsass.exe
16:26:46.0372 4964 EFS - ok
16:26:46.0434 4964 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
16:26:46.0450 4964 ehRecvr - ok
16:26:46.0465 4964 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\windows\ehome\ehsched.exe
16:26:46.0496 4964 ehSched - ok
16:26:46.0559 4964 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
16:26:46.0574 4964 elxstor - ok
16:26:46.0590 4964 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\windows\system32\drivers\errdev.sys
16:26:46.0606 4964 ErrDev - ok
16:26:46.0652 4964 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\windows\system32\es.dll
16:26:46.0684 4964 EventSystem - ok
16:26:46.0715 4964 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\windows\system32\drivers\exfat.sys
16:26:46.0746 4964 exfat - ok
16:26:46.0762 4964 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\windows\system32\drivers\fastfat.sys
16:26:46.0793 4964 fastfat - ok
16:26:46.0840 4964 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\windows\system32\fxssvc.exe
16:26:46.0855 4964 Fax - ok
16:26:46.0902 4964 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\windows\system32\drivers\fdc.sys
16:26:46.0918 4964 fdc - ok
16:26:46.0933 4964 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\windows\system32\fdPHost.dll
16:26:46.0964 4964 fdPHost - ok
16:26:46.0996 4964 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\windows\system32\fdrespub.dll
16:26:47.0027 4964 FDResPub - ok
16:26:47.0058 4964 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
16:26:47.0058 4964 FileInfo - ok
16:26:47.0089 4964 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
16:26:47.0120 4964 Filetrace - ok
16:26:47.0136 4964 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
16:26:47.0152 4964 flpydisk - ok
16:26:47.0167 4964 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
16:26:47.0183 4964 FltMgr - ok
16:26:47.0230 4964 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\windows\system32\FntCache.dll
16:26:47.0245 4964 FontCache - ok
16:26:47.0292 4964 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:26:47.0292 4964 FontCache3.0.0.0 - ok
16:26:47.0308 4964 [ d43703496149971890703b4b1b723eac ] FsDepends C:\windows\system32\drivers\FsDepends.sys
16:26:47.0308 4964 FsDepends - ok
16:26:47.0339 4964 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
16:26:47.0354 4964 Fs_Rec - ok
16:26:47.0386 4964 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
16:26:47.0401 4964 fvevol - ok
16:26:47.0432 4964 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
16:26:47.0432 4964 gagp30kx - ok
16:26:47.0495 4964 [ c403c5db49a0f9aaf4f2128edc0106d8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
16:26:47.0495 4964 GamesAppService - ok
16:26:47.0542 4964 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\windows\System32\gpsvc.dll
16:26:47.0588 4964 gpsvc - ok
16:26:47.0651 4964 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:26:47.0651 4964 gupdate - ok
16:26:47.0666 4964 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:26:47.0666 4964 gupdatem - ok
16:26:47.0682 4964 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:26:47.0698 4964 gusvc - ok
16:26:47.0744 4964 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
16:26:47.0760 4964 hcw85cir - ok
16:26:47.0791 4964 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:26:47.0807 4964 HdAudAddService - ok
16:26:47.0838 4964 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
16:26:47.0854 4964 HDAudBus - ok
16:26:47.0854 4964 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\windows\system32\drivers\HidBatt.sys
16:26:47.0869 4964 HidBatt - ok
16:26:47.0885 4964 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\windows\system32\drivers\hidbth.sys
16:26:47.0900 4964 HidBth - ok
16:26:47.0932 4964 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\windows\system32\drivers\hidir.sys
16:26:47.0932 4964 HidIr - ok
16:26:47.0963 4964 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\windows\system32\hidserv.dll
16:26:47.0994 4964 hidserv - ok
16:26:48.0025 4964 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
16:26:48.0025 4964 HidUsb - ok
16:26:48.0072 4964 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\windows\system32\kmsvc.dll
16:26:48.0103 4964 hkmsvc - ok
16:26:48.0119 4964 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:26:48.0134 4964 HomeGroupListener - ok
16:26:48.0166 4964 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:26:48.0181 4964 HomeGroupProvider - ok
16:26:48.0228 4964 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
16:26:48.0228 4964 HpSAMD - ok
16:26:48.0275 4964 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\windows\system32\drivers\HTTP.sys
16:26:48.0306 4964 HTTP - ok
16:26:48.0322 4964 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
16:26:48.0337 4964 hwpolicy - ok
16:26:48.0368 4964 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
16:26:48.0368 4964 i8042prt - ok
16:26:48.0415 4964 [ 2fdaec4b02729c48c0fd1b0b4695995b ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
16:26:48.0431 4964 iaStor - ok
16:26:48.0478 4964 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
16:26:48.0493 4964 iaStorV - ok
16:26:48.0540 4964 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:26:48.0540 4964 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:26:48.0540 4964 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:26:48.0587 4964 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:26:48.0602 4964 idsvc - ok
16:26:48.0868 4964 [ 0d1b8c64bdf0e5cdc523a1409ffb5ef0 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
16:26:49.0024 4964 igfx - ok
16:26:49.0055 4964 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\windows\system32\drivers\iirsp.sys
16:26:49.0070 4964 iirsp - ok
16:26:49.0117 4964 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\windows\System32\ikeext.dll
16:26:49.0164 4964 IKEEXT - ok
16:26:49.0195 4964 [ fc727061c0f47c8059e88e05d5c8e381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
16:26:49.0226 4964 IntcDAud - ok
16:26:49.0258 4964 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\windows\system32\drivers\intelide.sys
16:26:49.0273 4964 intelide - ok
16:26:49.0289 4964 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
16:26:49.0304 4964 intelppm - ok
16:26:49.0336 4964 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\windows\system32\ipbusenum.dll
