LucDuran

Good morning, Yes, I am still here. I have working with Microsoft on this issue however there has been a few screw ups on there part while trying to send me the proper Vista DVD in order to do a repair install. Should be able to give you some feedback sometime at the beginning of next week. Lucas

Hi, I ran both virus definition update and app update. Everything went through fine. MSE does indicate that I have 30 days to authenticate as this is still an issue for the moment. Luc

Hi, Here is the ComboFix log. Luc ==================================== ComboFix 13-01-06.01 - Luc Duranleau 2013-01-08 7:02.4.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.2.1036.18.2046.987 [GMT -5:00] Lancé depuis: c:\users\Luc Duranleau\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Luc Duranleau\Desktop\CFScript.txt SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\found.000 c:\found.000\dir0000.chk\00010029.ci c:\found.000\dir0000.chk\00010029.dir c:\found.000\dir0000.chk\00010029.wid c:\users\Luc Duranleau\AppData\Roaming\PC Cleaners c:\users\Luc Duranleau\AppData\Roaming\PC Cleaners\app.log . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-12-08 au 2013-01-08 )))))))))))))))))))))))))))))))))))) . . 2013-01-08 12:15 . 2013-01-08 12:18 -------- d-----w- c:\users\Luc Duranleau\AppData\Local\temp 2013-01-08 12:15 . 2013-01-08 12:15 -------- d-----w- c:\users\Invité\AppData\Local\temp 2013-01-08 12:15 . 2013-01-08 12:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-07 19:49 . 2013-01-07 19:49 -------- d-----w- c:\programdata\Apple Computer 2013-01-07 18:59 . 2013-01-07 18:59 -------- d-----w- c:\users\Luc Duranleau\AppData\Local\Secunia PSI 2013-01-07 18:58 . 2013-01-07 18:58 -------- d-----w- c:\program files\Secunia 2013-01-07 18:44 . 2013-01-07 18:44 -------- d-----w- c:\program files\FileHippo.com 2013-01-05 19:21 . 2013-01-06 18:11 -------- d-----w- C:\MGADiagToolOutput 2013-01-05 19:11 . 2013-01-05 19:11 -------- d-----w- c:\programdata\Office Genuine Advantage 2013-01-05 16:42 . 2013-01-05 16:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-05 16:42 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-05 14:21 . 2013-01-05 14:21 -------- d-----w- c:\programdata\RegSERVO 2013-01-04 20:32 . 2013-01-07 18:21 -------- d-----w- c:\users\Luc Duranleau\AppData\Local\LogMeIn Rescue Applet 2013-01-04 19:05 . 2013-01-04 19:05 4729224 ----a-w- c:\windows\uninst.exe 2013-01-04 19:05 . 2013-01-04 19:17 -------- d-----w- c:\programdata\PC1Data 2013-01-04 19:05 . 2013-01-04 19:05 -------- d-----w- c:\users\Luc Duranleau\AppData\Roaming\PCPro 2013-01-04 16:37 . 2013-01-04 16:37 -------- d-----w- c:\users\Luc Duranleau\AppData\Local\Macromedia 2013-01-04 16:36 . 2013-01-04 16:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-04 16:25 . 2012-11-28 15:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-03 22:58 . 2013-01-03 22:58 -------- d-----w- C:\TDSSKiller_Quarantine 2013-01-03 21:13 . 2013-01-03 21:13 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe 2013-01-03 21:13 . 2013-01-03 21:13 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe 2012-12-25 07:53 . 2012-12-25 07:53 -------- d-----w- c:\users\Luc Duranleau\dwhelper . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-08 12:17 . 2010-08-25 23:14 58288 ----a-w- c:\windows\system32\rpcnet.dll 2013-01-08 03:23 . 2008-10-03 13:26 58288 ------w- c:\windows\system32\rpcnet.exe 2013-01-07 19:47 . 2011-09-11 20:32 404920 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-03 23:00 . 2010-08-29 03:54 279552 ----a-w- c:\windows\system32\services.exe 2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2013-01-03 21:13 . 2012-04-12 20:05 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "reminder"="c:\program files\TOSHIBA\reminder\reminder.exe" [2007-05-16 407672] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 712704] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-13 113664] Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-11-26 573024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' . 2013-01-07 c:\windows\Tasks\User_Feed_Synchronization-{74AEAE6A-923F-4414-A6C1-ABCC0714A59C}.job - c:\windows\system32\msfeedssync.exe [2010-08-29 04:24] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.iciwave.com/ uInternet Settings,ProxyServer = fpro.rtss.qc.ca:8080 uInternet Settings,ProxyOverride = *.rtss;*.gmf.qc.ca;*.mtl.rtss.qc.ca;*.rtss.qc.ca*;10.*;<local> IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: desjardins.com\accesd.affaires TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Luc Duranleau\AppData\Roaming\Mozilla\Firefox\Profiles\h1myzu6n.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: network.proxy.ftp - fpro.rtss.qc.ca FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - fpro.rtss.qc.ca FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - fpro.rtss.qc.ca FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - fpro.rtss.qc.ca FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - fpro.rtss.qc.ca FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-12-25 02:50; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Luc Duranleau\AppData\Roaming\Mozilla\Firefox\Profiles\h1myzu6n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} . - - - - ORPHELINS SUPPRIMES - - - - . HKCU-Run-toscdspd - TOSCDSPD.EXE HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-08 07:18 Windows 6.0.6002 Service Pack 2 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\system\ControlSet003\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . ------------------------ Autres processus actifs ------------------------ . c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\WLANExt.exe c:\program files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\program files\Juniper Networks\Common Files\dsNcService.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe c:\program files\Microsoft Office\Office12\GrooveAuditService.exe c:\windows\System32\msdtc.exe c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe c:\program files\Microsoft Security Client\NisSrv.exe c:\program files\Nitro PDF\Converter\NitroPDFDriverService.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\locator.exe c:\windows\system32\rpcnet.exe c:\program files\Secunia\PSI\PSIA.exe c:\program files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe c:\windows\system32\TODDSrv.exe c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\windows\System32\vds.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\wbem\WmiApSrv.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\iashost.exe c:\program files\Secunia\PSI\sua.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\SLUI.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Heure de fin: 2013-01-08 07:28:26 - La machine a redémarré ComboFix-quarantined-files.txt 2013-01-08 12:27 ComboFix2.txt 2013-01-08 00:46 . Avant-CF: 33 834 127 360 octets libres Après-CF: 33 828 306 944 octets libres . - - End Of File - - 4DE651249A4AF833F34DB3A83880936A

Hi, I just wanted to be sure as other posts I have read mentionned this when trying to run ComboFix a second time. As for the claim, I am sorry if it is interpreted this way. It was not my intention. I simply checked the time the authentication problem occured and the reboot I did after the Malaware disinfection. The issue is obviously more complex than that as I can well see. Please do not As for ComboFix. I did run it after the problem began to manifest itself. It ran and asked to reboot. On reboot, it started up again with a message saying it was preparing a report. It hung there and I had to close the window after a long wait. I then uninstalled it. This probably deleted the log files in the folder. My mistake. Will run your script now. Luc

