MattL
-
Posts
6 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by MattL
-
-
I had Windows decide to do some updates after running ComboFix, hope that doesn't cause issues.
ComboFix 12-06-23.05 - Matt 24/06/2012 9:41.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1913.829 [GMT 10:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\@
c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\L\00000004.@
c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\L\1afb2d56
c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\L\55490ac4
c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\L\80000032.@
c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\n
c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\U\00000004.@
c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\U\00000008.@
c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\U\000000cb.@
c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\U\80000000.@
c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\U\80000032.@
c:\users\Matt\AppData\Local\{aa493706-aa14-ab91-4e26-3b5b7ea12921}\U\80000064.@
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-23 23:50 . 2012-06-23 23:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 10:39 . 2012-06-17 17:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45C968F6-E2A7-4FE2-ACDE-6AC089310418}\mpengine.dll
2012-06-23 10:36 . 2012-05-15 04:01 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-06-23 10:34 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 10:34 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 10:34 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 10:34 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 10:34 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 10:34 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 10:34 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 10:34 . 2012-06-02 05:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 10:34 . 2012-06-02 05:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-23 05:02 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-23 05:02 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-23 05:02 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-23 05:01 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-23 05:01 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-23 05:01 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-23 04:59 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-23 04:59 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-23 04:59 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-23 04:59 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-23 04:59 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-23 04:59 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-23 04:59 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-23 04:59 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-15 09:53 . 2012-06-23 03:52 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 05:56 . 2011-09-27 08:10 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 06:05 . 2012-05-10 07:19 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-10 07:19 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 07:19 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-30 11:35 . 2012-05-10 07:19 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2010-02-18 3272040]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-14 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-08-26 285152]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-20 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-28 1811456]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [2009-12-09 126392]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe [2010-02-02 103792]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe [2009-08-24 126392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1331570480-336128708-1802499603-1000Core.job
- c:\users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-16 14:32]
.
2012-06-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1331570480-336128708-1802499603-1000UA.job
- c:\users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-16 14:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-07 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-07 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-07 410648]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-29 2120808]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://toshiba.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\vwa2a0jb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.inthemix.com.au/forum/forumdisplay.php?forumid=4
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-combofix - c:\combofix\CF1018.3XE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.202\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2012-06-24 10:12:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-24 00:12
.
Pre-Run: 414,483,623,936 bytes free
Post-Run: 414,154,534,912 bytes free
.
- - End Of File - - 660BDC02110F0C1570F32CE221619BF4
-
thanks for the help so far, have downloaded ComboFix and am about to run it. As it just hit midnight here I'm also about to sleep so be back online in 8ish hours
-
Ran rogue Killer, it showed 1 KILLED[TermProc], Status: C:\windows\SysWOW64\svchost.exe
Created restore point
TDSSKiller log:
23:35:39.0173 5044 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
23:35:40.0156 5044 ============================================================
23:35:40.0156 5044 Current date / time: 2012/06/23 23:35:40.0156
23:35:40.0156 5044 SystemInfo:
23:35:40.0156 5044
23:35:40.0156 5044 OS Version: 6.1.7601 ServicePack: 1.0
23:35:40.0156 5044 Product type: Workstation
23:35:40.0156 5044 ComputerName: C660
23:35:40.0156 5044 UserName: Matt
23:35:40.0156 5044 Windows directory: C:\windows
23:35:40.0156 5044 System windows directory: C:\windows
23:35:40.0156 5044 Running under WOW64
23:35:40.0156 5044 Processor architecture: Intel x64
23:35:40.0156 5044 Number of processors: 2
23:35:40.0156 5044 Page size: 0x1000
23:35:40.0156 5044 Boot type: Normal boot
23:35:40.0156 5044 ============================================================
23:35:40.0764 5044 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:35:40.0780 5044 ============================================================
23:35:40.0780 5044 \Device\Harddisk0\DR0:
23:35:40.0780 5044 MBR partitions:
23:35:40.0780 5044 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38E30800
23:35:40.0780 5044 ============================================================
23:35:40.0796 5044 C: <-> \Device\Harddisk0\DR0\Partition0
23:35:40.0796 5044 ============================================================
23:35:40.0796 5044 Initialize success
23:35:40.0796 5044 ============================================================
23:36:00.0343 2828 ============================================================
23:36:00.0343 2828 Scan started
23:36:00.0343 2828 Mode: Manual; SigCheck; TDLFS;
23:36:00.0343 2828 ============================================================
23:36:00.0733 2828 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
23:36:00.0904 2828 1394ohci - ok
23:36:01.0013 2828 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
23:36:01.0045 2828 ACPI - ok
23:36:01.0091 2828 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
23:36:01.0169 2828 AcpiPmi - ok
23:36:01.0216 2828 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
23:36:01.0232 2828 adp94xx - ok
23:36:01.0279 2828 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
23:36:01.0294 2828 adpahci - ok