16:26:49.0382 4964 IPBusEnum - ok
16:26:49.0398 4964 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
16:26:49.0429 4964 IpFilterDriver - ok
16:26:49.0460 4964 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
16:26:49.0507 4964 iphlpsvc - ok
16:26:49.0538 4964 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
16:26:49.0538 4964 IPMIDRV - ok
16:26:49.0554 4964 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
16:26:49.0585 4964 IPNAT - ok
16:26:49.0616 4964 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\windows\system32\drivers\irenum.sys
16:26:49.0632 4964 IRENUM - ok
16:26:49.0648 4964 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\windows\system32\drivers\isapnp.sys
16:26:49.0648 4964 isapnp - ok
16:26:49.0663 4964 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
16:26:49.0679 4964 iScsiPrt - ok
16:26:49.0710 4964 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
16:26:49.0726 4964 kbdclass - ok
16:26:49.0757 4964 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
16:26:49.0772 4964 kbdhid - ok
16:26:49.0804 4964 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\windows\system32\lsass.exe
16:26:49.0819 4964 KeyIso - ok
16:26:49.0835 4964 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
16:26:49.0850 4964 KSecDD - ok
16:26:49.0866 4964 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
16:26:49.0882 4964 KSecPkg - ok
16:26:49.0897 4964 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
16:26:49.0928 4964 ksthunk - ok
16:26:49.0960 4964 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\windows\system32\msdtckrm.dll
16:26:49.0991 4964 KtmRm - ok
16:26:50.0038 4964 [ ebed8b3ff4a823c1a6eebeed7b29353f ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
16:26:50.0053 4964 L1C - ok
16:26:50.0084 4964 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\windows\system32\srvsvc.dll
16:26:50.0131 4964 LanmanServer - ok
16:26:50.0162 4964 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:26:50.0194 4964 LanmanWorkstation - ok
16:26:50.0225 4964 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
16:26:50.0256 4964 lltdio - ok
16:26:50.0287 4964 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\windows\System32\lltdsvc.dll
16:26:50.0318 4964 lltdsvc - ok
16:26:50.0350 4964 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\windows\System32\lmhsvc.dll
16:26:50.0381 4964 lmhosts - ok
16:26:50.0443 4964 [ 2ed1786b7542cda261029f6b526edf44 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:26:50.0459 4964 LMS - ok
16:26:50.0490 4964 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
16:26:50.0490 4964 LSI_FC - ok
16:26:50.0506 4964 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
16:26:50.0521 4964 LSI_SAS - ok
16:26:50.0537 4964 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
16:26:50.0537 4964 LSI_SAS2 - ok
16:26:50.0552 4964 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
16:26:50.0568 4964 LSI_SCSI - ok
16:26:50.0599 4964 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\windows\system32\drivers\luafv.sys
16:26:50.0630 4964 luafv - ok
16:26:50.0646 4964 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
16:26:50.0662 4964 Mcx2Svc - ok
16:26:50.0693 4964 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\windows\system32\drivers\megasas.sys
16:26:50.0708 4964 megasas - ok
16:26:50.0740 4964 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
16:26:50.0755 4964 MegaSR - ok
16:26:50.0786 4964 [ a6518dcc42f7a6e999bb3bea8fd87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
16:26:50.0802 4964 MEIx64 - ok
16:26:50.0833 4964 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\windows\system32\mmcss.dll
16:26:50.0864 4964 MMCSS - ok
16:26:50.0880 4964 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\windows\system32\drivers\modem.sys
16:26:50.0911 4964 Modem - ok
16:26:50.0927 4964 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\windows\system32\DRIVERS\monitor.sys
16:26:50.0942 4964 monitor - ok
16:26:50.0974 4964 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
16:26:50.0974 4964 mouclass - ok
16:26:50.0989 4964 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
16:26:51.0005 4964 mouhid - ok
16:26:51.0036 4964 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\windows\system32\drivers\mountmgr.sys
16:26:51.0052 4964 mountmgr - ok
16:26:51.0114 4964 [ 94c66ededcdb6a126880472f9a704d8e ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
16:26:51.0114 4964 MpFilter - ok
16:26:51.0130 4964 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\windows\system32\drivers\mpio.sys
16:26:51.0145 4964 mpio - ok
16:26:51.0176 4964 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
16:26:51.0208 4964 mpsdrv - ok
16:26:51.0239 4964 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\windows\system32\mpssvc.dll
16:26:51.0286 4964 MpsSvc - ok
16:26:51.0286 4964 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
16:26:51.0301 4964 MRxDAV - ok
16:26:51.0317 4964 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
16:26:51.0332 4964 mrxsmb - ok
16:26:51.0364 4964 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
16:26:51.0364 4964 mrxsmb10 - ok
16:26:51.0379 4964 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
16:26:51.0395 4964 mrxsmb20 - ok
16:26:51.0410 4964 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
16:26:51.0410 4964 msahci - ok
16:26:51.0442 4964 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\windows\system32\drivers\msdsm.sys
16:26:51.0457 4964 msdsm - ok
16:26:51.0473 4964 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\windows\System32\msdtc.exe
16:26:51.0488 4964 MSDTC - ok
16:26:51.0504 4964 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\windows\system32\drivers\Msfs.sys
16:26:51.0535 4964 Msfs - ok
16:26:51.0566 4964 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
16:26:51.0598 4964 mshidkmdf - ok
16:26:51.0613 4964 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\windows\system32\drivers\msisadrv.sys
16:26:51.0613 4964 msisadrv - ok
16:26:51.0644 4964 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
16:26:51.0676 4964 MSiSCSI - ok
16:26:51.0691 4964 msiserver - ok
16:26:51.0722 4964 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
16:26:51.0754 4964 MSKSSRV - ok
16:26:51.0832 4964 [ 59faaf2c83c8169ea20f9e335e418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:26:51.0832 4964 MsMpSvc - ok