Hi, Here are the TDSSKiller, ESET and RogueKiller logs at the time things screwed up with authentication. Luc ================================================================= 17:57:47.0936 4804 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 17:57:48.0290 4804 ============================================================ 17:57:48.0290 4804 Current date / time: 2013/01/03 17:57:48.0290 17:57:48.0290 4804 SystemInfo: 17:57:48.0290 4804 17:57:48.0290 4804 OS Version: 6.0.6002 ServicePack: 2.0 17:57:48.0290 4804 Product type: Workstation 17:57:48.0290 4804 ComputerName: LEONIDAS 17:57:48.0290 4804 UserName: Luc Duranleau 17:57:48.0290 4804 Windows directory: C:\Windows 17:57:48.0290 4804 System windows directory: C:\Windows 17:57:48.0290 4804 Processor architecture: Intel x86 17:57:48.0290 4804 Number of processors: 2 17:57:48.0290 4804 Page size: 0x1000 17:57:48.0290 4804 Boot type: Normal boot 17:57:48.0290 4804 ============================================================ 17:57:49.0530 4804 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 17:57:49.0530 4804 ============================================================ 17:57:49.0530 4804 \Device\Harddisk0\DR0: 17:57:49.0530 4804 MBR partitions: 17:57:49.0530 4804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1B865800 17:57:49.0530 4804 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C717800, BlocksNum 0xAAE000 17:57:49.0530 4804 ============================================================ 17:57:49.0580 4804 C: <-> \Device\Harddisk0\DR0\Partition1 17:57:49.0630 4804 D: <-> \Device\Harddisk0\DR0\Partition2 17:57:49.0630 4804 ============================================================ 17:57:49.0630 4804 Initialize success 17:57:49.0630 4804 ============================================================ 17:57:53.0031 1652 ============================================================ 17:57:53.0031 1652 Scan started 17:57:53.0031 1652 Mode: Manual; 17:57:53.0031 1652 ============================================================ 17:57:54.0121 1652 ================ Scan system memory ======================== 17:57:54.0121 1652 System memory - ok 17:57:54.0121 1652 ================ Scan services ============================= 17:57:54.0431 1652 [ 585E64BB6DFBC0A2F1F0B554DED012DF ] 61883 C:\Windows\system32\DRIVERS\61883.sys 17:57:54.0431 1652 61883 - ok 17:57:54.0582 1652 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 17:57:54.0582 1652 ACPI - ok 17:57:54.0683 1652 [ 5DDC0A8D2CD60BDA593DDAF45821CE08 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 17:57:54.0683 1652 Adobe LM Service - ok 17:57:54.0753 1652 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 17:57:54.0763 1652 adp94xx - ok 17:57:54.0813 1652 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys 17:57:54.0813 1652 adpahci - ok 17:57:54.0843 1652 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 17:57:54.0843 1652 adpu160m - ok 17:57:54.0883 1652 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys 17:57:54.0883 1652 adpu320 - ok 17:57:54.0963 1652 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 17:57:54.0963 1652 AeLookupSvc - ok 17:57:55.0043 1652 [ A201207363AA900ABF1A388468688570 ] AFD C:\Windows\system32\drivers\afd.sys 17:57:55.0043 1652 AFD - ok 17:57:55.0083 1652 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe 17:57:55.0083 1652 AgereModemAudio - ok 17:57:55.0183 1652 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys 17:57:55.0253 1652 AgereSoftModem - ok 17:57:55.0293 1652 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys 17:57:55.0293 1652 agp440 - ok 17:57:55.0343 1652 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 17:57:55.0353 1652 aic78xx - ok 17:57:55.0413 1652 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 17:57:55.0413 1652 ALG - ok 17:57:55.0443 1652 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys 17:57:55.0453 1652 aliide - ok 17:57:55.0503 1652 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys 17:57:55.0503 1652 amdagp - ok 17:57:55.0523 1652 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys 17:57:55.0523 1652 amdide - ok 17:57:55.0553 1652 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 17:57:55.0553 1652 AmdK7 - ok 17:57:55.0593 1652 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 17:57:55.0593 1652 AmdK8 - ok 17:57:55.0633 1652 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 17:57:55.0633 1652 Appinfo - ok 17:57:55.0683 1652 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys 17:57:55.0693 1652 arc - ok 17:57:55.0713 1652 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys 17:57:55.0713 1652 arcsas - ok 17:57:55.0753 1652 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 17:57:55.0753 1652 AsyncMac - ok 17:57:55.0823 1652 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 17:57:55.0833 1652 atapi - ok 17:57:55.0883 1652 [ CED8A3D0DA7803CC755A21D78D326139 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe 17:57:55.0883 1652 Ati External Event Utility - ok 17:57:56.0073 1652 [ 8CE91545423A431353869ED5ADE90ECE ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 17:57:56.0203 1652 atikmdag - ok 17:57:56.0273 1652 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 17:57:56.0283 1652 AudioEndpointBuilder - ok 17:57:56.0303 1652 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 17:57:56.0303 1652 Audiosrv - ok 17:57:56.0353 1652 [ F4B56425A00BEB32F5FA6603FF7B0EA2 ] Avc C:\Windows\system32\DRIVERS\avc.sys 17:57:56.0363 1652 Avc - ok 17:57:56.0403 1652 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 17:57:56.0403 1652 Beep - ok 17:57:56.0483 1652 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 17:57:56.0483 1652 BFE - ok 17:57:56.0603 1652 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 17:57:56.0613 1652 BITS - ok 17:57:56.0623 1652 blbdrive - ok 17:57:56.0633 1652 Bonjour Service - ok 17:57:56.0704 1652 [ 74B442B2BE1260B7588C136177CEAC66 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 17:57:56.0704 1652 bowser - ok 17:57:56.0735 1652 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 17:57:56.0735 1652 BrFiltLo - ok 17:57:56.0751 1652 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 17:57:56.0751 1652 BrFiltUp - ok 17:57:56.0798 1652 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 17:57:56.0798 1652 Browser - ok 17:57:56.0829 1652 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 17:57:56.0829 1652 Brserid - ok 17:57:56.0854 1652 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 17:57:56.0854 1652 BrSerWdm - ok 17:57:56.0874 1652 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 17:57:56.0874 1652 BrUsbMdm - ok 17:57:56.0894 1652 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 17:57:56.0894 1652 BrUsbSer - ok 17:57:56.0914 1652 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 17:57:56.0924 1652 BTHMODEM - ok 17:57:57.0184 1652 catchme - ok 17:57:57.0224 1652 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 17:57:57.0224 1652 cdfs - ok 17:57:57.0294 1652 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 17:57:57.0294 1652 cdrom - ok 17:57:57.0394 1652 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 17:57:57.0394 1652 CertPropSvc - ok 17:57:57.0444 1652 [ C82162949BBA6CC5D006C7BD008F3CF1 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe 17:57:57.0444 1652 CFSvcs - ok 17:57:57.0494 1652 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys 17:57:57.0494 1652 circlass - ok 17:57:57.0564 1652 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 17:57:57.0574 1652 CLFS - ok 17:57:57.0664 1652 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:57:57.0664 1652 clr_optimization_v2.0.50727_32 - ok 17:57:57.0704 1652 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 17:57:57.0704 1652 CmBatt - ok 17:57:57.0734 1652 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys 17:57:57.0744 1652 cmdide - ok 17:57:57.0784 1652 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 17:57:57.0784 1652 Compbatt - ok 17:57:57.0794 1652 COMSysApp - ok 17:57:57.0804 1652 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 17:57:57.0814 1652 crcdisk - ok 17:57:57.0844 1652 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys 17:57:57.0844 1652 Crusoe - ok 17:57:57.0914 1652 [ FB27772BEAF8E1D28CCD825C09DA939B ] CryptSvc C:\Windows\system32\cryptsvc.dll 17:57:57.0914 1652 CryptSvc - ok 17:57:58.0004 1652 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 17:57:58.0034 1652 DcomLaunch - ok 17:57:58.0144 1652 [ 218D8AE46C88E82014F5D73D0236D9B2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 17:57:58.0144 1652 DfsC - ok 17:57:58.0304 1652 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 17:57:58.0384 1652 DFSR - ok 17:57:58.0454 1652 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 17:57:58.0464 1652 Dhcp - ok 17:57:58.0524 1652 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 17:57:58.0524 1652 disk - ok 17:57:58.0594 1652 [ 30A08728740E71947AE1E073B5CE69B4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 17:57:58.0604 1652 Dnscache - ok 17:57:58.0664 1652 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 17:57:58.0674 1652 dot3svc - ok 17:57:58.0724 1652 [ 4F59C172C094E1A1D46463A8DC061CBD ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys 17:57:58.0724 1652 dot4 - ok 17:57:58.0784 1652 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 17:57:58.0794 1652 Dot4Print - ok 17:57:58.0804 1652 [ A84D8A9006B1AE515CC7B6B3586C295A ] Dot4Scan C:\Windows\system32\DRIVERS\Dot4Scan.sys 17:57:58.0804 1652 Dot4Scan - ok 17:57:58.0824 1652 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 17:57:58.0834 1652 dot4usb - ok 17:57:58.0874 1652 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 17:57:58.0884 1652 DPS - ok 17:57:58.0904 1652 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 17:57:58.0914 1652 drmkaud - ok 17:57:58.0956 1652 [ B2C3F71B86E25C3DF78339DDB40A7562 ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys 17:57:58.0956 1652 dsNcAdpt - ok 17:57:59.0065 1652 [ A6B5ECF684769A99D96175F9D1E1337C ] dsNcService C:\Program Files\Juniper Networks\Common Files\dsNcService.exe 17:57:59.0065 1652 dsNcService - ok 17:57:59.0126 1652 [ 5C7E2097B91D689DED7A6FF90F0F3A25 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 17:57:59.0156 1652 DXGKrnl - ok 17:57:59.0216 1652 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 17:57:59.0216 1652 E1G60 - ok 17:57:59.0276 1652 [ 0DC2665363C769FF0AA3B30FA73D69D6 ] E2ECAM C:\Windows\system32\DRIVERS\wavedt.sys 17:57:59.0276 1652 E2ECAM - ok 17:57:59.0346 1652 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 17:57:59.0346 1652 EapHost - ok 17:57:59.0426 1652 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 17:57:59.0436 1652 Ecache - ok 17:57:59.0436 1652 eeef - ok 17:57:59.0506 1652 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 17:57:59.0516 1652 ehRecvr - ok 17:57:59.0576 1652 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 17:57:59.0576 1652 ehSched - ok 17:57:59.0616 1652 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 17:57:59.0616 1652 ehstart - ok 17:57:59.0686 1652 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys 17:57:59.0686 1652 elxstor - ok 17:57:59.0766 1652 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 17:57:59.0776 1652 EMDMgmt - ok 17:57:59.0796 1652 esgiguard - ok 17:57:59.0896 1652 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 17:57:59.0896 1652 EventSystem - ok 17:57:59.0976 1652 [ 298C8F404968A600D1C298D43783BDB8 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 17:57:59.0986 1652 EvtEng - ok 17:58:00.0056 1652 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 17:58:00.0066 1652 exfat - ok 17:58:00.0106 1652 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 17:58:00.0116 1652 fastfat - ok 17:58:00.0156 1652 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 17:58:00.0156 1652 fdc - ok 17:58:00.0226 1652 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 17:58:00.0226 1652 fdPHost - ok 17:58:00.0266 1652 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 17:58:00.0276 1652 FDResPub - ok 17:58:00.0306 1652 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 17:58:00.0306 1652 FileInfo - ok 17:58:00.0366 1652 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 17:58:00.0366 1652 Filetrace - ok 17:58:00.0506 1652 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 17:58:00.0546 1652 FLEXnet Licensing Service - ok 17:58:00.0586 1652 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 17:58:00.0586 1652 flpydisk - ok 17:58:00.0676 1652 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 17:58:00.0696 1652 FltMgr - ok 17:58:00.0776 1652 [ D49705F25390265CAD9B620F55EA968C ] FontCache C:\Windows\system32\FntCache.dll 17:58:00.0816 1652 FontCache - ok 17:58:00.0936 1652 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 17:58:00.0956 1652 FontCache3.0.0.0 - ok 17:58:00.0986 1652 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 17:58:00.0986 1652 Fs_Rec - ok 17:58:01.0036 1652 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 17:58:01.0036 1652 gagp30kx - ok 17:58:01.0156 1652 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 17:58:01.0186 1652 gpsvc - ok 17:58:01.0226 1652 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys 17:58:01.0226 1652 hamachi - ok 17:58:01.0306 1652 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 17:58:01.0316 1652 HdAudAddService - ok 17:58:01.0466 1652 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 17:58:01.0546 1652 HDAudBus - ok 17:58:01.0596 1652 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 17:58:01.0596 1652 HidBth - ok 17:58:01.0656 1652 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 17:58:01.0676 1652 HidIr - ok 17:58:01.0716 1652 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll 17:58:01.0716 1652 hidserv - ok 17:58:01.0736 1652 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 17:58:01.0756 1652 HidUsb - ok 17:58:01.0806 1652 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 17:58:01.0806 1652 hkmsvc - ok 17:58:01.0856 1652 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 17:58:01.0876 1652 HpCISSs - ok 17:58:01.0926 1652 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 17:58:01.0946 1652 HTTP - ok 17:58:01.0996 1652 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys 17:58:02.0016 1652 i2omp - ok 17:58:02.0076 1652 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 17:58:02.0122 1652 i8042prt - ok 17:58:02.0184 1652 [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 17:58:02.0184 1652 iaStor - ok 17:58:02.0215 1652 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 17:58:02.0231 1652 iaStorV - ok 17:58:02.0342 1652 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 17:58:02.0362 1652 idsvc - ok 17:58:02.0362 1652 igfx - ok 17:58:02.0392 1652 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 17:58:02.0392 1652 iirsp - ok 17:58:02.0472 1652 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 17:58:02.0482 1652 IKEEXT - ok 17:58:02.0492 1652 IntcAzAudAddService - ok 17:58:02.0532 1652 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 17:58:02.0532 1652 intelide - ok 17:58:02.0542 1652 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 17:58:02.0542 1652 intelppm - ok 17:58:02.0612 1652 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 17:58:02.0612 1652 IPBusEnum - ok 17:58:02.0662 1652 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:58:02.0662 1652 IpFilterDriver - ok 17:58:02.0692 1652 [ 7F83B06A929A981BC001B2EA304D2036 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 17:58:02.0692 1652 iphlpsvc - ok 17:58:02.0702 1652 IpInIp - ok 17:58:02.0752 1652 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 17:58:02.0752 1652 IPMIDRV - ok 17:58:02.0812 1652 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 17:58:02.0812 1652 IPNAT - ok 17:58:02.0872 1652 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 17:58:02.0872 1652 IRENUM - ok 17:58:02.0912 1652 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys 17:58:02.0912 1652 isapnp - ok 17:58:03.0002 1652 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 17:58:03.0012 1652 iScsiPrt - ok 17:58:03.0062 1652 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 17:58:03.0062 1652 iteatapi - ok 17:58:03.0112 1652 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 17:58:03.0112 1652 iteraid - ok 17:58:03.0182 1652 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 17:58:03.0182 1652 kbdclass - ok 17:58:03.0222 1652 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 17:58:03.0232 1652 kbdhid - ok 17:58:03.0272 1652 [ 3978F3540329E16C0AC3BCF677E5669F ] KeyIso C:\Windows\system32\lsass.exe 17:58:03.0272 1652 KeyIso - ok 17:58:03.0332 1652 [ 86165728AF9BF72D6442A894FDFB4F8B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 17:58:03.0362 1652 KSecDD - ok 