23:36:01.0325 2828 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
23:36:01.0341 2828 adpu320 - ok
23:36:01.0372 2828 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
23:36:01.0513 2828 AeLookupSvc - ok
23:36:01.0559 2828 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
23:36:01.0622 2828 AFD - ok
23:36:01.0669 2828 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
23:36:01.0669 2828 agp440 - ok
23:36:01.0700 2828 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
23:36:01.0731 2828 ALG - ok
23:36:01.0793 2828 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
23:36:01.0809 2828 aliide - ok
23:36:01.0825 2828 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
23:36:01.0840 2828 amdide - ok
23:36:01.0871 2828 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
23:36:01.0918 2828 AmdK8 - ok
23:36:01.0949 2828 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
23:36:01.0996 2828 AmdPPM - ok
23:36:02.0043 2828 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
23:36:02.0059 2828 amdsata - ok
23:36:02.0090 2828 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
23:36:02.0105 2828 amdsbs - ok
23:36:02.0137 2828 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
23:36:02.0152 2828 amdxata - ok
23:36:02.0215 2828 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
23:36:02.0464 2828 AppID - ok
23:36:02.0511 2828 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
23:36:02.0573 2828 AppIDSvc - ok
23:36:02.0651 2828 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
23:36:02.0714 2828 Appinfo - ok
23:36:02.0761 2828 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
23:36:02.0776 2828 arc - ok
23:36:02.0776 2828 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
23:36:02.0792 2828 arcsas - ok
23:36:02.0823 2828 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
23:36:02.0870 2828 AsyncMac - ok
23:36:02.0932 2828 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
23:36:02.0948 2828 atapi - ok
23:36:03.0010 2828 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
23:36:03.0088 2828 AudioEndpointBuilder - ok
23:36:03.0088 2828 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
23:36:03.0135 2828 AudioSrv - ok
23:36:03.0197 2828 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
23:36:03.0291 2828 AxInstSV - ok
23:36:03.0338 2828 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
23:36:03.0416 2828 b06bdrv - ok
23:36:03.0463 2828 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
23:36:03.0494 2828 b57nd60a - ok
23:36:03.0541 2828 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
23:36:03.0587 2828 BDESVC - ok
23:36:03.0619 2828 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
23:36:03.0697 2828 Beep - ok
23:36:03.0790 2828 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
23:36:03.0837 2828 BFE - ok
23:36:03.0915 2828 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
23:36:03.0993 2828 BITS - ok
23:36:04.0040 2828 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
23:36:04.0071 2828 blbdrive - ok
23:36:04.0118 2828 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
23:36:04.0149 2828 bowser - ok
23:36:04.0180 2828 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
23:36:04.0258 2828 BrFiltLo - ok
23:36:04.0274 2828 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
23:36:04.0321 2828 BrFiltUp - ok
23:36:04.0352 2828 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
23:36:04.0414 2828 Browser - ok
23:36:04.0461 2828 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
23:36:04.0508 2828 Brserid - ok
23:36:04.0508 2828 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
23:36:04.0555 2828 BrSerWdm - ok
23:36:04.0570 2828 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
23:36:04.0617 2828 BrUsbMdm - ok
23:36:04.0633 2828 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
23:36:04.0648 2828 BrUsbSer - ok
23:36:04.0679 2828 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
23:36:04.0711 2828 BTHMODEM - ok
23:36:04.0757 2828 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
23:36:04.0820 2828 bthserv - ok
23:36:04.0882 2828 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
23:36:04.0945 2828 cdfs - ok
23:36:05.0007 2828 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
23:36:05.0054 2828 cdrom - ok
23:36:05.0101 2828 CeKbFilter (7e83e47bd1ff93e11cd69f1ad65a9581) C:\windows\system32\DRIVERS\CeKbFilter.sys
23:36:05.0147 2828 CeKbFilter - ok
23:36:05.0210 2828 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
23:36:05.0272 2828 CertPropSvc - ok
23:36:05.0381 2828 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
23:36:05.0397 2828 cfWiMAXService - ok
23:36:05.0428 2828 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
23:36:05.0459 2828 circlass - ok
23:36:05.0522 2828 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
23:36:05.0553 2828 CLFS - ok
23:36:05.0615 2828 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:36:05.0631 2828 clr_optimization_v2.0.50727_32 - ok
23:36:05.0693 2828 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:36:05.0709 2828 clr_optimization_v2.0.50727_64 - ok
23:36:05.0787 2828 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:36:05.0818 2828 clr_optimization_v4.0.30319_32 - ok
23:36:05.0849 2828 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:36:05.0865 2828 clr_optimization_v4.0.30319_64 - ok
23:36:05.0896 2828 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
23:36:05.0927 2828 CmBatt - ok
23:36:05.0959 2828 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
23:36:05.0990 2828 cmdide - ok
23:36:06.0037 2828 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
23:36:06.0068 2828 CNG - ok
23:36:06.0115 2828 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
23:36:06.0130 2828 Compbatt - ok
23:36:06.0177 2828 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
23:36:06.0224 2828 CompositeBus - ok
23:36:06.0255 2828 COMSysApp - ok
23:36:06.0333 2828 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
23:36:06.0349 2828 ConfigFree Service - ok
23:36:06.0395 2828 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
23:36:06.0427 2828 cpudrv64 - ok
23:36:06.0458 2828 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
23:36:06.0458 2828 crcdisk - ok
23:36:06.0520 2828 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
23:36:06.0583 2828 CryptSvc - ok
23:36:06.0723 2828 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:36:06.0770 2828 cvhsvc - ok
23:36:06.0832 2828 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
23:36:06.0895 2828 DcomLaunch - ok
23:36:06.0926 2828 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
23:36:06.0988 2828 defragsvc - ok
23:36:07.0051 2828 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
23:36:07.0129 2828 DfsC - ok
23:36:07.0175 2828 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\windows\system32\DRIVERS\ssudbus.sys
23:36:07.0207 2828 dg_ssudbus - ok
23:36:07.0269 2828 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
23:36:07.0331 2828 Dhcp - ok
23:36:07.0363 2828 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
23:36:07.0409 2828 discache - ok
23:36:07.0456 2828 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
23:36:07.0487 2828 Disk - ok
23:36:07.0519 2828 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
23:36:07.0581 2828 Dnscache - ok
23:36:07.0612 2828 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
23:36:07.0675 2828 dot3svc - ok
23:36:07.0706 2828 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
23:36:07.0768 2828 DPS - ok