16:26:51.0878 4964 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
16:26:51.0910 4964 MSPCLOCK - ok
16:26:51.0925 4964 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
16:26:51.0956 4964 MSPQM - ok
16:26:51.0972 4964 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\windows\system32\drivers\MsRPC.sys
16:26:51.0972 4964 MsRPC - ok
16:26:51.0988 4964 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
16:26:52.0003 4964 mssmbios - ok
16:26:52.0003 4964 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
16:26:52.0034 4964 MSTEE - ok
16:26:52.0066 4964 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\windows\system32\drivers\MTConfig.sys
16:26:52.0081 4964 MTConfig - ok
16:26:52.0097 4964 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\windows\system32\Drivers\mup.sys
16:26:52.0112 4964 Mup - ok
16:26:52.0144 4964 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\windows\system32\qagentRT.dll
16:26:52.0175 4964 napagent - ok
16:26:52.0222 4964 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
16:26:52.0237 4964 NativeWifiP - ok
16:26:52.0268 4964 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\windows\system32\drivers\ndis.sys
16:26:52.0284 4964 NDIS - ok
16:26:52.0315 4964 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
16:26:52.0346 4964 NdisCap - ok
16:26:52.0362 4964 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
16:26:52.0393 4964 NdisTapi - ok
16:26:52.0424 4964 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
16:26:52.0456 4964 Ndisuio - ok
16:26:52.0471 4964 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
16:26:52.0502 4964 NdisWan - ok
16:26:52.0534 4964 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
16:26:52.0565 4964 NDProxy - ok
16:26:52.0580 4964 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
16:26:52.0612 4964 NetBIOS - ok
16:26:52.0627 4964 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
16:26:52.0658 4964 NetBT - ok
16:26:52.0690 4964 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\windows\system32\lsass.exe
16:26:52.0690 4964 Netlogon - ok
16:26:52.0721 4964 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\windows\System32\netman.dll
16:26:52.0768 4964 Netman - ok
16:26:52.0783 4964 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:26:52.0799 4964 NetMsmqActivator - ok
16:26:52.0799 4964 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:26:52.0814 4964 NetPipeActivator - ok
16:26:52.0814 4964 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\windows\System32\netprofm.dll
16:26:52.0861 4964 netprofm - ok
16:26:52.0861 4964 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:26:52.0861 4964 NetTcpActivator - ok
16:26:52.0877 4964 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:26:52.0877 4964 NetTcpPortSharing - ok
16:26:52.0939 4964 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
16:26:52.0939 4964 nfrd960 - ok
16:26:53.0002 4964 [ 91b4e0273d2f6c24ef845f2b41311289 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
16:26:53.0002 4964 NisDrv - ok
16:26:53.0064 4964 [ 10a43829a9e606af3eef25a1c1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
16:26:53.0080 4964 NisSrv - ok
16:26:53.0111 4964 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
16:26:53.0142 4964 NlaSvc - ok
16:26:53.0158 4964 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\windows\system32\drivers\Npfs.sys
16:26:53.0189 4964 Npfs - ok
16:26:53.0204 4964 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\windows\system32\nsisvc.dll
16:26:53.0236 4964 nsi - ok
16:26:53.0236 4964 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
16:26:53.0267 4964 nsiproxy - ok
16:26:53.0314 4964 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
16:26:53.0345 4964 Ntfs - ok
16:26:53.0360 4964 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\windows\system32\drivers\Null.sys
16:26:53.0392 4964 Null - ok
16:26:53.0423 4964 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\windows\system32\drivers\nvraid.sys
16:26:53.0438 4964 nvraid - ok
16:26:53.0454 4964 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\windows\system32\drivers\nvstor.sys
16:26:53.0454 4964 nvstor - ok
16:26:53.0485 4964 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
16:26:53.0485 4964 nv_agp - ok
16:26:53.0501 4964 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
16:26:53.0516 4964 ohci1394 - ok
16:26:53.0532 4964 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\windows\system32\pnrpsvc.dll
16:26:53.0548 4964 p2pimsvc - ok
16:26:53.0579 4964 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\windows\system32\p2psvc.dll
16:26:53.0594 4964 p2psvc - ok
16:26:53.0626 4964 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\windows\system32\drivers\parport.sys
16:26:53.0641 4964 Parport - ok
16:26:53.0657 4964 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\windows\system32\drivers\partmgr.sys
16:26:53.0672 4964 partmgr - ok
16:26:53.0672 4964 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
16:26:53.0704 4964 PcaSvc - ok
16:26:53.0719 4964 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\windows\system32\drivers\pci.sys
16:26:53.0719 4964 pci - ok
16:26:53.0750 4964 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\windows\system32\DRIVERS\pciide.sys
16:26:53.0750 4964 pciide - ok
16:26:53.0782 4964 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\windows\system32\drivers\pcmcia.sys
16:26:53.0782 4964 pcmcia - ok
16:26:53.0813 4964 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\windows\system32\drivers\pcw.sys
16:26:53.0828 4964 pcw - ok
16:26:53.0844 4964 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\windows\system32\drivers\peauth.sys
16:26:53.0875 4964 PEAUTH - ok
16:26:53.0969 4964 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\windows\SysWow64\perfhost.exe
16:26:53.0984 4964 PerfHost - ok
16:26:54.0031 4964 [ 91111cebbde8015e822c46120ed9537c ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
16:26:54.0047 4964 PGEffect - ok
16:26:54.0094 4964 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\windows\system32\pla.dll
16:26:54.0140 4964 pla - ok
16:26:54.0187 4964 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
16:26:54.0203 4964 PlugPlay - ok
16:26:54.0218 4964 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
16:26:54.0234 4964 PNRPAutoReg - ok
16:26:54.0250 4964 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\windows\system32\pnrpsvc.dll