17:58:03.0442 1652 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 17:58:03.0452 1652 KtmRm - ok 17:58:03.0502 1652 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll 17:58:03.0512 1652 LanmanServer - ok 17:58:03.0542 1652 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 17:58:03.0552 1652 LanmanWorkstation - ok 17:58:03.0592 1652 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 17:58:03.0602 1652 lltdio - ok 17:58:03.0652 1652 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 17:58:03.0652 1652 lltdsvc - ok 17:58:03.0692 1652 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 17:58:03.0692 1652 lmhosts - ok 17:58:03.0742 1652 LMIInfo - ok 17:58:03.0792 1652 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys 17:58:03.0792 1652 lmimirr - ok 17:58:03.0802 1652 LMIRfsClientNP - ok 17:58:03.0832 1652 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys 17:58:03.0832 1652 LMIRfsDriver - ok 17:58:03.0872 1652 [ 515FC18CABEE0158A324B08B1C2667CF ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys 17:58:03.0902 1652 LPCFilter - ok 17:58:03.0932 1652 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 17:58:03.0932 1652 LSI_FC - ok 17:58:03.0992 1652 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 17:58:03.0992 1652 LSI_SAS - ok 17:58:04.0022 1652 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 17:58:04.0022 1652 LSI_SCSI - ok 17:58:04.0062 1652 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 17:58:04.0062 1652 luafv - ok 17:58:04.0072 1652 LVcKap - ok 17:58:04.0082 1652 LVMVDrv - ok 17:58:04.0202 1652 [ FF6E9C169F3372D0046DEDBE63E461F2 ] lvpopflt C:\Windows\system32\DRIVERS\lvpopflt.sys 17:58:04.0272 1652 lvpopflt - ok 17:58:04.0282 1652 LVPr2Mon - ok 17:58:04.0302 1652 LVPrcSrv - ok 17:58:04.0342 1652 [ F7D667093387A389D2D90CCE7178B3A5 ] lvselsus C:\Windows\system32\DRIVERS\lvselsus.sys 17:58:04.0342 1652 lvselsus - ok 17:58:04.0392 1652 [ CCFF53B1FCDFA9EDE919E3BDBD10D0FD ] LVUSBSta C:\Windows\system32\drivers\lvusbsta.sys 17:58:04.0392 1652 LVUSBSta - ok 17:58:04.0482 1652 [ 9C1123052624356CD7C05D5C5767BF57 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys 17:58:04.0532 1652 LVUVC - ok 17:58:04.0632 1652 [ 677FB31C7F6140FD97C91FF3929B702A ] MaxBackServiceInt C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe 17:58:04.0662 1652 MaxBackServiceInt - ok 17:58:04.0722 1652 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 17:58:04.0732 1652 Mcx2Svc - ok 17:58:04.0902 1652 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 17:58:04.0902 1652 MDM - ok 17:58:04.0952 1652 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys 17:58:04.0952 1652 megasas - ok 17:58:05.0102 1652 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 17:58:05.0102 1652 Microsoft Office Groove Audit Service - ok 17:58:05.0162 1652 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 17:58:05.0162 1652 MMCSS - ok 17:58:05.0202 1652 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 17:58:05.0202 1652 Modem - ok 17:58:05.0252 1652 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 17:58:05.0252 1652 monitor - ok 17:58:05.0262 1652 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 17:58:05.0272 1652 mouclass - ok 17:58:05.0282 1652 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 17:58:05.0282 1652 mouhid - ok 17:58:05.0302 1652 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\DRIVERS\MOUNTMGR.SYS 17:58:05.0312 1652 MountMgr - ok 17:58:05.0362 1652 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 17:58:05.0362 1652 MozillaMaintenance - ok 17:58:05.0402 1652 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 17:58:05.0412 1652 MpFilter - ok 17:58:05.0452 1652 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys 17:58:05.0452 1652 mpio - ok 17:58:05.0492 1652 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 17:58:05.0492 1652 mpsdrv - ok 17:58:05.0532 1652 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 17:58:05.0532 1652 Mraid35x - ok 17:58:05.0602 1652 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 17:58:05.0602 1652 MRxDAV - ok 17:58:05.0662 1652 [ 454341E652BDF5E01B0F2140232B073E ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 17:58:05.0662 1652 mrxsmb - ok 17:58:05.0692 1652 [ 2A4901AFF069944FA945ED5BBF4DCDE3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:58:05.0702 1652 mrxsmb10 - ok 17:58:05.0722 1652 [ 28B3F1AB44BDD4432C041581412F17D9 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:58:05.0722 1652 mrxsmb20 - ok 17:58:05.0742 1652 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys 17:58:05.0742 1652 msahci - ok 17:58:05.0772 1652 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys 17:58:05.0782 1652 msdsm - ok 17:58:05.0822 1652 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 17:58:05.0832 1652 MSDTC - ok 17:58:05.0882 1652 [ 343291A4DFD7C923C3F71F550830EC1C ] MSDV C:\Windows\system32\DRIVERS\msdv.sys 17:58:05.0882 1652 MSDV - ok 17:58:05.0922 1652 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 17:58:05.0922 1652 Msfs - ok 17:58:05.0942 1652 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 17:58:05.0952 1652 msisadrv - ok 17:58:06.0002 1652 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 17:58:06.0002 1652 MSiSCSI - ok 17:58:06.0012 1652 msiserver - ok 17:58:06.0092 1652 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 17:58:06.0092 1652 MSKSSRV - ok 17:58:06.0152 1652 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 17:58:06.0152 1652 MsMpSvc - ok 17:58:06.0182 1652 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 17:58:06.0182 1652 MSPCLOCK - ok 17:58:06.0222 1652 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 17:58:06.0232 1652 MSPQM - ok 17:58:06.0322 1652 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 17:58:06.0322 1652 MsRPC - ok 17:58:06.0342 1652 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 17:58:06.0342 1652 mssmbios - ok 17:58:06.0362 1652 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 17:58:06.0362 1652 MSTEE - ok 17:58:06.0392 1652 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 17:58:06.0392 1652 Mup - ok 17:58:06.0432 1652 [ C29F284FF7AB4ED38CE419A9424E52A2 ] MXOPSWD C:\Windows\system32\DRIVERS\mxopswd.sys 17:58:06.0432 1652 MXOPSWD - ok 17:58:06.0492 1652 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 17:58:06.0512 1652 napagent - ok 17:58:06.0592 1652 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 17:58:06.0602 1652 NativeWifiP - ok 17:58:06.0692 1652 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 17:58:06.0722 1652 NDIS - ok 17:58:06.0772 1652 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 17:58:06.0772 1652 NdisTapi - ok 17:58:06.0822 1652 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 17:58:06.0832 1652 Ndisuio - ok 17:58:06.0852 1652 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 17:58:06.0852 1652 NdisWan - ok 17:58:06.0892 1652 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 17:58:06.0892 1652 NDProxy - ok 17:58:06.0912 1652 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 17:58:06.0912 1652 NetBIOS - ok 17:58:06.0982 1652 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 17:58:06.0982 1652 netbt - ok 17:58:07.0023 1652 [ 3978F3540329E16C0AC3BCF677E5669F ] Netlogon C:\Windows\system32\lsass.exe 17:58:07.0023 1652 Netlogon - ok 17:58:07.0070 1652 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 17:58:07.0070 1652 Netman - ok 17:58:07.0132 1652 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 17:58:07.0132 1652 netprofm - ok 17:58:07.0189 1652 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:58:07.0189 1652 NetTcpPortSharing - ok 17:58:07.0329 1652 [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys 17:58:07.0429 1652 NETw4v32 - ok 17:58:07.0479 1652 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 17:58:07.0479 1652 nfrd960 - ok 17:58:07.0549 1652 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 17:58:07.0549 1652 NisDrv - ok 17:58:07.0609 1652 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 17:58:07.0619 1652 NisSrv - ok 17:58:07.0719 1652 [ D78F02AFC7C3422D6EA1EA823D4957C7 ] NitroDriverReadSpool C:\Program Files\Nitro PDF\Converter\NitroPDFDriverService.exe 17:58:07.0719 1652 NitroDriverReadSpool - ok 17:58:07.0789 1652 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 17:58:07.0789 1652 NlaSvc - ok 17:58:07.0849 1652 [ 00602D89A2564414E6F81DB0F2E24685 ] nlsX86cc C:\Windows\system32\NLSSRV32.EXE 17:58:07.0849 1652 nlsX86cc - ok 17:58:07.0909 1652 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 17:58:07.0919 1652 Npfs - ok 17:58:07.0969 1652 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 17:58:07.0969 1652 nsi - ok 17:58:08.0009 1652 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 17:58:08.0009 1652 nsiproxy - ok 17:58:08.0149 1652 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 17:58:08.0219 1652 Ntfs - ok 17:58:08.0279 1652 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 17:58:08.0279 1652 ntrigdigi - ok 17:58:08.0349 1652 [ C2C0FF5F58DC258B77A799E0F8B5925C ] NTService1 C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe 17:58:08.0359 1652 NTService1 - ok 17:58:08.0379 1652 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 17:58:08.0379 1652 Null - ok 17:58:08.0419 1652 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys 17:58:08.0439 1652 nvraid - ok 17:58:08.0469 1652 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys 17:58:08.0469 1652 nvstor - ok 17:58:08.0519 1652 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 17:58:08.0519 1652 nv_agp - ok 17:58:08.0529 1652 NwlnkFlt - ok 17:58:08.0539 1652 NwlnkFwd - ok 17:58:08.0639 1652 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 17:58:08.0649 1652 odserv - ok 17:58:08.0719 1652 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 17:58:08.0719 1652 ohci1394 - ok 17:58:08.0789 1652 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:58:08.0789 1652 ose - ok 17:58:08.0879 1652 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 17:58:08.0889 1652 p2pimsvc - ok 17:58:08.0939 1652 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 17:58:08.0949 1652 p2psvc - ok 17:58:08.0999 1652 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 17:58:08.0999 1652 Parport - ok 17:58:09.0059 1652 [ 57389FA59A36D96B3EB09D0CB91E9CDC ] partmgr C:\Windows\system32\drivers\partmgr.sys 17:58:09.0059 1652 partmgr - ok 17:58:09.0089 1652 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 17:58:09.0089 1652 Parvdm - ok 17:58:09.0149 1652 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 17:58:09.0149 1652 PcaSvc - ok 17:58:09.0219 1652 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 17:58:09.0219 1652 pci - ok 17:58:09.0280 1652 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys 17:58:09.0280 1652 pciide - ok 17:58:09.0363 1652 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 17:58:09.0363 1652 pcmcia - ok 17:58:09.0433 1652 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 17:58:09.0473 1652 PEAUTH - ok 17:58:09.0593 1652 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 17:58:09.0663 1652 pla - ok 17:58:09.0733 1652 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 17:58:09.0743 1652 PlugPlay - ok 17:58:09.0813 1652 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 17:58:09.0823 1652 PNRPAutoReg - ok 17:58:09.0863 1652 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 17:58:09.0873 1652 PNRPsvc - ok 17:58:09.0913 1652 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 17:58:09.0923 1652 PolicyAgent - ok 17:58:09.0943 1652 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 17:58:09.0943 1652 PptpMiniport - ok 17:58:09.0993 1652 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys 17:58:09.0993 1652 Processor - ok 17:58:10.0093 1652 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 17:58:10.0103 1652 ProfSvc - ok 17:58:10.0113 1652 [ 3978F3540329E16C0AC3BCF677E5669F ] ProtectedStorage C:\Windows\system32\lsass.exe 17:58:10.0123 1652 ProtectedStorage - ok 17:58:10.0193 1652 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 17:58:10.0193 1652 PSched - ok 17:58:10.0203 1652 qekfvmer - ok 17:58:10.0283 1652 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys 17:58:10.0463 1652 ql2300 - ok 17:58:10.0493 1652 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 17:58:10.0503 1652 ql40xx - ok 17:58:10.0553 1652 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 17:58:10.0563 1652 QWAVE - ok 17:58:10.0593 1652 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 17:58:10.0603 1652 QWAVEdrv - ok 17:58:10.0643 1652 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 17:58:10.0643 1652 RasAcd - ok 17:58:10.0703 1652 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 17:58:10.0703 1652 RasAuto - ok 17:58:10.0763 1652 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 17:58:10.0763 1652 Rasl2tp - ok 17:58:10.0833 1652 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 17:58:10.0843 1652 RasMan - ok 17:58:10.0903 1652 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 17:58:10.0903 1652 RasPppoe - ok 17:58:10.0973 1652 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 17:58:10.0983 1652 RasSstp - ok 17:58:11.0053 1652 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 17:58:11.0063 1652 rdbss - ok 17:58:11.0083 1652 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 17:58:11.0083 1652 RDPCDD - ok 17:58:11.0143 1652 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 17:58:11.0143 1652 rdpdr - ok 17:58:11.0153 1652 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 17:58:11.0153 1652 RDPENCDD - ok 17:58:11.0213 1652 [ 30BFBDFB7F95559EDE971F9DDB9A00BA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 17:58:11.0223 1652 RDPWD - ok 17:58:11.0273 1652 [ 83A5D92ACE4465C667D1D55FCDAB2658 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 17:58:11.0283 1652 RegSrvc - ok 17:58:11.0313 1652 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 17:58:11.0313 1652 RemoteAccess - ok 17:58:11.0373 1652 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 17:58:11.0383 1652 RemoteRegistry - ok 17:58:11.0413 1652 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 17:58:11.0413 1652 RpcLocator - ok 17:58:11.0485 1652 [ 449BF2E12822299C0B153B61C5B8D58E ] rpcnet C:\Windows\system32\rpcnet.exe 17:58:11.0485 1652 rpcnet - ok 17:58:11.0532 1652 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 17:58:11.0548 1652 RpcSs - ok 17:58:11.0579 1652 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 17:58:11.0579 1652 rspndr - ok 17:58:11.0604 1652 [ B8B159FA669C6386A458FCD468EBB1E6 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys 17:58:11.0614 1652 RTL8169 - ok 17:58:11.0634 1652 [ 3978F3540329E16C0AC3BCF677E5669F ] SamSs C:\Windows\system32\lsass.exe 17:58:11.0634 1652 SamSs - ok 17:58:11.0674 1652 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 17:58:11.0674 1652 SASDIFSV - ok 17:58:11.0694 1652 [ 61DB0D0756A99506207FD724E3692B25 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 17:58:11.0704 1652 SASKUTIL - ok 17:58:11.0744 1652 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 17:58:11.0744 1652 sbp2port - ok 17:58:11.0924 1652 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 17:58:11.0934 1652 SCardSvr - ok 17:58:12.0014 1652 [ 323AE0BDFD2EB15B668DDA50CC597329 ] Schedule C:\Windows\system32\schedsvc.dll 17:58:12.0024 1652 Schedule - ok 17:58:12.0044 1652 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 17:58:12.0054 1652 SCPolicySvc - ok 17:58:12.0104 1652 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 17:58:12.0114 1652 sdbus - ok 17:58:12.0144 1652 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 17:58:12.0154 1652 SDRSVC - ok 17:58:12.0174 1652 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 17:58:12.0174 1652 secdrv - ok 17:58:12.0214 1652 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 17:58:12.0214 1652 seclogon - ok 17:58:12.0234 1652 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 17:58:12.0244 1652 SENS - ok 17:58:12.0274 1652 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 17:58:12.0284 1652 Serenum - ok 17:58:12.0314 1652 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 17:58:12.0314 1652 Serial - ok 17:58:12.0374 1652 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 17:58:12.0374 1652 sermouse - ok 17:58:12.0454 1652 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 17:58:12.0454 1652 SessionEnv - ok 17:58:12.0494 1652 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 17:58:12.0494 1652 sffdisk - ok 17:58:12.0534 1652 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 17:58:12.0544 1652 sffp_mmc - ok 17:58:12.0594 1652 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 17:58:12.0594 1652 sffp_sd - ok 17:58:12.0614 1652 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 17:58:12.0634 1652 sfloppy - ok 17:58:12.0714 1652 [ C818C44C201898399BF999BB6B35D4E3 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 17:58:12.0724 1652 ShellHWDetection - ok 17:58:12.0764 1652 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys 17:58:12.0764 1652 sisagp - ok 17:58:12.0804 1652 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 17:58:12.0804 1652 SiSRaid2 - ok 17:58:12.0834 1652 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 17:58:12.0844 1652 SiSRaid4 - ok 17:58:13.0064 1652 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 17:58:13.0204 1652 slsvc - ok 17:58:13.0294 1652 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 17:58:13.0294 1652 SLUINotify - ok 17:58:13.0354 1652 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 17:58:13.0354 1652 Smb - ok 17:58:13.0404 1652 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 17:58:13.0404 1652 SNMPTRAP - ok 17:58:13.0464 1652 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 17:58:13.0464 1652 spldr - ok 17:58:13.0494 1652 [ 524BFBEA40E6E404737CCBC754647A2E ] Spooler C:\Windows\System32\spoolsv.exe 17:58:13.0504 1652 Spooler - ok 17:58:13.0554 1652 [ FF3CBC13DB84D81F56931BC922CC37C4 ] srv C:\Windows\system32\DRIVERS\srv.sys 17:58:13.0564 1652 srv - ok 17:58:13.0604 1652 [ D15959D9F69F0D39A0153E9C244F20DD ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 17:58:13.0614 1652 srv2 - ok 17:58:13.0644 1652 [ FAA0D553A49E85008C6BB3781987C574 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 17:58:13.0644 1652 srvnet - ok 17:58:13.0686 1652 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 17:58:13.0686 1652 SSDPSRV - ok 17:58:13.0764 1652 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 17:58:13.0764 1652 SstpSvc - ok 17:58:13.0844 1652 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 17:58:13.0854 1652 stisvc - ok 17:58:13.0874 1652 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 17:58:13.0874 1652 swenum - ok 17:58:13.0954 1652 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 17:58:13.0964 1652 swprv - ok 17:58:14.0014 1652 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 17:58:14.0014 1652 Symc8xx - ok 17:58:14.0044 1652 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 17:58:14.0044 1652 Sym_hi - ok 17:58:14.0074 1652 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 17:58:14.0074 1652 Sym_u3 - ok 17:58:14.0134 1652 [ 964524A9EDCCE945E82419ABE9DB94EE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 17:58:14.0134 1652 SynTP - ok 17:58:14.0224 1652 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 17:58:14.0234 1652 SysMain - ok 17:58:14.0264 1652 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 17:58:14.0264 1652 TabletInputService - ok 17:58:14.0334 1652 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 17:58:14.0344 1652 TapiSrv - ok 17:58:14.0374 1652 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 17:58:14.0384 1652 TBS - ok 17:58:14.0454 1652 [ 6A10AFCE0B38371064BE41C1FBFD3C6B ] Tcpip C:\Windows\system32\drivers\tcpip.sys 17:58:14.0534 1652 Tcpip - ok 17:58:14.0624 1652 [ 6A10AFCE0B38371064BE41C1FBFD3C6B ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 17:58:14.0634 1652 Tcpip6 - ok 17:58:14.0684 1652 [ 9BF343F4C878D6AD6922B2C5A4FEFE0D ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 17:58:14.0684 1652 tcpipreg - ok 17:58:14.0724 1652 [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys 17:58:14.0724 1652 tdcmdpst - ok 17:58:14.0774 1652 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 17:58:14.0774 1652 TDPIPE - ok 17:58:14.0804 1652 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 17:58:14.0804 1652 TDTCP - ok 17:58:14.0874 1652 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 17:58:14.0874 1652 tdx - ok 17:58:14.0904 1652 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 17:58:14.0904 1652 TermDD - ok 17:58:14.0974 1652 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 17:58:14.0984 1652 TermService - ok 17:58:15.0024 1652 [ C818C44C201898399BF999BB6B35D4E3 ] Themes C:\Windows\system32\shsvcs.dll 17:58:15.0034 1652 Themes - ok 17:58:15.0074 1652 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 17:58:15.0074 1652 THREADORDER - ok 17:58:15.0124 1652 [ E4C85C291DDB3DC5E4A2F227CA465BA6 ] tifm21 C:\Windows\system32\drivers\tifm21.sys 17:58:15.0134 1652 tifm21 - ok 17:58:15.0254 1652 [ 1F9A37B633C11EBE5D68137645FA1337 ] TNaviSrv C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe 17:58:15.0254 1652 TNaviSrv - ok 17:58:15.0314 1652 [ D540858E65BFA6FDED41AD2495ECE344 ] TODDSrv C:\Windows\system32\TODDSrv.exe 17:58:15.0314 1652 TODDSrv - ok 17:58:15.0384 1652 [ 6A54C28B53C6B50D333C8EE974C6B208 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 17:58:15.0394 1652 TosCoSrv - ok 17:58:15.0434 1652 [ 87843B2DA99051BC66E2D6C211E3D6A4 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe 17:58:15.0434 1652 TOSHIBA Bluetooth Service - ok 17:58:15.0444 1652 Tosrfcom - ok 17:58:15.0464 1652 [ 5C4103544612E5011EF46301B93D1AA6 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys 17:58:15.0464 1652 tosrfec - ok 17:58:15.0494 1652 [ 1EA5F27C29405BF49799FECA77186DA9 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys 17:58:15.0494 1652 tos_sps32 - ok 17:58:15.0504 1652 TpChoice - ok 17:58:15.0584 1652 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 17:58:15.0584 1652 TrkWks - ok 17:58:15.0674 1652 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 17:58:15.0674 1652 TrustedInstaller - ok 17:58:15.0744 1652 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 17:58:15.0744 1652 tssecsrv - ok 17:58:15.0784 1652 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 17:58:15.0784 1652 tunmp - ok 17:58:15.0804 1652 [ 119B8184E106BAEDC83FCE5DDF3950DA ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 17:58:15.0814 1652 tunnel - ok 17:58:15.0865 1652 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS 17:58:15.0865 1652 TVALZ - ok 17:58:15.0896 1652 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 17:58:15.0912 1652 uagp35 - ok 17:58:15.0957 1652 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 17:58:15.0967 1652 udfs - ok 17:58:16.0027 1652 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 17:58:16.0027 1652 UI0Detect - ok 17:58:16.0107 1652 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 17:58:16.0107 1652 UleadBurningHelper - ok 17:58:16.0157 1652 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 17:58:16.0157 1652 uliagpkx - ok 17:58:16.0197 1652 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys 17:58:16.0207 1652 uliahci - ok 17:58:16.0237 1652 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 17:58:16.0247 1652 UlSata - ok 17:58:16.0277 1652 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 17:58:16.0287 1652 ulsata2 - ok 17:58:16.0317 1652 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 17:58:16.0317 1652 umbus - ok 17:58:16.0347 1652 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 17:58:16.0357 1652 upnphost - ok 17:58:16.0427 1652 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 17:58:16.0427 1652 usbaudio - ok 17:58:16.0477 1652 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 17:58:16.0477 1652 usbccgp - ok 17:58:16.0517 1652 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 17:58:16.0517 1652 usbcir - ok 17:58:16.0547 1652 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 17:58:16.0547 1652 usbehci - ok 17:58:16.0577 1652 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 17:58:16.0587 1652 usbhub - ok 17:58:16.0627 1652 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 17:58:16.0627 1652 usbohci - ok 17:58:16.0647 1652 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys 17:58:16.0647 1652 usbprint - ok 17:58:16.0657 1652 Usbrfcddworb - ok 17:58:16.0687 1652 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:58:16.0687 1652 USBSTOR - ok 17:58:16.0737 1652 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 17:58:16.0737 1652 usbuhci - ok 17:58:16.0807 1652 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 17:58:16.0817 1652 usbvideo - ok 17:58:16.0857 1652 [ 3B929A72AAEA96DC0150D3A6DA268C89 ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS 17:58:16.0857 1652 UVCFTR - ok 17:58:16.0927 1652 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 17:58:16.0927 1652 UxSms - ok 17:58:16.0997 1652 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 17:58:17.0007 1652 vds - ok 17:58:17.0057 1652 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 17:58:17.0057 1652 vga - ok 17:58:17.0127 1652 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 17:58:17.0127 1652 VgaSave - ok 17:58:17.0167 1652 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys 17:58:17.0167 1652 viaagp - ok 17:58:17.0197 1652 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 17:58:17.0197 1652 ViaC7 - ok 17:58:17.0227 1652 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys 17:58:17.0237 1652 viaide - ok 17:58:17.0277 1652 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 17:58:17.0277 1652 volmgr - ok 17:58:17.0377 1652 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 17:58:17.0387 1652 volmgrx - ok 17:58:17.0457 1652 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys 17:58:17.0457 1652 volsnap - ok 17:58:17.0507 1652 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 17:58:17.0507 1652 vsmraid - ok 17:58:17.0617 1652 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 17:58:17.0687 1652 VSS - ok 17:58:17.0767 1652 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 17:58:17.0767 1652 W32Time - ok 17:58:17.0807 1652 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 17:58:17.0807 1652 WacomPen - ok 17:58:17.0847 1652 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 17:58:17.0847 1652 Wanarp - ok 17:58:17.0857 1652 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 17:58:17.0857 1652 Wanarpv6 - ok 17:58:17.0897 1652 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 17:58:17.0927 1652 wcncsvc - ok 17:58:17.0977 1652 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 17:58:17.0977 1652 WcsPlugInService - ok 17:58:18.0038 1652 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys 17:58:18.0054 1652 Wd - ok 17:58:18.0148 1652 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 17:58:18.0179 1652 Wdf01000 - ok 17:58:18.0219 1652 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 17:58:18.0219 1652 WdiServiceHost - ok 17:58:18.0229 1652 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 17:58:18.0239 1652 WdiSystemHost - ok 17:58:18.0309 1652 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 17:58:18.0319 1652 WebClient - ok 17:58:18.0359 1652 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll 17:58:18.0369 1652 Wecsvc - ok 17:58:18.0399 1652 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 17:58:18.0409 1652 wercplsupport - ok 17:58:18.0479 1652 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 17:58:18.0479 1652 WerSvc - ok 17:58:18.0569 1652 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 17:58:18.0579 1652 WinDefend - ok 17:58:18.0589 1652 WinHttpAutoProxySvc - ok 17:58:18.0729 1652 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 17:58:18.0729 1652 Winmgmt - ok 17:58:18.0799 1652 [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM C:\Windows\system32\WsmSvc.dll 17:58:18.0849 1652 WinRM - ok 17:58:18.0939 1652 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 17:58:18.0949 1652 Wlansvc - ok 17:58:19.0119 1652 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 17:58:19.0139 1652 wlidsvc - ok 17:58:19.0179 1652 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 17:58:19.0179 1652 WmiAcpi - ok 17:58:19.0239 1652 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 17:58:19.0249 1652 wmiApSrv - ok 17:58:19.0339 1652 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 17:58:19.0359 1652 WMPNetworkSvc - ok 17:58:19.0429 1652 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 17:58:19.0439 1652 WPCSvc - ok 17:58:19.0449 1652 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 17:58:19.0459 1652 WPDBusEnum - ok 17:58:19.0499 1652 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 17:58:19.0499 1652 WpdUsb - ok 17:58:19.0569 1652 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 17:58:19.0579 1652 ws2ifsl - ok 17:58:19.0629 1652 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll 17:58:19.0639 1652 wscsvc - ok 17:58:19.0639 1652 WSearch - ok 17:58:19.0769 1652 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 17:58:19.0849 1652 wuauserv - ok 17:58:19.0889 1652 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 17:58:19.0899 1652 WUDFRd - ok 17:58:19.0929 1652 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 17:58:19.0939 1652 wudfsvc - ok 17:58:19.0959 1652 ================ Scan global =============================== 17:58:20.0029 1652 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 17:58:20.0099 1652 [ 40864DA48A14EBC68A0D6BFD08BA21EB ] C:\Windows\system32\winsrv.dll 17:58:20.0119 1652 [ 40864DA48A14EBC68A0D6BFD08BA21EB ] C:\Windows\system32\winsrv.dll 17:58:20.0179 1652 [ 8737764F4FD36D6808EE80578409C843 ] C:\Windows\system32\services.exe 17:58:20.0189 1652 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - infected 17:58:20.0189 1652 C:\Windows\system32\services.exe - detected Virus.Win32.ZAccess.m (0) 17:58:20.0189 1652 ================ Scan MBR ================================== 17:58:20.0219 1652 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0 17:58:21.0012 1652 \Device\Harddisk0\DR0 - ok 17:58:21.0012 1652 ================ Scan VBR ================================== 17:58:21.0012 1652 [ 11BDF00FBCC8339B1709AF6089A9C9A1 ] \Device\Harddisk0\DR0\Partition1 17:58:21.0022 1652 \Device\Harddisk0\DR0\Partition1 - ok 17:58:21.0082 1652 [ E46E1BE5C2222A78FA6E9446F9B20CC4 ] \Device\Harddisk0\DR0\Partition2 17:58:21.0082 1652 \Device\Harddisk0\DR0\Partition2 - ok 17:58:21.0082 1652 ============================================================ 17:58:21.0082 1652 Scan finished 17:58:21.0082 1652 ============================================================ 17:58:21.0102 4768 Detected object count: 1 17:58:21.0102 4768 Actual detected object count: 1 17:58:40.0893 4768 C:\Windows\system32\services.exe - copied to quarantine 17:58:43.0494 4768 C:\Windows\assembly\GAC\desktop.ini - copied to quarantine 17:58:43.0824 4768 C:\Users\Luc Duranleau\AppData\Local\{ac18af58-bb7f-db54-bb76-9f0345e14f3c}\@ - copied to quarantine 17:58:58.0737 4768 Backup copy found, using it.. 17:58:58.0897 4768 C:\Windows\assembly\GAC\desktop.ini - will be deleted on reboot 17:58:59.0137 4768 C:\Users\Luc Duranleau\AppData\Local\{ac18af58-bb7f-db54-bb76-9f0345e14f3c}\@ - will be deleted on reboot 17:58:59.0197 4768 C:\Windows\system32\services.exe - will be cured on reboot 17:58:59.0197 4768 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - User select action: Cure 17:59:36.0837 5296 Deinitialize success ======================================================================== C:\ProgramData\netdislw.js JS/Agent.NID trojan C:\Users\All Users\netdislw.js JS/Agent.NID trojan C:\Windows\System32\DBBK\6D5483DA06CB7B45F205C51D87EB6D1A Win32/Sirefef.FA trojan C:\Windows\System32\DBBK\6E71F4274113197AD75262AF24FB1B09 Win32/Conedex.E trojan C:\Windows\System32\DBBK\85C5DEC9B6B5D6B9DE2C0331A102AD71 Win32/Sirefef.EZ trojan C:\Windows\System32\DBBK\8737764F4FD36D6808EE80578409C843 Win32/Sirefef.FB.Gen trojan C:\Windows\System32\DBBK\D30CEF5730C307FC524F11F228C6E8B8 a variant of Win32/Sirefef.FD trojan C:\Windows\System32\DBBK\FE2EB24E6BD36B8BE3869ECE85AA72BC Win32/Conedex.D trojan ============================================================================ RogueKiller V8.4.2 [Dec 31 2012] par Tigzy mail : tigzyRK<at>gmail<dot>com Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html Site Web : http://www.sur-la-toile.com/RogueKiller/ Blog : http://tigzyrk.blogspot.com/ Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Demarrage : Mode normal Utilisateur : Luc Duranleau [Droits d'admin] Mode : Recherche -- Date : 04/01/2013 02:58:19 ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 1 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (fpro.rtss.qc.ca:8080) -> TROUVÉ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: FUJITSU MHX2250BT +++++ --- User --- [MBR] 0c3f8c5caf4d0fcc079e4155977e3ab0 [bSP] 87042bb57fab562d2f4fd0a527263a3f : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 225483 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 464863232 | Size: 6023 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 477198336 | Size: 5468 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[5]_S_04012013_025819.txt >> RKreport[1]_S_04012013_025407.txt ; RKreport[2]_D_04012013_025507.txt ; RKreport[3]_PR_04012013_025727.txt ; RKreport[4]_PR_04012013_025735.txt ; RKreport[5]_S_04012013_025819.txt