23:36:07.0799 2828 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
23:36:07.0831 2828 drmkaud - ok
23:36:07.0893 2828 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
23:36:07.0924 2828 DXGKrnl - ok
23:36:07.0955 2828 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
23:36:08.0018 2828 EapHost - ok
23:36:08.0143 2828 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
23:36:08.0221 2828 ebdrv - ok
23:36:08.0330 2828 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
23:36:08.0377 2828 EFS - ok
23:36:08.0486 2828 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
23:36:08.0564 2828 ehRecvr - ok
23:36:08.0595 2828 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
23:36:08.0626 2828 ehSched - ok
23:36:08.0689 2828 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
23:36:08.0704 2828 elxstor - ok
23:36:08.0735 2828 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
23:36:08.0782 2828 ErrDev - ok
23:36:08.0829 2828 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
23:36:08.0907 2828 EventSystem - ok
23:36:08.0954 2828 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
23:36:09.0001 2828 exfat - ok
23:36:09.0032 2828 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
23:36:09.0094 2828 fastfat - ok
23:36:09.0157 2828 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
23:36:09.0219 2828 Fax - ok
23:36:09.0266 2828 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
23:36:09.0297 2828 fdc - ok
23:36:09.0344 2828 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
23:36:09.0375 2828 fdPHost - ok
23:36:09.0391 2828 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
23:36:09.0437 2828 FDResPub - ok
23:36:09.0469 2828 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
23:36:09.0484 2828 FileInfo - ok
23:36:09.0500 2828 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
23:36:09.0547 2828 Filetrace - ok
23:36:09.0578 2828 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
23:36:09.0593 2828 flpydisk - ok
23:36:09.0625 2828 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
23:36:09.0656 2828 FltMgr - ok
23:36:09.0703 2828 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
23:36:09.0781 2828 FontCache - ok
23:36:09.0859 2828 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:36:09.0874 2828 FontCache3.0.0.0 - ok
23:36:09.0905 2828 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
23:36:09.0921 2828 FsDepends - ok
23:36:09.0937 2828 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
23:36:09.0952 2828 Fs_Rec - ok
23:36:10.0015 2828 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
23:36:10.0030 2828 fvevol - ok
23:36:10.0061 2828 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
23:36:10.0077 2828 gagp30kx - ok
23:36:10.0171 2828 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
23:36:10.0186 2828 GamesAppService - ok
23:36:10.0249 2828 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
23:36:10.0311 2828 gpsvc - ok
23:36:10.0342 2828 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
23:36:10.0405 2828 hcw85cir - ok
23:36:10.0451 2828 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
23:36:10.0514 2828 HdAudAddService - ok
23:36:10.0545 2828 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
23:36:10.0576 2828 HDAudBus - ok
23:36:10.0607 2828 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
23:36:10.0654 2828 HidBatt - ok
23:36:10.0685 2828 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
23:36:10.0717 2828 HidBth - ok
23:36:10.0748 2828 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
23:36:10.0779 2828 HidIr - ok
23:36:10.0810 2828 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
23:36:10.0873 2828 hidserv - ok
23:36:10.0935 2828 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
23:36:10.0951 2828 HidUsb - ok
23:36:10.0982 2828 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
23:36:11.0044 2828 hkmsvc - ok
23:36:11.0091 2828 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
23:36:11.0169 2828 HomeGroupListener - ok
23:36:11.0200 2828 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
23:36:11.0247 2828 HomeGroupProvider - ok
23:36:11.0294 2828 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
23:36:11.0309 2828 HpSAMD - ok
23:36:11.0356 2828 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
23:36:11.0434 2828 HTTP - ok
23:36:11.0465 2828 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
23:36:11.0481 2828 hwpolicy - ok
23:36:11.0528 2828 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
23:36:11.0543 2828 i8042prt - ok
23:36:11.0590 2828 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\windows\system32\DRIVERS\iaStor.sys
23:36:11.0606 2828 iaStor - ok
23:36:11.0668 2828 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
23:36:11.0699 2828 iaStorV - ok
23:36:11.0840 2828 IconMan_R (4de2ee2a5186d74babc4e7f60d2ae989) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
23:36:11.0902 2828 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
23:36:11.0902 2828 IconMan_R - detected UnsignedFile.Multi.Generic (1)
23:36:12.0027 2828 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:36:12.0058 2828 idsvc - ok
23:36:12.0511 2828 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys
23:36:12.0854 2828 igfx - ok
23:36:12.0963 2828 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
23:36:12.0994 2828 iirsp - ok
23:36:13.0041 2828 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
23:36:13.0119 2828 IKEEXT - ok
23:36:13.0259 2828 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\windows\system32\drivers\RTKVHD64.sys
23:36:13.0322 2828 IntcAzAudAddService - ok
23:36:13.0431 2828 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
23:36:13.0462 2828 intelide - ok
23:36:13.0493 2828 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
23:36:13.0540 2828 intelppm - ok
23:36:13.0571 2828 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
23:36:13.0618 2828 IPBusEnum - ok
23:36:13.0665 2828 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
23:36:13.0727 2828 IpFilterDriver - ok
23:36:13.0774 2828 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
23:36:13.0852 2828 iphlpsvc - ok
23:36:13.0883 2828 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
23:36:13.0915 2828 IPMIDRV - ok
23:36:13.0961 2828 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
23:36:14.0008 2828 IPNAT - ok
23:36:14.0055 2828 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
23:36:14.0117 2828 IRENUM - ok
23:36:14.0149 2828 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
23:36:14.0149 2828 isapnp - ok
23:36:14.0164 2828 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
23:36:14.0195 2828 iScsiPrt - ok
23:36:14.0211 2828 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
23:36:14.0227 2828 kbdclass - ok
23:36:14.0258 2828 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
23:36:14.0305 2828 kbdhid - ok
23:36:14.0351 2828 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:36:14.0367 2828 KeyIso - ok
23:36:14.0398 2828 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
23:36:14.0398 2828 KSecDD - ok
23:36:14.0445 2828 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
23:36:14.0461 2828 KSecPkg - ok
23:36:14.0492 2828 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
23:36:14.0539 2828 ksthunk - ok
23:36:14.0570 2828 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
23:36:14.0632 2828 KtmRm - ok
23:36:14.0695 2828 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
23:36:14.0773 2828 LanmanServer - ok
23:36:14.0835 2828 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
23:36:14.0882 2828 LanmanWorkstation - ok