16:26:54.0265 4964 PNRPsvc - ok
16:26:54.0296 4964 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
16:26:54.0328 4964 PolicyAgent - ok
16:26:54.0374 4964 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\windows\system32\umpo.dll
16:26:54.0406 4964 Power - ok
16:26:54.0437 4964 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
16:26:54.0468 4964 PptpMiniport - ok
16:26:54.0484 4964 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\windows\system32\drivers\processr.sys
16:26:54.0499 4964 Processor - ok
16:26:54.0530 4964 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\windows\system32\profsvc.dll
16:26:54.0546 4964 ProfSvc - ok
16:26:54.0562 4964 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\windows\system32\lsass.exe
16:26:54.0577 4964 ProtectedStorage - ok
16:26:54.0593 4964 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\windows\system32\DRIVERS\pacer.sys
16:26:54.0624 4964 Psched - ok
16:26:54.0640 4964 [ c8fcb4899f8b70cc34e0d9876a80963c ] QIOMem C:\windows\system32\DRIVERS\QIOMem.sys
16:26:54.0655 4964 QIOMem - ok
16:26:54.0718 4964 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
16:26:54.0749 4964 ql2300 - ok
16:26:54.0780 4964 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
16:26:54.0796 4964 ql40xx - ok
16:26:54.0827 4964 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\windows\system32\qwave.dll
16:26:54.0842 4964 QWAVE - ok
16:26:54.0858 4964 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
16:26:54.0874 4964 QWAVEdrv - ok
16:26:54.0874 4964 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
16:26:54.0905 4964 RasAcd - ok
16:26:54.0952 4964 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
16:26:54.0983 4964 RasAgileVpn - ok
16:26:54.0998 4964 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\windows\System32\rasauto.dll
16:26:55.0030 4964 RasAuto - ok
16:26:55.0045 4964 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
16:26:55.0076 4964 Rasl2tp - ok
16:26:55.0108 4964 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\windows\System32\rasmans.dll
16:26:55.0139 4964 RasMan - ok
16:26:55.0154 4964 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
16:26:55.0186 4964 RasPppoe - ok
16:26:55.0217 4964 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
16:26:55.0248 4964 RasSstp - ok
16:26:55.0279 4964 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
16:26:55.0310 4964 rdbss - ok
16:26:55.0326 4964 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\windows\system32\drivers\rdpbus.sys
16:26:55.0342 4964 rdpbus - ok
16:26:55.0373 4964 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
16:26:55.0404 4964 RDPCDD - ok
16:26:55.0404 4964 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
16:26:55.0435 4964 RDPENCDD - ok
16:26:55.0435 4964 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
16:26:55.0466 4964 RDPREFMP - ok
16:26:55.0482 4964 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\windows\system32\drivers\RDPWD.sys
16:26:55.0513 4964 RDPWD - ok
16:26:55.0560 4964 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
16:26:55.0576 4964 rdyboost - ok
16:26:55.0591 4964 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\windows\System32\mprdim.dll
16:26:55.0638 4964 RemoteAccess - ok
16:26:55.0669 4964 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
16:26:55.0700 4964 RemoteRegistry - ok
16:26:55.0716 4964 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
16:26:55.0747 4964 RpcEptMapper - ok
16:26:55.0778 4964 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\windows\system32\locator.exe
16:26:55.0794 4964 RpcLocator - ok
16:26:55.0810 4964 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\windows\system32\rpcss.dll
16:26:55.0856 4964 RpcSs - ok
16:26:55.0888 4964 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
16:26:55.0919 4964 rspndr - ok
16:26:55.0966 4964 [ 135a64530d7699ad48f29d73a658dd11 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
16:26:55.0981 4964 RSUSBSTOR - ok
16:26:55.0997 4964 [ e5dc911d0feb72caff2bbdd6e7c3672f ] RSUSBVSTOR C:\windows\system32\Drivers\RTSUVSTOR.sys
16:26:56.0012 4964 RSUSBVSTOR - ok
16:26:56.0059 4964 [ 64fdf4fe366ca42da2b7d9d424b6e39b ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
16:26:56.0090 4964 RTL8192Ce - ok
16:26:56.0090 4964 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\windows\system32\lsass.exe
16:26:56.0106 4964 SamSs - ok
16:26:56.0137 4964 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\windows\system32\drivers\sbp2port.sys
16:26:56.0153 4964 sbp2port - ok
16:26:56.0168 4964 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\windows\System32\SCardSvr.dll
16:26:56.0215 4964 SCardSvr - ok
16:26:56.0231 4964 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
16:26:56.0262 4964 scfilter - ok
16:26:56.0293 4964 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\windows\system32\schedsvc.dll
16:26:56.0340 4964 Schedule - ok
16:26:56.0371 4964 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\windows\System32\certprop.dll
16:26:56.0387 4964 SCPolicySvc - ok
16:26:56.0418 4964 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
16:26:56.0449 4964 SDRSVC - ok
16:26:56.0465 4964 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
16:26:56.0496 4964 secdrv - ok
16:26:56.0527 4964 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\windows\system32\seclogon.dll
16:26:56.0558 4964 seclogon - ok
16:26:56.0558 4964 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\windows\System32\sens.dll
16:26:56.0590 4964 SENS - ok
16:26:56.0636 4964 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\windows\system32\sensrsvc.dll
16:26:56.0652 4964 SensrSvc - ok
16:26:56.0699 4964 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\windows\system32\drivers\serenum.sys
16:26:56.0699 4964 Serenum - ok
16:26:56.0746 4964 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\windows\system32\drivers\serial.sys
16:26:56.0761 4964 Serial - ok
16:26:56.0777 4964 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\windows\system32\drivers\sermouse.sys
16:26:56.0792 4964 sermouse - ok
16:26:56.0824 4964 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\windows\system32\sessenv.dll
16:26:56.0855 4964 SessionEnv - ok
16:26:56.0870 4964 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\windows\system32\drivers\sffdisk.sys
16:26:56.0886 4964 sffdisk - ok
16:26:56.0902 4964 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
