rangies3
-
Posts
1 -
Joined
-
Last visited
This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
svchost.exe
in Resolved Malware Removal Logs
Posted
Hello,
I have been running Malwarebytes at startup, and it finds a trojan on my C drive every time. I remove it from Quarantine and reboot, but it still comes back with each re-start.
I know there have been other posts about this bug, but it looks like I'm supposed to do my own scan and post it here. I want to follow protocol and fix this. My version is 2012.10.13.09 (just ran update). I am pasting logs from Malwarebytes' quick scan and also DDS. I notice a P2P program called iMesh at the bottom of the MB log - DDS shows it is connected with Windows Live. Is that bad? Windows Live is a necessary account for the kids' Xbox Live. What is this iMesh and is it safe/necessary?
Malwarebytes:
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.10.13.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Angie :: ADELLAUGUST2011 [administrator]
Protection: Enabled
10/13/2012 3:05:29 PM
mbam-log-2012-10-13 (15-16-38).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 207047
Time elapsed: 10 minute(s), 16 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4040 -> No action taken.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\ProgramData\{4965EFCE-6978-4137-B293-4130A6875DB9}\iMesh_V11_en_Setup.exe (P2P.iMesh) -> No action taken.
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.
(end)
DDS:
DDS (Ver_2012-10-14.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Angie at 15:03:46 on 2012-10-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1949 [GMT -5:00]
.
AV: PC Tools Internet Security Anti-Virus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Internet Security Anti-Spyware *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: PC Tools Internet Security Firewall *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files (x86)\PogoplugBackup\dokanmnt.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\Pogoplug\HBPLUG\HBADMIN.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Upromise\dca-ua.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Upromise\UpromiseTray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\PogoplugBackup\PogoplugMonitor.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=BNHP
uProxyServer = 8c-a9-82-7a-e4-91:80
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Upromise TurboSaver: {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
TB: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
uRun: [upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe
uRun: [upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Pogoplug Backup] "C:\Program Files (x86)\PogoplugBackup\PogoplugMonitor.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [iSTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOMA~1.LNK - C:\AutomaticDailyBackup.bat
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{542723DF-D52B-4435-B4B3-9088ECBF2C1D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{542723DF-D52B-4435-B4B3-9088ECBF2C1D}\2616C6C6162746374727565647D657379636 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{542723DF-D52B-4435-B4B3-9088ECBF2C1D}\455636860235570707F6274702133313 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{542723DF-D52B-4435-B4B3-9088ECBF2C1D}\D49775976496 : DHCPNameServer = 24.93.41.125 24.93.41.126
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\t4ak3ma8.default\
FF - prefs.js: browser.search.selectedEngine - Search Defender
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2011-9-20 426616]
R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2011-9-20 453896]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2011-9-20 1096176]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-6-11 55856]
R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2012-7-25 65664]
R0 TFSysMon;TFSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2012-7-25 706776]
R1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2011-9-20 341200]
R1 pctNdisLW64;PC Tools NDIS 6 LightWeight filter;C:\Windows\System32\drivers\pctNdisLW64.sys [2011-11-10 76952]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\System32\drivers\PCTSD64.sys [2011-9-20 251560]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-11 98208]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DokanCEDriver;DokanCEDriver;C:\Program Files (x86)\PogoplugBackup\dokance.sys [2012-5-9 66880]
R2 DokanCEMounter;DokanCEMounter;C:\Program Files (x86)\PogoplugBackup\dokanmnt.exe [2012-5-9 115520]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-5-1 181544]
R2 HBAdmin;HBAdmin;C:\Program Files (x86)\Pogoplug\HBPLUG\hbadmin.exe [2011-12-22 1064256]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-6 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-6 676936]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-9-20 402368]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2012-2-9 1118680]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-11 2533400]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-6-11 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-6-11 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-6-11 287232]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-6-11 74280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-6 25928]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2011-6-11 7680512]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;C:\Windows\System32\drivers\pctNdis-PacketFilter64.sys [2011-9-20 123808]