23:36:14.0897 2828 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
23:36:14.0960 2828 lltdio - ok
23:36:15.0007 2828 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
23:36:15.0069 2828 lltdsvc - ok
23:36:15.0085 2828 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
23:36:15.0116 2828 lmhosts - ok
23:36:15.0163 2828 LPCFilter (2825a71e7501cb33b3b9f856610c729d) C:\windows\system32\DRIVERS\LPCFilter.sys
23:36:15.0178 2828 LPCFilter - ok
23:36:15.0209 2828 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
23:36:15.0225 2828 LSI_FC - ok
23:36:15.0256 2828 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
23:36:15.0272 2828 LSI_SAS - ok
23:36:15.0272 2828 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
23:36:15.0287 2828 LSI_SAS2 - ok
23:36:15.0319 2828 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
23:36:15.0334 2828 LSI_SCSI - ok
23:36:15.0365 2828 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
23:36:15.0412 2828 luafv - ok
23:36:15.0443 2828 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
23:36:15.0459 2828 MBAMProtector - ok
23:36:15.0568 2828 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:36:15.0584 2828 MBAMService - ok
23:36:15.0677 2828 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
23:36:15.0693 2828 McComponentHostService - ok
23:36:15.0724 2828 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
23:36:15.0740 2828 Mcx2Svc - ok
23:36:15.0771 2828 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
23:36:15.0787 2828 megasas - ok
23:36:15.0818 2828 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
23:36:15.0833 2828 MegaSR - ok
23:36:15.0865 2828 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
23:36:15.0927 2828 MMCSS - ok
23:36:15.0943 2828 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
23:36:16.0021 2828 Modem - ok
23:36:16.0052 2828 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
23:36:16.0083 2828 monitor - ok
23:36:16.0145 2828 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
23:36:16.0161 2828 mouclass - ok
23:36:16.0208 2828 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
23:36:16.0255 2828 mouhid - ok
23:36:16.0301 2828 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
23:36:16.0333 2828 mountmgr - ok
23:36:16.0379 2828 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:36:16.0411 2828 MozillaMaintenance - ok
23:36:16.0442 2828 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
23:36:16.0457 2828 mpio - ok
23:36:16.0473 2828 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
23:36:16.0520 2828 mpsdrv - ok
23:36:16.0567 2828 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
23:36:16.0645 2828 MpsSvc - ok
23:36:16.0676 2828 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
23:36:16.0738 2828 MRxDAV - ok
23:36:16.0769 2828 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
23:36:16.0832 2828 mrxsmb - ok
23:36:16.0863 2828 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
23:36:16.0894 2828 mrxsmb10 - ok
23:36:16.0941 2828 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
23:36:16.0972 2828 mrxsmb20 - ok
23:36:17.0019 2828 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
23:36:17.0050 2828 msahci - ok
23:36:17.0081 2828 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
23:36:17.0081 2828 msdsm - ok
23:36:17.0113 2828 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
23:36:17.0144 2828 MSDTC - ok
23:36:17.0175 2828 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
23:36:17.0206 2828 Msfs - ok
23:36:17.0222 2828 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
23:36:17.0284 2828 mshidkmdf - ok
23:36:17.0315 2828 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
23:36:17.0315 2828 msisadrv - ok
23:36:17.0362 2828 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
23:36:17.0409 2828 MSiSCSI - ok
23:36:17.0409 2828 msiserver - ok
23:36:17.0440 2828 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
23:36:17.0503 2828 MSKSSRV - ok
23:36:17.0534 2828 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
23:36:17.0596 2828 MSPCLOCK - ok
23:36:17.0627 2828 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
23:36:17.0674 2828 MSPQM - ok
23:36:17.0737 2828 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
23:36:17.0752 2828 MsRPC - ok
23:36:17.0783 2828 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
23:36:17.0799 2828 mssmbios - ok
23:36:17.0830 2828 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
23:36:17.0893 2828 MSTEE - ok
23:36:17.0924 2828 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
23:36:17.0939 2828 MTConfig - ok
23:36:17.0955 2828 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
23:36:17.0971 2828 Mup - ok
23:36:18.0017 2828 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
23:36:18.0080 2828 napagent - ok
23:36:18.0127 2828 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
23:36:18.0189 2828 NativeWifiP - ok
23:36:18.0251 2828 NAVENG - ok
23:36:18.0267 2828 NAVEX15 - ok
23:36:18.0345 2828 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
23:36:18.0392 2828 NDIS - ok
23:36:18.0423 2828 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
23:36:18.0470 2828 NdisCap - ok
23:36:18.0517 2828 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
23:36:18.0563 2828 NdisTapi - ok
23:36:18.0595 2828 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
23:36:18.0626 2828 Ndisuio - ok
23:36:18.0673 2828 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
23:36:18.0751 2828 NdisWan - ok
23:36:18.0766 2828 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
23:36:18.0797 2828 NDProxy - ok
23:36:18.0844 2828 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
23:36:18.0891 2828 NetBIOS - ok
23:36:18.0938 2828 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
23:36:18.0969 2828 NetBT - ok
23:36:19.0016 2828 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:36:19.0031 2828 Netlogon - ok
23:36:19.0094 2828 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
23:36:19.0172 2828 Netman - ok
23:36:19.0203 2828 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
23:36:19.0281 2828 netprofm - ok
23:36:19.0343 2828 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:36:19.0375 2828 NetTcpPortSharing - ok
23:36:19.0406 2828 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
23:36:19.0437 2828 nfrd960 - ok
23:36:19.0531 2828 NIS (43cf5d42fe4475e8e1e74be484b7e33a) C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
23:36:19.0546 2828 NIS - ok
23:36:19.0609 2828 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
23:36:19.0671 2828 NlaSvc - ok
23:36:19.0718 2828 Norton PC Checkup Application Launcher - ok
23:36:19.0780 2828 NPF (c31fa031335eff434b2d94278e74bcce) C:\windows\system32\DRIVERS\npf.sys
23:36:19.0796 2828 NPF - ok
23:36:19.0811 2828 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
23:36:19.0843 2828 Npfs - ok
23:36:19.0874 2828 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
23:36:19.0936 2828 nsi - ok
23:36:19.0983 2828 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
23:36:20.0014 2828 nsiproxy - ok
23:36:20.0092 2828 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
23:36:20.0139 2828 Ntfs - ok
23:36:20.0233 2828 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
23:36:20.0279 2828 Null - ok
23:36:20.0326 2828 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
23:36:20.0357 2828 nvraid - ok
23:36:20.0373 2828 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
23:36:20.0389 2828 nvstor - ok
23:36:20.0435 2828 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