16:26:56.0917 4964 sffp_mmc - ok
16:26:56.0933 4964 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
16:26:56.0948 4964 sffp_sd - ok
16:26:56.0964 4964 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
16:26:56.0980 4964 sfloppy - ok
16:26:56.0980 4964 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\windows\System32\ipnathlp.dll
16:26:57.0026 4964 SharedAccess - ok
16:26:57.0058 4964 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:26:57.0089 4964 ShellHWDetection - ok
16:26:57.0120 4964 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
16:26:57.0120 4964 SiSRaid2 - ok
16:26:57.0136 4964 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
16:26:57.0151 4964 SiSRaid4 - ok
16:26:57.0198 4964 [ 68ea68d03bf58389fe6ad2b38fad798c ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:26:57.0198 4964 SkypeUpdate - ok
16:26:57.0229 4964 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\windows\system32\DRIVERS\smb.sys
16:26:57.0260 4964 Smb - ok
16:26:57.0292 4964 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\windows\System32\snmptrap.exe
16:26:57.0307 4964 SNMPTRAP - ok
16:26:57.0323 4964 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\windows\system32\drivers\spldr.sys
16:26:57.0338 4964 spldr - ok
16:26:57.0370 4964 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\windows\System32\spoolsv.exe
16:26:57.0401 4964 Spooler - ok
16:26:57.0479 4964 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\windows\system32\sppsvc.exe
16:26:57.0541 4964 sppsvc - ok
16:26:57.0541 4964 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\windows\system32\sppuinotify.dll
16:26:57.0588 4964 sppuinotify - ok
16:26:57.0619 4964 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\windows\system32\DRIVERS\srv.sys
16:26:57.0650 4964 srv - ok
16:26:57.0666 4964 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
16:26:57.0682 4964 srv2 - ok
16:26:57.0713 4964 [ 0c4540311e11664b245a263e1154cef8 ] SrvHsfHDA C:\windows\system32\DRIVERS\VSTAZL6.SYS
16:26:57.0728 4964 SrvHsfHDA - ok
16:26:57.0760 4964 [ 02071d207a9858fbe3a48cbfd59c4a04 ] SrvHsfV92 C:\windows\system32\DRIVERS\VSTDPV6.SYS
16:26:57.0791 4964 SrvHsfV92 - ok
16:26:57.0822 4964 [ 18e40c245dbfaf36fd0134a7ef2df396 ] SrvHsfWinac C:\windows\system32\DRIVERS\VSTCNXT6.SYS
16:26:57.0838 4964 SrvHsfWinac - ok
16:26:57.0853 4964 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
16:26:57.0853 4964 srvnet - ok
16:26:57.0900 4964 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
16:26:57.0931 4964 SSDPSRV - ok
16:26:57.0947 4964 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\windows\system32\sstpsvc.dll
16:26:57.0978 4964 SstpSvc - ok
16:26:57.0994 4964 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\windows\system32\drivers\stexstor.sys
16:26:58.0009 4964 stexstor - ok
16:26:58.0056 4964 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\windows\System32\wiaservc.dll
16:26:58.0072 4964 stisvc - ok
16:26:58.0103 4964 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
16:26:58.0103 4964 swenum - ok
16:26:58.0150 4964 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\windows\System32\swprv.dll
16:26:58.0181 4964 swprv - ok
16:26:58.0243 4964 [ f5b46df59feaa48a442aed7eeb754d4b ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
16:26:58.0274 4964 SynTP - ok
16:26:58.0337 4964 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\windows\system32\sysmain.dll
16:26:58.0368 4964 SysMain - ok
16:26:58.0384 4964 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\windows\System32\TabSvc.dll
16:26:58.0399 4964 TabletInputService - ok
16:26:58.0415 4964 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\windows\System32\tapisrv.dll
16:26:58.0462 4964 TapiSrv - ok
16:26:58.0493 4964 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\windows\System32\tbssvc.dll
16:26:58.0524 4964 TBS - ok
16:26:58.0586 4964 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
16:26:58.0618 4964 Tcpip - ok
16:26:58.0649 4964 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
16:26:58.0696 4964 TCPIP6 - ok
16:26:58.0711 4964 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
16:26:58.0742 4964 tcpipreg - ok
16:26:58.0774 4964 [ fd542b661bd22fa69ca789ad0ac58c29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
16:26:58.0789 4964 tdcmdpst - ok
16:26:58.0805 4964 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
16:26:58.0820 4964 TDPIPE - ok
16:26:58.0836 4964 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
16:26:58.0852 4964 TDTCP - ok
16:26:58.0867 4964 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
16:26:58.0898 4964 tdx - ok
16:26:58.0945 4964 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
16:26:58.0945 4964 TermDD - ok
16:26:58.0976 4964 [ 2e648163254233755035b46dd7b89123 ] TermService C:\windows\System32\termsrv.dll
16:26:59.0023 4964 TermService - ok
16:26:59.0039 4964 [ f0344071948d1a1fa732231785a0664c ] Themes C:\windows\system32\themeservice.dll
16:26:59.0054 4964 Themes - ok
16:26:59.0070 4964 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\windows\system32\mmcss.dll
16:26:59.0101 4964 THREADORDER - ok
16:26:59.0132 4964 [ 71c321649b28638ee80a2eeb164c1dc8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
16:26:59.0148 4964 TMachInfo - ok
16:26:59.0179 4964 [ 8e2c799d3476eac32c3ba0df7ce6af19 ] TODDSrv C:\Windows\system32\TODDSrv.exe
16:26:59.0195 4964 TODDSrv - ok
16:26:59.0273 4964 [ 1c73689b900428c7d054a41c4687f55c ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
16:26:59.0288 4964 TosCoSrv - ok
16:26:59.0320 4964 [ 63aafcf3ea5dbb17123e0bae9afe4d58 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
16:26:59.0335 4964 TOSHIBA eco Utility Service - ok
16:26:59.0398 4964 [ 29d0886cf250fcef1bf9e65ab8d2c0c8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
16:26:59.0413 4964 TOSHIBA HDD SSD Alert Service - ok
16:26:59.0444 4964 [ 09ff7b0b1b5c3d225495cb6f5a9b39f8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
16:26:59.0476 4964 tos_sps64 - ok
16:26:59.0538 4964 [ 098b8a408c17e125a3d9a8e1166780c8 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
16:26:59.0554 4964 TPCHSrv - ok
16:26:59.0600 4964 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\windows\System32\trkwks.dll
16:26:59.0632 4964 TrkWks - ok
16:26:59.0678 4964 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:26:59.0710 4964 TrustedInstaller - ok