Hi, One last thing, do I have to uninstall and reinstall ComboFix before proceeding? Luc

Hi, I ran the complete of MBAM and things run fine now. Here is the log. I checked QooBox and those 2 log files can't be found. Also a folder called BadEnv which I cannot access. It is denied. I will get going on executing ComboFix with your script. Also, I did scan with RegServo but did not change anything in the registry. Just wanted to see what it gave me. I am generally quite cautious about having software fiddle around with the registry. Luc ============================================================= Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.07.10 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.18943 Luc Duranleau :: LEONIDAS [administrator] Protection: Disabled 2013-01-07 20:00:52 mbam-log-2013-01-07 (20-00-52).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 443850 Time elapsed: 2 hour(s), 57 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ============================================================

Hi, Here is the ComboFix log. By the way, I needed to reboot as none of my apps could start. An error saying that access was denied because a registry entry was to be deleted. ComboFix 13-01-06.01 - Luc Duranleau 2013-01-07 19:26:44.3.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.2.1036.18.2046.1160 [GMT -5:00] Lancé depuis: c:\users\Luc Duranleau\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-12-08 au 2013-01-08 )))))))))))))))))))))))))))))))))))) . . 2013-01-08 00:40 . 2013-01-08 00:41 -------- d-----w- c:\users\Luc Duranleau\AppData\Local\temp 2013-01-08 00:40 . 2013-01-08 00:40 -------- d-----w- c:\users\Invité\AppData\Local\temp 2013-01-08 00:40 . 2013-01-08 00:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-07 19:49 . 2013-01-07 19:49 -------- d-----w- c:\programdata\Apple Computer 2013-01-07 18:59 . 2013-01-07 18:59 -------- d-----w- c:\users\Luc Duranleau\AppData\Local\Secunia PSI 2013-01-07 18:58 . 2013-01-07 18:58 -------- d-----w- c:\program files\Secunia 2013-01-07 18:44 . 2013-01-07 18:44 -------- d-----w- c:\program files\FileHippo.com 2013-01-05 19:50 . 2013-01-05 19:50 -------- d-----w- C:\found.000 2013-01-05 19:21 . 2013-01-06 18:11 -------- d-----w- C:\MGADiagToolOutput 2013-01-05 19:11 . 2013-01-05 19:11 -------- d-----w- c:\programdata\Office Genuine Advantage 2013-01-05 16:42 . 2013-01-05 16:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-05 16:42 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-05 14:21 . 2013-01-05 14:21 -------- d-----w- c:\programdata\RegSERVO 2013-01-04 20:32 . 2013-01-07 18:21 -------- d-----w- c:\users\Luc Duranleau\AppData\Local\LogMeIn Rescue Applet 2013-01-04 19:05 . 2013-01-04 19:05 -------- d-----w- c:\users\Luc Duranleau\AppData\Roaming\PC Cleaners 2013-01-04 19:05 . 2013-01-04 19:05 4729224 ----a-w- c:\windows\uninst.exe 2013-01-04 19:05 . 2013-01-04 19:17 -------- d-----w- c:\programdata\PC1Data 2013-01-04 19:05 . 2013-01-04 19:05 -------- d-----w- c:\users\Luc Duranleau\AppData\Roaming\PCPro 2013-01-04 16:37 . 2013-01-04 16:37 -------- d-----w- c:\users\Luc Duranleau\AppData\Local\Macromedia 2013-01-04 16:36 . 2013-01-04 16:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-04 16:25 . 2012-11-28 15:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-03 22:58 . 2013-01-03 22:58 -------- d-----w- C:\TDSSKiller_Quarantine 2013-01-03 21:13 . 2013-01-03 21:13 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe 2013-01-03 21:13 . 2013-01-03 21:13 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe 2012-12-25 07:53 . 2012-12-25 07:53 -------- d-----w- c:\users\Luc Duranleau\dwhelper . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-07 19:47 . 2011-09-11 20:32 404920 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-07 09:58 . 2010-08-25 23:14 56680 ----a-w- c:\windows\system32\rpcnet.dll 2013-01-03 23:00 . 2010-08-29 03:54 279552 ----a-w- c:\windows\system32\services.exe 2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2013-01-03 21:13 . 2012-04-12 20:05 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . <pre> c:\program files\Camera Assistant Software for Toshiba\traybar .exe c:\program files\ltmoh\Ltmoh .exe c:\program files\Synaptics\SynTP\SynTPStart .exe c:\program files\TOSHIBA\Utilities\KeNotify .exe </pre> . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "toscdspd"="TOSCDSPD.EXE" [N/A] "reminder"="c:\program files\TOSHIBA\reminder\reminder.exe" [2007-05-16 407672] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [N/A] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 712704] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [N/A] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-13 113664] Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-11-26 573024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - PSI . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' . 2013-01-07 c:\windows\Tasks\User_Feed_Synchronization-{74AEAE6A-923F-4414-A6C1-ABCC0714A59C}.job - c:\windows\system32\msfeedssync.exe [2010-08-29 04:24] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.iciwave.com/ uInternet Settings,ProxyServer = fpro.rtss.qc.ca:8080 uInternet Settings,ProxyOverride = *.rtss;*.gmf.qc.ca;*.mtl.rtss.qc.ca;*.rtss.qc.ca*;10.*;<local> IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: desjardins.com\accesd.affaires TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Luc Duranleau\AppData\Roaming\Mozilla\Firefox\Profiles\h1myzu6n.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: network.proxy.ftp - fpro.rtss.qc.ca FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - fpro.rtss.qc.ca FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - fpro.rtss.qc.ca FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - fpro.rtss.qc.ca FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - fpro.rtss.qc.ca FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-12-25 02:50; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Luc Duranleau\AppData\Roaming\Mozilla\Firefox\Profiles\h1myzu6n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} . - - - - ORPHELINS SUPPRIMES - - - - . SafeBoot-27012286.sys SafeBoot-75658422.sys SafeBoot-klmdb.sys AddRemove-RecoveryFix For Windows(Demo)_is1 - d:\recoveryfix for windows(demo)\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-07 19:41 Windows 6.0.6002 Service Pack 2 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\system\ControlSet003\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Heure de fin: 2013-01-07 19:46:03 ComboFix-quarantined-files.txt 2013-01-08 00:46 . Avant-CF: 34 005 401 600 octets libres Après-CF: 34 037 583 872 octets libres . - - End Of File - - C526C874539490441DD84E9F7D995C62

Hi, Also, the retailer never gave an installation disc. How can I check if the recovery console is installed? If not, would it be located on my computer already? Luc

Hi, One question. Must I also disable Internet security and UAC? Luc

Hi again, Here is MBAM log. I will continue with ComboFix now. Luc ===================================================================== Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.07.10 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.18943 Luc Duranleau :: LEONIDAS [administrator] Protection: Disabled 2013-01-07 17:11:14 mbam-log-2013-01-07 (17-11-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 229201 Time elapsed: 8 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Hi, Ok. I have updated the database and I am performing the scan. I will then go forward with ComboFix as detailed in your previous post. Thanks for your patience, Luc

Hello, If you check my first entry, you will find the log output for MBAM 1.7 which is the version I updated to. The log indicates nothing abnormal. The log from MBAM 1.4 was the one used at the time of the disinfection that caused or indirectly caused the authentication problem. Luc

Hi, Here are the results. FileHippo & PSI All installations updated except those I don't use at all. Microsoft Safety Scanner The tool scanned and found no infections. Luc

Hello, Thanks for you reply. To finish up on the issues you mentionned. 4) LogMeIn - This seems to be an applet that was downloaded. Nothing is installed and there are no services attached. I deleted the executable. If there is anything else that needs to be done to get rid of it, let me know. 6) Proxy - this proxy was setup by one of my clients (government health agency). I thought it was de-activated. Please let me know how to completely remove it. 7) The system asks to reactivate the product key. The background is black and at the bottom right hand corner is a label indicating Windows Vista 6002 (copy not genuine). I tried entering the COA product key on sticker on the back of my computer. To no avail. Tried the telephone activation method through Microsoft support. The 9 sets of 6 digits. To no avail. Tried system restore. System restore fails with error code 0x8000FFFF. Microsoft support tried reloading and rearming licensing components (slsvc and slmgr). To no avail. The Tamper Time Stamp indicates a «T» type tamper and I guess it will not accept anything until that state is resolved. Updates - I did a Vista update last night. No affect on licensing problem. I will complete your instructions and get back to you with the results. Thanks, Luc

Hello, I have some new information. From the MGAD tool I get this report. ================================================ Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Status: Invalid License Validation Code: 50 Cached Online Validation Code: 0xc004c4a8 Windows Product Key: *****-*****-VP74J-HXBP4-M3C3R Windows Product Key Hash: YwJKIRZgJO33T76zrufXyl8F+bM= Windows Product ID: 89578-OEM-7248824-22457 Windows Product ID Type: 8 Windows License Type: COA SLP Windows OS version: 6.0.6002.2.00010300.2.0.003 ID: {990E546B-80F5-4F96-9974-9A5E99DD30AD}(3) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: Registered, 1.9.42.0 Signed By: Microsoft Product Name: Windows Vista Home Premium Architecture: 0x00000000 Build lab: 6002.vistasp2_gdr.100608-0458 TTS Error: T:20130103161247921- Validation Diagnostic: Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A, hr = 0x80070002 Version: 6.0.6002.16398 Windows XP Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 114 Blocked VLK 2 Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2 Microsoft Office Enterprise 2007 - 100 Genuine Microsoft Office Visio Professional 2007 - 100 Genuine OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32) Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> Other data--> Office Details: <GenuineResults><MachineData><UGUID>{990E546B-80F5-4F96-9974-9A5E99DD30AD}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-M3C3R</PKey><PID>89578-OEM-7248824-22457</PID><PIDType>8</PIDType><SID>S-1-5-21-71766485-4058461557-3020660485</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite P200</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>V1.80</Version><SMBIOSVersion major="2" minor="4"/><Date>20070927000000.000000+000</Date></BIOS><HWID>24313507018400FA</HWID><UserLCID>0C0C</UserLCID><SystemLCID>040C</SystemLCID><TimeZone>Est(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSCPL</OEMID><OEMTableID>TOSCPL00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{9011040C-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73958-640-0000106-57793</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>BAFB54383B18D86</Val><Hash>aWcD5nZ52RuF82J7kJdEZTPyC7w=</Hash><Pid>89388-707-4914746-65431</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0051-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Visio Professional 2007</Name><Ver>12</Ver><Val>3AB862DE70D8D86</Val><Hash>UfpXsJvSSVcPufbDdjd0NK73+ug=</Hash><Pid>89405-707-4159871-63630</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="53" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> Spsys.log Content: 0x80070002 Licensing Data--> Version du service de licences logicielles : 6.0.6002.18005 Nom : Windows Vista, HomePremium edition Description : Windows Operating System - Vista, OEM_COA_SLP channel ID d’activation : a4eec485-e375-48b4-8f51-80d13a4086b6 ID d’application : 55c92734-d682-4d71-983e-d6ec3f16059f PID étendu : 89578-00144-488-222457-02-3084-6002.0000-0042013 ID d’installation : 021315970735941420520484003302453532336402878520721695 URL du certificat du processeur : http://go.microsoft.com/fwlink/?LinkID=43473 URL du certificat de l’ordinateur : http://go.microsoft.com/fwlink/?LinkID=43474 URL de licence d’utilisation : http://go.microsoft.com/fwlink/?LinkID=43476 URL du certificat de clé de produit : http://go.microsoft.com/fwlink/?LinkID=43475 Clé de produit partielle : M3C3R État de la licence : sans licence Windows Activation Technologies--> N/A HWID Data--> HWID Hash Current: OgAAAAEAAwABAAIAAQACAAAABAABAAEAJJRW8arbcscoS0aDDB3Suc5w8vQa7LhqZHFKcKxWun0qhQ== OEM Activation 1.0 Data--> N/A OEM Activation 2.0 Data--> BIOS valid for OA 2.0: yes Windows marker version: 0x20000 OEMID and OEMTableID Consistent: yes BIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC INTEL CRESTLNE FACP TOSCPL CRESTLNE HPET INTEL CRESTLNE BOOT PTLTD $SBFTBL$ MCFG INTEL CRESTLNE TCPA Intel CRESTLNE TMOR PTLTD SLIC TOSCPL TOSCPL00 OSFR TOSHIB A+2nd ID APIC INTEL CRESTLNE SSDT SataRe SataAhci SSDT SataRe SataAhci SSDT SataRe SataAhci SSDT SataRe SataAhci ================================================================= The TTS error (Tamper Time Stamp) indicates 2012-01-03 16:12. The Malwarebyte's quarantine processus occured at 2013-01-03 16:11 as indicated in log below. ================================================================= Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 913010306 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18943 2013-01-03 16:11:28 mbam-log-2013-01-03 (16-11-28).txt Scan type: Quick scan Objects scanned: 240398 Time elapsed: 8 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Luc Duranleau\AppData\Local\Temp\wlsidten.dll (Exploit.Drop.GS) -> Quarantined and deleted successfully. C:\Users\Luc Duranleau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully. ==================================================================== It is thus certain that the quarantining of the infected files caused or indirectly caused a Mod-Auth event. Any help will be appréciated to correct the tampering. If restoring the quarantined files can guarantee proper recovery then fine. But I do not want to reactivate infection. Thanks for your help, Luc