23:36:20.0451 2828 nv_agp - ok
23:36:20.0482 2828 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
23:36:20.0513 2828 ohci1394 - ok
23:36:20.0591 2828 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:36:20.0607 2828 ose - ok
23:36:20.0888 2828 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:36:21.0075 2828 osppsvc - ok
23:36:21.0169 2828 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
23:36:21.0215 2828 p2pimsvc - ok
23:36:21.0247 2828 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
23:36:21.0262 2828 p2psvc - ok
23:36:21.0293 2828 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
23:36:21.0309 2828 Parport - ok
23:36:21.0356 2828 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
23:36:21.0356 2828 partmgr - ok
23:36:21.0387 2828 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
23:36:21.0418 2828 PcaSvc - ok
23:36:21.0496 2828 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe
23:36:21.0512 2828 PCCUJobMgr - ok
23:36:21.0559 2828 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
23:36:21.0574 2828 pci - ok
23:36:21.0590 2828 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
23:36:21.0605 2828 pciide - ok
23:36:21.0637 2828 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
23:36:21.0652 2828 pcmcia - ok
23:36:21.0668 2828 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
23:36:21.0668 2828 pcw - ok
23:36:21.0715 2828 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
23:36:21.0777 2828 PEAUTH - ok
23:36:21.0839 2828 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
23:36:21.0871 2828 PerfHost - ok
23:36:21.0917 2828 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
23:36:21.0917 2828 PGEffect - ok
23:36:21.0995 2828 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
23:36:22.0073 2828 pla - ok
23:36:22.0120 2828 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
23:36:22.0198 2828 PlugPlay - ok
23:36:22.0214 2828 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
23:36:22.0245 2828 PNRPAutoReg - ok
23:36:22.0276 2828 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
23:36:22.0292 2828 PNRPsvc - ok
23:36:22.0339 2828 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
23:36:22.0401 2828 PolicyAgent - ok
23:36:22.0432 2828 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
23:36:22.0495 2828 Power - ok
23:36:22.0557 2828 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
23:36:22.0604 2828 PptpMiniport - ok
23:36:22.0651 2828 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
23:36:22.0682 2828 Processor - ok
23:36:22.0713 2828 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
23:36:22.0744 2828 ProfSvc - ok
23:36:22.0775 2828 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:36:22.0791 2828 ProtectedStorage - ok
23:36:22.0838 2828 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
23:36:22.0885 2828 Psched - ok
23:36:22.0978 2828 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
23:36:23.0025 2828 ql2300 - ok
23:36:23.0119 2828 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
23:36:23.0150 2828 ql40xx - ok
23:36:23.0181 2828 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
23:36:23.0228 2828 QWAVE - ok
23:36:23.0259 2828 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
23:36:23.0306 2828 QWAVEdrv - ok
23:36:23.0321 2828 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
23:36:23.0353 2828 RasAcd - ok
23:36:23.0384 2828 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
23:36:23.0415 2828 RasAgileVpn - ok
23:36:23.0446 2828 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
23:36:23.0493 2828 RasAuto - ok
23:36:23.0540 2828 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
23:36:23.0587 2828 Rasl2tp - ok
23:36:23.0618 2828 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
23:36:23.0665 2828 RasMan - ok
23:36:23.0696 2828 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
23:36:23.0758 2828 RasPppoe - ok
23:36:23.0774 2828 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
23:36:23.0852 2828 RasSstp - ok
23:36:23.0883 2828 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
23:36:23.0961 2828 rdbss - ok
23:36:23.0992 2828 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
23:36:24.0023 2828 rdpbus - ok
23:36:24.0055 2828 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
23:36:24.0117 2828 RDPCDD - ok
23:36:24.0148 2828 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
23:36:24.0211 2828 RDPENCDD - ok
23:36:24.0242 2828 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
23:36:24.0273 2828 RDPREFMP - ok
23:36:24.0320 2828 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
23:36:24.0382 2828 RDPWD - ok
23:36:24.0429 2828 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
23:36:24.0460 2828 rdyboost - ok
23:36:24.0491 2828 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
23:36:24.0538 2828 RemoteAccess - ok
23:36:24.0569 2828 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
23:36:24.0632 2828 RemoteRegistry - ok
23:36:24.0647 2828 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
23:36:24.0710 2828 RpcEptMapper - ok
23:36:24.0757 2828 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
23:36:24.0788 2828 RpcLocator - ok
23:36:24.0835 2828 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
23:36:24.0866 2828 RpcSs - ok
23:36:24.0913 2828 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
23:36:24.0944 2828 rspndr - ok
23:36:24.0991 2828 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys
23:36:24.0991 2828 RSUSBSTOR - ok
23:36:25.0037 2828 RTL8167 (3e70f9ca3eeb22affaac1a4861a303dc) C:\windows\system32\DRIVERS\Rt64win7.sys
23:36:25.0053 2828 RTL8167 - ok
23:36:25.0115 2828 RTL8192Ce (ffc748d848740d1bc8f330a8879c2674) C:\windows\system32\DRIVERS\rtl8192Ce.sys
23:36:25.0131 2828 RTL8192Ce - ok
23:36:25.0162 2828 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:36:25.0178 2828 SamSs - ok
23:36:25.0225 2828 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
23:36:25.0240 2828 sbp2port - ok
23:36:25.0396 2828 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
23:36:25.0427 2828 SBSDWSCService - ok
23:36:25.0459 2828 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
23:36:25.0505 2828 SCardSvr - ok
23:36:25.0552 2828 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
23:36:25.0615 2828 scfilter - ok
23:36:25.0693 2828 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
23:36:25.0755 2828 Schedule - ok
23:36:25.0802 2828 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\windows\system32\DRIVERS\scmndisp.sys
23:36:25.0802 2828 SCMNdisP - ok
23:36:25.0849 2828 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
23:36:25.0895 2828 SCPolicySvc - ok
23:36:25.0911 2828 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
23:36:25.0989 2828 SDRSVC - ok
23:36:26.0020 2828 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
23:36:26.0067 2828 secdrv - ok
23:36:26.0098 2828 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
23:36:26.0161 2828 seclogon - ok
23:36:26.0192 2828 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
23:36:26.0223 2828 SENS - ok
23:36:26.0254 2828 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
23:36:26.0270 2828 SensrSvc - ok
23:36:26.0317 2828 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
23:36:26.0332 2828 Serenum - ok
23:36:26.0379 2828 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
23:36:26.0395 2828 Serial - ok
23:36:26.0426 2828 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
23:36:26.0441 2828 sermouse - ok
23:36:26.0504 2828 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
23:36:26.0566 2828 SessionEnv - ok