16:26:59.0725 4964 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
16:26:59.0756 4964 tssecsrv - ok
16:26:59.0788 4964 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
16:26:59.0803 4964 TsUsbFlt - ok
16:26:59.0819 4964 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
16:26:59.0834 4964 TsUsbGD - ok
16:26:59.0866 4964 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
16:26:59.0897 4964 tunnel - ok
16:26:59.0944 4964 [ 550b567f9364d8f7684c3fb3ea665a72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
16:26:59.0959 4964 TVALZ - ok
16:26:59.0990 4964 [ 9c7191f4b2e49bff47a6c1144b5923fa ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
16:26:59.0990 4964 TVALZFL - ok
16:27:00.0022 4964 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
16:27:00.0037 4964 uagp35 - ok
16:27:00.0053 4964 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
16:27:00.0084 4964 udfs - ok
16:27:00.0115 4964 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\windows\system32\UI0Detect.exe
16:27:00.0131 4964 UI0Detect - ok
16:27:00.0146 4964 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
16:27:00.0146 4964 uliagpkx - ok
16:27:00.0178 4964 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
16:27:00.0193 4964 umbus - ok
16:27:00.0224 4964 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\windows\system32\drivers\umpass.sys
16:27:00.0224 4964 UmPass - ok
16:27:00.0334 4964 [ 7e5e1603d0ff2d240ae70295c5c3fefc ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:27:00.0396 4964 UNS - ok
16:27:00.0412 4964 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\windows\System32\upnphost.dll
16:27:00.0458 4964 upnphost - ok
16:27:00.0490 4964 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
16:27:00.0521 4964 usbccgp - ok
16:27:00.0536 4964 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\windows\system32\drivers\usbcir.sys
16:27:00.0552 4964 usbcir - ok
16:27:00.0568 4964 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
16:27:00.0583 4964 usbehci - ok
16:27:00.0630 4964 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
16:27:00.0646 4964 usbhub - ok
16:27:00.0661 4964 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\windows\system32\drivers\usbohci.sys
16:27:00.0661 4964 usbohci - ok
16:27:00.0661 4964 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\windows\system32\drivers\usbprint.sys
16:27:00.0677 4964 usbprint - ok
16:27:00.0692 4964 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
16:27:00.0708 4964 USBSTOR - ok
16:27:00.0739 4964 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\windows\system32\drivers\usbuhci.sys
16:27:00.0739 4964 usbuhci - ok
16:27:00.0770 4964 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
16:27:00.0786 4964 usbvideo - ok
16:27:00.0817 4964 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\windows\System32\uxsms.dll
16:27:00.0848 4964 UxSms - ok
16:27:00.0880 4964 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\windows\system32\lsass.exe
16:27:00.0880 4964 VaultSvc - ok
16:27:00.0911 4964 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
16:27:00.0926 4964 vdrvroot - ok
16:27:00.0958 4964 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\windows\System32\vds.exe
16:27:00.0989 4964 vds - ok
16:27:01.0004 4964 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\windows\system32\DRIVERS\vgapnp.sys
16:27:01.0020 4964 vga - ok
16:27:01.0020 4964 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\windows\System32\drivers\vga.sys
16:27:01.0051 4964 VgaSave - ok
16:27:01.0067 4964 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\windows\system32\drivers\vhdmp.sys
16:27:01.0082 4964 vhdmp - ok
16:27:01.0114 4964 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\windows\system32\drivers\viaide.sys
16:27:01.0114 4964 viaide - ok
16:27:01.0145 4964 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\windows\system32\drivers\volmgr.sys
16:27:01.0160 4964 volmgr - ok
16:27:01.0176 4964 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\windows\system32\drivers\volmgrx.sys
16:27:01.0192 4964 volmgrx - ok
16:27:01.0207 4964 [ df8126bd41180351a093a3ad2fc8903b ] volsnap C:\windows\system32\drivers\volsnap.sys
16:27:01.0223 4964 volsnap - ok
16:27:01.0254 4964 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
16:27:01.0270 4964 vsmraid - ok
16:27:01.0316 4964 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\windows\system32\vssvc.exe
16:27:01.0379 4964 VSS - ok
16:27:01.0410 4964 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
16:27:01.0410 4964 vwifibus - ok
16:27:01.0441 4964 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
16:27:01.0457 4964 vwififlt - ok
16:27:01.0488 4964 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\windows\system32\w32time.dll
16:27:01.0519 4964 W32Time - ok
16:27:01.0535 4964 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\windows\system32\drivers\wacompen.sys
16:27:01.0550 4964 WacomPen - ok
16:27:01.0582 4964 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
16:27:01.0613 4964 WANARP - ok
16:27:01.0613 4964 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
16:27:01.0644 4964 Wanarpv6 - ok
16:27:01.0706 4964 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
16:27:01.0738 4964 WatAdminSvc - ok
16:27:01.0800 4964 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\windows\system32\wbengine.exe
16:27:01.0831 4964 wbengine - ok
16:27:01.0862 4964 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
16:27:01.0878 4964 WbioSrvc - ok
16:27:01.0894 4964 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\windows\System32\wcncsvc.dll
16:27:01.0925 4964 wcncsvc - ok
16:27:01.0940 4964 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:27:01.0972 4964 WcsPlugInService - ok
16:27:01.0987 4964 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\windows\system32\drivers\wd.sys
16:27:02.0003 4964 Wd - ok
16:27:02.0034 4964 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
16:27:02.0050 4964 Wdf01000 - ok
16:27:02.0065 4964 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\windows\system32\wdi.dll
16:27:02.0128 4964 WdiServiceHost - ok
16:27:02.0128 4964 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\windows\system32\wdi.dll
16:27:02.0143 4964 WdiSystemHost - ok
16:27:02.0159 4964 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\windows\System32\webclnt.dll
16:27:02.0174 4964 WebClient - ok