Hello, Thanks for responding. 1) Malawarebytes freezing on a Windows file. It is true that it may totally unrelated, however the application reacts identically at all times. It does not react randomly. As everything freezes (even the cursor), I must hard boot. I am therefore relunctant to use the application with this option until the application can recover from whatever it is trying to do at this point. 2) Restore Malawarebytes quarantined file. At this moment, I am also relunctant to try this. The main reason is that I feel that Malawarebytes did not directly cause the problem. I fear that the virus reacted to being dislodged and on reboot, it acted upon the licensing components or registry. I would prefer trying to figure out what corrupted the licensing components. Undoing the Malawarebytes quarantine may have more dangerous results and I doubt it would recover the authentication components if it was unaware of the viruses capability to act on being deleted. Besides, I ran the 1.4 version of the application and now have the newest version. Not sure the new version can unquarantine files from prior versions. 3) I have freed space. The C drive now has 32 GB. I will further liberate more space later. 4) I've uninstalled GoToMeeting. LogmeIn is a client used by Microsoft support. I will leave there for now. There are no passwords involved. 5) I have removed ESET and SuperAntiSpyware 6) The proxy setup was done by one of my government clients. Completely legitimate and I believe disactivated. 7) At the moment, the authentication problem remains. Here is the DDS log : DDS DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 10.10.2 Run by Luc Duranleau at 12:35:22 on 2013-01-06 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.2.1036.18.2046.903 [GMT -5:00] . SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe C:\Windows\System32\msdtc.exe C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\Program Files\Nitro PDF\Converter\NitroPDFDriverService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Windows\System32\vds.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\wbem\WmiApSrv.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\iashost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\TOSHIBA\reminder\reminder.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k regsvc C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k wcssvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.iciwave.com/ uProxyServer = fpro.rtss.qc.ca:8080 uProxyOverride = *.rtss;*.gmf.qc.ca;*.mtl.rtss.qc.ca;*.rtss.qc.ca*;10.*;<local> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [toscdspd] TOSCDSPD.EXE uRun: [reminder] c:\program files\toshiba\reminder\reminder.exe uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:153 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://secure.universitas.ca/dana-cached/sc/JuniperSetupClient.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{40B794FC-DF11-4363-AA35-A887F298643D} : DHCPNameServer = 192.168.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\luc duranleau\appdata\roaming\mozilla\firefox\profiles\h1myzu6n.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: network.proxy.ftp - fpro.rtss.qc.ca FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - fpro.rtss.qc.ca FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - fpro.rtss.qc.ca FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - fpro.rtss.qc.ca FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - fpro.rtss.qc.ca FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll FF - ExtSQL: 2012-12-25 02:50; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\luc duranleau\appdata\roaming\mozilla\firefox\profiles\h1myzu6n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-10-30 47640] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-5 398184] R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\converter\NitroPDFDriverService.exe [2009-12-16 188736] R3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-10 21504] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-5 21104] RUnknown SASDIFSV;SASDIFSV; [x] RUnknown SASKUTIL;SASKUTIL; [x] S2 E2ECAM;ICI Wave Desktop;c:\windows\system32\drivers\wavedt.sys [2009-7-2 89984] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-5 682344] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112] S3 NisSrv;Inspection du réseau Microsoft;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952] S3 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856] . =============== File Associations =============== . FileExt: .ini: Applications\WordPad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [userChoice] . =============== Created Last 30 ================ . 2013-01-05 19:50:27 -------- d-sh--w- C:\found.000 2013-01-05 19:21:04 -------- d-----w- C:\MGADiagToolOutput 2013-01-05 16:42:15 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-05 16:42:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-05 14:21:08 -------- d-----w- c:\programdata\RegSERVO 2013-01-05 12:13:49 -------- d-----w- c:\users\luc duranleau\appdata\local\{4D322DC6-38D4-4404-AE5E-AA8CEA28CB51} 2013-01-05 03:56:46 -------- d-----w- c:\program files\ESET 2013-01-05 00:11:29 -------- d-----w- c:\users\luc duranleau\appdata\local\{695DC359-97FD-45DE-AFC4-4D5D75BC709C} 2013-01-04 22:28:25 -------- d-----w- c:\windows\pss 2013-01-04 20:32:08 -------- d-----w- c:\users\luc duranleau\appdata\local\LogMeIn Rescue Applet 2013-01-04 19:05:52 -------- d-----w- c:\users\luc duranleau\appdata\roaming\PC Cleaners 2013-01-04 19:05:49 4729224 ----a-w- c:\windows\uninst.exe 2013-01-04 19:05:45 -------- d-----w- c:\users\luc duranleau\appdata\roaming\PCPro 2013-01-04 19:05:45 -------- d-----w- c:\programdata\PC1Data 2013-01-04 16:37:13 -------- d-----w- c:\users\luc duranleau\appdata\local\Macromedia 2013-01-04 16:36:57 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-04 16:25:37 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-04 08:10:19 -------- d-sh--w- C:\$RECYCLE.BIN 2013-01-04 04:07:13 -------- d-----w- c:\users\luc duranleau\appdata\local\temp 2013-01-03 22:58:40 -------- d-----w- C:\TDSSKiller_Quarantine 2013-01-03 21:13:36 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe 2013-01-03 21:13:36 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe 2013-01-03 07:56:34 -------- d-----w- c:\users\luc duranleau\appdata\local\{32FA5ED4-70BA-40EC-A81D-066B19C3E061} 2013-01-02 19:54:36 -------- d-----w- c:\users\luc duranleau\appdata\local\{ACCEE121-81E8-4930-B594-8887DACF7984} 2013-01-02 07:52:37 -------- d-----w- c:\users\luc duranleau\appdata\local\{2B906212-FDAB-46A0-AF23-FEFF18D8749D} 2013-01-01 19:50:39 -------- d-----w- c:\users\luc duranleau\appdata\local\{73915535-1E03-46ED-9314-1A25CB2AEA27} 2012-12-29 11:13:18 -------- d-----w- c:\users\luc duranleau\appdata\local\{76D123F2-DB31-41A8-B9DD-B06A1292FE8C} 2012-12-28 23:11:19 -------- d-----w- c:\users\luc duranleau\appdata\local\{EC9AA581-08D1-4673-97A4-7A484B03A6F0} 2012-12-28 11:09:21 -------- d-----w- c:\users\luc duranleau\appdata\local\{936AE10A-319C-492B-B7AF-5F3FD1041E83} 2012-12-27 23:07:23 -------- d-----w- c:\users\luc duranleau\appdata\local\{31FBB0FB-37DF-4C60-88E8-2B0F393E1B2E} 2012-12-27 11:05:25 -------- d-----w- c:\users\luc duranleau\appdata\local\{F105DEFC-4BC5-464A-909B-7CCA243C0A27} 2012-12-26 23:03:26 -------- d-----w- c:\users\luc duranleau\appdata\local\{C684496C-3ECB-45C5-9400-074B8E51EDC3} 2012-12-26 11:01:28 -------- d-----w- c:\users\luc duranleau\appdata\local\{0E861D7D-E0B3-44EF-A2DE-E7340C16DAF6} 2012-12-25 22:59:30 -------- d-----w- c:\users\luc duranleau\appdata\local\{0D38D434-01E3-4481-A0DE-0C11BD61FA49} 2012-12-25 10:57:32 -------- d-----w- c:\users\luc duranleau\appdata\local\{141969F6-0CAD-4229-AAC6-E799F5197547} 2012-12-25 07:53:31 -------- d-----w- c:\users\luc duranleau\dwhelper 2012-12-24 22:55:33 -------- d-----w- c:\users\luc duranleau\appdata\local\{10FFFB29-75FD-4832-8B2F-A75F89E8BBCB} 2012-12-24 10:53:23 -------- d-----w- c:\users\luc duranleau\appdata\local\{646B7131-BFAA-47B0-B558-C869B155BFE2} 2012-12-23 22:51:25 -------- d-----w- c:\users\luc duranleau\appdata\local\{D07EE08D-6575-4D32-A8F3-FED14ED4BBF2} 2012-12-23 10:49:27 -------- d-----w- c:\users\luc duranleau\appdata\local\{10499DB8-EFCF-4A60-B843-B23F6238D1A1} 2012-12-22 22:47:28 -------- d-----w- c:\users\luc duranleau\appdata\local\{5F1A493E-25DE-446A-94B9-AA1FAAA598B6} 2012-12-22 10:45:30 -------- d-----w- c:\users\luc duranleau\appdata\local\{EB32B67B-FAB4-4B0F-A3E4-0F275CCD27A8} 2012-12-21 22:43:32 -------- d-----w- c:\users\luc duranleau\appdata\local\{1DAD070F-820F-40CF-B01C-1DFB3FB8C2E7} 2012-12-21 10:41:34 -------- d-----w- c:\users\luc duranleau\appdata\local\{553BB569-103B-42DC-B1F6-7F1B43317159} 2012-12-20 22:39:36 -------- d-----w- c:\users\luc duranleau\appdata\local\{3B54FB98-1B55-4D86-898B-FCBC3645748E} 2012-12-20 10:37:38 -------- d-----w- c:\users\luc duranleau\appdata\local\{F1549B44-FA56-43EA-90F7-36239662375A} 2012-12-19 22:35:40 -------- d-----w- c:\users\luc duranleau\appdata\local\{62953F73-8502-4198-A67E-0E8E2BCD34B3} 2012-12-19 10:33:42 -------- d-----w- c:\users\luc duranleau\appdata\local\{6B49B4A3-DEBE-4CF5-B234-2C564BD1B322} 2012-12-18 22:31:44 -------- d-----w- c:\users\luc duranleau\appdata\local\{A74AFE14-6DBE-4DF0-8520-B3CE724AA98C} 2012-12-18 10:29:45 -------- d-----w- c:\users\luc duranleau\appdata\local\{CE466F09-2CB8-481B-A3E0-F983A4C5F130} 2012-12-17 22:27:47 -------- d-----w- c:\users\luc duranleau\appdata\local\{266C33E9-9743-4047-8E38-CB204CBABEE5} 2012-12-17 10:25:49 -------- d-----w- c:\users\luc duranleau\appdata\local\{9C69ECC8-4556-4B93-B015-73FFE858D219} 2012-12-16 22:23:50 -------- d-----w- c:\users\luc duranleau\appdata\local\{D1B1D32E-56B8-49EF-B8E2-A00E2330D350} 2012-12-14 11:40:09 -------- d-----w- c:\users\luc duranleau\appdata\local\{2D9E7AF6-734C-491E-AA61-6494852B826A} 2012-12-13 23:38:11 -------- d-----w- c:\users\luc duranleau\appdata\local\{AC7A7BE0-A1EA-4B99-A715-A4E1088EAC9B} 2012-12-13 11:36:12 -------- d-----w- c:\users\luc duranleau\appdata\local\{092FEA48-7B5A-4B4F-8392-F5A3F33F026E} 2012-12-12 23:34:13 -------- d-----w- c:\users\luc duranleau\appdata\local\{68A39303-2272-48B7-BD49-73FD94D6A464} 2012-12-12 09:38:50 -------- d-----w- c:\users\luc duranleau\appdata\local\{20D30901-60E4-43A3-882B-440555C76865} 2012-12-11 21:36:51 -------- d-----w- c:\users\luc duranleau\appdata\local\{8EC65803-55FD-4401-8FAD-77E2770DBF97} 2012-12-11 09:34:54 -------- d-----w- c:\users\luc duranleau\appdata\local\{722802F1-6830-40EA-AB08-C5B2ECB7F63D} 2012-12-10 21:32:55 -------- d-----w- c:\users\luc duranleau\appdata\local\{FA7D0A31-9295-436A-BCBF-112DFCB33175} 2012-12-10 09:30:57 -------- d-----w- c:\users\luc duranleau\appdata\local\{E75802C7-D850-4604-AADE-8A3D6D8F5F07} 2012-12-09 21:28:58 -------- d-----w- c:\users\luc duranleau\appdata\local\{6A55EE3B-B9D5-4439-BE34-231AB84DA53E} 2012-12-09 09:27:00 -------- d-----w- c:\users\luc duranleau\appdata\local\{39A06CBD-5045-4FA7-A8CC-856797DEFD6D} 2012-12-08 21:25:02 -------- d-----w- c:\users\luc duranleau\appdata\local\{3EE74A49-6E03-4CB4-8011-3AD8A756BACE} 2012-12-08 09:23:04 -------- d-----w- c:\users\luc duranleau\appdata\local\{25B68417-46E3-4FB5-AE49-7C4F03B8E552} 2012-12-07 21:21:06 -------- d-----w- c:\users\luc duranleau\appdata\local\{FE4524C0-74E1-4805-8DAA-8BD8A68ABC4D} . ==================== Find3M ==================== . 2013-01-04 16:36:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-03 23:00:55 279552 ----a-w- c:\windows\system32\services.exe . ============= FINISH: 12:36:34,16 =============== ATTACH . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Édition Familiale Premium Boot Device: \Device\HarddiskVolume2 Install Date: 2007-12-02 06:53:14 System Uptime: 2013-01-05 21:17:02 (15 hours ago) . Motherboard: TOSHIBA | | ISRAA Processor: Intel® Core2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1000/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 220 GiB total, 32,512 GiB free. D: is FIXED (NTFS) - 5 GiB total, 4,369 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1843: 2012-12-02 04:17:56 - Point de contrôle planifié RP1844: 2012-12-03 00:00:10 - Point de contrôle planifié RP1845: 2012-12-04 00:00:10 - Point de contrôle planifié RP1846: 2012-12-05 15:58:52 - Point de contrôle planifié RP1847: 2012-12-07 01:27:18 - Point de contrôle planifié RP1848: 2012-12-08 03:35:14 - Point de contrôle planifié RP1849: 2012-12-09 00:00:12 - Point de contrôle planifié RP1850: 2012-12-16 19:32:36 - Point de contrôle planifié RP1851: 2012-12-17 09:12:18 - Point de contrôle planifié RP1852: 2012-12-18 00:27:04 - Point de contrôle planifié RP1853: 2012-12-19 03:20:05 - Point de contrôle planifié RP1854: 2012-12-20 01:06:01 - Point de contrôle planifié RP1855: 2012-12-21 02:21:22 - Point de contrôle planifié RP1856: 2012-12-22 09:45:15 - Point de contrôle planifié RP1857: 2012-12-23 00:00:11 - Point de contrôle planifié RP1858: 2012-12-28 21:44:34 - Point de contrôle planifié RP1859: 2012-12-30 00:00:22 - Point de contrôle planifié RP1860: 2013-01-03 06:17:53 - Point de contrôle planifié RP1861: 2013-01-03 18:45:34 - Point de contrôle planifié RP1863: 2013-01-04 00:40:23 - Removed Java 6 Update 29 RP1864: 2013-01-04 00:43:05 - Removed Ask Toolbar. RP1866: 2013-01-04 01:46:45 - Malwarebytes Anti-Rootkit Restore Point RP1868: 2013-01-04 10:41:01 - Panda ZAcccess init RP1870: 2013-01-04 10:53:00 - Panda ZAcccess Cleanup RP1871: 2013-01-04 11:23:41 - Installed Java 7 Update 10 RP1872: 2013-01-04 11:43:10 - Installed Adobe Reader X (10.1.0) - Français. RP1873: 2013-01-04 11:48:16 - Removed Ask Toolbar. RP1874: 2013-01-04 16:13:08 - Opération de restauration RP1875: 2013-01-06 01:37:13 - Point de contrôle planifié . ==== Installed Programs ====================== . Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color Common Settings Adobe Color EU Recommended Settings Adobe Color JA Extra Settings Adobe Color NA Extra Settings Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash CS3 Adobe Flash CS3 Professional Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Flash Video Encoder Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS Adobe Reader X (10.1.4) - Français Adobe Setup Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Alamoon Watermark v1.4 Apple Software Update ATI Catalyst Install Manager AVS Update Manager 1.0 AVS Video Converter 6 AVS4YOU Software Navigator 1.4 Bluetooth Stack for Windows by Toshiba Canon Auto Update Service Canon DIGITAL CAMERA Solution Disk - Guide d'utilisation des logiciels Canon G.726 WMP-Decoder Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon PowerShot SX40 HS Guide d'utilisation de l'appareil photo Canon Utilities CameraWindow DC 8 Canon Utilities CameraWindow Launcher Canon Utilities Movie Uploader for YouTube Canon Utilities MyCamera Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Czech Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Greek Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Russian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Codeur Windows Media Série 9 Compatibility Pack for the 2007 Office system D3DX10 DVD MovieFactory for TOSHIBA Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) ImgBurn Intel Matrix Storage Manager Java 7 Update 10 Java Auto Updater Juniper Networks Network Connect 6.5.0 Juniper Networks Setup Client Logiciel Intel® PROSet/Wireless Malwarebytes Anti-Malware version 1.70.0.1100 Maxtor Backup Maxtor OneTouch III mCore mHelp Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (French) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office Groove MUI (French) 2007 Microsoft Office InfoPath MUI (French) 2007 Microsoft Office OneNote MUI (French) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office Professional Edition 2003 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (French) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Visio 2007 Service Pack 2 (SP2) Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (French) 2007 Microsoft Office Word Viewer 2003 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server Native Client Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft XML Parser Mise à jour Microsoft Office Excel 2007 Help (KB963678) Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) Mise à jour Microsoft Office Word 2007 Help (KB963665) mMHouse Mozilla Firefox 17.0.1 (x86 fr) Mozilla Maintenance Service mPfMgr MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nitro PDF Professional PDF Settings PrimoPDF -- brought to you by Nitro PDF Software Programme de gestion Camera de Logitech® QuickTime Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista RecoveryFix For Windows ver 7.06.01 reminder Réducteur de bruit lect. CD/DVD Screen-Cut Security Update for 2007 Microsoft Office System (KB2277947) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB982312) Security Update for 2007 Microsoft Office System (KB982331) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB982308) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office Outlook 2007 (KB980376) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office Publisher 2007 (KB982124) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio 2007 (KB982127) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2251419) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) Segoe UI Skins Sybase PowerAMC 11.0 Synaptics Pointing Device Driver Texas Instruments PCIxx21/x515/xx12 drivers. TIPCI TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Flash Cards Support Utility TOSHIBA Hardware Setup TOSHIBA HD DVD PLAYER TOSHIBA Mot de passe responsable TOSHIBA Recovery Disc Creator Toshiba Registration TOSHIBA SD Memory Utilities TOSHIBA Software Modem TOSHIBA Supervisor Password TOSHIBA Value Added Package UltraEdit-32 Uninstall Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Outlook 2007 Help (KB957246) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Visio 2007 Help (KB963666) Update for Outlook 2007 Junk Email Filter (kb2279264) Utility Common Driver VLC media player 2.0.2 wavedesktop_1_5 Windows Live Windows Live Communications Platform Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack . ==== End Of File ===========================