23:36:26.0597 2828 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
23:36:26.0675 2828 sffdisk - ok
23:36:26.0707 2828 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
23:36:26.0753 2828 sffp_mmc - ok
23:36:26.0769 2828 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
23:36:26.0816 2828 sffp_sd - ok
23:36:26.0847 2828 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
23:36:26.0863 2828 sfloppy - ok
23:36:26.0909 2828 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
23:36:26.0941 2828 Sftfs - ok
23:36:27.0050 2828 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:36:27.0081 2828 sftlist - ok
23:36:27.0097 2828 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
23:36:27.0112 2828 Sftplay - ok
23:36:27.0143 2828 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
23:36:27.0159 2828 Sftredir - ok
23:36:27.0159 2828 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
23:36:27.0175 2828 Sftvol - ok
23:36:27.0206 2828 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:36:27.0206 2828 sftvsa - ok
23:36:27.0253 2828 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
23:36:27.0315 2828 SharedAccess - ok
23:36:27.0362 2828 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
23:36:27.0424 2828 ShellHWDetection - ok
23:36:27.0471 2828 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
23:36:27.0487 2828 SiSRaid2 - ok
23:36:27.0502 2828 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
23:36:27.0518 2828 SiSRaid4 - ok
23:36:27.0533 2828 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
23:36:27.0565 2828 Smb - ok
23:36:27.0596 2828 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
23:36:27.0627 2828 SNMPTRAP - ok
23:36:27.0658 2828 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
23:36:27.0674 2828 spldr - ok
23:36:27.0721 2828 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
23:36:27.0767 2828 Spooler - ok
23:36:27.0892 2828 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
23:36:28.0048 2828 sppsvc - ok
23:36:28.0142 2828 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
23:36:28.0204 2828 sppuinotify - ok
23:36:28.0298 2828 SRTSP (6820b710c7225d489223d4a6e1ac3e16) C:\windows\system32\drivers\NISx64\1105000.07F\SRTSP64.SYS
23:36:28.0329 2828 SRTSP - ok
23:36:28.0345 2828 SRTSPX (7159e3dea683fd88c10da6cf9997162f) C:\windows\system32\drivers\NISx64\1105000.07F\SRTSPX64.SYS
23:36:28.0360 2828 SRTSPX - ok
23:36:28.0407 2828 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
23:36:28.0485 2828 srv - ok
23:36:28.0516 2828 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
23:36:28.0563 2828 srv2 - ok
23:36:28.0594 2828 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
23:36:28.0610 2828 srvnet - ok
23:36:28.0657 2828 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
23:36:28.0719 2828 SSDPSRV - ok
23:36:28.0750 2828 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
23:36:28.0781 2828 SstpSvc - ok
23:36:28.0813 2828 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\windows\system32\DRIVERS\ssudmdm.sys
23:36:28.0828 2828 ssudmdm - ok
23:36:28.0859 2828 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
23:36:28.0875 2828 stexstor - ok
23:36:28.0922 2828 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
23:36:28.0969 2828 stisvc - ok
23:36:29.0015 2828 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
23:36:29.0031 2828 swenum - ok
23:36:29.0062 2828 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
23:36:29.0125 2828 swprv - ok
23:36:29.0203 2828 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
23:36:29.0218 2828 SynTP - ok
23:36:29.0312 2828 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
23:36:29.0374 2828 SysMain - ok
23:36:29.0468 2828 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
23:36:29.0530 2828 TabletInputService - ok
23:36:29.0577 2828 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
23:36:29.0655 2828 TapiSrv - ok
23:36:29.0702 2828 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
23:36:29.0749 2828 TBS - ok
23:36:29.0858 2828 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
23:36:29.0905 2828 Tcpip - ok
23:36:30.0092 2828 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
23:36:30.0139 2828 TCPIP6 - ok
23:36:30.0248 2828 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
23:36:30.0326 2828 tcpipreg - ok
23:36:30.0373 2828 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
23:36:30.0388 2828 tdcmdpst - ok
23:36:30.0419 2828 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
23:36:30.0451 2828 TDPIPE - ok
23:36:30.0482 2828 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
23:36:30.0513 2828 TDTCP - ok
23:36:30.0575 2828 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
23:36:30.0607 2828 tdx - ok
23:36:30.0638 2828 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
23:36:30.0653 2828 TermDD - ok
23:36:30.0700 2828 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
23:36:30.0778 2828 TermService - ok
23:36:30.0809 2828 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
23:36:30.0841 2828 Themes - ok
23:36:30.0887 2828 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
23:36:30.0919 2828 THREADORDER - ok
23:36:30.0997 2828 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
23:36:31.0028 2828 TMachInfo - ok
23:36:31.0059 2828 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\windows\system32\TODDSrv.exe
23:36:31.0075 2828 TODDSrv - ok
23:36:31.0199 2828 TosCoSrv (bdbe7a21e1de76d92f566aa80546aa4c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
23:36:31.0215 2828 TosCoSrv - ok
23:36:31.0262 2828 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
23:36:31.0262 2828 TOSHIBA HDD SSD Alert Service - ok
23:36:31.0309 2828 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
23:36:31.0371 2828 TrkWks - ok
23:36:31.0433 2828 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
23:36:31.0496 2828 TrustedInstaller - ok
23:36:31.0558 2828 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
23:36:31.0636 2828 tssecsrv - ok
23:36:31.0683 2828 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
23:36:31.0730 2828 TsUsbFlt - ok
23:36:31.0792 2828 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
23:36:31.0870 2828 tunnel - ok
23:36:31.0917 2828 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
23:36:31.0917 2828 TVALZ - ok
23:36:31.0948 2828 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
23:36:31.0964 2828 uagp35 - ok
23:36:31.0995 2828 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
23:36:32.0042 2828 udfs - ok
23:36:32.0073 2828 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
23:36:32.0073 2828 UI0Detect - ok
23:36:32.0120 2828 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
23:36:32.0135 2828 uliagpkx - ok
23:36:32.0167 2828 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
23:36:32.0213 2828 umbus - ok
23:36:32.0245 2828 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
23:36:32.0260 2828 UmPass - ok
23:36:32.0307 2828 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
23:36:32.0401 2828 upnphost - ok
23:36:32.0447 2828 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
23:36:32.0479 2828 usbccgp - ok
23:36:32.0510 2828 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
23:36:32.0525 2828 usbcir - ok
23:36:32.0557 2828 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
23:36:32.0588 2828 usbehci - ok
23:36:32.0635 2828 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
23:36:32.0666 2828 usbhub - ok
23:36:32.0697 2828 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
23:36:32.0728 2828 usbohci - ok