16:27:02.0190 4964 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\windows\system32\wecsvc.dll
16:27:02.0237 4964 Wecsvc - ok
16:27:02.0268 4964 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\windows\System32\wercplsupport.dll
16:27:02.0299 4964 wercplsupport - ok
16:27:02.0315 4964 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\windows\System32\WerSvc.dll
16:27:02.0346 4964 WerSvc - ok
16:27:02.0377 4964 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
16:27:02.0408 4964 WfpLwf - ok
16:27:02.0424 4964 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\windows\system32\drivers\wimmount.sys
16:27:02.0440 4964 WIMMount - ok
16:27:02.0455 4964 WinDefend - ok
16:27:02.0455 4964 WinHttpAutoProxySvc - ok
16:27:02.0518 4964 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
16:27:02.0549 4964 Winmgmt - ok
16:27:02.0611 4964 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\windows\system32\WsmSvc.dll
16:27:02.0658 4964 WinRM - ok
16:27:02.0705 4964 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\windows\System32\wlansvc.dll
16:27:02.0736 4964 Wlansvc - ok
16:27:02.0798 4964 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:27:02.0798 4964 wlcrasvc - ok
16:27:02.0892 4964 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:27:02.0954 4964 wlidsvc - ok
16:27:03.0001 4964 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
16:27:03.0001 4964 WmiAcpi - ok
16:27:03.0032 4964 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
16:27:03.0048 4964 wmiApSrv - ok
16:27:03.0079 4964 WMPNetworkSvc - ok
16:27:03.0110 4964 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\windows\System32\wpcsvc.dll
16:27:03.0126 4964 WPCSvc - ok
16:27:03.0126 4964 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
16:27:03.0142 4964 WPDBusEnum - ok
16:27:03.0173 4964 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
16:27:03.0204 4964 ws2ifsl - ok
16:27:03.0220 4964 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\windows\System32\wscsvc.dll
16:27:03.0235 4964 wscsvc - ok
16:27:03.0235 4964 WSearch - ok
16:27:03.0313 4964 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\windows\system32\wuaueng.dll
16:27:03.0360 4964 wuauserv - ok
16:27:03.0376 4964 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\windows\system32\drivers\WudfPf.sys
16:27:03.0407 4964 WudfPf - ok
16:27:03.0438 4964 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
16:27:03.0469 4964 WUDFRd - ok
16:27:03.0485 4964 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
16:27:03.0516 4964 wudfsvc - ok
16:27:03.0547 4964 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\windows\System32\wwansvc.dll
16:27:03.0563 4964 WwanSvc - ok
16:27:03.0578 4964 ================ Scan global ===============================
16:27:03.0594 4964 (ba0cd8c393e8c9f83354106093832c7b) C:\windows\system32\basesrv.dll
16:27:03.0625 4964 (eb6a48cc998e1090e44e8e7f1009a640) C:\windows\system32\winsrv.dll
16:27:03.0625 4964 (eb6a48cc998e1090e44e8e7f1009a640) C:\windows\system32\winsrv.dll
16:27:03.0656 4964 (d6160f9d869ba3af0b787f971db56368) C:\windows\system32\sxssrv.dll
16:27:03.0688 4964 (24acb7e5be595468e3b9aa488b9b4fcb) C:\windows\system32\services.exe
16:27:03.0688 4964 [Global] - ok
16:27:03.0688 4964 ================ Scan MBR ==================================
16:27:03.0703 4964 MBR (0x1B8) (f1aac1fe7b89604e43467d12b686181b) \Device\Harddisk0\DR0
16:27:03.0734 4964 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
16:27:03.0734 4964 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
16:27:04.0468 4964 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:27:04.0468 4964 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:27:04.0468 4964 ================ Scan VBR ==================================
16:27:04.0483 4964 Boot (0x1200) (8965e93a21cdad1cf5dbdd89c4699861) \Device\Harddisk0\DR0\Partition1
16:27:04.0483 4964 \Device\Harddisk0\DR0\Partition1 - ok
16:27:04.0483 4964 ============================================================
16:27:04.0483 4964 Scan finished
16:27:04.0483 4964 ============================================================
16:27:04.0483 3780 Detected object count: 5
16:27:04.0483 3780 Actual detected object count: 5
16:31:54.0613 3780 DefaultTabSearch ( UnsignedFile.Multi.Generic ) - skipped by user
16:31:54.0613 3780 DefaultTabSearch ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:31:54.0613 3780 DefaultTabUpdate ( UnsignedFile.Multi.Generic ) - skipped by user
16:31:54.0613 3780 DefaultTabUpdate ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:31:54.0613 3780 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:31:54.0613 3780 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:31:55.0128 3780 \Device\Harddisk0\DR0\# - copied to quarantine
16:31:55.0144 3780 \Device\Harddisk0\DR0 - copied to quarantine
16:31:55.0175 3780 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
16:31:55.0175 3780 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
16:31:55.0191 3780 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
16:31:55.0191 3780 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
16:31:55.0191 3780 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
16:31:55.0191 3780 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
16:31:55.0222 3780 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
16:31:55.0237 3780 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
16:31:55.0284 3780 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
16:31:55.0300 3780 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:31:55.0362 3780 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:31:55.0378 3780 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:31:55.0393 3780 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:31:55.0409 3780 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
16:31:55.0425 3780 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
16:31:55.0425 3780 \Device\Harddisk0\DR0\TDLFS\tdi32 - copied to quarantine
16:31:55.0456 3780 \Device\Harddisk0\DR0\TDLFS\tdi64 - copied to quarantine
16:31:55.0534 3780 \Device\Harddisk0\DR0 - processing error
16:33:27.0446 3780 \Device\Harddisk0\DR0 - will be restored on reboot
16:33:27.0524 3780 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
16:33:27.0524 3780 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:33:27.0524 3780 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:33:49.0261 2816 Deinitialize success
Regards,
DJ