Hello to the Malaware team, I have proceeded as requested and I have posted an new topic here. I have also copied my previous correspondance which details what I did previously. I also installed the latest version of MalawareBytes. I tried to perform a complete scan and the software completely freezes my computer when scanning the following file. C:\Program Files\Common Files\Microsoft Shared\MODI\12.0\MSPFILT.DLL I do not know if this file has a problem but the application forced a hard reset which is not too good in any case. I then performed a quick scan. Here is the log. Malawarebyte log Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.05.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.18943 Luc Duranleau :: LEONIDAS [administrator] Protection: Disabled 2013-01-05 13:20:22 mbam-log-2013-01-05 (13-20-22).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 228485 Time elapsed: 8 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS As requested, I performed a DDS scan. Here are the 2 log files. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 10.10.2 Run by Luc Duranleau at 13:33:04 on 2013-01-05 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.2.1036.18.2046.978 [GMT -5:00] . SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Windows\system32\dllhost.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe C:\Windows\System32\msdtc.exe C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\Program Files\Nitro PDF\Converter\NitroPDFDriverService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Windows\System32\vds.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\wbem\WmiApSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\iashost.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\TOSHIBA\reminder\reminder.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k regsvc C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k wcssvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.iciwave.com/ uProxyServer = fpro.rtss.qc.ca:8080 uProxyOverride = *.rtss;*.gmf.qc.ca;*.mtl.rtss.qc.ca;*.rtss.qc.ca*;10.*;<local> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [toscdspd] TOSCDSPD.EXE uRun: [reminder] c:\program files\toshiba\reminder\reminder.exe uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:153 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://secure.universitas.ca/dana-cached/sc/JuniperSetupClient.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{40B794FC-DF11-4363-AA35-A887F298643D} : DHCPNameServer = 192.168.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\luc duranleau\appdata\roaming\mozilla\firefox\profiles\h1myzu6n.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: network.proxy.ftp - fpro.rtss.qc.ca FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - fpro.rtss.qc.ca FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - fpro.rtss.qc.ca FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - fpro.rtss.qc.ca FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - fpro.rtss.qc.ca FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll FF - ExtSQL: 2012-12-25 02:50; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\luc duranleau\appdata\roaming\mozilla\firefox\profiles\h1myzu6n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-10-30 47640] R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\converter\NitroPDFDriverService.exe [2009-12-16 188736] R3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-10 21504] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-5 40776] S2 E2ECAM;ICI Wave Desktop;c:\windows\system32\drivers\wavedt.sys [2009-7-2 89984] S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-5 398184] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-5 682344] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-5 21104] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112] S3 NisSrv;Inspection du réseau Microsoft;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952] S3 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856] . =============== File Associations =============== . FileExt: .ini: Applications\WordPad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [userChoice] . =============== Created Last 30 ================ . 2013-01-05 17:30:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-01-05 16:42:15 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-05 16:42:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-05 14:21:08 -------- d-----w- c:\programdata\RegSERVO 2013-01-05 14:21:00 -------- d-----w- c:\program files\REGSERVO 2013-01-05 12:13:49 -------- d-----w- c:\users\luc duranleau\appdata\local\{4D322DC6-38D4-4404-AE5E-AA8CEA28CB51} 2013-01-05 03:56:46 -------- d-----w- c:\program files\ESET 2013-01-05 00:11:29 -------- d-----w- c:\users\luc duranleau\appdata\local\{695DC359-97FD-45DE-AFC4-4D5D75BC709C} 2013-01-04 22:28:25 -------- d-----w- c:\windows\pss 2013-01-04 20:32:08 -------- d-----w- c:\users\luc duranleau\appdata\local\LogMeIn Rescue Applet 2013-01-04 19:05:52 -------- d-----w- c:\users\luc duranleau\appdata\roaming\PC Cleaners 2013-01-04 19:05:49 4729224 ----a-w- c:\windows\uninst.exe 2013-01-04 19:05:45 -------- d-----w- c:\users\luc duranleau\appdata\roaming\PCPro 2013-01-04 19:05:45 -------- d-----w- c:\programdata\PC1Data 2013-01-04 16:37:13 -------- d-----w- c:\users\luc duranleau\appdata\local\Macromedia 2013-01-04 16:36:57 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-04 16:25:37 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-04 08:10:19 -------- d-sh--w- C:\$RECYCLE.BIN 2013-01-04 04:07:13 -------- d-----w- c:\users\luc duranleau\appdata\local\temp 2013-01-03 22:58:40 -------- d-----w- C:\TDSSKiller_Quarantine 2013-01-03 21:13:36 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe 2013-01-03 21:13:36 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe 2013-01-03 07:56:34 -------- d-----w- c:\users\luc duranleau\appdata\local\{32FA5ED4-70BA-40EC-A81D-066B19C3E061} 2013-01-02 19:54:36 -------- d-----w- c:\users\luc duranleau\appdata\local\{ACCEE121-81E8-4930-B594-8887DACF7984} 2013-01-02 07:52:37 -------- d-----w- c:\users\luc duranleau\appdata\local\{2B906212-FDAB-46A0-AF23-FEFF18D8749D} 2013-01-01 19:50:39 -------- d-----w- c:\users\luc duranleau\appdata\local\{73915535-1E03-46ED-9314-1A25CB2AEA27} 2012-12-29 11:13:18 -------- d-----w- c:\users\luc duranleau\appdata\local\{76D123F2-DB31-41A8-B9DD-B06A1292FE8C} 2012-12-28 23:11:19 -------- d-----w- c:\users\luc duranleau\appdata\local\{EC9AA581-08D1-4673-97A4-7A484B03A6F0} 2012-12-28 11:09:21 -------- d-----w- c:\users\luc duranleau\appdata\local\{936AE10A-319C-492B-B7AF-5F3FD1041E83} 2012-12-27 23:07:23 -------- d-----w- c:\users\luc duranleau\appdata\local\{31FBB0FB-37DF-4C60-88E8-2B0F393E1B2E} 2012-12-27 11:05:25 -------- d-----w- c:\users\luc duranleau\appdata\local\{F105DEFC-4BC5-464A-909B-7CCA243C0A27} 2012-12-26 23:03:26 -------- d-----w- c:\users\luc duranleau\appdata\local\{C684496C-3ECB-45C5-9400-074B8E51EDC3} 2012-12-26 11:01:28 -------- d-----w- c:\users\luc duranleau\appdata\local\{0E861D7D-E0B3-44EF-A2DE-E7340C16DAF6} 2012-12-25 22:59:30 -------- d-----w- c:\users\luc duranleau\appdata\local\{0D38D434-01E3-4481-A0DE-0C11BD61FA49} 2012-12-25 10:57:32 -------- d-----w- c:\users\luc duranleau\appdata\local\{141969F6-0CAD-4229-AAC6-E799F5197547} 2012-12-25 07:53:31 -------- d-----w- c:\users\luc duranleau\dwhelper 2012-12-24 22:55:33 -------- d-----w- c:\users\luc duranleau\appdata\local\{10FFFB29-75FD-4832-8B2F-A75F89E8BBCB} 2012-12-24 10:53:23 -------- d-----w- c:\users\luc duranleau\appdata\local\{646B7131-BFAA-47B0-B558-C869B155BFE2} 2012-12-23 22:51:25 -------- d-----w- c:\users\luc duranleau\appdata\local\{D07EE08D-6575-4D32-A8F3-FED14ED4BBF2} 2012-12-23 10:49:27 -------- d-----w- c:\users\luc duranleau\appdata\local\{10499DB8-EFCF-4A60-B843-B23F6238D1A1} 2012-12-22 22:47:28 -------- d-----w- c:\users\luc duranleau\appdata\local\{5F1A493E-25DE-446A-94B9-AA1FAAA598B6} 2012-12-22 10:45:30 -------- d-----w- c:\users\luc duranleau\appdata\local\{EB32B67B-FAB4-4B0F-A3E4-0F275CCD27A8} 2012-12-21 22:43:32 -------- d-----w- c:\users\luc duranleau\appdata\local\{1DAD070F-820F-40CF-B01C-1DFB3FB8C2E7} 2012-12-21 10:41:34 -------- d-----w- c:\users\luc duranleau\appdata\local\{553BB569-103B-42DC-B1F6-7F1B43317159} 2012-12-20 22:39:36 -------- d-----w- c:\users\luc duranleau\appdata\local\{3B54FB98-1B55-4D86-898B-FCBC3645748E} 2012-12-20 10:37:38 -------- d-----w- c:\users\luc duranleau\appdata\local\{F1549B44-FA56-43EA-90F7-36239662375A} 2012-12-19 22:35:40 -------- d-----w- c:\users\luc duranleau\appdata\local\{62953F73-8502-4198-A67E-0E8E2BCD34B3} 2012-12-19 10:33:42 -------- d-----w- c:\users\luc duranleau\appdata\local\{6B49B4A3-DEBE-4CF5-B234-2C564BD1B322} 2012-12-18 22:31:44 -------- d-----w- c:\users\luc duranleau\appdata\local\{A74AFE14-6DBE-4DF0-8520-B3CE724AA98C} 2012-12-18 10:29:45 -------- d-----w- c:\users\luc duranleau\appdata\local\{CE466F09-2CB8-481B-A3E0-F983A4C5F130} 2012-12-17 22:27:47 -------- d-----w- c:\users\luc duranleau\appdata\local\{266C33E9-9743-4047-8E38-CB204CBABEE5} 2012-12-17 10:25:49 -------- d-----w- c:\users\luc duranleau\appdata\local\{9C69ECC8-4556-4B93-B015-73FFE858D219} 2012-12-16 22:23:50 -------- d-----w- c:\users\luc duranleau\appdata\local\{D1B1D32E-56B8-49EF-B8E2-A00E2330D350} 2012-12-14 11:40:09 -------- d-----w- c:\users\luc duranleau\appdata\local\{2D9E7AF6-734C-491E-AA61-6494852B826A} 2012-12-13 23:38:11 -------- d-----w- c:\users\luc duranleau\appdata\local\{AC7A7BE0-A1EA-4B99-A715-A4E1088EAC9B} 2012-12-13 11:36:12 -------- d-----w- c:\users\luc duranleau\appdata\local\{092FEA48-7B5A-4B4F-8392-F5A3F33F026E} 2012-12-12 23:34:13 -------- d-----w- c:\users\luc duranleau\appdata\local\{68A39303-2272-48B7-BD49-73FD94D6A464} 2012-12-12 09:38:50 -------- d-----w- c:\users\luc duranleau\appdata\local\{20D30901-60E4-43A3-882B-440555C76865} 2012-12-11 21:36:51 -------- d-----w- c:\users\luc duranleau\appdata\local\{8EC65803-55FD-4401-8FAD-77E2770DBF97} 2012-12-11 09:34:54 -------- d-----w- c:\users\luc duranleau\appdata\local\{722802F1-6830-40EA-AB08-C5B2ECB7F63D} 2012-12-10 21:32:55 -------- d-----w- c:\users\luc duranleau\appdata\local\{FA7D0A31-9295-436A-BCBF-112DFCB33175} 2012-12-10 09:30:57 -------- d-----w- c:\users\luc duranleau\appdata\local\{E75802C7-D850-4604-AADE-8A3D6D8F5F07} 2012-12-09 21:28:58 -------- d-----w- c:\users\luc duranleau\appdata\local\{6A55EE3B-B9D5-4439-BE34-231AB84DA53E} 2012-12-09 09:27:00 -------- d-----w- c:\users\luc duranleau\appdata\local\{39A06CBD-5045-4FA7-A8CC-856797DEFD6D} 2012-12-08 21:25:02 -------- d-----w- c:\users\luc duranleau\appdata\local\{3EE74A49-6E03-4CB4-8011-3AD8A756BACE} 2012-12-08 09:23:04 -------- d-----w- c:\users\luc duranleau\appdata\local\{25B68417-46E3-4FB5-AE49-7C4F03B8E552} 2012-12-07 21:21:06 -------- d-----w- c:\users\luc duranleau\appdata\local\{FE4524C0-74E1-4805-8DAA-8BD8A68ABC4D} 2012-12-07 09:19:06 -------- d-----w- c:\users\luc duranleau\appdata\local\{DE7BA250-8693-43E4-845A-5186259CFBC2} 2012-12-06 21:17:07 -------- d-----w- c:\users\luc duranleau\appdata\local\{F0CBD7CB-D33F-4519-9CA8-BC0B04468960} . ==================== Find3M ==================== . 2013-01-04 16:36:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-03 23:00:55 279552 ----a-w- c:\windows\system32\services.exe . ============= FINISH: 13:34:14,30 =============== ATTACH . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Édition Familiale Premium Boot Device: \Device\HarddiskVolume2 Install Date: 2007-12-02 06:53:14 System Uptime: 2013-01-05 13:15:00 (0 hours ago) . Motherboard: TOSHIBA | | ISRAA Processor: Intel® Core™2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1000/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 220 GiB total, 31,699 GiB free. D: is FIXED (NTFS) - 5 GiB total, 4,369 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color Common Settings Adobe Color EU Recommended Settings Adobe Color JA Extra Settings Adobe Color NA Extra Settings Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash CS3 Adobe Flash CS3 Professional Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Flash Video Encoder Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS Adobe Reader X (10.1.4) - Français Adobe Setup Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Alamoon Watermark v1.4 Apple Software Update ATI Catalyst Install Manager AVS Update Manager 1.0 AVS Video Converter 6 AVS4YOU Software Navigator 1.4 Bluetooth Stack for Windows by Toshiba Canon Auto Update Service Canon DIGITAL CAMERA Solution Disk - Guide d'utilisation des logiciels Canon G.726 WMP-Decoder Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon PowerShot SX40 HS Guide d'utilisation de l'appareil photo Canon Utilities CameraWindow DC 8 Canon Utilities CameraWindow Launcher Canon Utilities Movie Uploader for YouTube Canon Utilities MyCamera Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Czech Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Greek Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Russian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Codeur Windows Media Série 9 Compatibility Pack for the 2007 Office system D3DX10 Diablo II DVD MovieFactory for TOSHIBA ESET Online Scanner v3 Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français) GoToMeeting 4.8.0.723 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) ImgBurn Intel Matrix Storage Manager Java 7 Update 10 Java Auto Updater Juniper Networks Network Connect 6.5.0 Juniper Networks Setup Client Logiciel Intel® PROSet/Wireless Malwarebytes Anti-Malware version 1.70.0.1100 Maxtor Backup Maxtor OneTouch III mCore mHelp Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (French) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office Groove MUI (French) 2007 Microsoft Office InfoPath MUI (French) 2007 Microsoft Office OneNote MUI (French) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office Professional Edition 2003 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (French) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Visio 2007 Service Pack 2 (SP2) Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (French) 2007 Microsoft Office Word Viewer 2003 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server Native Client Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft XML Parser Mise à jour Microsoft Office Excel 2007 Help (KB963678) Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) Mise à jour Microsoft Office Word 2007 Help (KB963665) mMHouse Mozilla Firefox 17.0.1 (x86 fr) Mozilla Maintenance Service mPfMgr MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nitro PDF Professional PDF Settings PrimoPDF -- brought to you by Nitro PDF Software Programme de gestion Camera de Logitech® QuickTime Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista RecoveryFix For Windows ver 7.06.01 REGSERVO reminder Réducteur de bruit lect. CD/DVD Screen-Cut Security Update for 2007 Microsoft Office System (KB2277947) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB982312) Security Update for 2007 Microsoft Office System (KB982331) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB982308) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office Outlook 2007 (KB980376) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office Publisher 2007 (KB982124) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio 2007 (KB982127) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2251419) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) Segoe UI Skins SUPERAntiSpyware Sybase PowerAMC 11.0 Synaptics Pointing Device Driver Texas Instruments PCIxx21/x515/xx12 drivers. TIPCI TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Flash Cards Support Utility TOSHIBA Hardware Setup TOSHIBA HD DVD PLAYER TOSHIBA Mot de passe responsable TOSHIBA Recovery Disc Creator Toshiba Registration TOSHIBA SD Memory Utilities TOSHIBA Software Modem TOSHIBA Supervisor Password TOSHIBA Value Added Package UltraEdit-32 Uninstall Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Outlook 2007 Help (KB957246) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Visio 2007 Help (KB963666) Update for Outlook 2007 Junk Email Filter (kb2279264) Utility Common Driver VLC media player 2.0.2 wavedesktop_1_5 Windows Live Windows Live Communications Platform Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack . ==== End Of File =========================== =============================================== Previous correspondance Part 1 Hello to the Malwarebytes team, I have come across a serious problem after running the Malwarebytes application. It detected the following trojans in the seperate sequences. 1) Exploit.Drop.GS and Trojan.Ransom.SuGen I simply executed the cleaning MalwareBytes suggested. It then rebooted. Here is the log. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 913010306 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18943 2013-01-03 16:11:28 mbam-log-2013-01-03 (16-11-28).txt Scan type: Quick scan Objects scanned: 240398 Time elapsed: 8 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Luc Duranleau\AppData\Local\Temp\wlsidten.dll (Exploit.Drop.GS) -> Quarantined and deleted successfully. C:\Users\Luc Duranleau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully. 2) Running Malwarebytes again, it found RootKit.0Access Again, I simply executed the cleaning MalwareBytes suggested. It then rebooted. Here is the log. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 913010306 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 2013-01-03 16:32:15 mbam-log-2013-01-03 (16-32-15).txt Scan type: Quick scan Objects scanned: 242891 Time elapsed: 12 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> Delete on reboot. Problem At this time, the windows licensing processus have been corrupted and the OS continuously asks me to authenticate my OS with my product key. All attempts to activate fail. Even Microsoft support failed to reactivate my OS. Is there something Malwarebytes did that can be recovered so that my licensing processus function proporly? Thanks for your support, Luc Part 2 Hello, Thanks for your reply. I have since cleaned the computer and no longer have the trojans. Used TDSKiller, RogueKiller, ESET and Malwarebytes. Computer is clean. I have looked at the application event logs and warnings and errors for winlogon occur at around the same time Malwarebytes was executed and the logs were generated. My guess is that Malwarebytes cleaned an infection but in so doing provoked or indirectly provoked a modification as indicated in this event error. - <Event xmlns="http://schemas.micro...08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Licensing-SLC" Guid="{1FD7C1D2-D037-4620-8D29-B2C7E5FCC13A}" EventSourceName="Software Licensing Service" /> <EventID Qualifiers="16384">12291</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2013-01-03T21:12:43.000Z" /> <EventRecordID>33597</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>LEONIDAS</Computer> <Security /> </System> <EventData> <Data>hr=0xC004D301</Data> </EventData> </Event> Hope this helps. Luc ============================================================================