23:36:32.0759 2828 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
23:36:32.0791 2828 usbprint - ok
23:36:32.0822 2828 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
23:36:32.0869 2828 USBSTOR - ok
23:36:32.0931 2828 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys
23:36:32.0962 2828 usbuhci - ok
23:36:33.0040 2828 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
23:36:33.0071 2828 usbvideo - ok
23:36:33.0087 2828 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
23:36:33.0134 2828 UxSms - ok
23:36:33.0165 2828 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:36:33.0181 2828 VaultSvc - ok
23:36:33.0227 2828 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
23:36:33.0243 2828 vdrvroot - ok
23:36:33.0290 2828 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
23:36:33.0337 2828 vds - ok
23:36:33.0368 2828 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
23:36:33.0383 2828 vga - ok
23:36:33.0415 2828 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
23:36:33.0461 2828 VgaSave - ok
23:36:33.0508 2828 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
23:36:33.0524 2828 vhdmp - ok
23:36:33.0571 2828 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
23:36:33.0586 2828 viaide - ok
23:36:33.0617 2828 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
23:36:33.0633 2828 volmgr - ok
23:36:33.0695 2828 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
23:36:33.0711 2828 volmgrx - ok
23:36:33.0758 2828 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
23:36:33.0773 2828 volsnap - ok
23:36:33.0805 2828 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
23:36:33.0820 2828 vsmraid - ok
23:36:33.0898 2828 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
23:36:33.0976 2828 VSS - ok
23:36:34.0085 2828 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
23:36:34.0117 2828 vwifibus - ok
23:36:34.0132 2828 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
23:36:34.0179 2828 vwififlt - ok
23:36:34.0241 2828 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
23:36:34.0273 2828 W32Time - ok
23:36:34.0304 2828 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
23:36:34.0335 2828 WacomPen - ok
23:36:34.0397 2828 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
23:36:34.0491 2828 WANARP - ok
23:36:34.0491 2828 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
23:36:34.0522 2828 Wanarpv6 - ok
23:36:34.0631 2828 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
23:36:34.0678 2828 WatAdminSvc - ok
23:36:34.0756 2828 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
23:36:34.0850 2828 wbengine - ok
23:36:34.0943 2828 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
23:36:34.0975 2828 WbioSrvc - ok
23:36:35.0021 2828 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
23:36:35.0053 2828 wcncsvc - ok
23:36:35.0084 2828 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
23:36:35.0115 2828 WcsPlugInService - ok
23:36:35.0162 2828 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
23:36:35.0162 2828 Wd - ok
23:36:35.0193 2828 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
23:36:35.0224 2828 Wdf01000 - ok
23:36:35.0255 2828 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
23:36:35.0333 2828 WdiServiceHost - ok
23:36:35.0349 2828 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
23:36:35.0365 2828 WdiSystemHost - ok
23:36:35.0411 2828 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
23:36:35.0443 2828 WebClient - ok
23:36:35.0489 2828 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
23:36:35.0552 2828 Wecsvc - ok
23:36:35.0567 2828 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
23:36:35.0630 2828 wercplsupport - ok
23:36:35.0677 2828 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
23:36:35.0723 2828 WerSvc - ok
23:36:35.0786 2828 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
23:36:35.0833 2828 WfpLwf - ok
23:36:35.0848 2828 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
23:36:35.0864 2828 WIMMount - ok
23:36:35.0895 2828 WinDefend - ok
23:36:35.0911 2828 WinHttpAutoProxySvc - ok
23:36:35.0973 2828 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
23:36:36.0035 2828 Winmgmt - ok
23:36:36.0113 2828 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
23:36:36.0191 2828 WinRM - ok
23:36:36.0316 2828 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
23:36:36.0347 2828 WinUsb - ok
23:36:36.0394 2828 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
23:36:36.0441 2828 Wlansvc - ok
23:36:36.0613 2828 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:36:36.0659 2828 wlidsvc - ok
23:36:36.0769 2828 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
23:36:36.0800 2828 WmiAcpi - ok
23:36:36.0862 2828 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
23:36:36.0909 2828 wmiApSrv - ok
23:36:36.0956 2828 WMPNetworkSvc - ok
23:36:36.0987 2828 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
23:36:37.0003 2828 WPCSvc - ok
23:36:37.0034 2828 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
23:36:37.0081 2828 WPDBusEnum - ok
23:36:37.0096 2828 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
23:36:37.0174 2828 ws2ifsl - ok
23:36:37.0205 2828 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
23:36:37.0252 2828 wscsvc - ok
23:36:37.0252 2828 WSearch - ok
23:36:37.0330 2828 WSWNA3100 (d0697918519a4cf059c2c7e3b9e93a53) C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
23:36:37.0346 2828 WSWNA3100 - ok
23:36:37.0486 2828 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
23:36:37.0533 2828 wuauserv - ok
23:36:37.0627 2828 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
23:36:37.0705 2828 WudfPf - ok
23:36:37.0751 2828 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
23:36:37.0783 2828 WUDFRd - ok
23:36:37.0814 2828 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
23:36:37.0861 2828 wudfsvc - ok
23:36:37.0892 2828 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
23:36:37.0954 2828 WwanSvc - ok
23:36:37.0985 2828 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
23:36:38.0251 2828 \Device\Harddisk0\DR0 - ok
23:36:38.0282 2828 Boot (0x1200) (d5504a391aa340d3a569ffc5d61d1100) \Device\Harddisk0\DR0\Partition0
23:36:38.0297 2828 \Device\Harddisk0\DR0\Partition0 - ok
23:36:38.0297 2828 ============================================================
23:36:38.0297 2828 Scan finished
23:36:38.0297 2828 ============================================================
23:36:38.0313 4240 Detected object count: 1
23:36:38.0313 4240 Actual detected object count: 1
23:37:56.0719 4240 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
23:37:56.0719 4240 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:08.0060 0480 Deinitialize success
-
Hi MrC, thanks for getting back to me, here's the report
RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Matt [Admin rights]
Mode: Scan -- Date: 06/23/2012 22:59:22
¤¤¤ Bad processes: 1 ¤¤¤
[sVCHOST] svchost.exe -- C:\windows\SysWOW64\svchost.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5065GSXN +++++
--- User ---
[MBR] 2c9e9dafd99063491270344f0d2bad73
[bSP] 777d2c06fad2dfdc09827059c52ec5f4 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 466017 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 957476864 | Size: 9422 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
-
Hi, have discovered I've got Trojan.Dropper.BCMiner on my machine. Here's the requested logs
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by Matt at 15:04:29 on 2012-06-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1913.627 [GMT 10:00]
.