#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,136 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 15 August 2012 - 03:49 PM

TDSSKIller sometimes works off of a reboot, so that's OK.

Run TDSSKiller again and choose Delete for this one only: (no need to post the log)

16:33:27.0524 3780 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:33:27.0524 3780 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


--------------------------------------------


Next..............

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 daveusmc

daveusmc

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 110 posts
  • Gender:Male
  • Location:Ohio, U.S.A.

Posted 15 August 2012 - 04:20 PM

Ok, I assume I'll be running ComboFix while I'm OFFLINE? Firewall and AV ''DISABLED'' of course....
Regards,
DJ

#8 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,136 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 15 August 2012 - 04:23 PM

Yes, it should run OK like that, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9 daveusmc

daveusmc

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 110 posts
  • Gender:Male
  • Location:Ohio, U.S.A.

Posted 15 August 2012 - 05:02 PM

I hope this is useful--whatever popped up in between or after my scan, I hope is ok/normal!




ComboFix 12-08-15.01 - DJF 08/15/2012 17:34:29.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2608 [GMT -4:00]
Running from: c:\users\DJF\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1U7TS0PMjM5Wtc
c:\users\DJF\AppData\Roaming\DefaultTab\DefaultTab
c:\users\DJF\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\DJF\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\DJF\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\DJF\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\DJF\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\DJF\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\DJF\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\DJF\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\DJF\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico
c:\users\DJF\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\DJF\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
c:\users\DJF\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\DJF\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\DJF\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\DJF\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\users\DJF\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 21:41 . 2012-08-15 21:41 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A6C6218-351F-4B11-83FF-A519D8427A78}\offreg.dll
2012-08-15 20:31 . 2012-08-15 21:30 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-15 16:04 . 2012-06-29 07:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A6C6218-351F-4B11-83FF-A519D8427A78}\mpengine.dll
2012-08-15 04:36 . 2012-06-29 07:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-14 18:25 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-14 18:25 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-14 18:25 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-14 18:25 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-14 18:25 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-14 18:25 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-14 18:25 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-14 18:25 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-14 18:25 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-14 18:25 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-14 18:25 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 18:25 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-09 21:36 . 2012-08-09 21:36 -------- d-----w- c:\users\DJF\AppData\Local\Garmin
2012-08-09 21:36 . 2012-08-09 21:36 -------- d-----w- c:\users\DJF\AppData\Local\GARMIN_Corp
2012-08-09 21:29 . 2012-08-09 21:29 -------- d-----w- c:\program files\DIFX
2012-08-02 04:50 . 2012-08-02 04:50 -------- d-----w- c:\users\DJF\AppData\Local\Ilivid Player
2012-08-01 20:51 . 2012-08-01 20:51 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02EA834A-107B-4CA0-8F01-095B01F5B5CF}\gapaengine.dll
2012-08-01 20:49 . 2012-08-01 20:49 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-01 20:49 . 2012-08-01 20:49 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-29 03:00 . 2012-07-29 03:01 -------- d-----w- c:\users\DJF\AppData\Local\Facebook
2012-07-25 22:49 . 2012-08-02 05:11 -------- d-----w- c:\users\DJF\.smplayer
2012-07-25 22:48 . 2012-07-25 22:48 -------- d-----w- c:\program files (x86)\DefaultTab
2012-07-25 22:48 . 2012-08-15 21:39 -------- d-----w- c:\users\DJF\AppData\Roaming\DefaultTab
2012-07-25 22:47 . 2012-07-25 22:47 -------- d-----w- c:\users\DJF\AppData\Local\Shopping Sidekick
2012-07-25 22:47 . 2012-07-25 22:47 -------- d-----w- c:\users\DJF\AppData\Roaming\Bucksbee Loyalty Plugin 100815.b for Chrome
2012-07-25 22:47 . 2012-07-25 22:47 -------- d-----w- c:\program files\PrivacySafeGuard
2012-07-20 21:16 . 2012-07-20 21:16 -------- d-----w- c:\users\PEF\AppData\Local\GARMIN_Corp
2012-07-20 21:15 . 2012-07-20 21:17 -------- d-----w- c:\users\PEF\AppData\Roaming\Garmin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 18:25 . 2012-04-11 02:08 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-31 01:38 . 2012-04-13 18:08 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-31 01:38 . 2011-11-03 06:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-09 05:43 . 2012-07-11 16:56 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 16:56 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 16:56 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 16:56 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 16:56 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 16:56 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 16:56 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-25 20:29 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-25 20:29 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-25 20:29 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-25 20:29 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-25 20:29 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-25 20:29 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-25 20:29 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-25 20:29 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-25 20:29 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 16:56 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 16:56 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 16:56 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 16:56 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 16:56 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 16:56 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 16:56 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 16:56 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 16:56 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files (x86)\DefaultTab\DefaultTabSearch.exe [2012-07-17 562688]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 136176]
R2 PCCUJobMgr;Common Client Job Manager Service; [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-02 250984]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2011-07-09 307304]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-11 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3819185075-815616251-1455323273-1000Core.job
- c:\users\DJF\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-29 01:05]
.
2012-08-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3819185075-815616251-1455323273-1000UA.job
- c:\users\DJF\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-29 01:05]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 04:46]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 04:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-09 416024]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-25 310912]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-07-01 562304]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF1401.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;192.168.*.*
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\DJF\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
SafeBoot-36875668.sys
BHO-{1036AD63-AEAC-460B-9060-C96005D4DC86} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-DefaultTab - c:\users\DJF\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\program files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-08-15 17:45:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-15 21:45
.
Pre-Run: 569,468,432,384 bytes free
Post-Run: 569,016,074,240 bytes free
.
- - End Of File - - 8E78ECE0EF3F889409C2E036911BA374
Regards,
DJ

#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,136 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 15 August 2012 - 05:04 PM

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 daveusmc

daveusmc

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 110 posts
  • Gender:Male
  • Location:Ohio, U.S.A.

Posted 15 August 2012 - 06:06 PM

Ok, within MS SEC ESSENTIALS, should I delete the Quarantined files that still are being picked up?
Regards,
DJ

#12 daveusmc

daveusmc

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 110 posts
  • Gender:Male
  • Location:Ohio, U.S.A.

Posted 15 August 2012 - 06:14 PM

Ok, can I turn on my Firewall and AV Program?

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.15.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
DJF :: DJF-PC [administrator]

8/15/2012 7:07:17 PM
mbam-log-2012-08-15 (19-07-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217883
Time elapsed: 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Regards,
DJ

#13 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,136 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 15 August 2012 - 06:16 PM

Ok, within MS SEC ESSENTIALS, should I delete the Quarantined files that still are being picked up?

Yes you can delete them.

~~~~~~~~~~~~~~~~~~~~~~


A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Posted Image

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com
http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#14 daveusmc

daveusmc

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 110 posts
  • Gender:Male
  • Location:Ohio, U.S.A.

Posted 15 August 2012 - 08:19 PM

Ok, did all you requested. I'll see what happens from here....if that Trojan appears again,I'll let you know! Thank you for your assistance,,,,,,,,,,,
Regards,
DJ

#15 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,136 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 15 August 2012 - 08:20 PM

OK...Take Care, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#16 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 16 August 2012 - 08:00 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users