Hello, Thanks for your reply. I have since cleaned the computer and no longer have the trojans. Used TDSKiller, RogueKiller, ESET and Malwarebytes. Computer is clean. I have looked at the application event logs and warnings and errors for winlogon occur at around the same time Malwarebytes was executed and the logs were generated. My guess is that Malwarebytes cleaned an infection but in so doing provoked or indirectly provoked a modification as indicated in this event error. - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Licensing-SLC" Guid="{1FD7C1D2-D037-4620-8D29-B2C7E5FCC13A}" EventSourceName="Software Licensing Service" /> <EventID Qualifiers="16384">12291</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2013-01-03T21:12:43.000Z" /> <EventRecordID>33597</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>LEONIDAS</Computer> <Security /> </System> <EventData> <Data>hr=0xC004D301</Data> </EventData> </Event> Hope this helps. Luc

Hello to the Malwarebytes team, I have come across a serious problem after running the Malwarebytes application. It detected the following trojans in the seperate sequences. 1) Exploit.Drop.GS and Trojan.Ransom.SuGen I simply executed the cleaning MalwareBytes suggested. It then rebooted. Here is the log. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 913010306 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18943 2013-01-03 16:11:28 mbam-log-2013-01-03 (16-11-28).txt Scan type: Quick scan Objects scanned: 240398 Time elapsed: 8 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Luc Duranleau\AppData\Local\Temp\wlsidten.dll (Exploit.Drop.GS) -> Quarantined and deleted successfully. C:\Users\Luc Duranleau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully. 2) Running Malwarebytes again, it found RootKit.0Access Again, I simply executed the cleaning MalwareBytes suggested. It then rebooted. Here is the log. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 913010306 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 2013-01-03 16:32:15 mbam-log-2013-01-03 (16-32-15).txt Scan type: Quick scan Objects scanned: 242891 Time elapsed: 12 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> Delete on reboot. Problem At this time, the windows licensing processus have been corrupted and the OS continuously asks me to authenticate my OS with my product key. All attempts to activate fail. Even Microsoft support failed to reactivate my OS. Is there something Malwarebytes did that can be recovered so that my licensing processus function proporly? Thanks for your support, Luc