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba.msn.com
uDefault_Page_URL = hxxp://toshiba.msn.com
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{B9041FC5-07D3-4F86-AD86-C73BC146F422} : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{B9041FC5-07D3-4F86-AD86-C73BC146F422}\46C696E6B6 : DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
TCP: Interfaces\{B9041FC5-07D3-4F86-AD86-C73BC146F422}\F40545553514533413539303 : DhcpNameServer = 10.1.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\vwa2a0jb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.inthemix.com.au/forum/forumdisplay.php?forumid=4
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Matt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;C:\windows\system32\DRIVERS\scmndisp.sys --> C:\windows\system32\DRIVERS\scmndisp.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-29 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-11 46448]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2011-6-30 1811456]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-29 654408]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [2011-6-30 126392]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe [2011-6-30 103792]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe [2011-6-30 126392]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-27 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2011-11-21 285152]
R3 CeKbFilter;CeKbFilter;C:\windows\system32\DRIVERS\CeKbFilter.sys --> C:\windows\system32\DRIVERS\CeKbFilter.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-6-30 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-6 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudbus.sys --> C:\windows\system32\DRIVERS\ssudbus.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-20 129976]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudmdm.sys --> C:\windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-23 03:56:50 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D7639AB0-1CAF-4334-B7D2-E2F3F064F2AE}\mpengine.dll
.
==================== Find3M ====================
.
2012-04-04 05:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-31 06:05:57 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 15:05:38.36 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 29/06/2011 7:23:50 PM
System Uptime: 23/06/2012 2:50:29 PM (1 hours ago)
.
Motherboard: TOSHIBA | | PWWAM
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | U2E1 | 2300/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 383.277 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: NAVEX15
Device ID: ROOT\LEGACY_NAVEX15\0000
Manufacturer:
Name: NAVEX15
PNP Device ID: ROOT\LEGACY_NAVEX15\0000
Service: NAVEX15
.
==== System Restore Points ===================
.
RP84: 5/06/2012 8:05:35 AM - Windows Update
RP85: 8/06/2012 6:08:06 PM - Windows Update
RP87: 9/06/2012 12:11:17 PM - Windows Defender Checkpoint
RP89: 11/06/2012 7:04:36 PM - Windows Defender Checkpoint
RP90: 12/06/2012 5:01:40 PM - Windows Update
RP91: 15/06/2012 6:56:11 PM - Windows Update
RP92: 15/06/2012 7:54:40 PM - Windows Update
RP93: 17/06/2012 10:11:08 AM - Windows Update
RP94: 19/06/2012 6:56:18 PM - Windows Update
RP95: 22/06/2012 5:00:46 PM - Windows Update
RP96: 23/06/2012 1:41:53 PM - Restore Operation
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Amazon Kindle For PC v1.1
Bejeweled 2 Deluxe
Bejeweled 3
BigPond Broadband ADSL
Build-a-lot 2
Canon MOV Decoder
Canon Utilities Digital Photo Professional 3.8
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Chuzzle Deluxe
Facebook Video Calling 1.2.0.159
FATE
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java 6 Update 30
Jewel Match 3
Jewel Quest - Heritage
Junk Mail filter update
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Security Scan Plus
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
NETGEAR WNA3100 wireless USB 2.0 adapter
Norton Internet Security
Norton Online Backup
Norton PC Checkup
PhotoScape
Plants vs. Zombies
Polar Bowler
Rainbow Web 2
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Skype Toolbars
Skype™ 4.2
Spybot - Search & Destroy
SpywareBlaster 4.4
System Requirements Lab for Intel
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Utility Common Driver
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
WildTangent Games
WildTangent Games App (Toshiba Games)
Winamp
Winamp Detector Plug-in
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
23/06/2012 2:51:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
23/06/2012 2:50:37 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
23/06/2012 2:50:37 PM, Error: SRTSP [4] - Error loading virus definitions.
22/06/2012 7:30:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
19/06/2012 6:45:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
19/06/2012 11:10:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
18/06/2012 7:13:02 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.0.0.2 with the system having network hardware address 38-60-77-A0-A6-D6. Network operations on this system may be disrupted as a result.
.
==== End Of File ===========================
Any help appreciated
Trojan.Dropper.BCMiner
in Resolved Malware Removal Logs
Posted
Updates and quick scan run, log below. Computer is back to normal now, no issues this this morning. Thanks a bunch for your help, it's very much appreciated.
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.24.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Matt :: C660 [administrator]
Protection: Enabled
24/06/2012 10:05:57 PM
mbam-log-2012-06-24 (22-05-57).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215853
Time elapsed: 2 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)