R3 pctplfw;pctplfw;C:\Windows\System32\drivers\pctplfw64.sys [2011-9-20 181032]
R3 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2011-9-20 92928]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2012-7-25 41968]
R3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
R3 xcetap0;XCETAP0 Adapter;C:\Windows\System32\drivers\xcetap0.sys [2011-5-27 39232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-2 250808]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-6-11 53800]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-9 114144]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-6-11 245792]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-25 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-13 19:40:27 20480 ----a-w- C:\Windows\svchost.exe
2012-10-13 15:04:21 0 ----a-w- C:\Windows\SysWow64\sho2DB5.tmp
2012-10-13 13:32:50 0 ----a-w- C:\Windows\SysWow64\shoDF37.tmp
2012-10-10 16:20:19 0 ----a-w- C:\Windows\SysWow64\sho68F8.tmp
2012-10-10 08:27:34 0 ----a-w- C:\Windows\SysWow64\sho3446.tmp
2012-10-10 08:07:14 -------- d-----w- C:\12c43ad16a0d8e9e146f38
2012-10-09 21:18:48 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-09 21:18:00 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-09 21:18:00 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-09 21:18:00 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-09 21:18:00 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-09 21:18:00 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-09 21:16:28 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-09 21:16:28 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-09 21:16:08 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-09 21:16:08 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-09 21:16:07 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-09 21:16:07 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-09 21:16:07 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-09 21:16:07 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-06 22:05:52 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-06 22:05:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-05 12:37:26 0 ----a-w- C:\Windows\SysWow64\sho25C4.tmp
2012-10-04 20:21:28 0 ----a-w- C:\Windows\SysWow64\sho8341.tmp
2012-09-30 20:44:35 -------- d-----w- C:\Program Files (x86)\LastPass
2012-09-29 18:26:23 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-29 01:51:57 0 ----a-w- C:\Windows\SysWow64\shoCDBF.tmp
2012-09-28 02:04:29 0 ----a-w- C:\Windows\SysWow64\sho669F.tmp
2012-09-26 12:39:14 0 ----a-w- C:\Windows\SysWow64\shoD8F1.tmp
2012-09-25 23:45:20 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-24 00:32:56 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-19 04:57:01 0 ----a-w- C:\Windows\SysWow64\shoA1AB.tmp
2012-09-18 03:50:37 0 ----a-w- C:\Windows\SysWow64\sho55E3.tmp
2012-09-13 21:28:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-13 21:28:40 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-13 21:28:35 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-13 21:28:34 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-13 21:28:29 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-13 21:28:29 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-13 21:28:29 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2012-10-09 02:54:01 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 02:54:01 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-24 00:32:42 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-24 00:32:42 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-05 22:46:40 0 ----a-w- C:\Windows\SysWow64\sho8F18.tmp
2012-09-03 01:11:01 0 ----a-w- C:\Windows\SysWow64\shoE282.tmp
2012-09-03 00:22:37 0 ----a-w- C:\Windows\SysWow64\shoAFA8.tmp
2012-09-01 00:25:12 0 ----a-w- C:\Windows\SysWow64\sho55FE.tmp
2012-08-29 14:38:52 0 ----a-w- C:\Windows\SysWow64\shoC81E.tmp
2012-08-28 02:14:28 0 ----a-w- C:\Windows\SysWow64\shoE288.tmp
2012-08-27 03:53:01 0 ----a-w- C:\Windows\SysWow64\sho5210.tmp
2012-08-26 17:38:06 0 ----a-w- C:\Windows\SysWow64\sho256A.tmp
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-24 05:05:26 0 ----a-w- C:\Windows\SysWow64\shoA865.tmp
2012-08-23 18:52:06 0 ----a-w- C:\Windows\SysWow64\sho18A0.tmp
2012-08-23 05:24:57 0 ----a-w- C:\Windows\SysWow64\shoECB0.tmp
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-17 01:24:54 0 ----a-w- C:\Windows\SysWow64\sho94D7.tmp
2012-08-16 05:39:46 0 ----a-w- C:\Windows\SysWow64\shoDC81.tmp
2012-08-15 03:11:57 0 ----a-w- C:\Windows\SysWow64\sho2D7B.tmp
2012-08-06 18:52:00 0 ----a-w- C:\Windows\SysWow64\sho6CB0.tmp
2012-08-01 16:20:32 0 ----a-w- C:\Windows\SysWow64\shoFA09.tmp
2012-07-27 02:25:40 0 ----a-w- C:\Windows\SysWow64\sho1B93.tmp
2012-07-25 14:44:15 0 ----a-w- C:\Windows\SysWow64\sho88AF.tmp
2012-07-25 04:43:31 0 ----a-w- C:\Windows\SysWow64\sho2B6.tmp
2012-07-22 20:10:54 0 ----a-w- C:\Windows\SysWow64\sho5EA4.tmp
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-17 01:58:29 0 ----a-w- C:\Windows\SysWow64\shoD3E3.tmp
2012-06-02 18:41:40 25126934 ----a-w- C:\Program Files\tor-browser-2.2.35-13_en-US.exe
.
============= FINISH: 15:10:43.21 ===============